Have you ever heard the Shakespeare paraphrased saying “a rose by any other name is still a rose?”. Well, the same holds true for objects in AD. Not that we have “rose” class objects, but the point being that simply renaming an object doesn’t really fundamentally...

I’ve had several blog posts about the improved security in Windows Vista and Server 2008, particularly around cryptography. Here’s one more, albeit a short one. This post is about how, generally, Encrypted File System (EFS) works using Advanced...

Something that is becoming more prevalent over the past few years has been great investments into our security technologies for application oriented reasons. Impersonation, people, that’s what I’m talking about. If anyone ever asks you what the big deal...

Happy New Years everyone! Let’s start the year off with a less strenuous article regarding how the domain logon list gets populated. I’m talking about the user logon dialogue which you see following pressing control, alt and delete at the same time. There...

Not another post about Kerberos! Sorry folks, my Momma said ‘stick with what you’re good with’. And since playing Halo 3 is not a paying job I’m doing another blog post on Kerberos. I thought this would be a good one to post since how this works...

There’s be a lot of demand for the web enrollment pages from Server 2008. For those that have contacted me directly I apologize for the trouble I’ve had getting back to everyone on these. I also know that it some people expressed frustration over having...

For Customer Services and Support division employees at Microsoft it’s inevitable that, if you talk directly to customers at all, you will be asked whether you are certified. I’ve even heard our customers ask development folks (aka programmers) that question...

A while back I did a blog post about some problems that were seen with people testing Windows Vista and then “rolling back” to Windows XP and some problems that could be seen when using the same computer object (also known as account) in AD. If you didn’t get a chance to read it here’s the post. What that scenario highlighted was the added level of encryption, by way of leaving behind a little of the supporting infrastructure in the msds-supported-encryptiontypes attribute value. In this post we’re going to talk about the Big Picture of the new authentication encryption available and a few things to keep in mind....

This has come up several times, and I suspect will continue to do so occasionally. So I thought I’d post about this real quick in order to get the word out and also make sure that I don’t give the wrong answer on this to someone again (I forgot, gave...

There’s normal troubleshooting and then there’s the stuff you do when the basic troubleshooting doesn’t get things resolved. Normal troubleshooting can be things like selecting “last known good” on a reboot after installing a new driver and having a blue screen. Or perhaps uninstalling and then reinstalling an application, or altering settings for the application or operating system to alleviate a problem. Sometimes we have to dig in and find out more. Many admins out there in the world live that every day. Which is why we add methods to find out more into our products. This post is all about listing all of the data gathering methods that a Directory Services person may ever need to know. Since there are so many it will be difficult to organize well in one uber post but I’m going to put out here for you all anyway, disorganized or not....

It struck me the other day what a statistical improbability it was that I haven’t really talked much about lingering object problems in AD yet in this blog. They are one hot topic to support people, even if they are not our most common problem. The hot...

We had enough folks have trouble with this earlier this year that I wanted to take a moment to talk about Daylight Savings Time (DST). We’re about to have time changes in some regions so this is a hot topic right now for many people. Your first...

One of the most exciting and fulfilling things that I get out of my job is the opportunity to resolve unique customer concerns and scenarios. I’ve said this before in prior blog posts, but this one in particular, I think, will illustrate that. One...

In my soliloquy of AD logon you heard some broad generalities intended to give a general understanding of the intended design and how it all fits together. In this post I hope to give you a more detailed idea of how it works. How to enable user...

OK, well public hotfixes have always been a freebie if you first call into our support line to get them. However, now you can get the hotfix via the web. No fuss, no muss. Just go to this link and give the KB article number related to the hotfix...

Some readers may scoff a little when I talk about how under appreciated the whole Active Directory scheme is. Not schem a but scheme. I’m talking about the entire client and server interaction and how they work together to provide all of the distributed...

Ah, there’s nothing like the stop-everything, our-company-has-come-to-a-complete-halt emergency call we sometimes get where the domain controllers have slowed to a figurative crawl. Resulting in nearly all other business likewise emulating a glacier as...

A while back I posted about troubleshooting a problem where a customer had seen a home grown application was not working as expected. The app was designed to run in a web site which the user would connect to from Internet Explorer on a client. The HTTP...

Some of my colleagues recently had a real puzzler of an issue. When they are that good I want to share it out with everyone so that they don’t have to take the time themselves. The symptoms were when attempting to connect via terminal services from...

One of the cool things about this job is the way we get to trail blaze new issues as they happen and before any solution or workaround is in sight. We’re the pioneers in a way. This is one example. We’ve had a few customer’s recently mention that...

I recently received a few questions from the blog. I usually ask if the person minds if I post the question and reply, and in this case the person said he didn’t mind. Special thanks to Matt Sinfield for his good question. Hopefully this will help...

One of my pet peeves is when I don’t recall every detail of a troubleshooting step or technique and can’t immediately find a document that explains it. It’s like when I misplace a book I’ve been reading-I wander around the house in circles looking for...

We get some really unique issues at times that strain patience and understanding. With Kerberos this is doubly true since it is already as complex and extensible as any person could ever ask for. This one may be particularly interesting to those who are...

One of the enhancements in Windows Vista is the new certificate scripting interface called certenroll. In prior client operating system versions we had the xenroll code which would allow users to enroll for certificates via a web page served out by their...

We’ve had a few customers tell us that they would really like to not be prompted in application launch scenarios with some applications. There are some valid reasons why this may not be entirely helpful and reduction in clickage can be good when it doesn...