Microsoft's official enterprise support blog for AD DS and more
Hi. Russell here. Scott and I are in the pre-production stages for a series of AskDS podcasts and video “How To’s.”
We’d like your input on the content that will help you the most. As an example, we’ve been tasked with providing a video demo of Metadata cleanup. I bet you were not aware that there is a GUI version available, in addition to the tried and true NTDSUtil that we’ve all come to love (sarcasm intentional).
So how about some ideas on what you want to see and hear? (scratch and sniff not available) What are some of your pain points that you’d like to have addressed by way of a podcast or video “How To?”
Let us know in our comments section below or by emailing us through our contact form above.
Russell ”The Spaniard” Despain
A video of troubleshooting replication issues with repadmin and/or dcdiag and helping people understand the tools and common commands. Literally every day there are people on the TechNet DS forums, Experts-Exchange forums and other forums just posting results of dcdiag and not knowing where to even start.
A "DNS how to" or DNS review, I still see people confused about things like how the DC/DSA GUID comes into play.
Another thing people should look at is from TechEd Online http://www.microsoft.com/teched online/ Presentation SVR312 from the Australia Teched 2009 titled "Top Active Directory Issues from the field and their resolution". Alexander and Jesse went through some good common issues and that presentation is free/not locked and open for everyone to see. The presentation can be found here http://bit.ly/cBnjZu
GUI metadata cleanup? Are you all talking about how metadata is done in 2008 or the metadata script in the script center. If there is another tool that would be interesting.
Sounds like this will be a great series
I would love to have a current and accurate demo of how to properly pre-seed data for a new DFSR member, or for moving DFSR targets from one location to another. I know that I have had many troubles getting this working properly, and so have many others.
I would like to hear more information on troubleshooting Windows Server 2008 DC replication. If I am using DFSR I don't have the option to use Sonar, Ultrasound etc.
What about forcing replication on a DC similar to the old method using Burflags for Windows Server 2008 Domain level? I know about wbadmin but what if I don't have a backup, can I still do a non authoritative restore to force that DC back into production?
What other items are recommended to do when migrating from a Windows 2000 or 2003 domain to 2008? I know about DFSRMig, what about this article? Is this pertinant when going from Windows 2000 to 2008, can you explain it a bit more?
I'd like to see the DS Team's step-by-step recommended approach at auditing, [analyzing and fixing the 'using NTLM' apps], and then finally activating the new W2K8R2 'NTLM Blocking' security feature.
I like to see how and where you'd recommend we activate auditing and then how to gather and parse the audit data from multiple remote PCs, Servers and DCs (perhaps via PowerShell and the Get-WinEvent cmdlet?).
I'd especially like to see a way of parsing the audit records into separate data fields. I thought PoSH could be used to do that and to keep any object info intact. Why? Because the System Information (xxx) appears to be in separate object fields, but the 'EventData' does not. Example: The "Description\Message" in the event viewer looks like the following and it doesn't appear, on the surface, to be in separate object fields when viewed in the Event Viewer's 'General' tab:
NTLM client blocked audit: Audit outgoing NTLM authentication traffic that would be blocked.
Target server: HTTP/zzz-xxx-yyy.ss.com
Supplied user: (NULL)
Supplied domain: (NULL)
PID of client process: 7636
Name of client process: C:\Program Files\XXXXX\YYYYYYYY\ZZZZZ.EXE
LUID of client process: 0x2ce05aa
User identity of client process: AUserID
Domain name of user identity of client process: SS
Mechanism OID: (NULL)
Audit the NTLM authentication requests from this computer that would be blocked by the target server HTTP/zzz-xxx-yyy.ss.com if the security policy Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers is set to Deny all.
However, if I look at the 'Details' tab, it 'does' appear to in separate fields. How would you recommend we get at that data by field. I would expect to have to review thousands of audit records and the ability to group them by TargetName (target server), ProcessName (the application), ClientUserName, ClientDomainName , etc. would be of immense help.
Oops... The AD DS Team already has a blog on NTLM Blocking posted at <http://blogs.technet.com/askds/archive/2009/10/08/ntlm-blocking-and-you-application-analysis-and-auditing-methodologies-in-windows-7.aspx> In any case, in that Blog in Step 6, the DS Team notes that we should "Come up with an audit event collection strategy." That's the latter part of my previous idea. How about focusing a 'How To' on extracting detailed field data from any particular Event log? And not just one of the 'easy' ones like Application or System, but one of the newer deeply nested ones--perhaps like 'Microsoft-Windows-NTLM/Operational' Hint Hint :-)
I wouldn't mind seeing some updated content for Lingering Objects. Things have gotten *much* better now that we have the /removelingeringobjects switch (oh how I love it!), but dealing with and removing LO's still seems to be a mystery to many folks.
And on that theme... is there any particular reason you can think of for why AD doesn't try to self-heal that kind of situation? We enforce strict replication which obviously has some good & bad points when an LO does pop up if nobody notices it for months (oops!).