Browse by Tags

Tagged Content List
  • Blog Post: Remove Lingering Objects that cause AD Replication error 8606 and friends

    Introducing the Lingering Object Liquidator Hi all, Justin Turner here ---it's been a while since my last update . The goal of this post is to discuss what causes lingering objects and show you how to download, and then use the new GUI-based Lingering Object Liquidator (LOL) tool to remove them....
  • Blog Post: Fine-Grained Password Policy and “Urgent Replication”

    Hi folks, Ned here again. Today I discuss the so-called “urgent replication” of AD, specifically around Fine-Grained Password Policies. Some background If you’ve read the excellent guide on how AD Replication works , you have probably come across the section around so-called “urgent...
  • Blog Post: Troubleshooting KCC Event Log Errors

    My name is David Everett and I’m a Support Escalation Engineer on the Directory Services Support team. I’m going to discuss a recent trend I’ve seen where Active Directory Replication appears to be fine but one DC only in one (or more) sites begins logging Knowledge Consistency Checker...
  • Blog Post: Monthly Mail Sack: Yes, I Finally Admit It Edition

    Heya folks, Ned here again. Rather than continue the lie that this series comes out every Friday like it once did, I am taking the corporate approach and rebranding the mail sack. Maybe we’ll have the occasional Collector’s Edition versions. This week month, I answer your questions on: The semi-myth...
  • Blog Post: Getting Over Replmon

    Ned here again. The AD Replication Monitor utility ( Replmon.exe ) was introduced with the Windows Server 2000 Support Tools many years ago as a GUI mechanism for performing certain DC admin tasks. With the release of Window Server 2008 Replmon was not included and we stopped making add-on Support Tools...
  • Blog Post: Restrictions for Unauthenticated RPC Clients: The group policy that punches your domain in the face

    Hi folks, Ned here again. Around six years ago we released Service Pack 1 for Windows Server 2003. Like Windows XP SP2, it was a security-focused update. It was the first major server update since the Trustworthy Computing initiative began so there were things like a bootstrapping firewall, Data Execution...
  • Blog Post: Hard Disk Failure Error Messages in AD Replication?

    Hi everyone, David Beach here today. Here’s a fun AD Replication error from Windows Server 2003: Sitename\DCName via RPC DC object GUID: abc12345-6789-0123-4567-890abcdefabc Last attempt @ 2011-03-15 12:15:15 failed, result 1127 (0x467): While accessing the hard disk, a disk operation failed...
  • Blog Post: “The LastLogonTimeStamp Attribute” – “What it was designed for and how it works”

    Warren here. In Windows Server 2003 we introduced the lastLogontimeStamp attribute. Administrators can use the lastLogontimeStamp attribute to determine if a user or computer account has recently logged onto the domain. Using this information administrators can then review the accounts identified and...
  • Blog Post: Follow up on lag sites... sort of.

    Ned here again. We recently had a very lively discussion about 'Lag Sites' as a disaster recovery option. If you've been digging around the MS Download Center, you may have already come across Introduction to Windows Server 2008 R2 . After some digging, you'll come across: Improvements in Active Directory...
  • Blog Post: Strict Replication Consistency - Myth versus Reality

    Hi, David here again. Having worked numerous lingering object cases, I find a common misunderstanding about Windows Server 2003 (or later) and its ability to automatically enforce Strict Replication Consistency . Strict Replication Consistency is a registry value that prevents destination domain controllers...
  • Blog Post: Friday Mail Sack: Drop the dope, hippy! edition

    Hi all, Ned here again with an actual back to back mail sack. This week we discuss: Running out of USNs and Versions DFSR RDC LAN WAN FWIW AOK NPS and dotted NetBIOS domain names USMT and the case of the failing sourcepriority Revisiting NIC teaming Weird DFSR files MaxConcurrentAPI...
  • Blog Post: Preventing large time offset problems

    Greetings, Todd here and I wanted to take a few moments to talk to you about an issue that arises from time to time. I will start this time-related issue exploration with a worst case scenario. The Primary Domain Controller Emulator (also known as the PDCe) in your forest root has a hardware issue which...
  • Blog Post: Link-Pairs and Configuring Bridgeheads in ADAM/ADLDS

    Well, hello there AskDS readers. "Terrible" Tim Springston here with a little cross-posting blog action requested by my BFF Ned Pyle . Occasionally we come across things that are not so well documented. One of those is the ADAM or Lightweight Directory Services series of steps needed to configure...
  • Blog Post: Disk Image Backups and Multi-Master Databases (or: how to avoid early retirement)

    Hi folks, Ned here again. We published a KB a while back around the dangers of using virtualized snapshots with DFSR: Distributed File System Replication (DFSR) no longer replicates files after restoring a virtualized server's snapshot Customers have asked me some follow up questions I address...
  • Blog Post: “Lag site” or “hot site” (aka delayed replication) for Active Directory Disaster Recovery support

    Hi, Gary from Directory Services here and I’m going to talk today about the concept of “lag sites” or “hot sites” as a recovery strategy. I recently had a case where the customer asked if the replication interval for a site link could be set higher than 10,080 minutes (7...
  • Blog Post: Monthly Mail Sack: I Hope Your Data Plan is Paid Up Edition

    Hi all, Ned here again with that thing we call love. Blog! I mean blog. I have a ton to talk about now that I have moved to the monthly format, and I recommend you switch to WIFI if you’re on your phone. This round I answer your questions on: Reattaching DCs in Windows Server 2012 DFSR...
  • Blog Post: Saturday Mail Sack: Because it turns out, Friday night was alright for fighting edition

    Hello all, Ned here again with our first mail sack in a couple months. I have enough content built up here that I actually created multiple posts, which means I can personally guarantee there will be another one next week. Unless there isn't! Today we answer your questions around: Detecting...
  • Blog Post: Friday Mail Sack: Wahoo Edition

    Hi folks, Ned here again. This week we talk GUI metadata cleanup, your useless manager (attributes), USMT abandonment and weight issues, the meaning of the DFSR nothing state, and the usual “other stuff.” Metadata cleanup when moving DCs The Manager and ManagedBy attributes Overriding...
  • Blog Post: KCC Offline Bridgehead Behaviors

    This is a guest post from our friend Keith Brewer, a Premier Field Engineer that recently spent some time with us here in support as part of a “foreign exchange student” program. As you can see, we pay him by the screenshot… :-P Hi all, Keith here. Recently I answered a forum question on KCC “topology...
  • Blog Post: RPC over IT/Pro

    Hi folks, Ned here again to talk about one of the most commonly used – and least understood – network protocols in Windows: Remote Procedure Call . Understanding RPC is a foundation for any successful IT Professional. It’s integral to distributed systems like Active Directory, Exchange...
  • Blog Post: AD Replication Status Tool is Live

    Hey all, Ned here with some new troubleshooting tool love, courtesy of the ADREPLSTATUS team at Microsoft. I’ll let them do the talking: The Active Directory Replication Status Tool (ADREPLSTATUS) is now LIVE and available for download at the Microsoft Download Center . ADREPLSTATUS helps administrators...
  • Blog Post: DC’s and VM’s – Avoiding the Do-Over

    Hello everyone, Mark from DS again. With more and more companies using virtualization, such as Microsoft Virtual Server, Server 2008 Hyper-V or VMWare, in their environments these days you may end up in the following situation I recently worked on: 1) Customer wanted to roll back one of his DC’s in his...
  • Blog Post: Configuring Change Notification on a MANUALLY created Replication partner

    Hello. Jim here again to elucidate on the wonderment of change notification as it relates to Active Directory replication within and between sites. As you know Active Directory replication between domain controllers within the same site (intrasite) happens instantaneously. Active Directory replication...
  • Blog Post: Friday Mail Sack: Dang, This Year Went Fast Edition

    Hi folks, Ned here again with your questions and comments. This week we talk: AD Garbage Collection behavior Applying Group Policy based on installed roles and features Apple hates .local domains More on auto site coverage from Lurch Fixing the mysteriously bad CPU performance of brand...
  • Blog Post: What does DCDIAG actually… do?

    Hi folks, Ned here again. I recently wrote a KB article about some expected DCDIAG.EXE behaviors . This required reviewing DCDIAG.EXE as I wasn’t finding anything deep in TechNet about the “Services” test that had my interest. By the time I was done, I had found a dozen other test behaviors...