Browse by Tags

Tagged Content List
  • Blog Post: Friday Mail Sack: Guest Reply Edition

    Hi folks, Ned here again. This week we talk: CA migration from 1 to 2 tier ADAM/ADLDS P2V ABC 123 Managing AGPM security filters Multiple IIS App pools and Kerberos AGPM multi-domain comparison ADUC domain password weirdness DFSR deletion conflict handling Stale account deletion...
  • Blog Post: Windows Server 2008 R2 CAPolicy.inf Syntax

    Greetings! This is Jonathan again. I was reviewing Chris’ excellent blog post series on designing and implementing a PKI when I realized that it would be helpful to better document the CAPolicy.inf file. The information in this post relies heavily on the information published in the Windows Server...
  • Blog Post: Important Information about Remote Desktop Licensing and Security Advisory 2718704

    Hi folks, Jonathan here. Dave and I wanted to share some important information with you. By now you’ve all been made aware of the Microsoft Security Advisory that was published this past Sunday. If you are a Terminal Services or Remote Desktop Services administrator then we have some information...
  • Blog Post: Friday Mail Sack: Carl Sandburg Edition

    Hi folks, Jonathan again. Ned is taking some time off visiting his old stomping grounds – the land of Mother-in-Laws and heart-breaking baseball. Or, as Sandburg put it: “ Hog Butcher for the World , Tool Maker, Stacker of Wheat, Player with Railroads and the Nation's Freight Handler;...
  • Blog Post: Moving Your Organization from a Single Microsoft CA to a Microsoft Recommended PKI

    Hi, folks! Jonathan here again, and today I want to talk about what appears to be an increasingly common topic: migrating from a single Windows Certification Authority (CA) to a multi-tier hierarchy. I’m going to assume that you already have a basic understanding of Public Key Infrastructure (PKI...
  • Blog Post: Revenge of Y2K and Other News

    Hello sports fans! So this has been a bit of a hectic time for us, as I'm sure you can imagine. Here's just some of the things that have been going on around here. Last week, thanks to a failure on the time servers at USNO.NAVY.MIL, many customers experienced a time rollback to CY 2000 on their...
  • Blog Post: RSA Key Blocking is Here!

    Hello everyone. Jonathan here again with another Public Service Announcement post. Today, Microsoft has published a new Security Advisory: Microsoft Security Advisory (2661254): Update For Minimum Certificate Key Length The Security Advisory and the accompanying KB article have complete information...
  • Blog Post: Purging Old NT Security Protocols

    Hi folks, Ned here again (with some friends ). Everyone knows that Kerberos is Microsoft’s preeminent security protocol and that NTLM is both inefficient and, in some iterations, not strong enough to avoid concerted attack. NTLM V2 using complex passwords stands up well to common hash cracking tools...
  • Blog Post: The Mouse Will Play

    Hey all, Ned here. Mike and I start teaching Windows Server 2012 and Windows 8 DS internals this month in the US and UK and won’t be back until July. Until then, Jonathan is – I can’t believe I’m saying this – in charge of AskDS. He’ll field your questions and publish… stuff. We’ll make sure he takes...
  • Blog Post: Friday Mail Sack: LeBron is not Jordan Edition

    Hi folks, Ned here again. Today we discuss trusts rules around domain names, attribute uniqueness, the fattest domains we’ve ever seen, USMT data-only migrations, kicking FRS while it’s down, and a few amusing side topics. Scottie, don’t be that way. Go Mavs. Creating trusts...
  • Blog Post: ....And knowing is half the battle!

    Jonathan here. Chuck Timon over on the AskCore blog has a new post that you folks testing with Windows Server 2012 should know about. If you're playing around with Hyper-V, do yourself a favor and have a read before you call Support. Logon Failures Involving Virtual Machines in Windows Server 2012...
  • Blog Post: Intermittent Mail Sack: Must Remember to Write 2013 Edition

    Hi all, Jonathan here again with the latest edition of the Intermittent Mail Sack. We've had some great questions over the last few weeks so I've got a lot of material to cover. This sack, we answer questions on: Issues upgrading DFSR hub servers to Windows Server 2012 AD FS Sign-out behavior...
  • Blog Post: Friday Mail Sack: Mothers day pfffft… when is son’s day?

    Hi folks, Ned here again. It’s been a little while since the last sack, but I have a good excuse: I just finished writing a poop ton of Windows Server 2012 depth training that our support folks around the world will use to make your lives easier (someday). If I ever open MS Word again it will be...
  • Blog Post: AskDS is 0.03 Centuries Old Today

    Three years ago today the AskDS site published its first post and had its first commenter . In the meantime we’ve created 455 articles and we’re now ranked 6th in all of TechNet’s blogs, behind AskPerf , Office2010 , MarkRussinovich , SBS , and HeyScriptingGuy . That’s a pretty amazing group to be lumped...
  • Blog Post: Friday Mail Sack: Super Slo-Mo Edition

    Hello folks, Ned here again with another Mail Sack. Before I get rolling though, a quick public service announcement: Plenty of you have downloaded the Windows 8 Developer Preview and are knee-deep in the new goo . We really want your feedback, so if you have comments, please use one of the following...
  • Blog Post: AskDS is 12,614,400,000,000,000 shakes old

    It’s been four years and 591 posts since AskDS reached critical mass. You’d hope our party would look like this:  But it’s more likely to be: Without you, we’d be another of those sites that glow red hot, go supernova, then collapse into a white dwarf . We really appreciate your comments, questions...
  • Blog Post: Friday Mail Sack: It’s a Dog’s Life Edition

    Hi folks, Ned here again with some possibly interesting, occasionally entertaining, and always unsolicited Friday mail sack. This week we talk some: DNS partition absence Controlling DCDIAG event messaging Inventorying SYSVOL replication architecture Weird WMI DFSR volume paths Tightening...
  • Blog Post: SSL/TLS Record Fragmentation Support

    This is Jonathan Stephens from the Directory Services team, and I wanted to share with you a recent interoperability issue I encountered. An admin had set up an Apache web server with the OpenSSL mod for SSL/TLS support. Users were able to connect to the secure web site using Firefox, but when they tried...
  • Blog Post: Configuring Network Device Enrollment Service for Windows Server 2008 with Custom Certificates

    Introduction Hello, this is Jonathan from the Directory Services team. The Network Device Enrollment Service (NDES) is one of the role services of the Active Directory Certificate Services (ADCS) role. It implements the Simple Certificate Enrollment Protocol (SCEP). SCEP defines the communication...
  • Blog Post: Friday Mail Sack: Best Post This Year Edition

    Hi folks, Ned here and welcoming you to 2012 with a new Friday Mail Sack. Catching up from our holiday hiatus, today we talk about: Disabling Administrative Shares Making Get-ADDomainController useful’er Kerberos group bloat USMT moving profiles back from other disks The DFSR...
  • Blog Post: Friday Mail Sack – While the Ned’s Away Edition

    Hello Internet! Last week, Ned said there wouldn’t be a Mail Sack this week because he was going to be out of town. Well, the DS team was sitting around during our “Ned is out of our hair for a few days” party and we decided that since this is a Team Blog after all, we’d go ahead...
  • Blog Post: Saturday Mail Sack: Because it turns out, Friday night was alright for fighting edition

    Hello all, Ned here again with our first mail sack in a couple months. I have enough content built up here that I actually created multiple posts, which means I can personally guarantee there will be another one next week. Unless there isn't! Today we answer your questions around: Detecting...
  • Blog Post: Blog Platform Migration Complete

    Hello, Internetz. Jonathan here again. Ned didn’t tell you the whole story. Not only did I have to wait for the truth serum to wear off; I also had to chew my way out the straps. Nevertheless, I’ve emerged victorious and have again successfully stormed the AskDS gates and vanquished Ned....
  • Blog Post: The Case of the Enormous CA Database

    Hello, faithful readers! Jonathan here again. Today I want to talk a little about Certification Authority monitoring and maintenance. This topic was brought to my attention by a recent case that I had where a customer’s CA database had grown to rather elephantine proportions over the course of...
  • Blog Post: Friday Mail Sack: Get Off My Lawn Edition

    Hi folks, Ned here again. I know this is supposed to be the Friday Mail Sack but things got a little hectic and... ah heck, it doesn't need explaining, you're in IT. This week - with help from the ever-crotchety Jonathan Stephens - we talk about: Multiple WMI Filters LDAP MaxPoolThreads Many...