Browse by Tags

Tagged Content List
  • Blog Post: DCDIAG Advertising test with error 81

    David Everett here again with an interesting issue that causes the Advertising test in DCdiag.exe to fail when verifying the role of a global catalog (GC). A customer called Microsoft Product Support to determine why the Advertising test in dcdiag.exe was reporting that the global catalog role was...
  • Blog Post: Understanding LDAP Security Processing

    It’s Randy again, here to discuss LDAP security. Lightweight Directory Access Protocol is an interface used to read from and write to the Active Directory database. Therefore, your Active Directory Administration tools (i.e. AD Users and Computers , AD Sites and Services , etc.) as well as third...
  • Blog Post: Friday Mail Sack: Tuesday To You Edition

    Hi folks, Ned here again. It’s a long weekend here in the United States, so today I talk to you tell myself about a domain join issue one can only see in Win7/R2 or later, what USMT hard link migrations really do, how to poke LDAP in legacy PowerShell, time zone migration, and an emerging issue...
  • Blog Post: Friday Mail Sack: I Have No Idea What to Call This Edition

    Hiya folks, Ned here with a slightly late Mail Sack coming your way. Today we discuss reading event logs, PowerShell, FSMO, DFSR, DFSN, GCs, virtualization, RDC, LDAP queries, DPM, SYSVOL migration, and Netmon. Do it. LogParser and Win2008 R2 security event logs DFS virtualization support...
  • Blog Post: The Strange Case of Unenforced Password Complexity

    Hello everyone, David Everett and Scott Goad here to discuss a recent issue that we thought you might find interesting. We were working with a customer that was trying to implement password complexity, but they were not seeing the behavior that we would normally expect. The issue came about when trying...
  • Blog Post: Third Party Application Fails Using LDAP over SSL

    Hi, Michael here. The following issue is one that I have seen come up from time to time and can be a challenge for IT administrators who are trying to use the built in Version 2 Domain Controller Authentication template in their environment. The concern may be seen when folks used a version 1 certificate...
  • Blog Post: Friday Mail Sack: Carl Sandburg Edition

    Hi folks, Jonathan again. Ned is taking some time off visiting his old stomping grounds – the land of Mother-in-Laws and heart-breaking baseball. Or, as Sandburg put it: “ Hog Butcher for the World , Tool Maker, Stacker of Wheat, Player with Railroads and the Nation's Freight Handler;...
  • Blog Post: Domain Locator Across a Forest Trust

    Rob and Mike here. We're asked, many times, why a user does not authenticate against a local domain controller in the same site when logging on across a forest. We've setup the most common scenario to help explain how domain locator works for user logons across a forest. Scenario Let's explain...
  • Blog Post: Viewing ADLDS traffic with Netmon – where is my LDAP?

    Hi, its Linda Taylor here from the UK Directory Services Team! I have decided to make a return to the blog to show you a nice tip on how make Network traffic from ADLDS (Active Directory Lightweight Directory Services) look more readable…or in other words - to enable Netmon to parse it as LDAP. Note...
  • Blog Post: Friday Mail Sack: Now with 100% more words

    Hi folks, Ned here again. It’s been nearly a month since the last Mail Sack post so I’ve built up a good head of steam. Today we discuss FRS, FSMO, Authentication, Authorization, USMT, DFSR, VPN, Interactive Logon, LDAP, DFSN, MS Certified Masters, Kerberos, and other stuff. Plus a small...
  • Blog Post: Friday Mail Sack: LeBron is not Jordan Edition

    Hi folks, Ned here again. Today we discuss trusts rules around domain names, attribute uniqueness, the fattest domains we’ve ever seen, USMT data-only migrations, kicking FRS while it’s down, and a few amusing side topics. Scottie, don’t be that way. Go Mavs. Creating trusts...
  • Blog Post: Reading LDAP SSL Network Traffic with NetMon 3.4 and NMDecrypt

    Hi folks, Ned here again. Today I show you how to decrypt LDAP traffic protected by SSL by using Network Monitor and its handy add-on NetMon Decryption Expert . This is useful when you need to see what an application is asking your domain controllers, especially when that app has lousy logging. Since...
  • Blog Post: Friday Mail Sack: It’s a Dog’s Life Edition

    Hi folks, Ned here again with some possibly interesting, occasionally entertaining, and always unsolicited Friday mail sack. This week we talk some: DNS partition absence Controlling DCDIAG event messaging Inventorying SYSVOL replication architecture Weird WMI DFSR volume paths Tightening...
  • Blog Post: Friday Mail Sack: Wahoo Edition

    Hi folks, Ned here again. This week we talk GUI metadata cleanup, your useless manager (attributes), USMT abandonment and weight issues, the meaning of the DFSR nothing state, and the usual “other stuff.” Metadata cleanup when moving DCs The Manager and ManagedBy attributes Overriding...
  • Blog Post: Troubleshooting LDAP Over SSL

    Hi, James here - I am a Support Escalation Engineer in Charlotte, NC, USA. Today I would like to talk to you about troubleshooting LDAP over SSL connectivity issues. We will be covering LDAP over SSL basics, how Subject Alternate Name’s (SAN) work, configuring Active Directory Application Mode...
  • Blog Post: Friday Mail Sack – Marshmallow Bird Edition

    Hi there intarwebz, Ned here. Hopefully you’re at home right now filling up the basket with Peeps for the kids. For those that aren’t, here are this week’s interesting questions from our readers and fellow employees. AD's LDAP V3 RFC compliance Java and AD Disable machine...
  • Blog Post: Interesting findings on SETSPN -x -f

    Hello folks, this is Herbert from the Directory Services support team in Europe! Kerberos is becoming increasingly mandatory for really cool features such as Protocol Transition . Moreover, as you might be painfully aware, managing Service Principal Names (SPN’s) for the use of Kerberos by applications...
  • Blog Post: Fun with the AD Administrative Center

    Hi folks, Ned here again. We introduced the AD Administrative Center in Windows Server 2008 R2 to much fanfare. Wait, I mean we told no one and for good measure, we left the old AD Users and Computers tool in-place. Then we continued referencing it in all our documentation. And people say we're a marketing...
  • Blog Post: What does DCDIAG actually… do?

    Hi folks, Ned here again. I recently wrote a KB article about some expected DCDIAG.EXE behaviors . This required reviewing DCDIAG.EXE as I wasn’t finding anything deep in TechNet about the “Services” test that had my interest. By the time I was done, I had found a dozen other test behaviors...