Browse by Tags

Hi folks, Jonathan again. Ned is taking some time off visiting his old stomping grounds – the land of Mother-in-Laws and heart-breaking baseball. Or, as Sandburg put it: “ Hog Butcher for the World , Tool Maker, Stacker of Wheat, Player with Railroads and the Nation's Freight Handler;...

Hi folks, Ned here again with some possibly interesting, occasionally entertaining, and always unsolicited Friday mail sack. This week we talk some: DNS partition absence Controlling DCDIAG event messaging Inventorying SYSVOL replication architecture Weird WMI DFSR volume paths Tightening...

Hi folks, Ned here again. This week we talk GUI metadata cleanup, your useless manager (attributes), USMT abandonment and weight issues, the meaning of the DFSR nothing state, and the usual “other stuff.” Metadata cleanup when moving DCs The Manager and ManagedBy attributes Overriding...

Hi folks, Ned here again. We introduced the AD Administrative Center in Windows Server 2008 R2 to much fanfare. Wait, I mean we told no one and for good measure, we left the old AD Users and Computers tool in-place. Then we continued referencing it in all our documentation. And people say we're a marketing...

Hi folks, Ned here again. Today we discuss trusts rules around domain names, attribute uniqueness, the fattest domains we’ve ever seen, USMT data-only migrations, kicking FRS while it’s down, and a few amusing side topics. Scottie, don’t be that way. Go Mavs. Creating trusts...

Hi folks, Ned here again. It’s a long weekend here in the United States, so today I talk to you tell myself about a domain join issue one can only see in Win7/R2 or later, what USMT hard link migrations really do, how to poke LDAP in legacy PowerShell, time zone migration, and an emerging issue...

Hi, its Linda Taylor here from the UK Directory Services Team! I have decided to make a return to the blog to show you a nice tip on how make Network traffic from ADLDS (Active Directory Lightweight Directory Services) look more readable…or in other words - to enable Netmon to parse it as LDAP. Note...

Hi folks, Ned here again. It’s been nearly a month since the last Mail Sack post so I’ve built up a good head of steam. Today we discuss FRS, FSMO, Authentication, Authorization, USMT, DFSR, VPN, Interactive Logon, LDAP, DFSN, MS Certified Masters, Kerberos, and other stuff. Plus a small...

Hi folks, Ned here again. I recently wrote a KB article about some expected DCDIAG.EXE behaviors . This required reviewing DCDIAG.EXE as I wasn’t finding anything deep in TechNet about the “Services” test that had my interest. By the time I was done, I had found a dozen other test behaviors...

Hiya folks, Ned here with a slightly late Mail Sack coming your way. Today we discuss reading event logs, PowerShell, FSMO, DFSR, DFSN, GCs, virtualization, RDC, LDAP queries, DPM, SYSVOL migration, and Netmon. Do it. LogParser and Win2008 R2 security event logs DFS virtualization support...

Hi folks, Ned here again. Today I show you how to decrypt LDAP traffic protected by SSL by using Network Monitor and its handy add-on NetMon Decryption Expert . This is useful when you need to see what an application is asking your domain controllers, especially when that app has lousy logging. Since...

Hi there intarwebz, Ned here. Hopefully you’re at home right now filling up the basket with Peeps for the kids. For those that aren’t, here are this week’s interesting questions from our readers and fellow employees. AD's LDAP V3 RFC compliance Java and AD Disable machine...

David Everett here again with an interesting issue that causes the Advertising test in DCdiag.exe to fail when verifying the role of a global catalog (GC). A customer called Microsoft Product Support to determine why the Advertising test in dcdiag.exe was reporting that the global catalog role was...

It’s Randy again, here to discuss LDAP security. Lightweight Directory Access Protocol is an interface used to read from and write to the Active Directory database. Therefore, your Active Directory Administration tools (i.e. AD Users and Computers , AD Sites and Services , etc.) as well as third...

Hello everyone, David Everett and Scott Goad here to discuss a recent issue that we thought you might find interesting. We were working with a customer that was trying to implement password complexity, but they were not seeing the behavior that we would normally expect. The issue came about when trying...

Rob and Mike here. We're asked, many times, why a user does not authenticate against a local domain controller in the same site when logging on across a forest. We've setup the most common scenario to help explain how domain locator works for user logons across a forest. Scenario Let's explain...

Hi, Michael here. The following issue is one that I have seen come up from time to time and can be a challenge for IT administrators who are trying to use the built in Version 2 Domain Controller Authentication template in their environment. The concern may be seen when folks used a version 1 certificate...

Hi, James here - I am a Support Escalation Engineer in Charlotte, NC, USA. Today I would like to talk to you about troubleshooting LDAP over SSL connectivity issues. We will be covering LDAP over SSL basics, how Subject Alternate Name’s (SAN) work, configuring Active Directory Application Mode...