Browse by Tags

Tagged Content List
  • Blog Post: Friday Mail Sack: Saturday Edition

    Ned here. As you may have noticed, it is not Friday. You may also have noticed that this post is awesome and packed with many weeks of delayed content goodness. This notice may extend to the fact that I have no life. You notice a lot, don’t you smarty? I cannot imagine someone looking...
  • Blog Post: Configuring DFSR to a Static Port - The rest of the story

    Ned-san here again. Customers frequently call us about configuring their servers to listen over specific network ports. This is usually to satisfy firewall rules – more on this later. A port in TCP/IP is simply an endpoint to communication between computers. Some are reserved, some are well-known...
  • Blog Post: Potential for Kerberos Issues When Using a Cisco VPN/ASA with Win2003 or later DC’s

    Hey everyone, Rob Greene here back after a long hiatus from blogging. I had an interesting case come through that I thought many of you IT pros would be interested in. Background The customer had an issue with using Cisco VPN and Cisco ASA concentrators and authenticating the user with Kerberos...
  • Blog Post: Using Network Monitor 3 to Troubleshoot a Domain Join Failure Caused by a Black Hole Router

    This is Randy again with an interesting case that I had recently. We were having problems trying to join certain workstations to the domain. We would see that every workstation in one site would join successfully and all the workstations in another site would fail with an error indicating that we could...
  • Blog Post: Friday Mail Sack: Shut Up Laura Edition

    Hello again folks, Ned here for another grab bag of questions we’ve gotten this week. This late posting thing is turning into a bad habit, but I’ve been an epileptic octopus here this week with all the stuff going on. Too many DFSR questions though, you guys need to ask other stuff! Let’s...
  • Blog Post: Using PORTQRY for troubleshooting

    Hi all, Mark from Directory Services again. This time I would like to talk about one of the many tools that we use in troubleshooting network issues. At times you may see errors such as The RPC server is unavailable or There are no more endpoints available from the endpoint mapper (These error messages...
  • Blog Post: Network Browsing with Windows Server 2008

    Ned here. I wanted to make sure all of our loyal readers know about an important post at our sister site Enterprise Networking: NetBIOS browsing across subnets may fail after upgrading to Windows Server 2008 While not a pure DS issue, it could definitely cause DS-related technologies to act oddly...
  • Blog Post: Friday Mail Sack: I Have No Idea What to Call This Edition

    Hiya folks, Ned here with a slightly late Mail Sack coming your way. Today we discuss reading event logs, PowerShell, FSMO, DFSR, DFSN, GCs, virtualization, RDC, LDAP queries, DPM, SYSVOL migration, and Netmon. Do it. LogParser and Win2008 R2 security event logs DFS virtualization support...
  • Blog Post: Troubleshooting networks without NetMon

    Hi, Ned here. You may already be asking yourself why I’m writing about network troubleshooting. Isn’t this the Directory Services blog? Don’t we just care about Kerberos and group policies and the like? Shouldn’t the Networking team do all this heavy TCP/IP lifting? Well, without...
  • Blog Post: Restrictions for Unauthenticated RPC Clients: The group policy that punches your domain in the face

    Hi folks, Ned here again. Around six years ago we released Service Pack 1 for Windows Server 2003. Like Windows XP SP2, it was a security-focused update. It was the first major server update since the Trustworthy Computing initiative began so there were things like a bootstrapping firewall, Data Execution...
  • Blog Post: Hunting down DES in order to securely deploy Kerberos

    Hello folks, Ned here again. By now many businesses have begun deploying Windows Server 2008 R2 and Windows 7. Since Active Directory has become ubiquitous, Kerberos is now commonplace. What you may not know is that we made a significant change to default cryptographic support in Kerberos starting in...
  • Blog Post: Friday Mail Sack: Peevish Nediquette Edition

    Hi folks, Ned here again. This week I talk about Vista’s hidden AD schema, SYSVOL migration mission control, kick-starting cached logon performance, USMT c'est la vie, foul-mouthed NetBIOS, DFSR do-over, and the usual random goo. What to do with a Version 39 (Vista Beta) AD Schema When...
  • Blog Post: Netmon, MPS, RODC's, and that new OS you might have heard about

    Ned here. A few big pieces of news, in case you've been having a busy week: Netmon 3.3 has been released . You can download from here . Read more about the new features (such as autoscroll, frame commenting, experts, WWAN support, and more) right here . MPS Reports . They're back. They work...
  • Blog Post: Purging Old NT Security Protocols

    Hi folks, Ned here again (with some friends ). Everyone knows that Kerberos is Microsoft’s preeminent security protocol and that NTLM is both inefficient and, in some iterations, not strong enough to avoid concerted attack. NTLM V2 using complex passwords stands up well to common hash cracking tools...
  • Blog Post: Viewing ADLDS traffic with Netmon – where is my LDAP?

    Hi, its Linda Taylor here from the UK Directory Services Team! I have decided to make a return to the blog to show you a nice tip on how make Network traffic from ADLDS (Active Directory Lightweight Directory Services) look more readable…or in other words - to enable Netmon to parse it as LDAP. Note...
  • Blog Post: Friday Mail Sack: Unintended Hilarity Edition

    Hiya folks, Ned here again with another week’s questions, comments, and oddities. This time we’re talking: GPMC inconsistent permissions error ADMT multiple servers DFSR staging calculation performance USMT and MAX_PATH DFSR port 5722 on members Common AD support topics...
  • Blog Post: Sites Sites Everywhere…

    …Without a DC to spare! Hey all, this is Sean. You may remember me from a few old ADFS posts . I’m no longer on the Directory Services team but I still do a lot of DS stuff in Premier Field Engineering (PFE). Anyway, I recently ran into a few “interesting” site topologies while in the field. I want to...
  • Blog Post: Reading LDAP SSL Network Traffic with NetMon 3.4 and NMDecrypt

    Hi folks, Ned here again. Today I show you how to decrypt LDAP traffic protected by SSL by using Network Monitor and its handy add-on NetMon Decryption Expert . This is useful when you need to see what an application is asking your domain controllers, especially when that app has lousy logging. Since...
  • Blog Post: Friday Mail Sack: Beard-Seconds Edition

    Hiya folks, Ned here again. This week we talk: DC DNS A Records and Web Servers Forwarding Security event log subscriptions Domain password filters Auditing NTLM vs NTLMv2 on Win2003 Programmatically determining if UNC is DFS namespace DFSR and Excel Shared Workbooks DFS, DC,...
  • Blog Post: Friday Mail Sack: Gargamel Edition

    Hi folks, Ned here again. This week we talk about 10 reasons not to use list object access dsheuristics, USMT trivia nuggets, poor man’s DFSDIAG, how to get network captures without installing a network capture tool, and some other random goo. Oh yeah, and friggin’ Smurfs. The downsides...
  • Blog Post: Group Policy Slow Link Detection using Windows Vista and later

    Mike here again. Many Group Policy features rely on a well connected network for their success. However, not every connection is perfect or ideal; some connections are slow. The Group Policy infrastructure has always provided functionality to detect slow links. However, the means by which Group Policy...
  • Blog Post: Debunking the Vista Remote Differential Compression Myth

    Ned here again. Have you ever visited Snopes.com ? It’s a terrific urban legend reference where they research folklore. Snopes is the place you go to find out if eating Thanksgiving turkey makes you sleepy (it doesn’t), if Coca Cola can dissolve a tooth overnight (it can’t), or if a...
  • Blog Post: Troubleshooting SID translation failures from the obvious to the not so obvious

    Hi guys, Joji Oshima here with my first post. A common problem we see is SID translation failure. The problem usually occurs when you add users or groups from a trusted domain into your domain local groups. What you hope to see is the friendly names of the users, and their domain: Unfortunately...
  • Blog Post: Friday Mail Sack: Wahoo Edition

    Hi folks, Ned here again. This week we talk GUI metadata cleanup, your useless manager (attributes), USMT abandonment and weight issues, the meaning of the DFSR nothing state, and the usual “other stuff.” Metadata cleanup when moving DCs The Manager and ManagedBy attributes Overriding...
  • Blog Post: RPC over IT/Pro

    Hi folks, Ned here again to talk about one of the most commonly used – and least understood – network protocols in Windows: Remote Procedure Call . Understanding RPC is a foundation for any successful IT Professional. It’s integral to distributed systems like Active Directory, Exchange...