http://blogs.technet.com/b/askds/archive/2012/01/06/friday-mail-sack-best-post-this-year-edition.aspxHi folks, Ned here and welcoming you to 2012 with a new Friday Mail Sack. Catching up from our holiday hiatus, today we talk about: Disabling Administrative Shares Making Get-ADDomainController useful&rsquo;er Kerberos group bloat USMTen-USTelligent Evolution Platform Developer Build (Build: 5.6.50428.7875)http://blogs.technet.com/b/askds/archive/2012/01/06/friday-mail-sack-best-post-this-year-edition.aspx#3475060Thu, 12 Jan 2012 04:54:22 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3475060Ashley McGlone<p>I really like the Get-ADDomainController tip. &nbsp;Nice!</p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3475060" width="1" height="1">http://blogs.technet.com/b/askds/archive/2012/01/06/friday-mail-sack-best-post-this-year-edition.aspx#3474947Wed, 11 Jan 2012 15:56:04 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3474947sgrinker<p>First, glad to have new posts again, hope everyone had a great holiday.</p> <p>Second, happy to see more PowerShell.</p> <p>Third, I can&#39;t help but feel multi-part comments are a new requirement in 2012 now. &nbsp;:)</p> <p>Lastly, I $%^@!% agree, as long as it&#39;s done in the right venue and context. &nbsp;Work not being either... &nbsp;:D</p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3474947" width="1" height="1">http://blogs.technet.com/b/askds/archive/2012/01/06/friday-mail-sack-best-post-this-year-edition.aspx#3474525Mon, 09 Jan 2012 14:31:38 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3474525NedPyle [MSFT]<p>Thanks, I fixed that brain fart. </p> <p>As for the group membership - I didn&#39;t really saying having a lot of groups is uniqueness. Creating a design where so many groups are assigned to a security principal that the principal is broken is... I&#39;m sure that the FIM people would have some opinions on this, but they are sooooo boring when they share it. :-P</p> <p>Damn right!</p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3474525" width="1" height="1">http://blogs.technet.com/b/askds/archive/2012/01/06/friday-mail-sack-best-post-this-year-edition.aspx#3474433Sun, 08 Jan 2012 20:20:30 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3474433Pronichkin<p>First, re: migrating user docs from D:\ to C:\. There&#39;s no such thing as “move.exe”. (Well, at least on my systems). You likely meant cmd /c move (depending on where you call it from).</p> <p>Second, re: clusterd CA. There&#39;s one more reason why you should not use “net stop” style of things. Since cluster has no idea of who stopped the services (and for what reasons), it would treat that as node failure. Guess what, it will immediately restart the service on another node. Probably not what you intended.</p> <p>Third, having thousands of groups doesn&#39;t seem like “IT Uniqueness” to me, sorry. More like a thoughtfully designed RBAC. (No, it&#39;s not the same thing). We probably need some “semi-official” guidance on how to do such kind of thins. (Something more robust and concrete than just “use AGDLP, Luke”).</p> <p>Last but not least, swearing is goooood!</p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3474433" width="1" height="1">http://blogs.technet.com/b/askds/archive/2012/01/06/friday-mail-sack-best-post-this-year-edition.aspx#3474354Sat, 07 Jan 2012 03:49:10 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3474354Ryan Ries<p>OK, first off, that Battlestar Galactica meets Final Fantasy 3/6 video was amazing. &nbsp;Hilarious.</p> <p>Secondly, that was very cruel of you to link to that weird Buscemeyes thing. &nbsp;So many fantasies... utterly ruined...</p> <p>Thirdly, I would unleash a hearty laugh if I ever encountered anyone receiving error messages like that because of so many group memberships.</p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3474354" width="1" height="1">