Brian Puhl's Weblog

These postings are provided "AS IS" with no warranties, and confer no rights...WHEW...glad we got that over with, let's get to the good stuff now...

Brian Puhl's Weblog

  • Comment on ADFS Liability

    My favorite Calgary-ian Pam left the following comment on my last blog post: Hm. In a perfect world, there would need to be a contractual component to any and all technical federations, and those contractual components should go through review by...
  • AD and DC Builds, tweaks, configurations... (1)

    I received a mail from a blog reader (Jim) who asked: "Can you provide any insight regarding and tweaks or configuration settings you guys use on your DC builds?" Sure, I'm happy to do this, so here I am typing happily along, and realized that...
  • What to do with FSMO roles...

    We recently hired a new engineer to a team which manages some of the internal MS environments... We were discussing FSMO role placement and he sent me mail (snippet below slightly edited) which I thought was interesting... The reason why we separated...
  • AD and DC Builds, tweaks, configurations... The Registry

    The first installment, what our hardware looks like, may have been useful...but I know that's not really the juicy gossip that everyone is looking for...so here's a quick and follow-up with the registry tweaks that we set internally... Strict Replication...
  • x64 Domain Controllers

    Had an e-mail thread with Joe recently, which also resulted in this blog entry . He's a consultant for another big tech company, and was working with a customer that was migrating a lot of non-domain joined machines to AD as well as deploying other AD...
  • ADFS Certificate Maintenance - v1

    Over the past several weeks, we've celebrated the 1 year anniversary of our ADFS deployment. I say it this way, because the only reason I know this, is that the certificates on the servers keep expiring, and things would break unexpectedly. Yeah, yeah...
  • ADFS and Domain Admins (or anyone else for that matter)

    I spend a lot of time answering questions or making comments in e-mails that would make good blog posts. So it may seem a bit cheesy (at least it does to me), but it's turning out that reposting these e-mails seems like an easy way to do this...so here...
  • Time, time, everyone wants time...

    In a previous post about managing FSMO roles, I asked a question about who remembers to configure the new server as an authoritative time source when transferring the PDC FSMO role. The reason I ask this, is because when you look at managing the FSMO...
  • How Does Microsoft IT Do...

    Engineers in Microsoft IT spend an unusually large amount of time talking to customers answering questions which start with: How Does Microsoft IT Do...<fill in the blank here>? I'm going to try to start to post some of the more common...
  • ADFS and Liability Continued...

    hmm...let's see...I wrote a blog, Pam left a comment, I replied to her comment with another blog, and so (if you haven't seen it yet) Pam posted her own blog entry here ... This is actually kind of fun! You should read (all of) her posts anyways, but...
  • Useful repadmin switch

    Repadmin is the "swiss army knife" of AD tools - But the following can be one of those "big red buttons" that you keep in your back pocket and hopefully never need. But sometimes it's just useful to slow things down until you figure out what's going on...
  • Who's on... huh?

    If Bud Abbott and Lou Costello were alive today, their infamous sketch, "Who's on First?" might have turned out something like this: COSTELLO CALLS TO BUY A COMPUTER FROM ABBOTT ABBOTT : Super Duper computer store. Can I help you? COSTELLO : Thanks. I...
  • ADFS Documentation

    Wouldn't it be cool if there was a blog where someone was posting documentation about ADFS? Well looky here - apparently this has been around for a while, but since I just recently discovered it I thought I'd share... http://blogs.technet.com/adfs_documentation...
  • Starting Over...

    It's time to start over with this whole blogging thing. But it was important (to me at least) to figure out why this one died such a horrible death when it had so much potential. And I realized, that it's because of the darn namespace - "blogs.technet...
  • Orgs...and Re-Orgs...

    (Especially) If you work in a large company, then organization changes aren't really anything new. Microsoft certainly isn't an exception, but for the 5 or so years that I've worked here, the primary function of the team I'm on has rarely changed. Our...
  • AD Training

    hmmm....ok, so here's an interesting problem: I'm a Microsoft employee. My blog is hosted on Technet.com. And I'm pretty sure that there is a policy somewhere, which I'm unaware of, that addresses blog posts about 3rd party companies... But I've never...
  • How Does MSIT Do...DC Placement?

    In the past couple of months, I've been asked at least 3 or 4 times how MS IT determines where on their network to place domain controllers. The questions are usually coming from larger, enterprise type customers and usually sound something like this...
  • Identity and Access Webcast Series

    Here's some info on some upcoming webcasts... This first series is for the "Technical Decision Makers", but I'll post the "IT Pro" series when they get announced. -Brian -------------- Microsoft offers a broad range of technologies and products...
  • Interesting SSID and Reusing Attributes

    I bought a new truck a few months ago, and right on schedule (as the salesman promised), as I was coming due for my first oil change, I got a card for my first one free at the dealership. Never being one to turn down a free deal, I dropped in the other...
  • ADFS & DFSR Webcast

    Did the webcast on ADFS and DFSR yesterday morning with Dustin Fraser, another one of the Systems Engineers in MS IT. You can view the webcast "on demand" at http://go.microsoft.com/fwlink/?LinkId=55997 You need to "register for the webcast" link,...
  • First Post with Live Writer

    Don't expect a whole lot here - I just installed Live Writer and wanted to see what it was going to be like. Feels vaguely similar to Onenote, which is good, since I like Onenote - I think I'll keep it... maybe it will help me blog more often. This post...
  • Bulk Password Resets

    When a user resets their password, what happens? What about if ALL your users reset their password? Can your infrastructure handle it? Are there "special" changes that you'd want to make? More importantly, this is probably such an edge case that it's...
  • How MS IT Does ADFS Value Card now available...

    The Microsoft ADFS value card is now available for download...
  • Too high tech, have to go re-learn...

    I was in Office Depot a few weeks ago, and saw that they had fountain pens on display, so I picked up a Waterman Phileas. A few weeks have passed with it sitting on my desk, but this afternoon I decided to open it up and put it together. Thus, pen in...
  • Gil Kirkpatrick is now blogging...

    Got mail from Gil Kirkpatrick that he's started blogging at http://www.gilsblog.com recently which I'm sure will hold A TON of useful Active Directory (and other) related information. For those that don't know him, Gil is the CTO of Netpro, frequent contributor...