Doing some digging with a teammate today it was incredibly difficult to find information on how to automate the settings change of the Sessions tab on a user object. Different paths indicate we need to edit the userParameters attribute but you've probably found that it's a binary blob and not easily...

Thought I’d doc this for any others who run into this issue.  I had to demote/promote a machine this morning and when it finished promoting I found it was missing all the NTDS\* counters in perfmon.  I ran LODCTR /Q and saw that it looked wrong:   C:\Windows\system32>lodctr /q:NTDS...

Background: In an earlier post I talked about some new features for Windows 2008 and Vista.  One of those new features that is often overlooked are the data collector sets (DCS).  One particular role that leverages data collector sets is active directory.  Active directory has put “hooks...

Had an issue where a server would not allow logon via termian services each time you attempted to logon it would return this:     Soooooooooo, what to do here?  First, we made sure the account existed in the directory since that's why it appeared to be complaining.  So I opened LDP...

Currently we are running Win2k3 SP1, R2, SP2, Win2k8 Beta3, RC0, RC1, and RTM Escrow idomain controllers in production...  Since we're running some downlevel servers in the environment and I was interested in what is supported to be upgraded to Windows 2008 when we sign off and the the DVDs start...

Just noticed the AD jigsaw poster has been updated for 2k8. So next time your boss asks you "What do say you do here?", don't reply with I'm a people person! Do the following: 1) Download one of the jigsaw posters from http://www.microsoft.com/downloads/details.aspx?FamilyID=c2b9e44e-0bbd-47cb-bc09-b3d48be7f867&DisplayLang...

Since the boot.ini file no longer exists in Windows 2008, the way to boot into directory service repair mode has changed. You can setup the OS to boot to DSRM a couple of ways as shown below. I'd also mention that to due offline defrags and other NTDSUTIL commands against the database you can now just...

Just got back from vacation and will start getting the posts going again. Just wanted to mention a webcast coming up from AD administration in Windows 2008 that is going to play next Thursday the 27th. If you got some time to kill, I'd make this session for sure. TechNet Webcast: Extending Windows Server...

Printers can get pruned from the directory for many reasons. The way it is supposed to work is if the printer is stale then a DC will remove the print queue object from the directory after trying to contact it 3 times at 8 hour intervals (default). This also means that if a DC can't net view the print...

Answer: Yes. If you're looking to deploy some RODCs during the B3 timeframe then it would be a good idea to read through this first: Step-by-Step Guide for Read-Only Domain Controller in Windows Server 2008 Beta 3 One of the gotchas before an RODC will advertise as a GC in your domain is that domainprep...

REPADMIN /ADD I've shown you the beauty of REPADMIN /REPLSUM * /BYSRC /BYDEST /SORT:ERROR to easily find out the largest replication deltas in your forest. Lets take a look at a couple of other things you can do with repadmin, that I use quite a bit. When I was running the DCs, it was not an uncommon...

If you want to see what else is coming your way fro SP2 check out this link . This is nice, because we all know when you scan your enterprise for the DNS tests in can be a bit verbose.... New options have been added to the Dcdiag.exe Domain Name System (DNS) tests. These new options are /x and /xsl:xslfile...

I see this questions come up quite a bit about the interoperability of x86 and x64 domain controllers. Does replication work? Do the tools cross over well? Any gotchas that we should know about? Etc. Well I'm here to tell you that here at Microsoft we've been running a mix of 32 and 64 bit domain controllers...

At Microsoft we do quite a bit of dogfooding (imagine that) and in doing so we run into issues in the infrastructure and a lot of the time they crop up as "authentication issues". For example, users can't get to a website, a share, e-mail, etc. The symptoms can be varied and the outcome is the same,...

Short answer: /safeboot:DSRepair Long answer: So you will run into it often when being an AD admin that you need to boot a DC into DSRM (Directory Service Restore Mode), so what is the easiest way of doing this without having someone stand at the console and hit F8 on reboot and select DSRM...

Short and sweet way of dumping out the DCs to a txt file, in a script: for /f "skip=1" %%a in ('netdom query dc /domain:YOURDOMAIN') do (if %%a == The (echo.) else echo %%a >> test.txt) So what's the deal with all the syntax, and how would this be useful? Well if you do simple admin...

Backstory As an Active Directory administrator you might find yourself in a scenario where an object/account/computer/etc gets deleted from the directory and then helpdesk/operations/management/VPs want to know the who, what , when, where, why, and how. Now in a big enterprise like here in MSIT that...