AD Troubleshooting

AD and Domain-related issues and troubleshooting methods for Active Directory.

Browse by Tags

Related Posts
  • Blog Post: Remote EFS decryption and Trusted for Delegation requirements

    One of our customers reported the following: We have been evaluating EFS on Windows 7 as part of our upgrade from Windows XP project and have discovered that if you share a folder and encrypt a file within it locally, the same user is able to decrypt it remotely without the workstation being trusted...
  • Blog Post: What happens in a Journal Wrap?

    FRS is a multi-master replication system that takes care of replicating the contents of Sysvol between all DC’s in the domain (it can also replicate normal data but we're primarily interested in Sysvol replication in the blog entry). With proper care and maintenance, Post-SP2 FRS on W2k3 is pretty...
  • Blog Post: Deconstructing the KDC certificate processing functionality

    For a DC to be able to service smartcard logons the DC must have a valid and suitable certificate present in the personal store of the computer account. This is typically autoenrolled for whenever a Windows CA server has been installed into the AD environment. The KDC service on W2k8 R2 monitors the...
  • Blog Post: Deconstructing the Smartcard Removal Policy Service

    Windows Vista and Windows Server 2008 introduced a new service that is dedicated to monitoring the removal of smartcards on the system and handling of the event as defined by the Smartcard Removal Policy service (ScRemoveOption) that is configured for the system. This service (ScPolicySvc) is hosted...
  • Blog Post: Why can't I see my local smartcard readers when I connect via RDP?

    The way smartcard redirection works is that there is a code snipped in Winscard.dll that is only invoked at the point in time when it loads. If Winscard is being loaded in a Terminal Session - all calls to that specific instance of Winscard are redirected to Winscard.dll on the host initiating...