tspring

The Identity and Directory Service related blog of Tim Springston...Microsoft employee, software engineer and all around outstanding person.

tspring

  • Moving Day

    Welcome to my new TechNet blog! For about seven years I posted to my old TechNet blog about interesting support cases I or my colleagues had seen or other cool techno stuff from the Microsoft support world. A year or so ago I chatted with some folks in...
  • Token Bloat Apparently Not Caused By Spicy Food

    Who knew, right? Token bloat, also known as the MaxTokenSize problem, is a Windows security condition which happens when domain administrators put too many security groups or SIDHistory items into a users token. The problem happens when the token needs...
  • Now Available On the Web: CSS Directory Services Diagnostics

    One of the most valuable things a support person can do is to create automation which can replicate the troubleshooting for known problems. Over the past few years we have been investing in that automation using Windows Troubleshooting Platform SDK to...
  • Getting A Handle on Server Network Logon Statistics

    Windows servers can run into situations where it may be mighty handy to get a better understanding of what computers are connecting to a server for services. What does “connecting to a server for services” mean? Consider the Exchange server scenario....
  • Viewing and Purging Cached Kerberos Tickets

    Kerberos is one of the more complicated technologies we deal with at Microsoft support. It is complex and can be utilized in highly customized ways between clients and servers which adds to the difficulty in troubleshooting. Application specific implementations...
  • No Matter Where You Go, There You Are: Retrieving Data from Active Directory

    One of the more common things IT Pros who work with Active Directory need to do is actually view or collect information from AD. That is true for AD administrators, application or service administrators, security specialists-pretty much any role in an...
  • Microsoft Online UserCheck Tool: Getting a Cloud User Data Snapshot

    About a year and a half ago I published a script on the TechNet script gallery which uses the Microsoft Online PowerShell cmdlets to present information about the user and the online tenant. The script is MSOLTenantDetails.ps1 and was primarily intended...
  • Changes Brought By Modern Media

    When I was a kid growing up I recall the Sunday paper. Every Sunday-and for our family only on Sunday- we would stop by a grocery store or gas station to by the Sunday edition of our local news paper. It was a tradition, or perhaps simply a routine, where...
  • Trimming Down the Certificate Trust List

    Public Key Infrastructure (PKI) relies on the certificates which are being utilized to be issued from “trusted” authorities. Put very basically (basically enough to make PKI experts worldwide collectively wince) the certificate being used can be checked...
  • Golden Ticket! You lose! Good day, sir! (Updated)

    In unique situations it is possible for a malicious person-who has already compromised a computer using social methods-to craft a Kerberos ticket granting ticket. This ticket granting ticket can then be used to request service tickets in the domain environment...
  • Poor Man’s Guide to Troubleshooting TLS Failures

    Network security has never been more of a hot topic than it is now. There are many different driving forces making network security an ever increasing topic for discussion and review. Network security using Secure Sockets Layer (SSL) or Transport Layer...
  • Discovering AD Trust Topology

    Though many of today’s information technology topics revolve around “the cloud” it’s still very common to be looking at Active Directory trusts. Active Directory (AD) trusts are the method by which one AD domain can allow access to resources joined to...
  • A Day at the SPA

    Note: “A Day at the SPA” is the first in series for updates and republish of “Tspring’s Greatest Hits” blogs from http://blogs.technet.com/ad . Updates for applicability in newer products added. Ah, there’s nothing like the stop-everything, our-company...