Guidelines and Tutorials for installing Active Directory on Windows Azure Virtual Network

We want to make people aware of guidelines we have published for installing Active Directory on Windows Azure Virtual Network at http://msdn.microsoft.com/en-us/library/jj156090.aspx. This topic covers the differences between installing AD on Windows Azure versus a traditional AD deployment on premises. For example, you should not set a static IP address on the VM that you…

3

Configure Kerberos Forest Search Order (KFSO) topic on TechNet

Herbert from Microsoft support team has authored a great topic about Kerberos Forest Search Order (http://technet.microsoft.com/en-us/library/configure-kerberos-forest-search-order-kfso(WS.10).aspx). KFSO allows finding a service principal name (SPN) in multiple forests, and had little public information available on Microsoft websites previously. The topic covers how the KDC and Kerberos GP policies work, both at a high-level and with steps…

0

New topic about upgrading domain controllers to Windows Server 2012: http://technet.microsoft.com/library/hh994618.aspx

We have published a topic about upgrading domain controllers to Windows Server 2012: http://technet.microsoft.com/library/hh994618.aspx.  It covers a lot of useful background information to help you prepare for an Active Directory upgrade, including system requirements, supported upgrade options, functional level features and requirements, application compatibility, known issues, and more. We will keep updating the topic as…

0

Active Directory Replication Status (ADREPLSTATUS) tool available on Microsoft Download Center

Update Dec 12, 2012: Thanks to the users who reported this error regarding license expiration: “The License has expired. Please download a new version of the Active Directory Replication Status tool from the Microsoft website.” Please download the tool and run the installer again to fix this issue. We want to make sure users are…


Updated Active Directory capacity planning guidance published

We recently published Capacity Planning for Active Directory Domain Services. This is a a detailed and comprehensive set of guidelines to help optimize computing resources for DCs, including considerations for virtual environments. It’s by Ken Brumfield, a Senior field engineer here at Microsoft, based on his extensive experience and research. This has been a frequently requested…


Using PowerShell to clear or remove all AIA and CDP entries in Active Directory Certificate Services for Windows Server 2012

  You may have already seen that you can deploy most Windows Server 2012 role services with Windows PowerShell. If you are interested in Active Directory Certificate Services (AD CS), you’ve probably noticed the PowerShell commands for deploying all six available CA roles: AD CS Deployment Cmdlets in Windows PowerShell. You may have also noticed…

0

Update for SetSPN – Syntax for SetSPN.exe

Breaking guidance change: Although you can use Setspn -A, you should use Setspn -S instead because -S will verify that there are no duplicate SPNs. However, if you are using Windows Server 2003 or earlier, you will not be able to use the -S switch because it is not available for that platform. In the…

0

After enabling AD Recycle Bin, can you lower tombstoneLifetime value?

Here is a great question and reply from a lead developer for AD Recycle Bin. Q: After enabling the AD Recycle Bin, is there any downside to bringing the tombstoneLifetime value down to, e.g. 7 days? On the face of it it seems sensible to do this to keep the database trim. A: With the…


Resource for understanding NTLM MaxConcurrentApi problems and how to address them

Just want to make people aware of a new topic recently posted by colleagues: Configuring MaxConcurrentAPI for NTLM pass-through authentication.  This was written by the authentication product group team themselves and has a deep explanation of how NTLM pass through authentication works and how the MaxConcurrentApi setting affects it. This Wiki also provides links to the Knowledge…


Deploying Active Directory Certificate Services (AD CS) PKI two-tier hierarchy

When I was first learning about Active Directory Certificate Services (AD CS), a colleague told me that I should search on Step-by-Step Guide with AD CS. He was right, that was a good place to get started. Starting with Windows Server 2008 R2, the Test Lab Guide concept was introduced. So, if you want to…

0