TLS Handshake errors and connection timeouts? Maybe it’s the CTL engine….

Hi There!  Marius and Tolu from the Directory Services Escalation Team.  Today, we’re going to talk about a little twist on some scenarios you may have come across at some point, where TLS connections fail or timeout for a variety of reasons.    You’re probably already familiar with some of the usual suspects like cipher suite… Read more

ESE Deep Dive: Part 1: The Anatomy of an ESE database

hi! Get your crash helmets on and strap into your seatbelts for a JET engine / ESE database special… This is Linda Taylor, Senior AD Escalation Engineer from the UK here again. And WAIT…… I also somehow managed to persuade Brett Shirley to join me in this post. Brett is a Principal Software Engineer in… Read more

Introducing Lingering Object Liquidator v2

Greetings again AskDS! Ryan Ries here. Got something exciting to talk about. You might be familiar with the original Lingering Object Liquidator tool that was released a few years ago. Today, we’re proud to announce version 2 of Lingering Object Liquidator! Because Justin’s blog post from 2014 covers the fundamentals of what lingering objects are so well, I… Read more

Active Directory Experts: apply within

Hi all! Justin Turner here from the Directory Services team with a brief announcement: We are hiring! Would you like to join the U.S. Directory Services team and work on the most technically challenging and interesting Active Directory problems? Do you want to be the next Ned Pyle or Linda Taylor? Then read more… We… Read more

Using Debugging Tools to Find Token and Session Leaks

Hello AskDS readers and Identity aficionados. Long time no blog. Ryan Ries here, and today I have a relatively “hardcore” blog post that will not be for the faint of heart. However, it’s about an important topic. The behavior surrounding security tokens and logon sessions has recently changed on all supported versions of Windows. IT… Read more

Troubleshooting failed password changes after installing MS16-101

Hi! Linda Taylor here, Senior Escalation Engineer in the Directory Services space. I have spent the last month working with customers worldwide who experienced password change failures after installing the updates under Ms16-101 security bulletin KB’s (listed below), as well as working with the product group in getting those addressed and documented in the public… Read more

Access-Based Enumeration (ABE) Troubleshooting (part 2 of 2)

Hello everyone! Hubert from the German Networking Team here again with part two of my little Blog Post Series about Access-Based Enumeration (ABE). In the first part I covered some of the basic concepts of ABE. In this second part I will focus on monitoring and troubleshooting Access-based enumeration.We will begin with a quick overview… Read more

Access-Based Enumeration (ABE) Concepts (part 1 of 2)

Hello everyone, Hubert from the German Networking Team here.  Today I want to revisit a topic that I wrote about in 2009: Access-Based Enumeration (ABE) This is the first part of a 2-part Series. This first part will explain some conceptual things around ABE.  The second part will focus on diagnostic and troubleshooting of ABE… Read more

Deploying Group Policy Security Update MS16-072 \ KB3163622

My name is Ajay Sarkaria & I work with the Windows Supportability team at Microsoft. There have been many questions on deploying the newly released security update MS16-072. This post was written to provide guidance and answer questions needed by administrators to deploy the newly released security update, MS16-072 that addresses a vulnerability. The vulnerability… Read more

The Version Store Called, and They’re All Out of Buckets

Hello, Ryan Ries back at it again with another exciting installment of esoteric Active Directory and ESE database details! I think we need to have another little chat about something called the version store. The version store is an inherent mechanism of the Extensible Storage Engine and a commonly seen concept among databases in general…. Read more