Troubleshooting networks without NetMon

Hi, Ned here. You may already be asking yourself why I’m writing about network troubleshooting. Isn’t this the Directory Services blog? Don’t we just care about Kerberos and group policies and the like? Shouldn’t the Networking team do all this heavy TCP/IP lifting? Well, without the network, Active Directory and all its little pieces don’t… Read more

An old-new way to get Group Policy Results

Hi, Mike again. Here is the scenario: you’re sitting in front of a workstation that has been diagnosed with a Group Policy problem. You scurry to a command prompt and type the ever familiar GPRESULT.EXE and redirect the output to a text file. Then, proceed to open the file in your favorite text editor and… Read more

Introducing Group Policy Preferences

Hi, Mike here. Have you ever wanted to map a drive for specific users at logon—without using a logon script? Have you ever wanted to change the local administrator’s password on all your client computers? Have you ever wanted to add items to a user’s Start menu? Now you can with Windows Server 2008, which… Read more

Cool Auditing Tricks in Vista and 2008

Hi, Ned here again. Today I’m going to show some interesting new features of Auditing in Windows Vista and Windows Server 2008 that can be used for troubleshooting problems or seeing what’s happening in your environment. I’ll be building upon some of the basic information Dave Beach talked about in ‘Introducing Auditing Changes in Windows… Read more

How to troubleshoot Certificate Enrollment in the MMC Certificate Snap-in

Hi, Seth Scruggs here from the Directory Services team. Today I’m going to discuss how to troubleshoot certificate enrollment in Windows using a Windows Server 2003 Certification Authority (CA). Before you read on, make sure you have the Windows Server 2003 Resource Kit, the Windows Server 2003 or Windows XP Support tools, and the Windows… Read more

What’s in a Token

Hi, Randy here. This is my first blog post to help explain authentication and authorization. This post will be helpful in understanding “Access is Denied” messages and how to troubleshoot when these happen. I’d like to start with an explanation of the security token. When you log on to a system, you provide credentials in… Read more

Configuring your PDCE with Alternate Time Sources

Bob Drake from Microsoft again. Often we see situations where the forest root domain PDCE is configured to acquire time from a specified authoritative NTP source but cannot due to issues outside of the local network (IE: DNS, Routing). Typically the first signs of an issue are errors like Event ID 29: “The time provider… Read more

High Accuracy W32time Requirements

Hello there. I’m Bob Drake from Microsoft’s Directory Services Team. Quite often we get inquiries on how to configure networks for high accuracy time needs.  In some cases, customers want the time accurate down to the second.  There are a lot of occasions where high accuracy is imperative (applications in the banking industry, air traffic… Read more

Introducing Auditing Changes in Windows 2008

Hi, Dave here. Auditing is a wonderful tool and we highly recommend that everyone use it on their servers.  It can really help out with diagnosing problems and determining the root cause, and of course with protecting your servers and your network.  However, over-auditing your servers can be a bad thing.  The reason that too… Read more

Documenting Active Directory Infrastructure the Easy Way

Hi, Ned here. From time to time customers ask us what their options are to document their Active Directory environments – site topologies, domains and trusts, where group policies are linked and what their settings are. Until recently we didn’t have an easy way to do this and they were forced to invest a lot… Read more