An update for ADMT, and a few other things too.

So, we’ve been quiet for a few months, which is extraordinarily embarrassing after I basically told everyone that we were going to not do that. The reality of what we do in support is that sometimes it’s “All Hands on Deck”, which is where we’ve been lately. At any rate, here’s some assorted news, updates,… Read more

Important Announcement: AD FS 2.0 and MS13-066

Update (8/19/13): We have republished MS13-066 with a corrected version of the hotfixes that contributed to this problem.  If you had held off on installing the update, it should be safe to install on all of your ADFS servers now.   The updated security bulletin is here: http://technet.microsoft.com/en-us/security/bulletin/MS13-066   Thanks everyone for your patience with… Read more

MD5 Signature Hash Deprecation and Your Infrastructure

Hi everyone, David here with a quick announcement. Yesterday, MSRC announced a timeframe for deprecation of built-in support for certificates that use the MD5 signature hash. You can find more information here: http://blogs.technet.com/b/srd/archive/2013/08/13/cryptographic-improvements-in-microsoft-windows.aspx Along with this announcement, we’ve released a framework which allows enterprises to test their environment for certificates that might be blocked as part of the upcoming… Read more

DFS Replication in Windows Server 2012 R2 and other goodies, now available on the Filecab blog!

Over at the Filecab blog, AskDS alum and all-around nice guy Ned Pyle has posted the first of several blogs about new features coming your way in Windows Server 2012 R2.  If you’re a DFS administrator or just curious, go take a look! Ned promises more posts in the near future, and Filecab is near and… Read more

Roaming Profile Compatibility – The Windows 7 to Windows 8 Challenge

[Editor’s note:  Everything Mark mentions for Windows 8 clients here is also true for Windows 8.1 clients.  Windows 8 and Windows 8.1 clients use the same (v3) profile version, so the 8.1 upgrade will not prevent this from happening if you have roaming profiles in your environment.  Something to be aware of if you’re planning… Read more

Because TechNet didn’t have enough Active Directory awesomeness already

Time for a quick lesson in blog history.  There’ll be a quiz at the end!  Ok not really, but some history all the same. Back a few years ago when we here at Microsoft were just starting to get savvy to this whole blog thing, one of our support escalation engineers, Tim Springston, decided to… Read more

Interesting findings on SETSPN -x -f

Hello folks, this is Herbert from the Directory Services support team in Europe! Kerberos is becoming increasingly mandatory for really cool features such as Protocol Transition.  Moreover, as you might be painfully aware, managing Service Principal Names (SPN’s) for the use of Kerberos by applications can be daunting at times. In this blog, we will not… Read more

Windows Server 2012 R2 – Preview available for download

Just in case you missed the announcement, the preview build of Windows Server 2012 R2 is now available for download.  If you want to see the latest and greatest, head on over there and take a gander at the new features.  All of us here in support have skin in this game, but Directory Services… Read more

Two lines that can save your AD from a crisis

Editor’s note:  This is the first of very likely many “DS Quickies”.  “Quickies” are shorter technical blog posts that relate hopefully-useful information and concepts for you to use in administering your networks.  We thought about doing these on Twitter or something, but sadly we’re still too technical to be bound by a 140-character limit 🙂 For those… Read more