Speaking in Ciphers and other Enigmatic tongues…update!

Hi! Jim Tierney here again to talk to you about Cryptographic Algorithms, SCHANNEL and other bits of wonderment. My original post on the topic has gone through a rewrite to bring you up to date on recent changes in this space. So, your company purchases this new super awesome vulnerability and compliance management software suite,… Read more

Using Repadmin with ADLDS and Lingering objects

  Hi! Linda Taylor here from the UK Directory Services escalation team. This time on ADLDS, Repadmin, lingering objects and even PowerShell…. The other day a colleague was trying to remove a lingering object in ADLDS. He asked me about which repadmin syntax would work for ADLDS and it occurred to us both that all… Read more

“Administrative limit for this request was exceeded" Error from Active Directory

Hello, Ryan Ries here with my first AskDS post! I recently ran into an issue with a particular environment where Active Directory and UNIX systems were being integrated.  Microsoft has several attributes in AD to facilitate this, and one of those attributes is the memberUid attribute on security group objects.  You add user IDs to… Read more

SHA1 Key Migration to SHA256 for a two tier PKI hierarchy

Hello. Jim here again to take you through the migration steps for moving your two tier PKI hierarchy from SHA1 to SHA256. I will not be explaining the differences between the two or the supportability / security implementations of either. That information is readily available, easily discoverable and is referenced in the links provided below…. Read more

Troubleshoot ADFS 2.0 with these new articles

Hi all, here’s a quick public service announcement to highlight some recently published ADFS 2.0 troubleshooting guidance. We get a lot of questions about configuring and troubleshooting ADFS 2.0, so our support and content teams have pitched in to create a series of troubleshooting articles to cover the most common scenarios. ADFS 2.0 connectivity problems:… Read more

A Treatise on Group Policy Troubleshooting–now with GPSVC Log Analysis!

Hi all, David Ani here from Romania. This guide outlines basic steps used to troubleshoot Group Policy application errors using the Group Policy Service Debug logs (gpsvc.log). A basic understanding of the logging discussed here will save time and may prevent you from having to open a support ticket with Microsoft. Let's get started. The… Read more

Migrating your Certification Authority Hashing Algorithm from SHA1 to SHA2

  Hey all, Rob Greene here again. Well it’s been a very long while since I have written anything for the AskDS blog. I’ve been heads down supporting all the new cool technology from Microsoft. I wanted to see if I could head off some cases coming our way with regard to the whole SHA1… Read more

DFSR: Limiting the Number of Imported Replicated Folders when using DB cloning

Hello! Warren here to talk about a very specific scenario involving the new DB cloning feature added to DFSR in Windows Server 2012 R2. The topic is how to limit or control which RFs you import on the import server in a DB cloning scenario. Ned Pyle has already covered in detail the topic of… Read more