Certificate Enrollment Web Services

Hey everyone, Rob here again. With the release of Windows Server 2008 R2 and Windows 7 we have added new methods of enrolling for certificates: Certificate Enrollment Policy (CEP) and Certificate Enrollment Service (CES). CEP is a web service that enables users and computers to obtain certificate enrollment policy information. This information includes what types… Read more

It’s Lucha Libre Friday

I have a teammate with too much time, money and Ebay expertise on his hands. So I am now a luchador. In other news, our holiday posting drought should be at an end – plenty of blog stuff in the pipeline coming your way soon. Stay tuned. – Ned “corto y el mal” Pyle… Read more

New Directory Services KB Articles/Blogs 1/10-1/23

KB 978155 A memory leak occurs when an ADO Recordset object calls the UpdateBatch method 976779 Windows Automation API 3.0 release notes 977211 The DFS Replication service exits unexpectedly on a computer that is running Windows Server 2003 R2 SP2 977692 The Lsass.exe process exits unexpectedly on a domain controller that is running Windows Server… Read more

File Services Management Pack for System Center Operations Manager 2007 – Beta now open

Hi all, Ned here again. We’ve gotten word that the SCOM 2007 management pack for file services has reached beta and is available to the public on our Connect site. Here’s the info: Overview The File Services Team is proud to announce the beta release of our File Services Management Pack for System Center Operations… Read more

New Directory Services KB Articles/Blogs 1/3-1/9

KB 977983 Group Policy preferences client-side extension hotfix rollup for Windows Vista 971357 User password is set to NULL when you use Group Policy Preferences to create a user account Blogs The importance of following ALL the authoritative restore steps Clustered Certification Authority maintenance tasks Understanding DFSR conflict algorithms (and doing something about conflicts) Speaking… Read more

The importance of following ALL the authoritative restore steps

Hello, David Everett here again. Recently a customer contacted Microsoft Product Support to determine why the Connect to Domain Controller option in Active Directory Users and Computers (aka: ADUC or dsa.msc) was generating an incomplete list of Domain Controllers (DCs) for one domain. Even though the list of available DCs was truncated we found we… Read more

Clustered Certification Authority maintenance tasks

Hi all Rob Greene here again. I thought I would share with you how to do some common tasks with a Windows Server 2008 clustered Certification Authority (CA). When the CA is clustered there are definitely different steps that need to be taken when you: Make a change to the behavior of the CA by… Read more

New Directory Services KB Articles/Blogs 12/20-1/2

KB 974841 An update is available for Windows XP to support protocol negotiation for remote procedure call (RPC) over HTTP Authentication 958147 The Member ID field is logged incorrectly in the audit event on a Windows Server 2003 domain controller if you add a user of a different domain to a universal group 955007 The… Read more

Understanding DFSR conflict algorithms (and doing something about conflicts)

Ned here again. I’m frequently asked to explain the DFSR conflict algorithm – i.e. what happens when files are created or modified on two servers before replication takes place. What we don’t document well is that there are actually three conflict algorithms and they all behave quite differently. I am breaking these out into scenarios… Read more