Microsoft's official enterprise support blog for AD DS and more
Hi folks, Ned here again. We've been asked many times to provide more specific information on what USMT migrates when using the included manifests and calling the OS' built-in manifests . We've touched on these details previously in the so-called "operating system components" listed under TechNet article "What Does USMT Migrate". After deeper investigation over… Read more
Hi guys, Joji Oshima here again. Today I want to talk about configuring Kerberos authentication to work in a load-balanced environment. This is a more advanced topic that requires a basic understanding of how Kerberos works. If you want an overview of Kerberos, I would suggest Rob’s excellent post, Kerberos for the Busy Admin. In… Read more
It’s been four years and 591 posts since AskDS reached critical mass. You’d hope our party would look like this: But it’s more likely to be: Without you, we’d be another of those sites that glow red hot, go supernova, then collapse into a white dwarf. We really appreciate your comments, questions, and occasional attaboys…. Read more
Hiya folks, Ned here again. This week we talk: DC DNS A Records and Web Servers Forwarding Security event log subscriptions Domain password filters Auditing NTLM vs NTLMv2 on Win2003 Programmatically determining if UNC is DFS namespace DFSR and Excel Shared Workbooks DFS, DC, Delegation, and Domain Admins Other nonsense Start the word punching! Question… Read more
Ned here. We rarely release USMT KB articles, so this post is to spread the word on a scenario that is easy to run into: do not allow calling of the Microsoft-Windows-COM-ComPlus-Setup-DL or Windows-COM-ComPlus-Setup manifests if migrating from x86 to x64. Bad things will happen otherwise, and while fixing it is easy on one machine,… Read more
Heya folks, Ned here again. Microsoft is legendary for its backwards compatibility. No other operating system family can claim to support as much older software and settings as Windows – heck, companies like Apple seem to proudly cut “legacy” support after a few years and spin it like it’s a positive. Man, that is an… Read more
Hiya folks, Ned here again. I finally have an editor that allows anchors on all the questions, so I am adding a quasi “table of contents” for these posts that allow easier navigation and linking. I’ll retrofit all the old mail sack articles too… eventually. This week we discuss – eh – let’s have the… Read more
Hi guys, Joji Oshima here with my first post. A common problem we see is SID translation failure. The problem usually occurs when you add users or groups from a trusted domain into your domain local groups. What you hope to see is the friendly names of the users, and their domain: Unfortunately, you only… Read more
Ned here. As you can tell, I’ve been gone for a bit – hang tight, I’m replying to all these emails. In the meantime, here’s what I was up to: San Diego Comic-Con 2011 Oh sure, now you’re interested. 🙂 A sampling of what my Windows Phone 7 camera and I came up with during… Read more
Hi folks, Ned here again. This week I talk about Vista’s hidden AD schema, SYSVOL migration mission control, kick-starting cached logon performance, USMT c’est la vie, foul-mouthed NetBIOS, DFSR do-over, and the usual random goo. What to do with a Version 39 (Vista Beta) AD Schema When to migrate SYSVOL – Win2008 or Win2008 R2… Read more