New KB articles December 22-28

Hi, Craig here. We are going to be posting the new KB articles that relate to Directory Services. Here are the ones published between Dec. 22-28. For the most part the articles will be for components that our group supports, but we’ll also throw in ones that are related to networking, administration, or troubleshooting. KB… Read more

Replacing an Expired DRA Certificate

Hi, Tom here from the Directory Services team. One of the most common EFS issues we see is for an expired Domain Data Recovery Agent (DRA) certificate. It is also one of the easiest things to resolve. You may have seen the error Recovery Policy for this system contains an invalid recovery certificate or ERROR_BAD_RECOVERY_POLICY…. Read more

New DFSR Data Restoration Script

Hi, Ned here. Just a quick heads up – there is a new DFSR data recovery script posted below. This allows you to restore data from the ConflictAndDeleted or PreExisting folders within DFSR, primarily during disaster recovery. As always, we prefer you use your backup system to do this, as the script is 'at your own… Read more

Which KB articles resolve the most Directory Services issues?

Hi, Craig here. It can be frustrating to call support only to have your issue resolved by an article in the Microsoft Knowledge Base. Sometimes you are just happy to get the problem solved, but most people prefer to solve something themselves and avoid calling support. So it may be interesting to know which KB… Read more

Troubleshooting networks without NetMon

Hi, Ned here. You may already be asking yourself why I’m writing about network troubleshooting. Isn’t this the Directory Services blog? Don’t we just care about Kerberos and group policies and the like? Shouldn’t the Networking team do all this heavy TCP/IP lifting? Well, without the network, Active Directory and all its little pieces don’t… Read more

An old-new way to get Group Policy Results

Hi, Mike again. Here is the scenario: you’re sitting in front of a workstation that has been diagnosed with a Group Policy problem. You scurry to a command prompt and type the ever familiar GPRESULT.EXE and redirect the output to a text file. Then, proceed to open the file in your favorite text editor and… Read more

Introducing Group Policy Preferences

Hi, Mike here. Have you ever wanted to map a drive for specific users at logon—without using a logon script? Have you ever wanted to change the local administrator’s password on all your client computers? Have you ever wanted to add items to a user’s Start menu? Now you can with Windows Server 2008, which… Read more

Cool Auditing Tricks in Vista and 2008

Hi, Ned here again. Today I’m going to show some interesting new features of Auditing in Windows Vista and Windows Server 2008 that can be used for troubleshooting problems or seeing what’s happening in your environment. I’ll be building upon some of the basic information Dave Beach talked about in ‘Introducing Auditing Changes in Windows… Read more

How to troubleshoot Certificate Enrollment in the MMC Certificate Snap-in

Hi, Seth Scruggs here from the Directory Services team. Today I’m going to discuss how to troubleshoot certificate enrollment in Windows using a Windows Server 2003 Certification Authority (CA). Before you read on, make sure you have the Windows Server 2003 Resource Kit, the Windows Server 2003 or Windows XP Support tools, and the Windows… Read more

What’s in a Token

Hi, Randy here. This is my first blog post to help explain authentication and authorization. This post will be helpful in understanding “Access is Denied” messages and how to troubleshoot when these happen. I’d like to start with an explanation of the security token. When you log on to a system, you provide credentials in… Read more