Two lines that can save your AD from a crisis

Editor’s note:  This is the first of very likely many “DS Quickies”.  “Quickies” are shorter technical blog posts that relate hopefully-useful information and concepts for you to use in administering your networks.  We thought about doing these on Twitter or something, but sadly we’re still too technical to be bound by a 140-character limit 🙂 For those… Read more

Monthly Mail Sack: Yes, I Finally Admit It Edition

Heya folks, Ned here again. Rather than continue the lie that this series comes out every Friday like it once did, I am taking the corporate approach and rebranding the mail sack. Maybe we’ll have the occasional Collector’s Edition versions. This week month, I answer your questions on: The semi-myth of Kerberos time skew Finding… Read more

Friday Mail Sack: Best Post This Year Edition

Hi folks, Ned here and welcoming you to 2012 with a new Friday Mail Sack. Catching up from our holiday hiatus, today we talk about: Disabling Administrative Shares Making Get-ADDomainController useful’er Kerberos group bloat USMT moving profiles back from other disks The DFSR service and backups AGPM and “out of band” built-in policy changes USMT… Read more

Friday Mail Sack: Tuesday To You Edition

Hi folks, Ned here again. It’s a long weekend here in the United States, so today I talk to you tell myself about a domain join issue one can only see in Win7/R2 or later, what USMT hard link migrations really do, how to poke LDAP in legacy PowerShell, time zone migration, and an emerging… Read more

Disk Image Backups and Multi-Master Databases (or: how to avoid early retirement)

Hi folks, Ned here again. We published a KB a while back around the dangers of using virtualized snapshots with DFSR: Distributed File System Replication (DFSR) no longer replicates files after restoring a virtualized server’s snapshot Customers have asked me some follow up questions I address today. Not because the KB is missing info (it’s… Read more

Restrictions for Unauthenticated RPC Clients: The group policy that punches your domain in the face

Hi folks, Ned here again. Around six years ago we released Service Pack 1 for Windows Server 2003. Like Windows XP SP2, it was a security-focused update. It was the first major server update since the Trustworthy Computing initiative began so there were things like a bootstrapping firewall, Data Execution Protection, and the Security Configuration… Read more

Friday Mail Sack: Geek Week Edition

Hey all, Ned here again. Welcome back from Christmas, New Years, etc. Today we talk some BitLocker, SSL, DFS, FRS, MS news, and some geeky goo. Despite us being offline for the past few weeks, we weren’t deluged with new questions – glad you took some time off, you deserved it. Yoink! Bitlocker key backup… Read more

Friday Mail Sack: Not Particularly Terrifying Edition

Hiya folks, Ned here again. In today’s Mail Sack I discuss SP1, DFSR, GPP passwords, USMT, backups, AD disk configurations, and the importance of costumed pets. Boo. Win7/R2 SP1 RC in production USMT ramp up Daily DFSR health reports Recommendations for separating AD folders and files onto different disks GPP admin password maintenance DFSR read-only… Read more

Friday Mail Sack: Cluedo Edition

Hello there folks, it’s Ned. I’ve been out of pocket for a few weeks and I am moving to a new role here, plus Scott and Jonathan are busy as #$%#^& too, so that all adds up to the blog suffering a bit and the mail sack being pushed a few times. Never fear, we’re… Read more

Best practices around Active Directory Authoritative Restores in Windows Server 2003 and 2008

It’s your guest writer Herbert Mauerer again. A very common AD disaster is an unexpected deletion or modification of objects. Unlike a bad football match or family meeting, you can prepare for that and make the crisis more bearable. In this blog, I will discuss best practices of Windows Server 2003 and 2008 forest level… Read more