AskDS is 12,614,400,000,000,000 shakes old

It’s been four years and 591 posts since AskDS reached critical mass. You’d hope our party would look like this:  But it’s more likely to be: Without you, we’d be another of those sites that glow red hot, go supernova, then collapse into a white dwarf. We really appreciate your comments, questions, and occasional attaboys…. Read more

AskDS is 0.03 Centuries Old Today

Three years ago today the AskDS site published its first post and had its first commenter. In the meantime we’ve created 455 articles and we’re now ranked 6th in all of TechNet’s blogs, behind AskPerf, Office2010, MarkRussinovich, SBS, and HeyScriptingGuy. That’s a pretty amazing group to be lumped in with for traffic, I don’t mind… Read more

Son of SPA: AD Data Collector Sets in Win2008 and beyond

Hello, David Everett here again. This time I’m going to cover configuration and management of Active Directory Diagnostics Data Collector Sets. Data Collector Sets are the next generation of a utility called Server Performance Advisor (SPA). Prior to Windows Server 2008, troubleshooting Active Directory performance issues often required the installation of SPA. SPA is helpful… Read more

Strict Replication Consistency – Myth versus Reality

Hi, David here again. Having worked numerous lingering object cases, I find a common misunderstanding about Windows Server 2003 (or later) and its ability to automatically enforce Strict Replication Consistency. Strict Replication Consistency is a registry value that prevents destination domain controllers (DC) from replicating in lingering objects. Lingering objects are objects that have been… Read more

The importance of following ALL the authoritative restore steps

Hello, David Everett here again. Recently a customer contacted Microsoft Product Support to determine why the Connect to Domain Controller option in Active Directory Users and Computers (aka: ADUC or dsa.msc) was generating an incomplete list of Domain Controllers (DCs) for one domain. Even though the list of available DCs was truncated we found we… Read more

DFS Referrals and IPv6: Outta site!

Hi, David Everett here again to discuss an issue where DFS clients connect to out-of-site targets when the IPv6 protocol has been partially disabled using an incorrect method. The customer deployed a DFS link replicated by DFSR. An in-site DFS namespace (DFSN) target called ContosoFS1 was deployed in the branch site. It wasn’t long before… Read more

How to Migrate the AzMan Store

David Everett here again. I’ve had a couple customers contact me wanting to migrate an Authorization Manager (Azman) store and I thought others wishing to do the same might find this useful. This need typically arises when someone has been testing AzMan in a test domain and they want to preserve all of the time… Read more

The Strange Case of Unenforced Password Complexity

Hello everyone, David Everett and Scott Goad here to discuss a recent issue that we thought you might find interesting. We were working with a customer that was trying to implement password complexity, but they were not seeing the behavior that we would normally expect. The issue came about when trying to apply password complexity… Read more

Troubleshooting KCC Event Log Errors

My name is David Everett and I’m a Support Escalation Engineer on the Directory Services Support team. I’m going to discuss a recent trend I’ve seen where Active Directory Replication appears to be fine but one DC only in one (or more) sites begins logging Knowledge Consistency Checker (KCC) Warning and Error events in the… Read more