Two lines that can save your AD from a crisis

Editor’s note:  This is the first of very likely many “DS Quickies”.  “Quickies” are shorter technical blog posts that relate hopefully-useful information and concepts for you to use in administering your networks.  We thought about doing these on Twitter or something, but sadly we’re still too technical to be bound by a 140-character limit 🙂 For those… Read more

ADAMSync + (AD Recycle Bin OR searchFlags) = "FUN"

Hello again ADAMSyncers! Kim Nichols here again with what promises to be a fun and exciting mystery solving adventure on the joys of ADAMSync and AD Recycle Bin (ADRB) for AD LDS. The goal of this post is two-fold: Explain AD Recycle Bin for AD LDS and how to enable it Highlight an issue that… Read more

Monthly Mail Sack: Yes, I Finally Admit It Edition

Heya folks, Ned here again. Rather than continue the lie that this series comes out every Friday like it once did, I am taking the corporate approach and rebranding the mail sack. Maybe we’ll have the occasional Collector’s Edition versions. This week month, I answer your questions on: The semi-myth of Kerberos time skew Finding… Read more

Managing the Recycle bin with Redirected Folders with Vista or Windows 7

Hi, Gary here, and I have been seeing a few more questions regarding the recycle bin on redirected folders. With the advent of Windows Vista there was a change in redirected folders and the support for the Recycle bin. Now each redirected folder has a Recycle Bin associated with it. Windows XP only implemented it… Read more

Managing RID Pool Depletion

Hiya folks, Ned here again. When interviewing a potential support engineer at Microsoft, we usually start with a softball question like “what are the five FSMO roles?” Everyone nails that. Then we ask what each role does. Their face scrunches a bit and they get less assured. “The RID Master… hands out RIDs.” Ok, what… Read more

Friday Mail Sack: Tuesday To You Edition

Hi folks, Ned here again. It’s a long weekend here in the United States, so today I talk to you tell myself about a domain join issue one can only see in Win7/R2 or later, what USMT hard link migrations really do, how to poke LDAP in legacy PowerShell, time zone migration, and an emerging… Read more

Certificate Authority disaster recovery steps when smartcard logon is required but no valid CRL can be published

[Editor’s note: this is a reprinted post from the AD Troubleshooting Blog. If you’re not already a subscriber to that blog, you absolutely need to add it to your feed. Ingolfur is a Sr. Support Escalation Engineer in Sweden and a very smart dude – with rather odd hair – who deserves your attention. Make… Read more

Disk Image Backups and Multi-Master Databases (or: how to avoid early retirement)

Hi folks, Ned here again. We published a KB a while back around the dangers of using virtualized snapshots with DFSR: Distributed File System Replication (DFSR) no longer replicates files after restoring a virtualized server’s snapshot Customers have asked me some follow up questions I address today. Not because the KB is missing info (it’s… Read more

Restrictions for Unauthenticated RPC Clients: The group policy that punches your domain in the face

Hi folks, Ned here again. Around six years ago we released Service Pack 1 for Windows Server 2003. Like Windows XP SP2, it was a security-focused update. It was the first major server update since the Trustworthy Computing initiative began so there were things like a bootstrapping firewall, Data Execution Protection, and the Security Configuration… Read more

Designing and Implementing a PKI: Part V Disaster Recovery

The series: Designing and Implementing a PKI: Part I Design and Planning Designing and Implementing a PKI: Part II Implementation Phases and Certificate Authority Installation Designing and Implementing a PKI: Part III Certificate Templates Designing and Implementing a PKI: Part IV Configuring SSL for Web Enrollment and Enabling Key Archival Designing and Implementing a PKI:… Read more