Interesting findings on SETSPN -x -f

Hello folks, this is Herbert from the Directory Services support team in Europe! Kerberos is becoming increasingly mandatory for really cool features such as Protocol Transition.  Moreover, as you might be painfully aware, managing Service Principal Names (SPN’s) for the use of Kerberos by applications can be daunting at times. In this blog, we will not… Read more

Friday Mail Sack: Carl Sandburg Edition

Hi folks, Jonathan again. Ned is taking some time off visiting his old stomping grounds – the land of Mother-in-Laws and heart-breaking baseball. Or, as Sandburg put it: “Hog Butcher for the World, Tool Maker, Stacker of Wheat, Player with Railroads and the Nation’s Freight Handler; Stormy, husky, brawling, City of the Big Shoulders” Cool,… Read more

Friday Mail Sack: It’s a Dog’s Life Edition

Hi folks, Ned here again with some possibly interesting, occasionally entertaining, and always unsolicited Friday mail sack. This week we talk some: DNS partition absence Controlling DCDIAG event messaging Inventorying SYSVOL replication architecture Weird WMI DFSR volume paths Tightening up your inactive user account queries More logon banner info Smart card logons working “too well“… Read more

Friday Mail Sack: Wahoo Edition

Hi folks, Ned here again. This week we talk GUI metadata cleanup, your useless manager (attributes), USMT abandonment and weight issues, the meaning of the DFSR nothing state, and the usual “other stuff.” Metadata cleanup when moving DCs The Manager and ManagedBy attributes Overriding USMT duplication when rerouting The DFSR uninitialized state Blocking most –… Read more

Fun with the AD Administrative Center

Hi folks, Ned here again. We introduced the AD Administrative Center in Windows Server 2008 R2 to much fanfare. Wait, I mean we told no one and for good measure, we left the old AD Users and Computers tool in-place. Then we continued referencing it in all our documentation. And people say we’re a marketing… Read more

Friday Mail Sack: LeBron is not Jordan Edition

Hi folks, Ned here again. Today we discuss trusts rules around domain names, attribute uniqueness, the fattest domains we’ve ever seen, USMT data-only migrations, kicking FRS while it’s down, and a few amusing side topics. Scottie, don’t be that way. Go Mavs. Creating trusts between forests with duplicate names Enforcing sAMAccountName uniqueness The biggest domain… Read more

Friday Mail Sack: Tuesday To You Edition

Hi folks, Ned here again. It’s a long weekend here in the United States, so today I talk to you tell myself about a domain join issue one can only see in Win7/R2 or later, what USMT hard link migrations really do, how to poke LDAP in legacy PowerShell, time zone migration, and an emerging… Read more

Viewing ADLDS traffic with Netmon – where is my LDAP?

Hi, its Linda Taylor here from the UK Directory Services Team! I have decided to make a return to the blog to show you a nice tip on how make Network traffic from ADLDS (Active Directory Lightweight Directory Services) look more readable…or in other words – to enable Netmon to parse it as LDAP. Note:… Read more

Friday Mail Sack: Now with 100% more words

Hi folks, Ned here again. It’s been nearly a month since the last Mail Sack post so I’ve built up a good head of steam. Today we discuss FRS, FSMO, Authentication, Authorization, USMT, DFSR, VPN, Interactive Logon, LDAP, DFSN, MS Certified Masters, Kerberos, and other stuff. Plus a small contest for geek bragging rights. Clickity… Read more

What does DCDIAG actually… do?

Hi folks, Ned here again. I recently wrote a KB article about some expected DCDIAG.EXE behaviors. This required reviewing DCDIAG.EXE as I wasn’t finding anything deep in TechNet about the “Services” test that had my interest. By the time I was done, I had found a dozen other test behaviors I had never known existed…. Read more