AskDS is 12,614,400,000,000,000 shakes old

It’s been four years and 591 posts since AskDS reached critical mass. You’d hope our party would look like this:  But it’s more likely to be: Without you, we’d be another of those sites that glow red hot, go supernova, then collapse into a white dwarf. We really appreciate your comments, questions, and occasional attaboys…. Read more

AskDS is 0.03 Centuries Old Today

Three years ago today the AskDS site published its first post and had its first commenter. In the meantime we’ve created 455 articles and we’re now ranked 6th in all of TechNet’s blogs, behind AskPerf, Office2010, MarkRussinovich, SBS, and HeyScriptingGuy. That’s a pretty amazing group to be lumped in with for traffic, I don’t mind… Read more

Understanding LDAP Security Processing

It’s Randy again, here to discuss LDAP security. Lightweight Directory Access Protocol is an interface used to read from and write to the Active Directory database. Therefore, your Active Directory Administration tools (i.e. AD Users and Computers, AD Sites and Services, etc.) as well as third party tools are often going to use LDAP to… Read more

Understanding Password Policies

Hey everybody, its Randy again to discuss Password Policies. I recently had a case that required excruciating detail of how Password Complexity is calculated and I will now take that opportunity to discuss some interesting facts. I need to begin this discussion by directing you to the Account Lockout Best Practices Whitepaper. This paper explains… Read more

Using Network Monitor 3 to Troubleshoot a Domain Join Failure Caused by a Black Hole Router

This is Randy again with an interesting case that I had recently. We were having problems trying to join certain workstations to the domain. We would see that every workstation in one site would join successfully and all the workstations in another site would fail with an error indicating that we could not locate a… Read more

How to get the most from your FRSDiag…

Hello all, its Randy here again. The File Replication Service (FRS) is a technology used to synchronize data between several data shares on different computers and often in different sites throughout an organization. Any change made to the FRS data is updated on all the partners that share this replication. This is the technology that… Read more

What’s in a Token (Part 2): Impersonation

It’s Randy again. In my last blog post, we discussed that the token is the identification for a process. The token object contains a list of security identifiers, rights and privileges that the Windows Security Subsystem uses to grant access to secured resources and tasks. Each process running on a computer will contain a token… Read more

What’s in a Token

Hi, Randy here. This is my first blog post to help explain authentication and authorization. This post will be helpful in understanding “Access is Denied” messages and how to troubleshoot when these happen. I’d like to start with an explanation of the security token. When you log on to a system, you provide credentials in… Read more