Migrating your Certification Authority Hashing Algorithm from SHA1 to SHA2

  Hey all, Rob Greene here again. Well it’s been a very long while since I have written anything for the AskDS blog. I’ve been heads down supporting all the new cool technology from Microsoft. I wanted to see if I could head off some cases coming our way with regard to the whole SHA1… Read more

Windows PowerShell remoting and delegating user credentials

Hey all Rob Greene here again. Yeah, I know, it’s been a while since I’ve written anything for you good people of the Internet. I recently had an interesting issue with the Active Directory Web Services and the Active Directory Windows PowerShell 2.0 modules in Windows 7 and Windows Server 2008 R2. Let me explain… Read more

RSA Key Blocking is Coming

Hey all, Ned here again with one of my rare public service announcement posts: In August 2012, Microsoft will issue a software update for Windows XP, Windows Server 2003, Windows Server 2003 R2, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. The update will block the use of RSA cryptographic keys… Read more

Friday Mail Sack: Drop the dope, hippy! edition

Hi all, Ned here again with an actual back to back mail sack. This week we discuss: Running out of USNs and Versions DFSR RDC LAN WAN FWIW AOK NPS and dotted NetBIOS domain names USMT and the case of the failing sourcepriority Revisiting NIC teaming Weird DFSR files MaxConcurrentAPI in depth (elsewhere) KB2663685 DFSR… Read more

Friday Mail Sack: Best Post This Year Edition

Hi folks, Ned here and welcoming you to 2012 with a new Friday Mail Sack. Catching up from our holiday hiatus, today we talk about: Disabling Administrative Shares Making Get-ADDomainController useful’er Kerberos group bloat USMT moving profiles back from other disks The DFSR service and backups AGPM and “out of band” built-in policy changes USMT… Read more

Friday Mail Sack: Guest Reply Edition

Hi folks, Ned here again. This week we talk: CA migration from 1 to 2 tier ADAM/ADLDS P2V ABC 123 Managing AGPM security filters Multiple IIS App pools and Kerberos AGPM multi-domain comparison ADUC domain password weirdness DFSR deletion conflict handling Stale account deletion ad nauseum AD PowerShell, Get-Acl, and the missing objects that aren’t… Read more

AskDS is 12,614,400,000,000,000 shakes old

It’s been four years and 591 posts since AskDS reached critical mass. You’d hope our party would look like this:  But it’s more likely to be: Without you, we’d be another of those sites that glow red hot, go supernova, then collapse into a white dwarf. We really appreciate your comments, questions, and occasional attaboys…. Read more

USMT and Converting Registry Data Types

Heya folks, Ned here again. Microsoft is legendary for its backwards compatibility. No other operating system family can claim to support as much older software and settings as Windows – heck, companies like Apple seem to proudly cut “legacy” support after a few years and spin it like it’s a positive. Man, that is an… Read more

How to setup a federation with Automatic Data Processing, Inc (ADP) using ADFS 2.0

Hey all, Rob Greene here again. We have been getting calls recently on how to use ADFS 2.0 to federate with ADP, so today I explain how. Disclaimer: If you have problems with connecting to ADP, your first call should be to them. If after talking with ADP you need further assistance you then open… Read more

iPad / iPhone Certificate Issuance

Hey all, Rob here again. It’s been a while since I have written a blog post, and this one was too interesting to pass up. I recently worked a case around deploying certificates to Apple iPhones and iPads to secure their network communications. The investigation uncovered that Apple devices can get certificates via the Simple… Read more