Introducing Lingering Object Liquidator v2

Greetings again AskDS! Ryan Ries here. Got something exciting to talk about. You might be familiar with the original Lingering Object Liquidator tool that was released a few years ago. Today, we’re proud to announce version 2 of Lingering Object Liquidator! Because Justin’s blog post from 2014 covers the fundamentals of what lingering objects are so well, I… Read more

Using Debugging Tools to Find Token and Session Leaks

Hello AskDS readers and Identity aficionados. Long time no blog. Ryan Ries here, and today I have a relatively “hardcore” blog post that will not be for the faint of heart. However, it’s about an important topic. The behavior surrounding security tokens and logon sessions has recently changed on all supported versions of Windows. IT… Read more

The Version Store Called, and They’re All Out of Buckets

Hello, Ryan Ries back at it again with another exciting installment of esoteric Active Directory and ESE database details! I think we need to have another little chat about something called the version store. The version store is an inherent mechanism of the Extensible Storage Engine and a commonly seen concept among databases in general…. Read more

Previewing Server 2016 TP4: Temporary Group Memberships

Disclaimer: Windows Server 2016 is still in a Technical Preview state – the information contained in this post may become inaccurate in the future as the product continues to evolve. More specifically, there are still issues being ironed out in other parts of Privileged Access Management in Technical Preview 4 for multi-forest deployments.   Watch for… Read more

“Administrative limit for this request was exceeded" Error from Active Directory

Hello, Ryan Ries here with my first AskDS post! I recently ran into an issue with a particular environment where Active Directory and UNIX systems were being integrated.  Microsoft has several attributes in AD to facilitate this, and one of those attributes is the memberUid attribute on security group objects.  You add user IDs to… Read more