Interesting findings on SETSPN -x -f

Hello folks, this is Herbert from the Directory Services support team in Europe! Kerberos is becoming increasingly mandatory for really cool features such as Protocol Transition.  Moreover, as you might be painfully aware, managing Service Principal Names (SPN’s) for the use of Kerberos by applications can be daunting at times. In this blog, we will not… Read more

Intermittent Mail Sack: Must Remember to Write 2013 Edition

Hi all, Jonathan here again with the latest edition of the Intermittent Mail Sack. We’ve had some great questions over the last few weeks so I’ve got a lot of material to cover. This sack, we answer questions on: Issues upgrading DFSR hub servers to Windows Server 2012 AD FS Sign-out behavior Dynamic Access Control… Read more

Friday Mail Sack: Get Off My Lawn Edition

Hi folks, Ned here again. I know this is supposed to be the Friday Mail Sack but things got a little hectic and… ah heck, it doesn’t need explaining, you’re in IT. This week – with help from the ever-crotchety Jonathan Stephens – we talk about: Multiple WMI Filters LDAP MaxPoolThreads Many-to-one certificate mappings LinkID… Read more

Friday Mail Sack: They Pull Me Back in Edition

Hiya world, Ned is back with your best questions and comments. I’ve been off to teach this fall’s MCM, done Win8 stuff, and generally been slacking keeping busy; sorry for the delay in posting. That means a hefty backlog – get ready to slurp. Today we talk: Weirdness with NETDOM versus NLTEST when returning DCs… Read more

Cluster and Stale Computer Accounts

Hi, Mike here again. Today, I want to write about a common administrative task that can lead to disaster: removing stale computer accounts from Active Directory. Removing stale computer accounts is simply good hygiene– it’s the brushing and flossing of Active Directory. Like tartar, computer accounts have the tendency to build up until they become… Read more

Fun with the AD Administrative Center

Hi folks, Ned here again. We introduced the AD Administrative Center in Windows Server 2008 R2 to much fanfare. Wait, I mean we told no one and for good measure, we left the old AD Users and Computers tool in-place. Then we continued referencing it in all our documentation. And people say we’re a marketing… Read more

What does DCDIAG actually… do?

Hi folks, Ned here again. I recently wrote a KB article about some expected DCDIAG.EXE behaviors. This required reviewing DCDIAG.EXE as I wasn’t finding anything deep in TechNet about the “Services” test that had my interest. By the time I was done, I had found a dozen other test behaviors I had never known existed…. Read more