Interesting findings on SETSPN -x -f

Hello folks, this is Herbert from the Directory Services support team in Europe! Kerberos is becoming increasingly mandatory for really cool features such as Protocol Transition.  Moreover, as you might be painfully aware, managing Service Principal Names (SPN’s) for the use of Kerberos by applications can be daunting at times. In this blog, we will not… Read more

Intermittent Mail Sack: Must Remember to Write 2013 Edition

Hi all, Jonathan here again with the latest edition of the Intermittent Mail Sack. We’ve had some great questions over the last few weeks so I’ve got a lot of material to cover. This sack, we answer questions on: Issues upgrading DFSR hub servers to Windows Server 2012 AD FS Sign-out behavior Dynamic Access Control… Read more

Friday Mail Sack: Get Off My Lawn Edition

Hi folks, Ned here again. I know this is supposed to be the Friday Mail Sack but things got a little hectic and… ah heck, it doesn’t need explaining, you’re in IT. This week – with help from the ever-crotchety Jonathan Stephens – we talk about: Multiple WMI Filters LDAP MaxPoolThreads Many-to-one certificate mappings LinkID… Read more

Friday Mail Sack: They Pull Me Back in Edition

Hiya world, Ned is back with your best questions and comments. I’ve been off to teach this fall’s MCM, done Win8 stuff, and generally been slacking keeping busy; sorry for the delay in posting. That means a hefty backlog – get ready to slurp. Today we talk: Weirdness with NETDOM versus NLTEST when returning DCs… Read more

Cluster and Stale Computer Accounts

Hi, Mike here again. Today, I want to write about a common administrative task that can lead to disaster: removing stale computer accounts from Active Directory. Removing stale computer accounts is simply good hygiene– it’s the brushing and flossing of Active Directory. Like tartar, computer accounts have the tendency to build up until they become… Read more

Fun with the AD Administrative Center

Hi folks, Ned here again. We introduced the AD Administrative Center in Windows Server 2008 R2 to much fanfare. Wait, I mean we told no one and for good measure, we left the old AD Users and Computers tool in-place. Then we continued referencing it in all our documentation. And people say we’re a marketing… Read more

What is the Impact of Upgrading the Domain or Forest Functional Level?

Hello all, Jonathan here again. Today, I want to address a question that we see regularly. As customers upgrade Active Directory, and they inevitably reach the point where they are ready to change the Domain or Forest Functional Level, they sometimes become fraught. Why is this necessary? What does this mean? What’s going to happen?… Read more

You probably don’t need ACCTINFO2.DLL

Hi folks, Ned here again. Customers periodically ask us for a rumored replacement for the Windows 2000 acctinfo.dll that works on 64-bit Windows 7 and Windows Server 2008 R2. That old DLL added an extra tab to the Active Directory Users and Computers snap-in to centralize some user account info: Pretty cool. You can see… Read more

What does DCDIAG actually… do?

Hi folks, Ned here again. I recently wrote a KB article about some expected DCDIAG.EXE behaviors. This required reviewing DCDIAG.EXE as I wasn’t finding anything deep in TechNet about the “Services” test that had my interest. By the time I was done, I had found a dozen other test behaviors I had never known existed…. Read more