Interesting findings on SETSPN -x -f

Hello folks, this is Herbert from the Directory Services support team in Europe! Kerberos is becoming increasingly mandatory for really cool features such as Protocol Transition.  Moreover, as you might be painfully aware, managing Service Principal Names (SPN’s) for the use of Kerberos by applications can be daunting at times. In this blog, we will not… Read more

Intermittent Mail Sack: Must Remember to Write 2013 Edition

Hi all, Jonathan here again with the latest edition of the Intermittent Mail Sack. We’ve had some great questions over the last few weeks so I’ve got a lot of material to cover. This sack, we answer questions on: Issues upgrading DFSR hub servers to Windows Server 2012 AD FS Sign-out behavior Dynamic Access Control… Read more

….And knowing is half the battle!

Jonathan here. Chuck Timon over on the AskCore blog has a new post that you folks testing with Windows Server 2012 should know about. If you’re playing around with Hyper-V, do yourself a favor and have a read before you call Support. Logon Failures Involving Virtual Machines in Windows Server 2012 Jonathan “Snake Eyes” Stephens… Read more

Windows Server 2012 Shell game

Here’s the scenario, you just downloaded the RTM ISO for Windows Server 2012 using your handy, dandy, “wondermus” Microsoft TechNet subscription. Using Hyper-V, you create a new virtual machine, mount the ISO and breeze through the setup screen until you are mesmerized by the Newton’s cradle-like experience of the circular progress indicator Click…click…click…click– installation complete;… Read more

Monthly Mail Sack: I Hope Your Data Plan is Paid Up Edition

Hi all, Ned here again with that thing we call love. Blog! I mean blog. I have a ton to talk about now that I have moved to the monthly format, and I recommend you switch to WIFI if you’re on your phone. This round I answer your questions on: Reattaching DCs in Windows Server… Read more

Let the Blogging begin…

Hello AskDS Readers. Mike here again. If you notice, Ned posted one of our first Windows Server 2012 RTM blogs a while back (Managing RID Issuance in Windows Server 2012). Yes friends, the gag order has been lifted and we are allowed to spout mountains of technical goodness about Windows Server 2012 and Windows 8…. Read more

Windows Server 2012 GA

Hey folks, Ned here again to tell you what you probably already know: Windows Server 2012 is now generally available: Understand the vision Visit the launch page and learn what’s new Download the trial Go deeper in TechNet Visit the full family of Microsoft Windows Server blogs I don’t often recommend “vision” posts, but Satya… Read more

Monthly Mail Sack: Yes, I Finally Admit It Edition

Heya folks, Ned here again. Rather than continue the lie that this series comes out every Friday like it once did, I am taking the corporate approach and rebranding the mail sack. Maybe we’ll have the occasional Collector’s Edition versions. This week month, I answer your questions on: The semi-myth of Kerberos time skew Finding… Read more

Detaining Docs with DAC

Hey all, Ned here again with a quick advert: Robert Deluca from our Partner and Customer team just published a blog post on Dynamic Access Control. He walks through the configuration of “document quarantine” to protect sensitive data on file shares and automatically clean up files that violate storage policies. We’ve seen a lot of… Read more

Managing RID Issuance in Windows Server 2012

Hi all, Ned here again to talk further about managing your RID pool. By default, a domain has capacity for roughly one billion security principals, such as users, security groups, managed service accounts, and computers. If you run out, you can’t create any more. There aren’t any domains with that many active objects, of course,… Read more