Too Many Admins in Your Domain: Expose the Problem(s) and Find a Solution. (Don’t forget PowerShell)

In my role as a transactional PFE, I have the privilege of visiting 40-50 customers per year. Often I’m called in to perform an Assessment of the Active Directory Infrastructure. Without a doubt, one of the biggest challenges most customers face is managing the membership of the privileged groups in their domain. The challenge manifests… Read more

The Case of the Missing SRV Records

I was recently on site with a customer performing an ADRAP when we found that several domain controllers were missing certain generic SRV records from DNS. The environment had around one-hundred DCs and thirty of them were missing records. Unsure why this was inconsistent, we started to investigate, first by restarting the netlogon service on… Read more

Becoming an Xperf Xpert Part 2: Long Running Logon Scripts, Inconceivable!

Login scripts once implemented in an environment tend to never really get removed. They are always there, running. The fact that many of these login script functionality, such as mapping drives, could be moved to Group Policy Preferences ( ). The real question is do you know how long your login scripts take to complete?… Read more

Clustering: What exactly is a File Share Witness and when should I use one?

Customers ask from time to time: “What is a File Share Witness (FSW)?” Sometimes they’ve worked with prior versions of clustering and don’t know what a FSW is, or that the option exists. The next question asked is usually: “When should we use one?” Before going into that, I’ll review some subtle differences between legacy… Read more

Becoming an Xperf Xpert: The Slow Boot Case of the NetTCPPortSharing and NLA Services

So now that you are in the loop on the XPERF greatness, let’s look at a real world example of how XPERF can help us optimize boottimes.  (For those of you that missed the XPERF memo, go back and read Mark’s post) When we first started looking at this client laptop, he was getting to… Read more

Slow Boot Slow Logon (SBSL), A Tool Called XPerf and Links You Need To Read

For the last 6 months I’ve been saying I was going to write a series of posts around the topics of slow boot slow logon (SBSL) and how to use Xperf, but stuff kept coming up. While I kept missing the boat some other awesome engineers totally ate my lunch on this topic and posted… Read more

A Global Enterprise … in your basement?

In case you haven’t heard, we’re hard at work on the next release of Windows Windows Server 2012 – Windows 8 – As an IT Pro, you have to continually learn new things. A challenge many of us in IT face when a product is released/updated is “how to learn the new product.” Additionally, in… Read more

Best Practices for Implementing Schema Updates or : How I Learned to Stop Worrying and Love the Forest Recovery

Note:  This is general best practice guidance for implementing schema extensions, not the testing of their functionality.  There may be some additional best practices around design and functionality of schema extensions that should be considered.  Understand that the implementation of a schema extension may well succeed, but the functionality around the extension may not behave… Read more

MCM: So You Want to Be a Active Directory Master, eh?

Back in February 2012, I was lucky enough to take part in the Windows 2008 R2 Directory Services Masters class and I promised that I would blog about my experience. Consequently, this will probably turn into another series as I wouldn’t do it any justice by only writing one entry about it.   Introduction For… Read more