Introducing the Netlogon Parser (v1.0.1) for Message Analyzer 1.1

Hi all! Brandon Wilson here again, and this time I will be giving you an introduction for the new Netlogon parser for Message Analyzer. Do you have authentication issues? Are you unable to contact the domain? Wondering what’s going on and tired of pulling your hair out? Then the Netlogon parser may be able to… Read more

How LastLogonTimeStamp is Updated with Kerberos S4u2Self

Introduction Hi! My name is Richard Sasser, or Rick, as I prefer, and I’m a Microsoft Certified Master for Active Directory and I work on the Platforms DSE team. I do a lot of security related work, and consult frequently on Public Key Infrastructures and Authentication issues. I don’t blog as often as I should,… Read more

Office 365 & Single Sign-On: How to Handle Different UserPrincipalName (UPN) Values

Hey folks, Keith Brewer here to discuss an issue I encountered while working with a Microsoft Premier Customer. As a PFE we are often asked to assist our Premier customers with a specific technology. In this instance I was asked to assist with Active Directory Federation Services (ADFS). Fellow PFE Jasmin Amirali recently blogged an… Read more

MailBag: RODCs – krbtgt_#####, Orphans, and Load Balancing RODC Connection Objects

Dougga here to answer a couple of quick RODC related questions.  I have been the fortunate PFE to perform ADRAPs (Active Directory Risk Assessment Program) that have had more than the average number of RODCs. I have also reviewed environments with only a few RODCs. During these risk assessments a couple of questions have come… Read more

How many Windows Server 2012 domain controllers do I need initially and where should I put them?

Following up on Greg Jaworski’s great post from last week where he talked about how to promote a domain controller in Windows Server 2012, today we will cover some thoughts around where to place your first Windows Server 2012 DCs and how many to plan on rolling out at once.  This blog post is meant… Read more

A few things you should know about raising the DFL (and/or) FFL to Windows Server 2008 R2

Hello Greg Jaworski here again to briefly talk about two issues when raising the domain functional level (and/or) the forest functional level to Windows Server 2008 R2. While we have loads of documentation on this and numerous blogs there are a few issues that customers have hit that are a little harder to find. The… Read more

The 411 on the KDC 11 Events

Disclaimer: For brevity and to get some key points across, quite a bit of detail about Kerberos has been purposely ommitted from this blog entry. I’m certain that those that are experiencing any of the problems below won’t mind 🙂 As a Premier Field Engineer, I visit new customers every week and every customer, and… Read more