Are My RDP Connections Really Secured by a Certificate?

Hello everyone! Tim Beasley – Platforms PFE coming at you live from the funky fresh jam known as LAS VEGAS! That’s right people! I’m having a blast by the pool at the MGM Grand and loving life!! …writing a blog post for Microsoft. At Vegas. In the sun poolside…writing…a…technical blog post…what’s wrong with me?! Okay… Read more

10 Tips and Tricks from the Field

Hello All. The AskPFEPlat team is here today with you in force. Recently we put together 10 Tips and Tricks from the Field – a collection of tips and tricks in our tool belt that we use on occasion. We wanted share these with all our readers in-an-effort to make your day a little easier…. Read more

Introducing the Netlogon Parser (v1.0.1) for Message Analyzer 1.1

Hi all! Brandon Wilson here again, and this time I will be giving you an introduction for the new Netlogon parser for Message Analyzer. Do you have authentication issues? Are you unable to contact the domain? Wondering what’s going on and tired of pulling your hair out? Then the Netlogon parser may be able to… Read more

How LastLogonTimeStamp is Updated with Kerberos S4u2Self

Introduction Hi! My name is Richard Sasser, or Rick, as I prefer, and I’m a Microsoft Certified Master for Active Directory and I work on the Platforms DSE team. I do a lot of security related work, and consult frequently on Public Key Infrastructures and Authentication issues. I don’t blog as often as I should,… Read more

Office 365 & Single Sign-On: How to Handle Different UserPrincipalName (UPN) Values

Hey folks, Keith Brewer here to discuss an issue I encountered while working with a Microsoft Premier Customer. As a PFE we are often asked to assist our Premier customers with a specific technology. In this instance I was asked to assist with Active Directory Federation Services (ADFS). Fellow PFE Jasmin Amirali recently blogged an… Read more

MailBag: RODCs – krbtgt_#####, Orphans, and Load Balancing RODC Connection Objects

Dougga here to answer a couple of quick RODC related questions.  I have been the fortunate PFE to perform ADRAPs (Active Directory Risk Assessment Program) that have had more than the average number of RODCs. I have also reviewed environments with only a few RODCs. During these risk assessments a couple of questions have come… Read more

How many Windows Server 2012 domain controllers do I need initially and where should I put them?

Following up on Greg Jaworski’s great post from last week where he talked about how to promote a domain controller in Windows Server 2012, today we will cover some thoughts around where to place your first Windows Server 2012 DCs and how many to plan on rolling out at once.  This blog post is meant… Read more

A few things you should know about raising the DFL (and/or) FFL to Windows Server 2008 R2

Hello Greg Jaworski here again to briefly talk about two issues when raising the domain functional level (and/or) the forest functional level to Windows Server 2008 R2. While we have loads of documentation on this and numerous blogs there are a few issues that customers have hit that are a little harder to find. The… Read more

The 411 on the KDC 11 Events

Disclaimer: For brevity and to get some key points across, quite a bit of detail about Kerberos has been purposely ommitted from this blog entry. I’m certain that those that are experiencing any of the problems below won’t mind 🙂 As a Premier Field Engineer, I visit new customers every week and every customer, and… Read more