Active Directory Risk Assessments – Lessons and Tips from the Field – Volume #1?

Greetings – Hilde here to pass along some wisdom for AD shops everywhere. Recently, I was part of a conversation with a handful of true Active Directory rock-stars here in Premier Field Engineering who have done a lot of AD Risk Assessment Program (RAP) deliveries. As a reminder, the “RAP as a Service” delivery includes a very… Read more

How Domain Controllers are Located Across Trusts

Hi AskPFEPlat readers. Tom Moser here. A question I get on a pretty frequent basis from my larger, multi-forest enterprise customers is: “Do I need to add subnets from Forest A to Forest B so that clients find the correct DC across the trust?” And here’s how I try to answer that question, usually with… Read more

How to create an Active Directory Subnet/Site with /32 or /128 and why

While working with a customer this week on their Active Directory (AD) Site configuration I found out they had not heard about using a /32 or /128 subnet mask. In fact my Bing search did not reveal a lot of information on how and when to use this handy part of AD. The purpose of… Read more

Clustering: What exactly is a File Share Witness and when should I use one?

Customers ask from time to time: “What is a File Share Witness (FSW)?” Sometimes they’ve worked with prior versions of clustering and don’t know what a FSW is, or that the option exists. The next question asked is usually: “When should we use one?” Before going into that, I’ll review some subtle differences between legacy… Read more

Roaming AD Clients, with an Updated Script

  Three months ago I posted some information on AD Sites, Subnets and Roaming Clients. The heart of the blog was a PowerShell script that collected and collated netlogon.log files across all Domain Controllers in the forest to report a list of hostnames and IP addresses that have authenticated from IP addresses with no corresponding… Read more

In Search Of…. Roaming Active Directory Clients. (How to scriptomatically identify missing Active Directory Subnet Definitions)

  If you want detailed information on how Active Directory sites and subnets work to help clients find their closest domain controller, there is good information on TechNet. In short, you need to ensure that you’ve defined (in Active Directory Sites and Services) Active Directory sites for all of your physical locations that have domain… Read more