Dude, where’s my Forest Root?

Let’s look at a hypothetical worst-case scenario: ü  Your AD infrastructure contains one root domain and one or more child domains. ü  You’ve lost all the DC’s in the Root domain due to hardware failure (Example: putting all DC’s in the root domain on the same SAN) ü  There are no usable System State backups…



Windows Logo logo_windows.gif


Time travel and factors that increase client startup or login time

This entry is written concerning the following issue; How applications and services can add to the startup or login time of clients. The basics first; On any operating system, performing any operation takes time.  This is just a fact of life and is more related to the nature of time than a question of performance….


What happens when a group is deleted

A Critsit from a large enterprise customer came in the other day, problem description was as follows: We’ve deleted a test group that contained 25000 users, now our 3rd party login script which looks at group membership for users and performs action based on which groups they are in is failing when it encounters the…


Netlogon 5719 and the Disappearing Domain [Controller]

Netlogon is a client and a server component; when it logs 5719 it is acting as a client and trying to make a network connection that fails for some reason. A Netlogon 5719 event indicates that the client component of Netlogon was unable to locate a DC for the domain it was trying to perform an operation…


What is logged to the Userenv.log file?

Winlogon is the main component that logs data to the Userenv.log file (through userenv.dll). If Userenv debug logging is enabled as per KB 221833, the userenv.log file will include the following: –       Slow link detection –       Machine Group Policy Application –       Processes and applications which start up as part of Userinit.exe (this includes most Startup…


Troubleshooting RODC’s: Troubleshooting domain joins against RODC’s

So, the first question…do you need to deploy the RODC compatibility pack on your XP/2003 clients if you want to deploy RODC’s?  For domain joins (and password changes) against an RODC the answer is most definitely yes.   One of the most important changes implemented in the compack is how the client calls the DsGetDCName function…


Naming schemes to avoid in AD

At some point, you’ll find yourself in the situation where you need to decide on a naming scheme for an Active Directory forest and domain.  This is a critical point and should not be chosen when you’re standing in front of the screen and typing DCPROMO. Let me elaborate a bit… Historically, Microsoft has been…


Troubleshooting AD Replication

Replication is another common AD trobleshooting scenario. AD replication issues usually turn out to be caused by one of the following:a)   Faulty, substandard or misconfigured network equipment or WAN linksb)   USN rollback issues caused by using unsupported restore methods (disk imaging of DC’s, P2V utilities, snapshots, etc.)c)      DNS issuesd)   Lingering objects For ‘a’; the classic examples are…


OS Security settings that affect CLM

This is a collection of  non-CLM specific permissions and user rights which affect the operation of CLM 2007 and FIM2010 (CM part).These are commonly seen in scenarios where security hardening has been performed on the DC’s or the member servers or if specific users have been placed in ‘protected’ OU’s where access to them has been…