Disaster Recovery Site and Active Directory (Part 3 of 3)

Welcome to part 3 of the series… hopefully you have enjoyed the first two parts where we have discussed client logon and clients failover between Domain Controllers and sites. In the last part of the series we’re going to discuss Domain Controller replication failover between a Hub, Branch and DRP sites and different scenarios when…


Disaster Recovery Site and Active Directory (Part 2 of 3)

So in Part 2 of the series we’re going to discuss the following scenario: The challenge in this scenario is to make the clients in the different Branch sites to failover to their closest Hub sites. It’s obvious that HUB is the best option for failover from Branch when the DC in branch (Child-DC03) fails,…


Disaster Recovery Site and Active Directory (Part 1 of 3)

Hi All, Michael here again, and this time I would like to talk a little bit about Active Directory replication and Disaster Recovery sites. Since the not so recent events (taking place on 9/11) many companies started to invest time and money in designing and implementing Disaster Recovery solutions which are located at a different…


A case of a disappeared schema attribute or schema limbo in progress

Disclaimer: Do NOT in any way attempt to perform the steps outlined in this post in your production environment. If you do this, things will break. Take my word on it ! Disappeared attribute ? How that can happen ? I mean, either the attribute is in the schema or not, and there is no…


Debugging DsGetDCName in Win7

Hi,   That’s just a short post while I’m working for a longer one. A couple of days ago I was debugging an application, and I wanted to set a breakpoint for the DsGetDCName function to figure out the flags being passed to the function – (http://msdn.microsoft.com/en-us/library/ms675983(VS.85).aspx) and while in the MSDN help in says…


Querying BITWISE flags in attributes

As you know several attributes in the Active Directory are composed of BITWISE flags. This means that the attribute consists of several flags which may be (or may be not) set on the attribute, and querying these attributes may sometimes be a real pain… The main purpose of this post is to present the LDAP_MATCHING_RULE_BIT_AND…


My Tech-ed Session References (DTC300 – Turbo Charge your Active Directory)

Hi,   Thank you all for attending my Session.. hope you had fun 🙂   Here’s a list of all references on the topics i’ve been discussing: 1. New AD Features: a. Recycle Bin – http://technet.microsoft.com/en-us/library/dd392261(WS.10).aspx b. Recycle Bin – http://blogs.technet.com/b/qzaidi/archive/2010/10/23/quickly-explained-active-directory-recycle-bin.aspx c. AD Module for Powershell – http://technet.microsoft.com/en-us/library/dd378937(WS.10).aspx d. AD Web Services – http://blogs.msdn.com/b/adpowershell/archive/2009/04/06/active-directory-web-services-overview.aspx e….


Optimizing NTLM authentication flow in multi-domain environments

I’ll start with the obvious: Kerberos is the way to go. NTLM is less secure and is being de-emphasized in the recent versions of the OS. Your first option should always be to attempt to make your applications work with Kerberos. But things take time and it will be long till we find ourselves in…


Using the DirSync control

  Hello world, This is Michael. I’m a member of the Israeli platform team and I’m here to write about some attempts and eventually the success (wohooooo!) of implementing and using the DirSync control from S.DS.P (System.DirectoryServices.Protocols) namespace. This post will be around developing in C# for AD… I guess it’s also possible in powershell,…