Does your win 8.1 /2012 R2/win10 logon hang after a password change?

Hi, Linda Taylor here, Senior Escalation Engineer from the Directory Services team in the UK. I have been working on this issue which seems to be affecting many of you globally on windows 8.1, 2012 R2 and windows 10, so I thought it would be a good idea to explain the issue and workarounds while…


Microsoft InTune for the Old-School GPO Admin

Happy New Year, people!  Let me welcome you to the first post of 2016 for the Ask PFE Platforms blog. I have a history of posting on our blog around the holidays/New Year's and 2016 is no different. Last year, I did a "New Year's" post about Azure AD for the old-school AD admin: http://blogs.technet.com/b/askpfeplat/archive/2015/01/05/azure-active-directory-for-the-old-school-ad-admin.aspx In keeping with…


Mailbag – Holiday 2015 Edition

Season's Greetings from the AskPFEPlat PFEs! A solid Mailbag today with items from Paul Bergson, Rick Bergman, Matthew Walker, Mike Kline and Mike Hildebrand. Also an AskPFEPlat alum – Mark Morowczynski – has started making Permanent Waves over in Azure AD land (did you catch the Rush reference I snuck in there? J) Let's roll……


An alternative way to connect PowerShell to Azure using an Azure AD account

Hello folks, its Rick here. A while back I had shared with you a way to connect PowerShell to your Azure Subscription via the certificate method using Get-AzurePublishSettingsFile cmdlet. This method works as long as the subscription and certificates are valid, and it has limitations when more than one person is expected to be able…


Finding Pesky Stale DNS SRV Records

  Good day to you all – Dougga here with a simple post today using tools you know.   Stale DNS SRV records are common due to no scavenging on DNS zones and each zone has to be setup correctly to have this happen. So, I have often found the "contoso.com" setup correctly, but the…


Managing Hybrid Identities Across Portals

Greetings! Hilde here once again to bend your ear about hybrid identity. Just between you and me, I can be a bit of a slow learner. Some people can process new information and ideas at the speed of light, as electricity lights up the synapses in their brain. They are able to swing those new…


Third-party Active Directory Migration Tools and KB 3070083

Hello, Chad Munkelt here with my very first post for the Ask PFE Platforms blog. I wanted to discuss a new hotfix that Microsoft released recently: https://support.microsoft.com/en-us/kb/3070083 This hotfix was created to address an issue with third-party Active Directory migration tools that receive a duplicate Service Principle Name (SPN) error when trying to migrate users…


Active Directory Risk Assessments – Lessons and Tips from the Field – Volume #1?

Greetings – Hilde here to pass along some wisdom for AD shops everywhere. Recently, I was part of a conversation with a handful of true Active Directory rock-stars here in Premier Field Engineering who have done a lot of AD Risk Assessment Program (RAP) deliveries. As a reminder, the "RAP as a Service" delivery includes a very…


Windows Server DHCP Server Migration – Two Issues from the Field

Hey folks – Hilde here with a post about some DHCP migration snafus I've bumped into recently. Many of my large, enterprise customers have DHCP servers that were deployed over a decade ago, humming along on some flavor of the Windows Server 2003 OS (WS 2003). For the most part, those DHCP services have been pretty much…


How to find expensive, inefficient and long running LDAP queries in Active Directory

Hey y’all, Mark back again. I’d like to say in my best TV show announcer voice, we have a real treat for you today. Have you ever wondered what clients were sending expensive or inefficient LDAP queries to your domain controllers? Are long running LDAP queries possibly leading to poor server application performance or even…