A strange case of Admin group memberships

After a bit of a break, we are back on the MSPFE blog with a field story yet again. This time, Saji John, a Premier Field Engineer from India describes a strange scenario which he helped troubleshoot. Hello Everyone! My area of expertise is Active Directory. The intent of this blog is to share an…


Understanding and Managing the Certificate Stores Used for Smart Card Logon

Don Baker, a Senior PFE with our US Public Sector team, jotted down a cheat sheet that’ll be useful when configuring and troubleshooting Smart Card logons. Okay, so the “cheat sheet” turned out to be more of a “cheat blanket” (or “cheat roll-of-blankets”), and the information is extensive! One of the things I find challenging…


SharePoint 2013 with SSRS 2012 and Kerberos Constrained Delegation

Ryan Bushnell posted an excellent walkthrough of KCD with SSRS 2012 and SP2013! (That’s Kerberos Constrained Delegation; SQL Server Reporting Services; SharePoint 2013) To do this configuration Kerberos with constrained delegation is required and often this is the most tricky and unclearly documented piece.  In this post I hope to provide some insight into the…


AskPFEPlat: How Domain Controllers are found across forest trusts

Tom Moser answers a reasonably frequently asked question about cross-organization domain controller location, and shows his work! One key point: This post is about the a scenario where the subnets in the two forests do not overlap (i.e., client’s IP address from forest A is not covered by any subnet in forest B). This would…


How To Equip Your Windows Server Environment With A Blackbox Flight Recorder

Summary:  Holger Hatzfeld, a Microsoft Senior Support Escalation Engineer, provides us with a PowerShell script that deploys customizable performance logs to any or all of you domain-connected servers, effectively mimicking flight recorders for server performance capture. Powerful stuff. Hello, my name is Holger Hatzfeld and I am a Microsoft Senior Support Escalation Engineer (SEE) in…


ADCS: Manually Created CDP Extensions Cause CRL Look-up Failures

Summary: Gregg O’Brien, a Microsoft Premier Field Engineer from Canada, makes a case for not throwing sand in your face and correct zipper placement when dealing with a Certificate Revocation List Distribution Point (CDP) in Microsoft Active Directory Certificate Services.  The moral of his story:  make sure your CDPs are properly formatted or you’ll see…


Unpacking RAP as a Service for Active Directory: Leveraging the On-Demand Assessment

  Summary:  Bryan Zink, a Senior Microsoft Premier Field Engineer based in the US, continues his exploration into RAP as a Service for Active Directory, the exciting new toolset and offering from Microsoft Services, and provides us details on how to leverage the RAP as a Service toolset on an on-going basis.  This is the last part…


Unpacking RAP as a Service for Active Directory: Deep Dive on Data Collection and Submission

Summary:  Bryan Zink, a Senior Microsoft Premier Field Engineer based in the US, continues his exploration into RAP as a Service for Active Directory, the exciting new toolset and offering from Microsoft Services, and provides us details on the data collection and submission process. This is the second of a three part series from Bryan,…