Category: 1014

I'm done with an intensive month of sessions, delivered for different user groups and other communities online. When you managed to attend my session about Kerberos I hope you liked it ;). Now it's time for some blogging activities. A friend asked on his blog (PL only, sorry) a question how to quickly determine the groups a computer account … Continue reading "Groups and tokens"

Some time ago, when Windows 2008 was released I had some spare time (where are those days) and I wanted to master some of my .NET coding skills. What is better than find an idea to use them … and that’s how 1Identity Snapshot Recovery Tool was created. Snapshot Recovery Tool is command line tool … Continue reading "Snapshot recovery tool strikes back"

Number of RODCs in a production environment is probably not very high now but many peoples and organizations are thinking about it. For those I have good news that new KB article 944043 was published which is delivering RODC compatibility pack for down level clients. In this case 'down level' means XP and 2003.  This … Continue reading "RODC compatibility pack for down-level clients"

joe has released new version of excelent ADFind tool, You can read about this update and grab new version on joe's blog. I want to mention only one of the aspects of this update – on Windows 2008 (aka Longhorn) this version gives You access to new statistics for LDAP queries from AD. Let's take … Continue reading "ADFind udpate, stats and performance"

Quick info – Ryan Dunn shows on his blog how to get ADAM running on Vista machine. Nice tip for all people who gave a try to Vista.  

Today on microsoft.public.windows.server.active_directory newsgroup somebody came with a question how he can remove and add workstations to domain, without performing this operation manually on every workstation? Because of some DR situation he had 250 workstations which were a member of non-existing domain and new AD, and wanted to add them back to domain. The same … Continue reading "How to removeadd workstation fromto domain remotely?"

Yesterday I was at customer site to talk about identity management and as it often happens some other topics were discussed with customer tech stuff after discussing main topics. In this discussion I was asked how to read and parse security descriptor for  Active Directory object. After few questions we came to conclusion that they … Continue reading "How to check if I can update attribute?"

If You are developer and You have to utilize Active Directory or ADAM in Your application .NET System.DirectoryServices (S.DS) namespace is nice thing to have. It simplifies operation performed against Active Directory, hiding all COM stuff behind relatively few different classes You can use to query and modify directory objects. S.DS is nice namespace, but it still utilizes … Continue reading "More data is available exception when searching with S.DS"

Hmm … first the question? How many of readers is aware of Linked Value Replication (LVR) in Active Directory? If what I think about readers of this blog is true probably majority of readers is very aware what this is and how it works. At the end I don't have any survey site to perform such … Continue reading "Linked Value Replication – what's this about"

Another quick and dirty example how one can user ADMod and ADFind to do something in AD quickly and without scripting. This time question is – how to rename users account, with rename I understand changing their RDN in directory? I will use ADFind to find users and prepare input for ADMod like I did … Continue reading "ADMod, ADFind – user rename"