I'm done with an intensive month of sessions, delivered for different user groups and other communities online. When you managed to attend my session about Kerberos I hope you liked it ;). Now it's time for some blogging activities. A friend asked on his blog (PL only, sorry) a question how to quickly determine the groups a computer account … Continue reading "Groups and tokens"
Some time ago I wrote about issues with the ILM 2007 FP1 Active Directory MA connecting to Windows 2008 R2 forests. In short words: it is supported as long as Recycle Bin is not enabled. Someone asked a question ActiveDir.org, whether it is supported in regards to FIM 2010. I've asked a few people (thanks … Continue reading "FIM 2010 and Windows 2008 R2 AD support"
Some time ago, when Windows 2008 was released I had some spare time (where are those days) and I wanted to master some of my .NET coding skills. What is better than find an idea to use them … and that’s how 1Identity Snapshot Recovery Tool was created. Snapshot Recovery Tool is command line tool … Continue reading "Snapshot recovery tool strikes back"
Number of RODCs in a production environment is probably not very high now but many peoples and organizations are thinking about it. For those I have good news that new KB article 944043 was published which is delivering RODC compatibility pack for down level clients. In this case 'down level' means XP and 2003. This … Continue reading "RODC compatibility pack for down-level clients"
Quick info – Ryan Dunn shows on his blog how to get ADAM running on Vista machine. Nice tip for all people who gave a try to Vista.
Today on microsoft.public.windows.server.active_directory newsgroup somebody came with a question how he can remove and add workstations to domain, without performing this operation manually on every workstation? Because of some DR situation he had 250 workstations which were a member of non-existing domain and new AD, and wanted to add them back to domain. The same … Continue reading "How to removeadd workstation fromto domain remotely?"
Yesterday I was at customer site to talk about identity management and as it often happens some other topics were discussed with customer tech stuff after discussing main topics. In this discussion I was asked how to read and parse security descriptor for Active Directory object. After few questions we came to conclusion that they … Continue reading "How to check if I can update attribute?"
If You are developer and You have to utilize Active Directory or ADAM in Your application .NET System.DirectoryServices (S.DS) namespace is nice thing to have. It simplifies operation performed against Active Directory, hiding all COM stuff behind relatively few different classes You can use to query and modify directory objects. S.DS is nice namespace, but it still utilizes … Continue reading "More data is available exception when searching with S.DS"
Hmm … first the question? How many of readers is aware of Linked Value Replication (LVR) in Active Directory? If what I think about readers of this blog is true probably majority of readers is very aware what this is and how it works. At the end I don't have any survey site to perform such … Continue reading "Linked Value Replication – what's this about"
Another quick and dirty example how one can user ADMod and ADFind to do something in AD quickly and without scripting. This time question is – how to rename users account, with rename I understand changing their RDN in directory? I will use ADFind to find users and prepare input for ADMod like I did … Continue reading "ADMod, ADFind – user rename"