Category: 1391

Last month, Microsoft has released KnowledgeBase article 2862966 An update is available that improves management of weak certificate cryptographic algorithms in Windows as a helping hand to administrators to indicate and/or eradicate the use of weak cryptographic algorithms in their networking environments.

Microsoft has issued KnowledgeBase article 2845152 to help administrators overcome a problem they might experience while using the Network Connectivity Assistant with a Windows Server 2012-based DirectAccess server and IPv4-only DNS Servers and Active Directory Domain Controllers. A hotfix is available for the DirectAccess Server.

As I’ve written before, Microsoft has made significant strides on making Active Directory Domain Controllers safe(r) to virtualize in Windows Server 2012. Sometimes, however, you encounter a situation that makes all that progress seem to disappear. Microsoft, last week, has released KnowledgeBase Article 2853952, describing such a situation.

Windows Server 2008 R2 and Windows Server 2012-based Domain Controllers (as well as Windows 7 and Windows 8 management workstations with the Remote Server Administration Tools installed) offer the built-in ability to manage Active Directory through PowerShell. Windows 7 and Windows Server 2008 R2 offer 76 Active Directory Management PowerShell Cmdlets and 15 Active Directory … Continue reading "KnowledgeBase: Incorrect results when you run AD Windows PowerShell Cmdlets on a Windows Server 2012 or Windows Server 2008 R2-based Domain Controller"

Microsoft identified an issue, where scans of the Active Directory Domain Services Best Practices Analyzer (BPA) fail. About the AD DS BPA Microsoft’s Best Practices Analyzers (BPAs) offer guidance on avoiding 80% to 90% of situations that lead to system unavailability and data loss.

Microsoft has released KnowledgeBase Article 2830511, detailing a bug in the Installation Wizard of Windows Server 2012 Essentials, that prevents you from installing the server as a Domain Controller for an Active Directory domain with a public top-level domain (TLD), like .com, .corp, .org, .edu, .int and the country-specific top-level domains.

In Windows Server 2012, the Active Directory team has consciously blocked some Server Roles and Features from coexisting with the Active Directory Domain Services Role. Two months ago, I blogged on the incompatibility between the Fail-over Cluster Feature and the Active Directory Domain Services Role in Windows Server 2012. Earlier, I blogged on the incompatibility … Continue reading "KnowledgeBase: Remote Desktop Connection Broker cannot co-exist with Active Directory Domain Services role on Windows Server 2012"

Many Active Directory admins consider it unsafe to display the last users logon name on the Logon Screen, since it provides information on naming conventions, etc. to possible malicious people. Others change the default Logon Screen to accommodate for presentation PCs, flexworker desktops and other commonly shared IT equipment.

Windows Server 2012 introduces a new Group Policy feature: ‘Infrastructure Status’. This feature is present in the Group Policy Management Console (GPMC) on Windows Server 2012 and in the Remote Server Administration Tools (RSAT) package for Windows 8, and introduces a Status tab for the domain level.

Microsoft KnowledgeBase article 2737880, titled "The service cannot be started" error during AD DS configuration describes an issue where promotion of a Windows Server 2012-based server to a Domain Controller and demotion of a Windows Server 2012-based Domain Controller is unable to finish. Its root cause is a policy or an administrator that prevents the … Continue reading "KnowledgeBase: "The service cannot be started" error during Active Directory Domain Services configuration"