Skip to Content

Category Archives: Active Directory

Kerberos Constrained Delegation, Double-Hops and Protocol Transition

Written on July 29, 2014 at 12:57 pm, by

Have been struggling with an issue where “Constrained Delegation” is enabled for an application and it is doing multiple “Hops” from the application and eventually making it to a SQL Server.  During the hops, an SPN is correctly presenting the Users TGT Hash as requested but then for some reason the TGT hash changes from an SPN to just […]

NTFRS Depricated with Windows Server 2012

Written on July 14, 2014 at 8:18 pm, by

Microsoft has now officially deprecated FRS for Active Directory’s use of it for SysVol replication.  That doesn’t mean it still isn’t supported and it isn’t going away anytime soon but it has been reported that the next major release will be the last to support FRS replication and that o/s will probably be shipped sometime […]

Can I Virtualize ALL My DC’s In the Domain?

Written on July 12, 2014 at 4:42 pm, by

With the advent of Windows Server 2012 R2, Microsoft has worked diligently to provide support for virtualization and allow corporations to reduce costs by virtualizing as much hardware as possible. New features in 2012 R2 help prevent USN rollback and/or Lingering objects via the new VM-Generation ID.  If a guest o/s is restored from a snapshot […]

ADMT Now Supports Server 2012/2012 R2

Written on June 13, 2014 at 10:40 am, by

Great news the Directory Services team has released ADMT for Server 2012/2012 R2.

Can’t Add the Role “Active Directory Domain Services” to my 2008 R2 Server

Written on April 29, 2014 at 8:57 am, by

Recently I was given a server in a rush situation to promote a new DC.  When I attempted to add the DC role the following error popped up “Update DirectoryServices-DomainController of package DirectoryServices-DomainController-Package failed to be turned on. Status: 0x80070bc9.”

Inconsistent Membership of a Security Group

Written on September 26, 2013 at 8:17 am, by

I ran across an issue the other day that had me scratching my head and calling PSS to try and track down the problem. For some reason we had members of a security group that were inconsistently being denied access to RDP to our SQL servers.  There is a special group the SQL DB’s belonged […]

Clean Up DCs SYSVOL FRS Member Object

Written on June 24, 2013 at 11:06 am, by

If you have ever run dcDiag and ended up with the error output as follows

Unexplained dcDiag Errors

Written on June 14, 2013 at 1:23 pm, by

So I have been banging my head against a wall trying to figure out why I have been getting these crazy errors in dcDiag.  From all that I can tell replication is working as expected but yet I am getting errors that are mostly undocumented and difficult to find out any real information on. Starting […]

How to Build an AD Replication Delay (Lag) Site

Written on May 14, 2013 at 6:58 am, by

To prevent having to restore objects from Active Directory due to accidentally deleting an object, you can have a remote DC which only sends/receives replication on a limited basis. You also want to prevent users from authenticating against, as well as services being used by other machines, since the metadata on this DC is aging […]

Upgrading AD from 2003 to 2008

Written on April 25, 2013 at 6:53 am, by

— (Note: This is a copy from another site and at this time my snapshots are missing)— Microsoft’s Preupgrade check list Before upgrading AD verify all current applications are compatible Verify you are on the correct version for 2008 For example, does your SAN at its current release support 2008 Does the version of Exchange you […]