Kerberos Constrained Delegation, Double-Hops and Protocol Transition

Have been struggling with an issue where "Constrained Delegation" is enabled for an application and it is doing multiple "Hops" from the application and eventually making it to a SQL Server.  During the hops, an SPN is correctly presenting the Users TGT Hash as requested but then for some reason the TGT hash changes from an SPN to just … Continue reading "Kerberos Constrained Delegation, Double-Hops and Protocol Transition"

NTFRS Depricated with Windows Server 2012

Microsoft has now officially deprecated FRS for Active Directory's use of it for SysVol replication.  That doesn't mean it still isn't supported and it isn't going away anytime soon but it has been reported that the next major release will be the last to support FRS replication and that o/s will probably be shipped sometime … Continue reading "NTFRS Depricated with Windows Server 2012"

Can I Virtualize ALL My DC’s In the Domain?

With the advent of Windows Server 2012 R2, Microsoft has worked diligently to provide support for virtualization and allow corporations to reduce costs by virtualizing as much hardware as possible. New features in 2012 R2 help prevent USN rollback and/or Lingering objects via the new VM-Generation ID.  If a guest o/s is restored from a snapshot … Continue reading "Can I Virtualize ALL My DC’s In the Domain?"

Inconsistent Membership of a Security Group

I ran across an issue the other day that had me scratching my head and calling PSS to try and track down the problem. For some reason we had members of a security group that were inconsistently being denied access to RDP to our SQL servers.  There is a special group the SQL DB's belonged … Continue reading "Inconsistent Membership of a Security Group"

How to Build an AD Replication Delay (Lag) Site

To prevent having to restore objects from Active Directory due to accidentally deleting an object, you can have a remote DC which only sends/receives replication on a limited basis. You also want to prevent users from authenticating against, as well as services being used by other machines, since the metadata on this DC is aging … Continue reading "How to Build an AD Replication Delay (Lag) Site"

Upgrading AD from 2003 to 2008

— (Note: This is a copy from another site and at this time my snapshots are missing)— Microsoft’s Preupgrade check list Before upgrading AD verify all current applications are compatible Verify you are on the correct version for 2008 For example, does your SAN at its current release support 2008 Does the version of Exchange you … Continue reading "Upgrading AD from 2003 to 2008"