Category: 1014

I'm done with an intensive month of sessions, delivered for different user groups and other communities online. When you managed to attend my session about Kerberos I hope you liked it ;). Now it's time for some blogging activities. A friend asked on his blog (PL only, sorry) a question how to quickly determine the groups a computer account … Continue reading "Groups and tokens"

I promised to get back to AD WS topic so here I am.  My last post was about the process of Active Directory Web Services (AD WS) instance location from a client perspective. When a client locates the service, in most cases, it is with the purpose to do something with it – query, update … . But what … Continue reading "AD WS diagnostic logging"

Windows Server 2008 R2, among other changes, brings a new interface to access directory services – the Active Directory Web Service (ADWS). It is also available for older systems – Windows 2003 and 2008 – as Active Directory Management Gateway (available as separate download). (cc) paprikaOptic ADWS I being used so far by a few Windows … Continue reading "Where is my (AD) web service?"

… on my Polish blog a question was asked on Sunday evening if I can provide some description on the SYSVOL location process and the pitfalls which might wait there. I said … 'Why not'  … and then you have to keep your promise. So today it will be about SYSVOL volume. Recently it is … Continue reading "Be careful what You promise … SYSVOL"

Where is a question there is an answer (at least in most cases). This time question was “How to check schema extension introduces to a forest?” and it was asked on ActiveDir.org. There was even more than one answer … apparently some consultants are watching this list :). So how we can capture what was … Continue reading "Spot the difference"

It is common knowledge that in AD environment client (like workstation) will always (at least it should) try to connect to most optimal domain controller. Optimal from network and AD infrastructure configuration standpoint. This process is based on DNS queries and information stored in AD configuration and in perfect case should lead to situation when … Continue reading "Where is my DC?"

Kerberos in Windows Operating System is around for about 10 years and it is still causing problems and for many people it is like black magic voodoo. In most cases organizations and people in it are not aware that it is now working until it problem will occur on a surface with some application not … Continue reading "Kerberos and non-standard port number"

One of my friends PFE has asked me a question regarding userPassword attribute in directory which was related to some behavior he was observing in customer environment. We had a little chat about it and then I thought that maybe other has such questions as well so … here’s a topic for a blog.  Behavior … Continue reading "userPassword"

Some time ago, when Windows 2008 was released I had some spare time (where are those days) and I wanted to master some of my .NET coding skills. What is better than find an idea to use them … and that’s how 1Identity Snapshot Recovery Tool was created. Snapshot Recovery Tool is command line tool … Continue reading "Snapshot recovery tool strikes back"

This post is probably first of TEC 2009 follow-up series, at least partially as I thought about covering it just before going to TEC. However Brian Desmond has touched this topic during his session so it is good reason to follow-up on it. This will be about usage of catch-all subnets in AD topology design. … Continue reading "One subnet to catch them all"