Skip to Content

Category Archives: 1014

Groups and tokens

Written on June 29, 2010 at 8:27 pm, by

I’m done with an intensive month of sessions, delivered for different user groups and other communities online. When you managed to attend my session about Kerberos I hope you liked it ;). Now it’s time for some blogging activities. A friend asked on his blog (PL only, sorry) a question how to quickly determine the groups a computer account […]

AD WS diagnostic logging

Written on April 10, 2010 at 12:09 am, by

I promised to get back to AD WS topic so here I am.  My last post was about the process of Active Directory Web Services (AD WS) instance location from a client perspective. When a client locates the service, in most cases, it is with the purpose to do something with it – query, update … . But what […]

Where is my (AD) web service?

Written on March 30, 2010 at 9:27 am, by

Windows Server 2008 R2, among other changes, brings a new interface to access directory services – the Active Directory Web Service (ADWS). It is also available for older systems – Windows 2003 and 2008 – as Active Directory Management Gateway (available as separate download). (cc) paprikaOptic ADWS I being used so far by a few Windows […]

Be careful what You promise … SYSVOL

Written on March 9, 2010 at 12:43 pm, by

… on my Polish blog a question was asked on Sunday evening if I can provide some description on the SYSVOL location process and the pitfalls which might wait there. I said … ‘Why not‘  … and then you have to keep your promise. So today it will be about SYSVOL volume. Recently it is […]

Spot the difference

Written on January 28, 2010 at 12:59 pm, by

Where is a question there is an answer (at least in most cases). This time question was “How to check schema extension introduces to a forest?” and it was asked on There was even more than one answer … apparently some consultants are watching this list :). So how we can capture what was […]

Where is my DC?

Written on January 15, 2010 at 11:28 am, by

It is common knowledge that in AD environment client (like workstation) will always (at least it should) try to connect to most optimal domain controller. Optimal from network and AD infrastructure configuration standpoint. This process is based on DNS queries and information stored in AD configuration and in perfect case should lead to situation when […]

Kerberos and non-standard port number

Written on December 20, 2009 at 11:52 am, by

Kerberos in Windows Operating System is around for about 10 years and it is still causing problems and for many people it is like black magic voodoo. In most cases organizations and people in it are not aware that it is now working until it problem will occur on a surface with some application not […]


Written on November 22, 2009 at 1:59 pm, by

One of my friends PFE has asked me a question regarding userPassword attribute in directory which was related to some behavior he was observing in customer environment. We had a little chat about it and then I thought that maybe other has such questions as well so … here’s a topic for a blog.  Behavior […]

Snapshot recovery tool strikes back

Written on October 29, 2009 at 3:16 pm, by

Some time ago, when Windows 2008 was released I had some spare time (where are those days) and I wanted to master some of my .NET coding skills. What is better than find an idea to use them … and that’s how 1Identity Snapshot Recovery Tool was created. Snapshot Recovery Tool is command line tool […]

One subnet to catch them all

Written on October 6, 2009 at 10:08 am, by

This post is probably first of TEC 2009 follow-up series, at least partially as I thought about covering it just before going to TEC. However Brian Desmond has touched this topic during his session so it is good reason to follow-up on it. This will be about usage of catch-all subnets in AD topology design. […]