Category: 1149

I'm done with an intensive month of sessions, delivered for different user groups and other communities online. When you managed to attend my session about Kerberos I hope you liked it ;). Now it's time for some blogging activities. A friend asked on his blog (PL only, sorry) a question how to quickly determine the groups a computer account … Continue reading "Groups and tokens"

Few weeks ago I wrote about FIM 2010 support for Windows 2008 R2 Active Directory environment with Recycle Bin enabled. Basically it wasn't supported configuration at that time. But world is changing … and FIM as well. Few days ago FIM 2010 Update 1 was released  to Windows Update and also Windows Catalog. You can … Continue reading "Windows 2008 R2 Recycle Bin support for FIM"

I promised to get back to AD WS topic so here I am.  My last post was about the process of Active Directory Web Services (AD WS) instance location from a client perspective. When a client locates the service, in most cases, it is with the purpose to do something with it – query, update … . But what … Continue reading "AD WS diagnostic logging"

Some time ago I wrote about issues with the ILM 2007 FP1 Active Directory MA connecting to Windows 2008 R2 forests. In short words: it is supported as long as Recycle Bin is not enabled. Someone asked a question ActiveDir.org, whether it is supported in regards to FIM 2010. I've asked a few people (thanks … Continue reading "FIM 2010 and Windows 2008 R2 AD support"

Windows Server 2008 R2, among other changes, brings a new interface to access directory services – the Active Directory Web Service (ADWS). It is also available for older systems – Windows 2003 and 2008 – as Active Directory Management Gateway (available as separate download). (cc) paprikaOptic ADWS I being used so far by a few Windows … Continue reading "Where is my (AD) web service?"

… on my Polish blog a question was asked on Sunday evening if I can provide some description on the SYSVOL location process and the pitfalls which might wait there. I said … 'Why not'  … and then you have to keep your promise. So today it will be about SYSVOL volume. Recently it is … Continue reading "Be careful what You promise … SYSVOL"

Where is a question there is an answer (at least in most cases). This time question was “How to check schema extension introduces to a forest?” and it was asked on ActiveDir.org. There was even more than one answer … apparently some consultants are watching this list :). So how we can capture what was … Continue reading "Spot the difference"

It is common knowledge that in AD environment client (like workstation) will always (at least it should) try to connect to most optimal domain controller. Optimal from network and AD infrastructure configuration standpoint. This process is based on DNS queries and information stored in AD configuration and in perfect case should lead to situation when … Continue reading "Where is my DC?"

Kerberos in Windows Operating System is around for about 10 years and it is still causing problems and for many people it is like black magic voodoo. In most cases organizations and people in it are not aware that it is now working until it problem will occur on a surface with some application not … Continue reading "Kerberos and non-standard port number"

One of my friends PFE has asked me a question regarding userPassword attribute in directory which was related to some behavior he was observing in customer environment. We had a little chat about it and then I thought that maybe other has such questions as well so … here’s a topic for a blog.  Behavior … Continue reading "userPassword"