Jaa


Online memory of an Active Directory PFE

An Active Directory Blog

A Domain Controller is not a Domain Computer

Today I spent half a day troubleshooting an issue with Authentication Silos that I finally tracked...

Date: 12/10/2018

What's new in Active Directory 2019? Nothing.

OK, so there is not precisely "nothing" new in AD 2019, but as a management summary it will do....

Date: 12/02/2018

Quickly find potential Kerberoast victims

Lately I have been talking a lot about the Kerberoast exploit with my customers. Before I dive in...

Date: 04/25/2018

Logging on to Azure for your everyday job

Sometimes life is about the little things, and one little thing that has been bothering me is...

Date: 02/11/2018

Azure Batch for the IT Pro - Part 2

This is the second and final part of a blog series with a walkthrough for Azure Batch. The first...

Date: 01/12/2018

Azure Batch for the IT Pro - Part 1

I spent some time on working with Azure Batch for a customer, and what struck me that it was not so...

Date: 01/12/2018

Download the original Active Directory Branch Office Deployment Guide

During the great Windows Server 2003 content purge on TechNet in the summer of 2016 a lot of...

Date: 01/09/2018

Get-UniqueString: generate unique ID for Azure Deployments

When deploying resources to Azure, you sometimes need to generate a world-wide unique name. Examples...

Date: 12/23/2017

Best practices for a stable AGPM deployment

Over the years I have worked a lot with Advanced Group Policy Management (AGPM), our solution for...

Date: 12/11/2017

Do you have plaintext passwords in your Azure deployments?

If you are developing deployments for Azure you will encounter situations where you need to use...

Date: 12/02/2017

Azure Quickstart Template: create forest with one or two domains

A lot has happened in the Azure world since I last published this short series on deploying an...

Date: 11/29/2017

Check your DNS for WINS lookup -- then get rid of it

It is surprisingly often that I encounter customers who have a WINS dependency in an odd place: in...

Date: 11/02/2017

The Active Directory 2016 PAM Trust: how it works, and why it should come with a safety advisory

We have long been working on increasing security in the design and operations of Active Directory....

Date: 06/19/2017

PKI: which templates are built-in and which are from my company?

A colleague asked me a question on behalf of his customer. They were doing a discovery in a rather...

Date: 05/24/2017

PKI: which templates are published where?

Windows Server has two kinds of Certificate Authorities: Standalone and Enterprise. This strangely...

Date: 05/23/2017

The well-known SID -1000

It is not every day that you discover a new well-known SID, but today I got mine. I know... if I...

Date: 04/27/2017

Get rid of accounts that use Kerberos Unconstrained Delegation

Suppose you are managing an enterprise Active Directory. You will have people at your desk that need...

Date: 04/18/2017

Find missing SPN registrations

Active Directory admins are probably well aware of how Kerberos works. If you need a little...

Date: 03/19/2017

Azure Template to deploy a forest with two domains, Part 3 -- visualizing the template

This is part 3 in a series about writing a complex Azure AMR template. This is the full list: Part...

Date: 03/06/2017

Azure template to deploy a forest with two domains, Part 2 -- understanding the template structure

This is the second blog in a 3-part series. This is all of them: Part 1: using the template Part 2:...

Date: 02/28/2017

Azure template to deploy a forest with two domains, part 1 -- using the template

This is Part 1 in a series. This is the whole series: Part 1: using the template Part 2:...

Date: 02/16/2017

Why you can still have duplicate SPNs in AD 2012 R2 and AD 2016

As an AD admin you are probably familiar with the problem of duplicate Service Principal Name (SPN)...

Date: 02/08/2017

Uniqueness requirements for attributes and objects in Active Directory

If you are involved in writing or using provisioning code for Active Directory you will be aware of...

Date: 02/03/2017

GPMC slow to start? GPO reports failing? You may be missing an index.

See if you recognize this: You have lots of OUs in the domain. At least a couple of thousand. Group...

Date: 11/25/2016

LDAP query prettifier

For some reason I have spent a lot of time looking at LDAP queries in the last few weeks. The simple...

Date: 11/24/2016

How admins can cheat at changing their password

Here is a little known trick that you can do if you have AD permissions to manage your own account:...

Date: 11/04/2016

Hotfix 2 for AGPM 4.0 SP3 allows you to keep custom Read permissions

We released a silent update to AGPM 4.0 SP3, last september. Find it here:...

Date: 10/26/2016

Overview of RID pools for the domain

A short one today. A customer had concerns about the RID Pool administration in his domain. Brief...

Date: 10/21/2016

Clearing the ConflictAndDeleted DFSR folder on DCs

Following this earlier post on troubleshooting DFSR replication conflicts for SYSVOL I got some...

Date: 10/19/2016

LDAP: how to do server-side sorting and why it's a bad idea

Active Directory is an object repository, in many ways similar to a database. And like any database,...

Date: 09/24/2016

Find out what SYSVOL on DFSR is doing, part 2

This is a continuation of a previous post:...

Date: 09/16/2016

Find objects in LostAndFound ... for all partitions

I was onsite again today, and we were talking about the Lost and Found container in AD. You know,...

Date: 09/14/2016

Find out what your SYSVOL on DFSR is doing

(Updated 16-9-2016: reference to new post, updated the script with better error checking and a...

Date: 09/06/2016

Find out if your AGPM archive needs updating

For those of you out there using Advanced Group Policy Management a.k.a. AGPM, I have a question:...

Date: 08/19/2016

Does a service account get Group Policy?

Asking the question is answering it: no, it doesn't. This is so natural that you never think about...

Date: 07/10/2016

What is my current Azure Resource Manager subscription?

Just a brief note this time. Like many who learned Azure in the old days of Azure Service Manager...

Date: 07/07/2016

April 2016 - kb3103709 contains five AD hotfixes for Windows Server 2012 R2

Update 6-28-2016: Security update MS16-081 (June 2016) described in kb3160352, has the latest AD...

Date: 06/28/2016

Workaround for the ADU&C search bug with advanced tabs missing

With a bit of luck you learn something every day in this business, and today a customer showed me a...

Date: 06/27/2016

Copying many files to Onedrive for Business - preventing sync errors

Over the years I have collected a large number of files that I keep hoarding for all sorts of good...

Date: 06/14/2016

Foreign Security Principals and Well-Known SIDS, a.k.a. the curly red arrow problem

So I was at a customer today, and for some reason or another we ended up looking at the members of...

Date: 05/24/2016

Search for Preferred Bridgehead servers

Just a quickie for today. I was talking to a friend about Preferred Bridgehead servers. This is an...

Date: 05/18/2016

Force replication throughout the Forest

So there are a million posts already on how to force Active Directory replication, I know that. Mine...

Date: 05/01/2016

Azure VM Backup: beware of Windows Server 2008 R2

Since March 2015 we have the possibility to backup and restore entire VMs running in Azure. If you...

Date: 04/24/2016

whoami

My name is Willem Kasdorp, and I'm a Premier Field Engineer based out of the Netherlands. In my day...

Date: 04/23/2016