User login

Active Directory Blog

Syndicate content
Always acknowledge a fault. This will throw those in authority off their guard and give you an opportunity to commit more. ~Mark Twain
Updated: 15 years 26 weeks ago

Scary Sounding Errors

Fri, 12/12/2008 - 15:44
We have a temporary role in CSS where support folks will help out in supporting prerelease (also known as beta) software.   I’ve worked a couple of Windows betas, and it’s a great experience.   I mention this since I remember a few...(read more)

Name Hijacked, Bystander DC Hangs

Mon, 11/24/2008 - 14:00
I learn more about AD and other things every day, which is part of the fun of this job we do-learning about how things work. This story does a good job of lending some understanding to something that can be tough to understand-trust secure channels. This...(read more)

Rumpo Venatus

Fri, 10/31/2008 - 16:07
The five or six people who have read my little bio snippet on Technet read that I like to play video games-specifically Xbox 360 games. I was doing just that the other night-playing Fallout 3-when my wife walked into the study to ask for help with all...(read more)

Troubleshooting a Memory Leak in Lsass.exe

Mon, 10/13/2008 - 13:00
Although we have a team of engineers who are dedicated to troubleshooting general server performance related problems Microsoft Directory Services specialists are expected to be the “go to” people for Active Directory and domain controller related performance...(read more)

Why! Won't! PAC! Validation! Turn! Off!

Mon, 09/29/2008 - 13:00
A while back I wrote a blog post regarding PAC (Privilege Attribute Certificate) validation in Microsoft Kerberos. We’ve had enough interest in this lately, particularly around the idea of disabling it, that it seemed like a good idea to post about this...(read more)

NTLM and MaxConcurrentApi Concerns

Tue, 09/23/2008 - 19:17
Although not one of our highest volume issues we get our customers calling about there is one complex scenario that seems to me would be a winner if we handed out prizes to problems that took longest to resolve. That scenario is NTLM client to server...(read more)

DNS Scavenging and AD

Mon, 08/25/2008 - 14:00
Recently I wrote a post about how, in an uncommon scenario, Active Directory integrated DNS could lose an entry regarding a domain controller in a global SRV record. Here’s another aspect of AD integrated DNS which you can run into, particularly if you...(read more)