Welcome to MSDN Blogs Sign in | Join | Help

Browse by Tags

All Tags » AD   (RSS)
Thursday, March 26, 2009 7:38 AM

More Kerberos fun with PAC’s- decrypt the PAC

I had been meaning to blog about this for a while, and recently was teaching a class when a friend of mine looked into the exact steps and issues – thanks Woody. It may be interesting to peek into the PAC every once in a while and make sure everything
Posted by SpatDSG | 4 Comments
Filed under:
Monday, February 23, 2009 7:27 AM

There and back again.. the journey of a bug in ADFS

Let's look at a bug fix.. end to end. So back in November, my friend Jim Simonet had posted a question about a problem with ADFS using ADAM as the auth store and specifying that it connect via LDAP over SSL. He could connect to ADAM via LDP on 636, so
Posted by SpatDSG | 0 Comments
Monday, November 17, 2008 7:27 AM

More fun with Kerberos and Web Sites

SPN’s. Service Principal Names. I am not going to go into the details of how SPN’s are used right now, see my other posts on Kerberos or go use your favorite search engine to determine how they are used. Most of this post will relate to web sites and
Posted by SpatDSG | 1 Comments
Filed under:
Thursday, August 21, 2008 7:43 AM

Kerberos domain routing

So the scenarios is pretty simple. Forest trust like so: Basic problem. User tried to access sharepoint and fails to use Kerberos. So we can review the end to end process ( still at a high level ) 1. User logs on 2. User gets TGT for kz.com domain 3.
Posted by SpatDSG | 8 Comments
Filed under:
Tuesday, August 12, 2008 7:37 AM

LDAP client tracing...

ADinsight from the sysinternals toolset is a great tool , but I seem to have problems with it at times. Specifically on Server 2008 & Vista (maybe due to the way it hooks wldap32.dll) On Vista OS and beyond, there is built in client ldap tracing which
Posted by SpatDSG | 13 Comments
Filed under:
Thursday, July 03, 2008 12:12 PM

How to populate the “Street” field with more than 1 line of text...or, how to use top down tshooting.

this is a test of an excerpt... :)
Posted by SpatDSG | 1 Comments
Filed under:
Tuesday, March 25, 2008 9:49 AM

Remote Server Administration Toolset (RSAT) for Windows Vista SP1 -- now available!

Long awaited remote admin tools you can toss on Vista.. located here: http://www.microsoft.com/downloads/details.aspx?FamilyID=9ff6e897-23ce-4a36-b7fc-d52065de9960&DisplayLang=en and x64 here: http://www.microsoft.com/downloads/details.aspx?FamilyID=d647a60b-63fd-4ac5-9243-bd3c497d2bc5&DisplayLang=e
Posted by SpatDSG | 1 Comments
Filed under:
Monday, March 17, 2008 9:54 AM

Group Policy Preferences CSE for download -

Group Policy Preference Client Side Extensions for Windows XP (KB943729) Multiple Group Policy Preferences have been added to the Windows Server 2008 Group Policy Management Console (which are also available through the Remote Server Administration Toolset
Posted by SpatDSG | 2 Comments
Filed under:
Monday, November 26, 2007 7:35 AM

"Kerberos delegation .. end to end" Part III

When we last left off, we had just installed SQL. Also my standard disclaimer for this series: First off let me say that I am not a “SQL guy” nor am I an “IIS guy” .. I am primarily a platforms OS kinda guy. However, I can wing my way thru some of those
Posted by SpatDSG | 7 Comments
Filed under:

Attachment(s): traces.zip
Wednesday, November 21, 2007 8:20 AM

Set WMI namespace security via GPO (script)

This was an example of setting WMI security via a script - the specific question was: “Is there a way I can change the permissions on WMI (need to grant remote enable access) so I can grant a service account read access to certain machines via Group Policy?”
Posted by SpatDSG | 6 Comments
Filed under:
Tuesday, November 20, 2007 7:32 AM

"Kerberos delegation .. end to end" Part II

When we left off - I was about to install SQL. Also my standard disclaimer for this series: First off let me say that I am not a “SQL guy” nor am I an “IIS guy” .. I am primarily a platforms OS kinda guy. However, I can wing my way thru some of those
Posted by SpatDSG | 3 Comments
Filed under:
Wednesday, November 14, 2007 7:35 AM

"Kerberos delegation .. end to end" Part I

First off let me say that I am not a “SQL guy” nor am I an “IIS guy” .. I am primarily a platforms OS kinda guy. However, I can wing my way thru some of those two technologies. This series of posts may not exactly follow best practices when it comes to
Posted by SpatDSG | 10 Comments
Filed under:
Tuesday, November 06, 2007 7:49 AM

A few handy queries to ask Active Directory

I just wanted to do a random DS related post . These are a few useful constructed attributes. A constructed attribute is one which is not directly stored in the AD, but is constructed specifically when requested. More info on MSDN I'm sure.. Some useful
Posted by SpatDSG | 1 Comments
Filed under:
Tuesday, November 06, 2007 7:40 AM

AD insight released as free download

Some folks may recall this from using the Winternals product,.. ADInsight is an LDAP (Light-weight Directory Access Protocol) real-time monitoring tool aimed at troubleshooting Active Directory client applications. Use it’s detailed tracing of Active
Posted by SpatDSG | 0 Comments
Filed under:
Wednesday, September 12, 2007 7:36 AM

The Conch Shell...and how DFS uses it.

Ahh yes.. the conch shell . I run into weird problems all the time.. this was on of those weird problems. The high level statement was this: "Clients in remote sites are accessing mapped drives via explorer and the UI hangs for 10-15 minutes, they lose
Posted by SpatDSG | 0 Comments
Filed under: ,
More Posts Next page »
 
Page view tracker