The crux of the issue is that Windows Server 2012 (and above) introduce two new SIDs. The problem is that Windows 7 and Windows Server 2008 R2 clients do not know about these SIDs because when they (Windows 7 and 2008 R2) were written these particular SIDs didn’t exist. References: http://blogs.technet.com/b/askpfeplat/archive/2014/06/30/troubleshooting-windows-server-2012-r2-domain-controller-new-sids-a-real-world-example.aspx http://support.microsoft.com/kb/2830145
July 2014 archive
Jul 27 2014
RODC Trick: Remove a User’s Password from a RODC without forcing the user to change her password
TechNet (RODC FAQ) states: How can you clear a password that is cached on an RODC? There is no mechanism to erase passwords after they are cached on an RODC. If you want to clear a password that is stored on an RODC, an administrator should reset the password in the hub site. This way, …
Jul 24 2014
Authentication Problems in an Environment with Windows Server 2003 and Windows Server 2012 R2 Domain Controllers
Why this happens: The Kerberos client depends on a “salt” from the KDC in order to create the AES keys on the client side. These AES keys are used to hash the password that the user enters on the client, and protect it in transit over the wire so that it can’t be intercepted and …
Jul 23 2014
PowerShell: Get all Active Directory Sites based on Domain
Get all Active Directory Sites based on Domain. $DomainSiteFilter = “DomainA” Write-Output “Get AD Site List `r” $ADSites = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().Sites [int]$ADSitesCount = $ADSites.Count Write-Output “There are $ADSitesCount AD Sites in the forest `r” $DomainADSites = $ADSites | where {$_.Domains -like “*$DomainSiteFilter*”} | sort-object name [int]$DomainADSitesCount = $DomainADSites.Count Write-Output “There are $DomainADSitesCount AD Sites matching …
Jul 21 2014
Microsoft DirectAccess
Microsoft DirectAcess has made great strides in Windows Server 2012. Key Points: First available with Windows Server 2008 R2. Built-in client support for Windows 7 and newer. Provides always-connected connection to corporate network (connects before the user logs on). Leverages IPV6 and 6to4 tunneling (additional configuration required when using Windows Server 2008 R2 as the …
Jul 16 2014
PowerShell: Determine PowerShell Version
$PSVersionTable.PSVersion If the variable doesn’t exist, then the system is running version 1.0.
Jul 11 2014
Real-Time World Hack Map
This is an incredible map of the world that shows real-time network attacks. The animation makes it look like something out of the movie, “WarGames.” Most impressive. http://map.ipviking.com/?_ga=1.106938115.1477390587.1388686673#
Jul 02 2014
PowerShell: Get the Dates When the Active Directory Schema Was Updated
The Microsoft Scripting Guys blog has a great article on determining when schema updates were performed along with some information about the schema changes – at least enough to see if it was an Exchange update. ########################### # Get Schema Update Dates # ########################### # Code from: http://blogs.technet.com/b/heyscriptingguy/archive/2012/01/05/how-to-find-active-directory-schema-update-history-by-using-powershell.aspx write-output “Reading all schema data… …
Jul 01 2014
LSASS Crashing, CNF Objects May Be the Cause
What Happens and How Do I Know if I’m Affected? When CNF mangled NTDS settings objects are created, the Lsass.exe process may crash and unexpectedly reboot one or more domain controllers. So there is a pretty good chance you’ll know about it. You may not know the root cause of the crash. More specifically though …
Recent Comments