Active Directory

I recently had a problem with a client's Active Directory   2 Active Directory sites were unable to connect during a few days, and in the meantime the domain controllers changed their computer's account password (see Murphy's Law)  When the network came back, the Active Directory replication tools gave the following error :   DCDIAG reports that the Active Directory Replications test has failed with error -2146893022: “The target principal name is incorrect." This oriented me towards this microsoft... [Lire la suite]

Lors d'un dépannage client, j'ai du résoudre un problème de réplication Active directory assez particulier.   2 sites Active Directory ont été coupés pendant plusieurs jours, et durant ce laps de temps, les contrôleurs de domaine ont changé le mot de passe de leur compte ordinateur (cf loi de Murphy)  Après la coupure, le client n'a pas tout de suite remarqué que les réplications ne se faisaient plus. Au bout d'un temps, il a lancé des outils de diagnostique qui ont retourné l'erreur suivante :   DCDIAG reports... [Lire la suite]

With the recently released VMware vSphere 5.5, the component Single-Sign-On (SSO) has been completely rewritten. The biggest change is that the RSA database has been removed, which eliminates much of its complexity. There is also a new identity type (Active Directory (Integrated Windows Authentication)) that works without specifying the AD Controllers directly, like the old vSphere 4.x / 5.0 authentication. The whole process is much easier. This post shows how to enable Active Directory Authentication within the new vSphere 5.5... [Lire la suite]

Voici une question qui se pose régulièrement chez les clients, et voici un avis intéressant sur la question....   Dans un environnement de domaine Windows, la synchronisation des horloges des différents systèmes est primordiale, notamment pour que le protocole d’authentification Kerberos fonctionne. Il y a d’autres effets de bord sur certaines applications qui peuvent donner des erreurs difficiles à diagnostiquer si des systèmes ne sont pas synchronisés entre eux, ou ne sont pas à l’heure exacte. Les environnements de type... [Lire la suite]

Dans un environnement de domaine Windows, la synchronisation des horloges des différents systèmes est primordiale, notamment pour que le protocole d’authentification Kerberos fonctionne. Il y a d’autres effets de bord sur certaines applications qui peuvent donner des erreurs difficiles à diagnostiquer si des systèmes ne sont pas synchronisés entre eux, ou ne sont pas à l’heure exacte. Les environnements de type cloud hybride, en particulier, nécessitent que l’heure des systèmes locaux soient correcte vis-à-vis des systèmes dans le... [Lire la suite]

A year ago I wrote an article called The REAL reason Microsoft Windows RT devices won't be able to join AD domains. (Hint: AD is not about systems management anymore!) My belief at the time (and now) is that the whole Windows domain structure as a concept for desktop management is anachronistic in today's world, and that ultimately AD will only be used for authentication, authorization, and identity management, not for systems and device management. I haven't thought too much about this since then until a few weeks ago when... [Lire la suite]

Configuring Active Directory on Windows Server 2012 is a process worthy of patience and attention to detail. It involves installing the Active Directory Domain Services role, defining a new AD forest, creating the first (or root) domain in the forest, configuring DNS, and promoting a member server to a domain controller. Whew, that seems like a bunch of work! Never fear, Petri is here! A previous Petri post details how to get the Active Directory Domain Services role installed and running on a Windows Server 2012 machine. This... [Lire la suite]

From time to time you might need to clean up the Active Directory from computer accounts which are no longer active. Computers that has been reinstalled, replaced with new ones, old VMs. In many of those case you’ll might just end up with active directory full of computer objects that are obsolete. In fact those old unused accounts are called stale accounts. AD Tidy tool The creator of this tool is Chris Wright from the UK. There is free version and paid version of this tool. This tool is about 4 Megs in size and... [Lire la suite]

iPads and iPhones running the newest version of iOS are being blocked in some enterprises because bugs are overloading corporate Exchange servers One of the benefits of Apple's iOS devices such as the iPad and iPhone is that you can upgrade to the latest version as soon as it comes out. Being on the cutting edge is usually a good thing, but sometimes it can come back to bite you. If you are connecting to an Exchange server for mail and calendar services, the latest version of iOS has an unpleasant surprise in store for you.... [Lire la suite]

This article addresses a common task which many administrators have to address within their career as as an IT professional - changing the password on a core administrator account.ScenarioIt is well known that Administrators should always create dedicated service accounts with appropriate access to be used by network applications on a Microsoft network.  However there is always a case of a lazy administrator in the past who could not be bothered to create dedicated service accounts so they use the default domain admin account... [Lire la suite]