Sharing Active Directory Best Practices
Great article! I’ve been meaning to write this one myself.
AdminSDHolder is a built-in protection mechanism to make sure specific objects…like Domain Admin accounts don’t have the security on their object inadvertently changed. So, you’re a domain admin and go an make a change to an OU’s security and think that an object is going to inherit it? Not so! Read on…
http://www.frickelsoft.net/blog/?p=247
For more information contact us at www.webactivedirectory.com, or call us at (+1) 800-747-3565
I’m sure I’ll run in to this one, especially since I use PC’s that aren’t joined to the domain. I’m going to probably put this in my Powershell profile to avoid waiting for it to load and potential error messages.
For more information contact us at www.webactivedirectory.com, or call us at (+1) 800-747-3565
A super simple way to make sure you aren’t handing out an IP address via DHCP that is already in use…if you are using Windows as a DHCP server you’d be a fool not to use this.
Note: this only works for IPv4 and if your client firewall drops ICMP then it won’t work either.
http://technet.microsoft.com/en-us/magazine/ff606371.aspx
For more information contact us at www.webactivedirectory.com, or call us at (+1) 800-747-3565
I’ve seen some other blogs point this out so I decided to read the Microsoft KB article myself. The limit of 5000 objects is definitely something you might run up against in larger organizations. What I would be curious to know is if you can use paging to get around this limit?
If you are planning on virtualizing SQL 2008 then this is a must read.
Basically this change is to the number of instances you are allowed.
So a little background. After a power failure and realizing that my DNS server for my ESX/vSphere cluster was a virtual machine and that VMware ESX clusters and a lack of DNS don’t work well I decided to add to move DNS to a physical server in my environment. I loaded the DNS server on Windows 2008 SP1 and added a secondary IP address for the DNS server the ESX hosts were already using to that W2K8 server. This server was already my VMware vCenter server and I didn’t want to change the IP address for the whole server.
So a few weeks go by and one of my ESX hosts is showing disconnected. Reconnecting it or trying to add it as a new host don’t succeed and in looking at the error logs on my ESX host I see that the request to the host from the vCenter server is coming from the secondary IP address I added to the vCenter/DNS server…hmmmmm….
So I double-checked everything and even tried looking at the routes setup on the Windows 2008 server but to no avail I can’t change the source IP address it is using. After much searching around the web I found an article from Microsoft saying that they changed the way source IP’s are selected between Windows 2003 and 2008….no kidding….lol
Basically Windows using the IP source address “closest” to the destination address, oh goody…
Well hang on, here’s the solution. Update to Windows 2008 SP2 then download the hotfix in the below article and install it, reboot, remove the secondary IP address then add it using netsh as documented in the KB article. Note…there is no hotfix for Windows 2008 R2….great…not
http://support.microsoft.com/kb/975808
Hope this helps someone and if you’re using more than 1 IP address on a Windows 2008+ host you should definitely be aware of this behavior/feature…. cough cough. I love Microsoft most of the time but this one was a pain to find.
If you are a Windows 7 or Windows Server 2008 user, this utility might be useful to you. Problem steps recorder allows you record the activities leading up to a problem, then save that to a mht file that you can send to support. If you have an error on an IIS application (yellow screen) then it will even copy all that information out as text and put it as part of the capture. I like this utility because it’s easy for the user and useful for support…in fact I’m not only a fan, I’m a user of it!
http://technet.microsoft.com/en-us/windows/dd320286.aspx
For more information contact us at www.webactivedirectory.com, or call us at (+1) 800-747-3565
First off a little background, other than a first generation iPod nano I have never purchased any apple products, in fact I even uninstalled iTunes and used 3rd party software to sync with windows media player. It would be a fair statement that I have not been Apple friendly.
I pre-ordered my iPad the day it became available on the web, I bought the 32GB model, a dock, and the apple case. The day the iPad was to arrive I sat by my front window and waited for the UPS guy to show up…I even took a picture of him as he was walking up to my front door.
My role is one where I spend a fair amount of time taking notes, from webcasts, vendors, training, customers…I deal with a lot of data. In the past I’ve used numerous methods to stay on top of it all: blog posts, rss readers, Twitter, and my least favorite…paper notes in a very nice leather…but heavy, notebook. Enter the iPad…since the iPad arrived I now take most of my notes on the iPad, I check most of my RSS feeds and twitter via the iPad and usually from the comfort of my couch while browsing thru the channels on TV. I do much more consumption of data on the iPad, my laptop is still my preference for creating new data and large amounts of typing. Sure, people say it’s just a different form factor than a laptop, but that makes all the difference. My fiancée didn’t understand why I needed an iPad either and why I wouldn’t just use my laptop…now I have to hide it to keep her off it.
There is just something wrong about using a laptop with the screen opened up in front of a customer…it seems unfriendly, so I’ve always used paper. At home the portability of the iPad means I take it in every room I go in to. The instant on is certainly better than sleep or hibernate on a laptop.
My favorite apps? Evernote, Twitterrific, GoodReader, Citrix Receiver, NewsRack, Sonos, and Netflix! The biggest enabler of the applications I use is their ability to store their configuration online so that moving between devices is seamless.
I think our view of the cloud may be a little fuzzy, at least for now. What the cloud has done for me is made irrelevant the device I use, whether a windows pc, my phone, or my iPad, my data and applications that I use are all there at my fingertips…after all, that is the only value we in IT really hold…applications and data, everything else is waste.
My next purchase for the iPad…a 3G one. It turns out the iPad has changed my life so much I NEED it to be connected to the internet (and my data) from everywhere. Maybe at the end of May I can post another blog post about my first month with the iPad 3G. I heart you iPad…I’m even considering a MacBook now…yikes!
Cool little website to search for available Group Policies, a bit faster than using the filter option in the Group Policy Management Console.
Our engineers have created a series of demonstration online videos that provide insight into how PeopleUpdate can be used to delegate active directory updates out to the information and business owners within your organization. Each video provides a different view of PeopleUpdate through the eyes of a typical end-user, a typical HR-user and a typical IT-user. Here are the links to the online YouTube videos:
Needless to say, there are many other ways you can configure and customize PeopleUpdate to manage your Active Directory information based on your organizations’ needs. Please take a look at the videos and let us know if you have any questions or comments. And remember, you can always request a 30-day evaluation of PeopleUpdate on our website or call us toll free at +1-800-747-3565.
