Month: June 2016

Sysadmin

From the field: RPC client authentication breaks SID translation

SID translation problems Weird things can happen if something goes wrong with the RPC protocol, wheter it’s related to network traffic being blocked by a firewall (yes, I’m talking to you ephemeral ports) or just because the name resolution contains numerous configuration errors. Recently I was asked to troubleshoot SID translation problems over a forest trust. The

Continue Reading
upgrade

Upgrade Your Active Directory and Domain Controllers the Safe Way

Introduction There are several good guides on the internet about upgrading your Active Directory Forest, Domains and Domain Controllers to Windows Server 2012 R2. I’d like to give you my strategy on this subject. It’s not wrong to add new Domain Controllers to your 2003/2008 domain, transfer the FSMO roles and demote the 2003/2008 DC’s,

Continue Reading
Security Breach

Active Directory checks you should run on a regular basis

The following powershell cmdlets will help you identify user accounts in your Active Directory environment that have settings configured that are a joy for hackers. My advise is to schedule the cmdlets or put them in a script to automate the process. Use the export-csv cmdlet piped to create a usable list. For example  |

Continue Reading