joeware - never stop exploring... :)

Information about joeware mixed with wild and crazy opinions...


Windows 2000 Professional SP4 in Windows Server 2012 R2 F/DFL6 Domain

by @ 8:21 am. Filed under tech

I had heard several times that Windows 2000 won’t join a Windows Server 2012 R2 Forest, especially in Windows Server 2012 R2 Functional Mode.

I did not find this to be the case. The hardest part was finding the old Windows 2000 MSDN CD in the basement (I ISO’ed it so I can lose it on my NAS now) and getting Windows 2000 Professional to load into a Windows Server 2012 R2 Hyper-V VM. Once I got past that point it joined the Active Directory with no issues. I even used the GUI without a pre-created machine account.

And to boot… Both the current version of AdFind and the current version of AdMod both worked fine on the Windows 2000 Professional SP4 machine… PowerShell AD Cmdlets didn’t seem to work though… πŸ˜‰



Rating 4.33 out of 5


Managed Service Accounts and Group Managed Services Accounts?

by @ 6:13 pm. Filed under tech

Do you or don’t you?

I am trying to gauge use/interest in the MSA technology so thought I would reach out and ask.

Please respond to these polls if you get a chance. If you don’t see your answer please feel free to add an answer or respond in the comments. If you visualize some specific functionality in the management space around MSAs and gMSAs please let me know in the comments or emails to I am starting to visualize a tool or tools in this space.



Do you use Managed Service Accounts?


Do you Group Managed Service Accounts?
Rating 3.00 out of 5


Great Sale on Hammock at Amazon

by @ 1:39 pm. Filed under general

Anytime I stumble on a really good deal I try to share it with my friends! :)

Awesome double hammock for when you are fed up fighting with computers. I was just looking at these the other day and it was $130, now it is only $95 and Amazon Prime eligible. Note the image below is showing normal price, not the Daily Deal price.


Rating 4.50 out of 5


AD Admin Access is a Privilege, Not a Right

by @ 12:03 pm. Filed under tech

I have never successfully been able to stabilize an environment while someone thinks they have god given rights to have Domain Admin rights based on any number of perceptions they have about themselves and their abilities but no real feet to the fire responsibility for the Directories core functionality.

You know those people, they complain that things aren’t done fast enough or to their standards or they have some application that absolutely requires it (go get a different app then). They think that there really is nothing to being a Domain Admin and that anyone can do it or at least they could and a damn sight better than those doing it now. They may be right, they may be very very wrong. My experience has been that if they are loud or insistent about it, they are usually very very wrong.

Personally, I never want any Admin access when I walk in the door of any company I go into. I usually have to say no, take that access away… If I must have an ID, I want a normal user ID, not an admin ID. If I need something I can’t reach as a normal user (a surprisingly small list usually) I will reach out to someone who is an admin and truly responsible for the environment and ask them to help. And this is with me generally being the best, or one of the best, most knowledgeable, most informed AD people involved with that company at that or possibly any time.

I am not trying to be boisterous, I am trying to be honest about it and you will find many of your best Windows/AD guys are in the same boat. I have been doing this AD thing a very long time now (since beta of Windows 2000 and beta of VMware Workstation in the 90’s) and Window NT before it and computer programming going well back into the 80’s. I have been a Microsoft MVP for Directory Services since 2001 which says MSFT says it is worth listening to me about AD and they often do so internally. In my day jobs over the years and through conferences and people contacting me via email I have worked directly and indirectly with hundreds of companies’, governments’, and militaries’ AD’s including probably most of the Fortune 50. Generally when someone is clamoring for the admin access, I often feel they are someone who truly shouldn’t get it. When deciding if someone should have Domain Admin access I ask myself, is that person the last line of defense before calling Microsoft when everything goes pear shaped at 2:00AM?

In a previous Fortune 5 company I worked in, ok it has been long enough that I have been away now, it was Ford Motor Company, we set up a process by which someone could get Domain and Enterprise Admin rights when HIRED to be on the Enterprise Admin team (the name of the group that ran Ford’s Active Directory).

How long do you think it took for someone to get Domain Admin? A day? A week? A month? If they were good it would take at least 3-6 months. They spent that time learning the environment and how we did things there and more importantly why we did things the way we did them. We beat "be scared but not too scared to react" into them. The idea being that you may think you know it all but you can still screw up so take things slow and make sure you know what you are doing for sure from all angles first. At the end of their "internship" they would have to run the gauntlet which involved sitting in a conference room with the current Enterprise Admin Team for several hours and being questioned by them and the team manager on any and every possible thing including their favorite color if a team member so chose to ask that question. We had a list of questions but that was a minimum bar guideline.

If anyone on the team wasn’t comfy at the end of it knowing full well they were giving a gun to someone who could quite figuratively shoot all of them in the head with one stray bullet the person went back to internship for another month or two before they could run the gauntlet again. Note this wasn’t a brain pissing match or my AD junk is bigger than yours; it was about truly and completely doing what we could do to safeguard who got critical access rights that we would at some point be completely depending on some night at 2:30AM when the Domain Controllers were burning to the ground. The team was such that if something really bad happened, you could get anyone on the team and you would be in great hands.


Rating 4.45 out of 5
Thank you for voting!

Cool Archive Site for Old Software

by @ 10:23 am. Filed under tech

Rating 3.00 out of 5



by @ 10:50 am. Filed under tech


Rating 4.00 out of 5


They said it couldn’t be done… NT4 in a 2012 R2 FFL6 Domain

by @ 6:09 pm. Filed under tech

I now have a Windows NT 4.0 Member Server joined and able to log into a 2012 R2 FFL6 Domain.

Don’t ask me why… If I told you I would have to kill you.

I will see about writing up how I worked through the WireShark traces to figure out what needed to be tweaked to get it to work or perhaps just the changes I needed to make to get it to work.

The most fun was getting NT4 running in 2012 R2 HyperV and not being able to use a mouse. Took me back a-ways (like almost 20 years) using all keyboard controls to whip around in NT4. But then most of my Enterprise (thousands of servers) NT4 work was done pre-RDP/TS days via remote command line through RCMD. You know remote command line management like they are pushing in PowerShell now like it is a new thing. πŸ˜‰

It is just spectacular how fast NT4 runs in HyperV with no need for integration services… Oh and on a 1GB system disk that has 800MB free.



Rating 4.60 out of 5



by @ 7:16 pm. Filed under general

Machine as a Service…

Skynet is coming… Security Guard Robot – only $6.95 an hour.


Rating 3.00 out of 5

Well… If that doesn’t bring back some memories…

by @ 6:20 pm. Filed under general


Rating 4.50 out of 5

1500VA CyberPower UPS on sale at Amazon Save $50

by @ 2:44 pm. Filed under tech

Just wanted to give heads up, the 1500VA 900w CyberPower UPS is on sale at Amazon today for a daily deal. I have 4 of these in the house already and just ordered another 3 (max order limit).

It is Prime Eligible too if you are a Prime member and if you aren’t a Prime member… Why not?

EDIT: Oh it is more than just the CyberPower, other UPSes as well.

Rating 4.50 out of 5

[joeware – never stop exploring… :) is proudly powered by WordPress.]