joeware - never stop exploring... :)

Since ADAM first came out I have received a similar question from several admins and developers (at least double digit but definitely not triple digit numbers) asking how they could make it so changes could only be written to a single ADAM instance so they could control the flow of replication better or always know […]

If you find that you are running AdFind in an iterative script, say digging up some given attribute for some large list of objects, try using the -DLOID switch. This tells AdFind NOT to download parts of the schema to help with decoding various attributes. You should notice a pretty decent speed increase since you […]

I have been asked this question something like four or five times by different people in the last three days who say they can’t seem to google the answer so here it is… ntfrsutl.exe forcerepl DestinationDC /r "Domain System Volume (SYSVOL share)" /p SourceDC.domain.com   So if I have a PDC of JoePDC.joe.com and I […]

I had intended, actually strike that, I had thought I had written a blog entry about the urban legends surrounding the dreaded 5 minutes of Kerberos skew. Basically it was to be a story around the fear everyone has about our clocks going outside of 5 minutes of skew and then never being able to […]

Pre-Creating Computer Accounts When you create a machine account in Active Directory via ADUC (DSA.MSC), by default Windows generates a random (possibly, perhaps even probably non-printable) password for the computer account. If you select the “Assign this computer account as a pre-Windows 2000 computer” it takes the sAMAccountName, removes the trailing $ and then takes […]

If you have a Windows XP SP3 or Windows Server 2003 SP2 machine that goes really slow for GPO application (like tens of minutes or even hours) and the network trace looks something like   I.E. Read AndX Request and Response with small values like 2-4 bytes over and over again until it gets through […]

I was digging into an issue and saw lots of search result hits around HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and the BufferPolicyReads value in particular all referring back http://support.microsoft.com/kb/319440 and some of them mentioned making the change on Domain Controllers and some of them mentioned making the change on Vista and/or Windows 7. I just peeked at the […]

This should be the near permanent title bar string for Server Manager…. Server Manager (Not Responding) Rating 4.50 out of 5

    I have determined that the new strategy to get people to move to powershell is to make the GUI experience so damn slow and bad you couldn’t possibly get any work done if you try to go that route. Rating 4.33 out of 5

I am looking into an issue related to the subject, the background functioning of Domain Join (which involves setting the computer account password in the domain) and also Computer Account Password Changes in general. My understanding, which appears to possibly be flawed now based on some lab testing is that computer account password changes are […]