joeware - never stop exploring... :)

Information about joeware mixed with wild and crazy opinions...

2/5/2010

Active Directory (and ADAM/ADLDS) Tombstone Lifetime

by @ 8:19 pm. Filed under tech

There is an article on TechNet about the forest’s tombstone lifetime for Active Directory (http://technet.microsoft.com/en-us/library/cc784932(WS.10).aspx) that was discussed on an internal MSFT DS Team / MSFT MVP email list. The discussion pointed out that there is a little confusion around the article.

Specifically the confusion can come up around step 8

Note the value in the Value column. If the value is <not set>, the default value is in effect as follows:

  • On a domain controller in a forest that was created on a domain controller running Windows Server 2003 with Service Pack 1 (SP1), Windows Server 2003 with Service Pack 2 (SP2), Windows Server 2008, or Windows Server 2008 R2, the default value is 180 days.
  • On a domain controller in a forest that was created on a domain controller running Windows 2000 Server, Windows Server 2003, or Windows Server 2003 R2, the default value is 60 days.

The question came up… and a good question I might add… “What if you don’t know what version of the OS was used to initially build the forest?”

If this confusion exists for Directory Service MVPs, then it probably exists for some other folks as well.

 

There is a very easy (for now) way to ascertain what the tombstone lifetime is.

  1. Run the command “adfind –sc policies”
  2. Read the line that starts with >tombstoneLifetime:
  3. If the line exists, the value listed is your tombstone lifetime in days. If the line doesn’t exist, the tombstone lifetime is 60 days.

 

But joe, doesn’t the OS version matter? No. The reason it doesn’t matter is that the default didn’t change in the source code for the different OS versions. What changed was a line in a file called schema.ini which sets the value of tombstoneLifetime to whatever other value so if the value isn’t set it is the AD default 60 days.

The section of the schema.ini file we are talking about is

; Explict TSL default set in W2K3 SP1 to increase shelf-life of backups and allow longer
; disconnection times.
tombstoneLifetime=180

 

    joe

Rating 4.67 out of 5

2/2/2010

Rinse, lather, repeat…

by @ 5:40 am. Filed under quotes

History is cyclical in nature, the evidence shows us. What is today, was before. What was yesterday, will be tomorrow. We need to learn from our mistakes, so that instead of travelling endlessly in a repetitious cycle, we move in an upward spiral towards perfection and utopia.

   – David Hatcher Childress in Technology of the Gods

 

Rating 4.00 out of 5

Uplifting thoughts…

by @ 5:26 am. Filed under quotes

I have had a good many more uplifting thoughts, creative and expansive visions while soaking in comfortable baths in well-equipped American bathrooms than I have ever had in any cathedral.

   – Edmund Wilson

Rating 3.00 out of 5

2/1/2010

We were the first with the Atom bomb…

by @ 8:42 pm. Filed under quotes

When (Dr. J. Robert Oppenheimer, the “Father of the H-Bomb”) asked in an interview at Rochester University seven years after the Alamogordo Nuclear test whether that was the first atomic bomb ever to be detonated, his reply was, “Well, yes, in modern history.”

    – David Hatcher Childress – Technology of the Gods

 

joe Note: It is thought that Dr. Oppenheimer was thinking about Mohenjo-Daro and Harappa when he made that comment.

 

Rating 3.00 out of 5

Ignorance…

by @ 8:27 pm. Filed under quotes

Facts do not cease to exist because they are ignored.

    – Aldous Huxley

Rating 3.00 out of 5

Have you ever…

by @ 8:24 pm. Filed under general

asked the question “So if humans have been around pretty much at this same evolutionary state for thousands of years, how come we are the first ones playing Halo on Xbox?” or something similar? My g/f asked me a question like that a few months back and I started to explain that well we don’t really know what all has been accomplished in the past because of our perverse religious side which has us constantly conquering anyone who doesn’t look and think the same and then burning everything in the loser’s culture and attempting to completely eradicating any proof of their existence. On top of that we have had a few cases where disease has knocked civilization for a loop by wiping out some large percentage of the race and when that happens, survival mode kicks in and specialization mode goes out the window… e.g. Who cares about which stars are going to go supernova or which insects have wings and which don’t when you aren’t sure where your dinner is coming from.

Midway through the explanation I thought, I wonder if anyone has done any real exploration in this to see if they can find any kind of proof that by gosh, there were people who lived before us (like Atlantis, Rama, or Mu) who had higher engineering skills than we have right now other than the really obvious things like Pyramids and Easter Island monoliths and other megaliths that we can’t for the life of us duplicate or figure out how to do now…

I found on Amazon and then proceeded to read “Technology of the Gods: The Incredible Sciences of the Ancients” and wow, what a great book. It is interesting to me (read: scary) how it shows how our own scientists will find something they can’t explain and so just toss it off to the side and ignore it. Like archeologists who in 1959 found belt buckles in China that were thousands of years old… but made out of Aluminum[1]???

Absolutely great book. I highly recommend it. It seriously will get you thinking. Has lots of photos and images and links to other sources of information to follow up. The book is only $12 and is eligible for Amazon Prime if you have that (and if you don’t, why not?).

 

 

      joe

 

[1] If you don’t know, to our knowledge, the only way to create aluminum is to process Bauxite ore with A LOT of electricity… We have only been producing aluminum in commercial quantities (this last go around at civilization anyway) for roughly 100 years… So who has the chutzpah to make belt buckles out of the stuff thousands of years ago.

Rating 3.00 out of 5

1/27/2010

Final (I think) AdFind/AdMod beta

by @ 6:45 am. Filed under tech

I have posted what I expect to be the final AdFind and AdMod beta before final release.

http://www.joeware.net/downloads/beta/adfindmod_beta.zip

 

I am shooting for a mid-February release.

 

In the last 10 days most of the updates are in AdFind. Lots of misc shortcut bug fixes. Added some additional attribute decodes. One big item is that I added digest authentication for both utilities (-digest) as that has been missing.

 

   joe

Rating 3.00 out of 5

1/24/2010

Watch this Electric Car company…

by @ 12:22 am. Filed under alternatives

http://www.ctntunited.com

 

Saw their products at the Detroit North American Auto Show and they were quite interesting.

 

   joe

Rating 3.00 out of 5

1/22/2010

Cloning Forests for Divestitures / Acquisitions

by @ 10:40 pm. Filed under tech

Just don’t do it.

See http://technet.microsoft.com/en-us/library/ee424329(WS.10).aspx

From the article

When a company acquires another company, business unit, or product line, the purchasing company may also want to acquire corresponding IT assets from the seller. Specifically, the buyer may want to acquire some or all of the domain controllers that host the user accounts, computer accounts, or security groups that correspond to the business assets that are to be purchased. The only supported methods for the buyer to acquire the IT assets that are stored in the seller’s Active Directory forest are as follows:

  1. Acquire the only instance of the forest, including all domain controllers and directory data in the seller’s entire forest.
  2. Migrate the needed directory data from the seller’s forest or domains to one or more of the buyer’s domains. The target for such a migration may be an entirely new forest or one or more existing domains that are already deployed in the buyer’s forest. We recommend that you migrate the directory data without security identifier (SID) history. If you migrate the directory data with SID history, information about the seller’s forest will be retained in the new forest of the buyer. For more information about migrating directory data without SID history, see Migrating Accounts Without Using SID History (http://go.microsoft.com/fwlink/?LinkId=113694).

This isn’t just a so-so recommendation that may or may not be right for your specific circumstance (sort of like the disk configuration guidelines), this is a hard and fast rule. Seriously bad things can happen and likely will if you mess around with it. If you do it and run into issues, the DS Team at Microsoft will walk away shaking their head[1].

 

    joe

 

[1] They didn’t tell me this, I am just guessing based on my conversations with them.

DON’T CLONE

Rating 3.00 out of 5

Seriously?

by @ 6:35 am. Filed under rants

I really really hope this new Michigan State University logo isn’t for real. Why? Because it sucks.

http://blogs.suntimes.com/sportsprose/2010/01/michigan_state_to_unveil_new_l.html

http://blog.mlive.com/ganggreen/2010/01/michigan_state_spartans_to_unv.html

http://blog.mlive.com/ganggreen/2010/01/new_michigan_state_logo_may_no.html

 

image 

Current

 

 

image

Alleged New

 

 

If this is the new logo, besides the thought that it sucks I think… Why? Why waste money right now on something like this. We hear educational establishments complaining because money is tight because of reduced attendance and reduced state funding due to the economy so someone decided to spend money working on changing the logo and all of the branding so that everything would have to be replaced???

 

      joe

Rating 3.00 out of 5
« Older Entries
Newer Entries »

[joeware – never stop exploring… :) is proudly powered by WordPress.]