Not too long ago, through the InitialAssist program, I had the opportunity to spend some time assisting an organization in the recovery of directory data and resource access.  The organization had put out a request for assistance from the Microsoft newsgroups and had received some excellent suggestions but unfortunately they didn’t resolve the issue. On Saturday afternoon, after a half day session at the Microsoft Directory Services Masters program, I became involved through the requ... [More]

While I was out at the Microsoft Certified Masters program for Directory Services a while back, I realized that I made a mistake in a post about NETLOGON SRV registration intervals.  Thanks to Microsoft Platforms PFE Matt Reynolds for helping me catch this error.  I apologize to everyone for the mistake in my post.  The traces which are attached to the original post show the correct intervals as you’d imagine but I didn’t do a good job of writing to that.  I have ... [More]

!!! WARNING:  IT Systems Administrator blasphemy ahead !!!  Actually, here it is right here:  I know that NetDiag is a staple tool for systems administrators but I’ve never been a big consumer of the tool and that’s mostly because I just don’t care for it.  There is some great functionality in the tool but a lot of it can be found in other tools without all of the excess effort and output.  The other thing is that there are some limitations and known issues which often m... [More]

Recently a question came up in the newsgroups about what the difference is between the set of partitions on a domain controller and the set of partitions on a global catalog server.  I wanted to take the opportunity to include the answer here and expand upon it slightly. The question specifically was, “In a multi-domain environment, what is the main difference between the partitions on a domain controller that is also a global catalog server, versus other domain controllers that are ... [More]

This post is part 2 of a 3 part series where we are examining the debug output for each policy processing mode: Loopback Policy Processing Debug Series – Normal Mode Loopback Policy Processing Debug Series – Merge Mode Loopback Policy Processing Debug Series – Replace Mode In our last post, we reviewed the UserEnv log to see how policy is applied to workstations and users under normal circumstances.  In normal mode, processing of workstation group policy restricts itself to t... [More]

When it rains it pours I suppose.  Just after I dropped the last loopback policy processing post, I got an email from another friend at Microsoft asking about how replace mode actually works.  What he wanted to know exactly was when does the user configuration portion of policies which apply to the computer object get applied.  Is it applied when the computer starts up?  Or is it applied when a user logs on? It’s a fair question.  The loopback policy setting is ... [More]

  I wanted to follow-up on a previous post and respond to a newsgroup post with this loopback policy processing model. I am taking the inspiration for this from the newsgroup post though there is some deviation for the sake of the illustration.  Okay, let’s go. In our globally-applied Default Domain Policy, a screen saver timeout is set to 30 minutes. Right now, this is the only screen saver timeout policy in the domain. This policy setting exists in the User Configuration portion of... [More]