Monthly Archives: June 2016

AD – NTLM Blocking and Pass-through Auth

NTLM Blocking Windows Server 2008 R2 and Windows 7 restricts NTLM authentication usage out of the box. This feature is known as NTLM blocking. NTLM blocking prevents NTLM from being used for authentication Pass-through Authentication The NetLogon service is responsible … Continue reading

Posted in AD | Leave a comment

AD – Cross domain vs Kerberos

Conditions for Kerberos to be used over an External Trust Interactive logon across external trusts will attempt Kerberos. On Windows XP and Windows Server 2003, NTLM will be tried if Kerberos fails. Windows Vista and newer operating systems will not … Continue reading

Posted in AD | Leave a comment

AD – Cross Domain Authentication – samAccountName vs userPrincipalName

Encounter 2 issues w/o no answer yet – related to SAM but not UPN a. User from Domain SG is able to login to the PC’s in Domain HK using SAM account, but can’t change the password. b. User from … Continue reading

Posted in AD | Leave a comment

AD Upgrade – Configuring DFSR to a Static Port ?

Working on the FW ports for the project, and noted that Microsoft confuses IT guy again – DFSR port In reference 1, Microsoft mentioned that TCP 5722 is for “RPC, DFSR (SYSVOL)” and this article is applied up to W2K12 … Continue reading

Posted in AD | Leave a comment