Category Archives: AD

ADFS Cert Best Practices – unspoken

Hashing algorithms: SHA-256 Key size: 2048 bit Private Key generation process: Make sure you select the Legacy key template on domain-joined devices; it is not the default option. AD FS Token Signing and -Decrypting Certs for a longer lifetime: 3 … Continue reading

Posted in AD | Leave a comment

AD – NTLM Blocking and Pass-through Auth

NTLM Blocking Windows Server 2008 R2 and Windows 7 restricts NTLM authentication usage out of the box. This feature is known as NTLM blocking. NTLM blocking prevents NTLM from being used for authentication Pass-through Authentication The NetLogon service is responsible … Continue reading

Posted in AD | Leave a comment

AD – Cross domain vs Kerberos

Conditions for Kerberos to be used over an External Trust Interactive logon across external trusts will attempt Kerberos. On Windows XP and Windows Server 2003, NTLM will be tried if Kerberos fails. Windows Vista and newer operating systems will not … Continue reading

Posted in AD | Leave a comment

AD – Cross Domain Authentication – samAccountName vs userPrincipalName

Encounter 2 issues w/o no answer yet – related to SAM but not UPN a. User from Domain SG is able to login to the PC’s in Domain HK using SAM account, but can’t change the password. b. User from … Continue reading

Posted in AD | Leave a comment

AD Upgrade – Configuring DFSR to a Static Port ?

Working on the FW ports for the project, and noted that Microsoft confuses IT guy again – DFSR port In reference 1, Microsoft mentioned that TCP 5722 is for “RPC, DFSR (SYSVOL)” and this article is applied up to W2K12 … Continue reading

Posted in AD | Leave a comment

AD Blogs-Reference

REBELADMIN – tech detail & how to http://www.rebeladmin.com/category/microsoft/active-directory/

Posted in AD | Leave a comment

W2K3 AD FRS SYSVOL Issue – resolved

DEV AD has 3 DCs, and one DC has Journal Wrap Error, and other 2 DCs have no “SYSVOL” & “Netlogon” shared which means…. what ? you know. One month ago, cloning this AD for a vendor to conduct the … Continue reading

Posted in AD | Leave a comment