Category: Microsoft

Microsoft Advanced Threat Analytics Banner

Microsoft Advanced Threat Analytics Fundamentals

Introduction Hi there, want to know more about Microsoft Advanced Threat Analytics (ATA)? You’ve come to the right place. In this blog post I’d like to share some fundamentals of the product and platform to get you started right away. Microsoft acquired Aorato in 2014 which was a security company. They are now part of Microsoft

Continue Reading

Certificate Autoenrollment Failed on Domain Controllers

Introduction Just a short blogpost about troubleshooting existing certificate services within the Active Directory domain. In this case the domain controllers were not able to renew their certificates through autoenrollment. In a meanwhile the existing certs were already expired so LDAPS was no longer available. A group of servers did not find any trouble updating their certs,

Continue Reading

From the field: RPC client authentication breaks SID translation

SID translation problems Weird things can happen if something goes wrong with the RPC protocol, wheter it’s related to network traffic being blocked by a firewall (yes, I’m talking to you ephemeral ports) or just because the name resolution contains numerous configuration errors. Recently I was asked to troubleshoot SID translation problems over a forest trust. The

Continue Reading

Upgrade Your Active Directory and Domain Controllers the Safe Way

Introduction There are several good guides on the internet about upgrading your Active Directory Forest, Domains and Domain Controllers to Windows Server 2012 R2. I’d like to give you my strategy on this subject. It’s not wrong to add new Domain Controllers to your 2003/2008 domain, transfer the FSMO roles and demote the 2003/2008 DC’s,

Continue Reading
Security Breach

Active Directory checks you should run on a regular basis

The following powershell cmdlets will help you identify user accounts in your Active Directory environment that have settings configured that are a joy for hackers. My advise is to schedule the cmdlets or put them in a script to automate the process. Use the export-csv cmdlet piped to create a usable list. For example  |

Continue Reading

Illegal cross-realm Ticket and the Rejected Authentication by Kerberos

Introduction Finally I have found some time to write this blogpost in detail. It took place last year somewhere around october and november, so here we go! The other day I received some complaints about not being able to access a CIFS share on the network. Several users acknowledged this, they got the Windows authentication

Continue Reading

DNS Zone Recovery using Powershell

In case you’ve accidentally deleted a DNS zone it’s good to know how to recover asap and get the deleted zone back in your production environment. I’m using a DNS zone export as a backup of the zone that has been deleted. We admins are lazy so this is the most convenient way to recover a

Continue Reading

Top 10 Must Have Windows System Administrator Tools

Today I’m serving you the Top 10 Must Have Windows System Administrator Tools every system administrator should know about. Most of them are freeware but some are paid. Feel free to expand this list in the comments. Here we go in no particulair order. The good ‘ol sysinternals suite, every Windows admin knows about this excellent toolkit.

Continue Reading

Create “Hidden” Active Directory Site for Application Testing Purposes

One of the biggest challenges in Active Directory Domain Controller upgrades are the application member servers, specifically the ones that make use of Active Directory authentication (Ldap). We all know the legacy applications within the organization, they’re still running after ten or more years, nobody knows something about it, there isn’t any documentation left but

Continue Reading

Upgrading Windows Server 2012 Domain Controller to Windows Server 2012 R2

Recently I performed an in-place Windows Server 2012 domain controller upgrade to 2012 R2. An in-place upgrade will keep the existing documents and settings on the server. Windows Server 2012 R2 is considered an incremental upgrade as it adds features to the operating system rather than make major changes to the operating system. In this blog

Continue Reading