Active Directory: A user cannot be in more than 1015 groups.

In any Microsoft Active Directory forest, a user can only a member of 1024 groups but after allowing for up to 9 well known SIDS this number is actually 1015. See KB http://support.microsoft.com/kb/328889If a user exceeds the hard limit of 1015 group memberships they probably will not be able to logon.What do you do to rectify … Continue reading Active Directory: A user cannot be in more than 1015 groups.

Active Directory: Disaster Recovery (Recap)

In preparation for the Active Directory forest to be upgraded (to Windows Server 2012 R2), it may be prudent to re-evaluate Active Directory disaster recovery plans. Active Directory if configured correctly will just sit there and work; servicing all requests that are presented and because of this robustness, its importance is often overlooked and its criticality … Continue reading Active Directory: Disaster Recovery (Recap)

Top 6 (Independent) Microsoft Active Directory Integration Experts to Follow

Blatant self-promotion, but I wanted to share a blog post from OneLogin that gives their list of top Active Directory experts (including me) and our top tips on "What you should never do when working with Active Directory". Top 6 (Independent) Microsoft Active Directory Integration Experts to Follow Does anyone else have any other “No … Continue reading Top 6 (Independent) Microsoft Active Directory Integration Experts to Follow

Active Directory: Forest Recovery – Whitepaper updated.

Microsoft have updated the must read Active Directory document on Active Directory Forest Recovery. “The guide contains best-practice recommendations for recovering an Active Directory forest if forest-wide failure renders all domain controllers in the forest incapable of functioning normally. The steps, which you must customize for your particular environment, describe how to recover the entire … Continue reading Active Directory: Forest Recovery – Whitepaper updated.

Best Practices for Securing Active Directory

  Microsoft have released a new document which contains best practice recommendations to assist organisations in enhancing the security of their Active Directory installations. Microsoft state that “In implementing these recommendations, organisations will be able to identify and prioritise security activities, protect key segments of their organisation’s computing infrastructure and create controls that significantly decrease … Continue reading Best Practices for Securing Active Directory

Active Directory: Mergers and Divestitures – Spoof a domain to implement a DFS Namespace.

  I have just returned from the MVP summit in Redmond, where I spent the best part of a week with the Active Directory Product Group and other Directory Services MVP’s.  In conversation with a fellow Directory Services MVP Microsoft PFE Mike Kline, I mentioned a way that I had spoofed a domain to ensure … Continue reading Active Directory: Mergers and Divestitures – Spoof a domain to implement a DFS Namespace.