cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Ask the Directory Services Team
Options
1,429

Speaking in Ciphers and other Enigmatic tongues fresh content update!

JIMT05 on Apr 03 2024 04:27 AM
This article was first published on TechNet on Dec 08, 2015, Hi! Jim Tierney here again to talk to you about Cryptograph...
15.9K

THIS JUST IN!!!!  High LSASS Usage After Windows Update 3B March 2024

JIMT05 on Mar 25 2024 03:16 PM
THIS JUST IN!!!! High LSASS Usage After Windows Update 3B March 2024 
3,059

We need to discuss the Microsoft Certification Authority Web Enrollment (CAWE) Role

RobGreene on Mar 14 2024 03:17 PM
Hello everyone, this is Rob Greene. I recently had a case where a customer was having trouble with the CAWE pages. I rea...
2,968

So, you think you’re ready for enforcing AES for Kerberos?

Chris_Cartwright on Mar 08 2024 03:45 PM
We have many customers asking questions about how to track down the usage of RC4 in their environment. Over the years, w...
2,084

Stop Worrying and Love the Outage, Vol II: DCs, custom ports, and Firewalls/ACLs

Chris_Cartwright on Feb 26 2024 01:32 PM
Today, we focus on an aspect of security theater that is constantly producing outages: Messing with Active Directory por...
11.3K

Stop Worrying and Love the Outage, Vol I: Group Policy and Sharing Violations

Chris_Cartwright on Jan 26 2024 07:43 AM
Today, we delve into why it really does matter where you edit group policy.
3,144

KRB_AP_ERR_BAD_INTEGRITY

jessev on Jan 12 2024 01:38 PM
7,619

Windows Server vNext at Microsoft Ignite, and What's New in Active Directory Technical Takeoff

Ryan Ries on Nov 28 2023 12:48 PM
Hey everybody, Ryan Ries here with a quick heads-up that there is some hot-off-the-presses content you need to check out...
22.1K

Preview of SAN URI for Certificate Strong Mapping for KB5014754

Ryan Ries on Apr 06 2023 08:33 PM
Hello, this is Matthew Palko, senior product management lead in Enterprise & Security, and today I have some information...
16K

Having issues since deploying November 2022 Security Updates to your domain controller?

DavidFisher on Dec 13 2022 01:36 PM
Hello, Chris here from Directory Services support team. Taking a breather from the phone calls. In the past few weeks, t...
19.9K

So, you say your DC’s memory is getting all used up after installing November 2022 security update

DavidFisher on Dec 13 2022 01:35 PM
After installing the November 2022/Out of Band update on your domain controllers you might experience a memory leak happ...
427K

What happened to Kerberos Authentication after installing the November 2022/OOB updates?

DavidFisher on Dec 13 2022 01:35 PM
With the November 2022 security update, some things were changed as to how the Kerberos Key Distribution Center (KDC) Se...
60.1K

November 2022 Out of Band update released! Take action!

JR_Nieves on Nov 18 2022 03:53 PM
Greetings from the Windows Directory Services team!The team wanted to bring to your attention the November 17th, 2022 re...
38.5K

Active Directory Web Services Event 1202

Ryan Ries on Jul 10 2020 07:07 AM
Hey there! Josh Mora here, with a brief post on an issue I recently had and wanted to make public, in hopes this will he...
33.8K

Deep Dive: Active Directory ESE Version Store Changes in Server 2019

Ryan Ries on Apr 04 2019 08:30 PM
First published on TechNet on Oct 02, 2018 Hey everybody.
48K

TLS Handshake errors and connection timeouts? Maybe it’s the CTL engine….

Ryan Ries on Apr 04 2019 08:29 PM
First published on TechNet on Apr 10, 2018 Hi There! Marius and Tolu from the Directory Services Escalation Team.
20.2K

ESE Deep Dive: Part 1: The Anatomy of an ESE database

Lindakup on Apr 04 2019 08:28 PM
First published on TechNet on Dec 04, 2017 hi!Get your crash helmets on and strap into your seatbelts for a JET engine /...
17.2K

Introducing Lingering Object Liquidator v2

Ryan Ries on Apr 04 2019 08:25 PM
First published on TechNet on Oct 09, 2017 Greetings again AskDS!Ryan Ries here.
7,556

Active Directory Experts: apply within

JustinTurner on Apr 04 2019 08:25 PM
First published on TechNet on Jul 26, 2017 Hi all! Justin Turner here from the Directory Services team with a brief anno...
16.3K

Using Debugging Tools to Find Token and Session Leaks

Ryan Ries on Apr 04 2019 08:25 PM
First published on TechNet on Apr 05, 2017 Hello AskDS readers and Identity aficionados.
18.7K

Troubleshooting failed password changes after installing MS16-101

Lindakup on Apr 04 2019 08:21 PM
First published on TechNet on Oct 13, 2016 Hi!Linda Taylor here, Senior Escalation Engineer in the Directory Services sp...
11.5K

Access-Based Enumeration (ABE) Troubleshooting (part 2 of 2)

JustinTurner on Apr 04 2019 08:20 PM
First published on TechNet on Sep 21, 2016 Hello everyone! Hubert from the German Networking Team here again with part t...
34.4K

Access-Based Enumeration (ABE) Concepts (part 1 of 2)

JustinTurner on Apr 04 2019 08:20 PM
First published on TechNet on Sep 01, 2016 Hello everyone, Hubert from the German Networking Team here.
17.4K

Deploying Group Policy Security Update MS16-072 \ KB3163622

JustinTurner on Apr 04 2019 08:20 PM
First published on TechNet on Jun 22, 2016 My name is Ajay Sarkaria & I work with the Windows Supportability team at Mic...
15K

The Version Store Called, and They’re All Out of Buckets

Ryan Ries on Apr 04 2019 08:17 PM
First published on TechNet on Jun 14, 2016 Hello, Ryan Ries back at it again with another exciting installment of esoter...

Latest Comments

jdg
in We need to discuss the Microsoft Certification Authority Web Enrollment (CAWE) Role on Apr 19 2024 07:58 AM
Thanks @RobGreene that is very helpful information. Upon further investigation, our current CDP path is an anonymous IIS directory named 'CertServices' which is different from the 'CertSrv' itself. My colleagues and I were thinking these were both one and the same thing, therefore we should now be o...
0 Likes
RobGreene
in We need to discuss the Microsoft Certification Authority Web Enrollment (CAWE) Role on Apr 18 2024 08:48 AM
@jdg I am not following your question here. Any of the AIA or CDP paths MUST NOT require authentication to access them. This is by RFC standards and so these URI's should not be affected by NTLM Rely Attacks as the virtual directory should be configured for Windows Authentication - Disabled, and Ano...
0 Likes
RobGreene
in THIS JUST IN!!!!  High LSASS Usage After Windows Update 3B March 2024 on Apr 18 2024 08:37 AM
@SwigIT If your domain controllers are crashing and you do not believe that it is from a 3rd party application / DLL loaded into LSASS.exe then you will need to open a case so that it can be debugged. However it seems like you are saying that you are actually having High CPU going on and not a crash...
0 Likes
SwigIT
in THIS JUST IN!!!!  High LSASS Usage After Windows Update 3B March 2024 on Apr 18 2024 07:44 AM
Hi All - I have 2019 DC's with one having Azure Connect app. After uninstalling the bad KB and installing the patch I am still having issues. For me the CPU runs very high in about 24 hours and i can only restart the VM from the hyper V host. I saw that I was getting alot of System interrupts in tas...
0 Likes
StephanRothe
in NDES and the dreaded 2 & 10 Event ids stating “The parameter is incorrect" on Apr 18 2024 04:08 AM
thanks, very good steps
0 Likes