Vanishing permissions on AD objects

I recently managed to solve a problem that bugged me for a ~ year - permissions on a specific group on AD would vanish, and the change won't show up on the security logs of any DC (as audit success).

The Story

We've made groups for our helpdesk teams, and gave them …

more ...


SPNs - Who? Why? Where?

I was making an introduction to a new teammate about SharePoint infrastructure, and one of the things I had to teach her about was SPNs. I was surprised to know almost no one at our place knew what SPNs are actually for. Until my PowerPoint presentation is ready, here is …

more ...

2008 Clusters can't change password

Last week MS's PFE Moti Bani and me solved a problem that bugged me for ~ a year - since the day we've started deploying 2008 clusters in our production environment:
2008+ Clusters can't update their CNO and VCO accounts' passwords.
The error, as shown in the cluster administrator, was:

Cluster network …
more ...

Testing stranded group policies

Ever had GPO Version differences between the AD and the Sysvol? Sure, you might have a healthy FRS/DFSR architecture, but the replication takes time. It's annoying to check if the GP object is now OK on every server, because one would have to point the GPMC to every DC …

more ...