Orphaned Sites and how to treat them

Hello again, Today I'll be talking about time sync and what it has to do with GPO.Recently, we've been experiencing some issues with station in certain sites not receiving GPO from the Domain.We've been troubleshooting this issue for a while and there seemed to be no problem with our station, their logon process was correct and each station knew the which dc was the closest to her (or so we thought).As it turns out, the common problem with all the station that were experiencing difficulties with GPO was W32Time Errors in the System Event...

Read More

A LDAP in VBScript's Clothing

Hello again, It's been a while since my last post. Haven't been inspired much lately.This post will be a short one, and hopefully the next one will be longer and will interest you more - I'm planning on doing a piece regarding DFS. So, we had a situation today that required us to change a specific user attribute for all users in a specific group.There are a couple of ways to deal with this situation. If this is a so-called "Mainstream" attribute, you can use the infamous dsmod cmd tool-  it allows you to change certain attributes,...

Read More

Your Authentication is only as good as your last packet

Hello again, It's seems a bit unfortunate, that the times when I'm really inspired to write are the times when everything (or almost everything) comes crashing. So, in short, today I'll write a little Kerberos Authentication and how it's affected by the smallest things. Just a while ago, one of our clients called with a problem - his web server was working awfully slow, to the point where certain actions got a timeout after about 20 minutes of being stuck on a post request.In order to clarify, both servers are running on Win 2003 Std...

Read More

When stations play Hide and Seek with DCs

Hey guys, I hope to keep this post short, because it's not really something super complex. b.t.w I'll be on vacation this week, so don't expect anything out of the ordinary - muse usually comes to me at work :) Today I'd like to talk about how a station chooses (or rather locates) a DC to communicate with. It's been on my mind this week, because I've had an opportunity to be a part of a technical job interview and the guy we interviewed didn't seem to know how this process works. I'd like to dedicate this post to him.  To start...

Read More

Time (or Space) is running out.. on Exchange ?!

Hello Again, This time I'm going to talk about an issue that has happened to me a few time (to my misfortune). Hopefully, It'll help you deal with said issue in a more relaxed fashion and save you some trouble.Picture the following scene - Your favorite monitoring system alerts that space is running low on the drive that stores your exchange transaction logs (for a specific group), but nobody notices, and it keeps running out.This usually happens when your Exchange Server isn't being backed up in time.One way to prevent this from happening,...

Read More

NetApp, W32Time and stuff between them

Hello World, This time I'm going to talk about an issue that surfaced recently. One of our storage guys claimed that his NetApp machines aren't getting a good TimeSync service from our Domain, thus drifting away in time and getting to the point where they can no longer co-operate with our domain due to an exceeded time skew.He also claimed that he is sure that this happens due to the fact that most of our DCs don't have SP2 installed. It seemed kinda strange, getting schooled by some storage guy, and even more strange was that I haven't noticed...

Read More