Sometimes I run into the same incorrect opinions so often I just want to vent and do a post like this. I don’t know if anyone reads this stuff but it is therapy for me. DNS and Active Directory is one of these subjects. So here we go…….
Nick Cottrell
DNS Design – Centralize or Decentralize?
This post discuses the design and placement of DNS for Active Directory. These design imperatives are my own and not Microsoft’s although they are derived from my experiences for twenty years as an Engineer with Active Directory design starting with the NT5 Server Beta in 1998.
Controlling the Distribution Group managedBy Attribute or Who Wants All These Emails?
Most of you probably know the ‘owner’ of a distribution group displayed in Outlook, Outlook Web App, and Active Directory Users and Computers (ADUC) is the managedBy attribute. What you may not know is that the managedBy attribute is a singled valued attribute. A Distribution Group can have multiple owners so where are the rest? The additional owners are in the multi-valued attribute msExchCoManagedByLink. Except for the exposure of the managedBy attribute in the GUI, they are all the same. So, who cares? Well, the person exposed as the ‘owner’ is the lucky one who gets all the inquiries about … Read more
Comparing AADConnect Rules or How Do I Tell What Changed?
As the rule base generated by AADConnect has gotten larger and larger and a simple configuration setting change can generate multiple rules, it has become a challenge to keep track of what is going on. So when the configuration changes or there is a version upgrade, how does one tell what changed? This is not as important in a “standard” configuration but if the “standard” rules are changed by disabling rules, copying and modifying rules, or adding new rules, it is important to be aware how an upgrade handles those modifications.
Creating Certificate Requests Using the Certificate Snap-in – Pitfalls and Ladders
There have been a number of changes to the security certificate world lately. Validity periods have shrunk from 3 years to 2 years and now to 1 year. SHA256 has taken over the world. Wildcard certificates have gone from risky to accepted and supported in many scenarios. All this means we are all rekeying and deploying certificate’s a lot more. Just to make it more fun, there are more options involved. So, it is best to make the task as error free and quick as possible.