Florian's Blog

Using AD LDS to service LDAP to applications

florian — Mon, 20 May 2013 15:28:14 +0000

I wrote an article a couple of years ago that discussed the importance of single instances hosting Active Directory – Domain Controllers. I tried to explain that one needs to know which Domain Controllers host what functionality – and at best, that there are no single DCs in the environment that are special and require special treatment. This reduces complexity in operations, troubleshooting and daily life(tm). The article is at http://www.frickelsoft.net/blog/?p=213.

I believe that your ultimate goal should be that no dependencies to Domain Controllers exist other than core Active Directory functionality. Reaching that goal, a vital step is reducing your Domain Controllers to just service Active Directory Domain Services. If that’s the case, a single DC can be replaced or taken down for maintenance rather easily.

(more…)

Resetting/Clearning attributes the right way

florian — Sun, 12 May 2013 08:08:08 +0000

I’ve been with a customer recently and we’ve looked at data they had in their Active Directory. We were looking at using some of the data for Dynamic Access Control for claims-based access control. We had a list of attribute that contained viable data and were looking to see whether we could use the attributes for DAC. For this, we’d run a couple checks and see whether all users had a value set for the attribute we were looking at.

One of the attributes we ran the check for was the “title” attribute. We would see whether all users had a value for their “title” attribute. Doing this with ADFind, we ran two queries: (1) Check how many users we have and (2) Check how many users have the “title” attribute set with a value. Then, we would compare both numbers and see where we are at.

(more…)

Server 2012 DHCP server Failover Troubleshooting

florian — Mon, 29 Apr 2013 07:12:45 +0000

I was with a customer recently and had my first experiences with the failover functionality in Windows Server 2012. DHCP failover is a new feature in Windows Server 2012 that allows for true failover functionality between two 2012-based DHCP servers. Modes are “Load balancing” and “Hot Standby”.

The idea behind this is that you might want two running DHCP servers at all times and have them communicate over a heartbeat system – such that the hot standby server can take over if the active server won’t answer a set of consecutive heartbeats.

The feature is described on the DHCP Team’s blog: http://blogs.technet.com/b/teamdhcp/archive/2012/06/28/ensuring-high-availability-of-dhcp-using-windows-server-2012-dhcp-failover.aspx

(more…)