As I’ve mentioned on my blog before, a TechNet Magazine article that I wrote had some errors in it. When I was informed of these errors, I fixed them and asked the TechNet Magazine team to revise the online version of this article. This was a few weeks after it was published. After several repeated attempts, and several months, the online version of this TechNet Magazine article has been updated.

The link to the article is http://technet.microsoft.com/en-us/magazine/2009.09.sdadminholder.aspx.

Some additional information on this subject:

• Clearing the Air: My TechNet Magazine Article – AdminSDHolder, Protected Groups and SDPROP
• TEC 2010 Presentation: In Depth Look at AdminSDHolder, Protected Objects, and SDPROP
• Understanding AdminSDHolder and Protected Groups

For those of you that are interested, the presentation I gave at The Experts Conference 2010 in L.A. last week can be downloaded from http://policelli.com/Files/TEC2010_John_Policelli_AdminSDHolder_ProtectedObjects_SDPROP.pdf.

You can also find more information on this topic on my blog post: http://policelli.com/blog/?p=136

The Active Directory Documentation Team blog has a post on it titled Other places to find good information. The post states:

I want to take the opportunity to thank the people who are out there providing information everyday to people using Active Directory. As I say thank you, I will link to their sites, so our readers can find them easily

I was pleased to see Kurt Hudson included me on this ‘thank you.’

Thanks Kurt

As I’ve mentioned on my blog before, a TechNet Magazine article that I wrote had some errors in it. When I was informed of these errors, I fixed them and asked the TechNet Magazine team to revise the online version of this article. This was a few weeks after it was published. However, after repeated attempts, the TechNet Magazine article has not been revised (I sent another request today).

As you may know, I presented at The Experts Conference 2010 a few days back. I came across a recent post on a well known mailing list, where someone that I assume attended my presentation ridiculed me for referencing the TechNet Magazine article. In hindsight, it probably wasn’t a good idea for me to provide a link to the TechNet Magazine article in my TEC presentation when the errors have not been fixed yet.

So, in my effort to clear the air…

Read the rest of this entry »

I found out this morning that I was awarded the Microsoft Most Valuable Professional (MVP) designation for 2010. This is the third year that I have been designated as a Microsoft MVP in the Directory Services expertise. It’s truly humbling!

One of the many perks with the MVP program is the Executive Recognition Letter, which is Microsoft’s way of having MVP’s “expert participation recognized more broadly in the form of a letter from Rich Kaplan, Corporate Vice President of Customer and Partner Advocacy, that outlines the impact of the MVP program and the significance of the MVP Award.”

In previous years, I haven’t shared this letter too much, but I thought I would this time around. The letter is below:

Read the rest of this entry »

I was very happy to hear that I was selected to present at TEC 2010 in Los Angeles.

TEC was previously known as DEC (Directory Experts Conference). The conference has been expanded to include training on Exchange and SharePoint, and effectively renamed to TEC. Here’s a snippet for the TEC 2010 Website:

For the 9th consecutive year, the TEC team will deliver expert-led, 400-level training on vital Microsoft technologies. In addition to its highly-acclaimed training on Microsoft Directory & Identity technologies, TEC 2010 will bring back a full agenda of Exchange training, staging the world’s leading authorities on Microsoft’s powerful messaging platform. And, this year, for the first time ever, we are pleased to introduce an entirely new TEC for SharePoint training conference!

I will be presenting in the Directory & Identity track. My session is called An In-Depth Look at AdminSDHolder, Protects Groups, and SDPROP.

Here is the abstract for my session:

Active Directory includes a number of built-in controls, which collectively provide an additional level of security for members of privileged groups. Even though these controls have been in place since the inaugural release of Active Directory a decade ago, administrators are still impacted by this functionality regularly. In this session, John Policelli will dive into the AdminSDHolder object, Protected Groups, and the Security Descriptor Propagator. Real-world examples, demos, and theory will be used to provide you with a comprehensive understanding of how these built-in controls interoperate and how you can use them to further secure members of privileged Active Directory groups.

I’ve attended DEC/TEC for several years, and it has proven invaluable each time. I have yet to find any comparable conferences. For more information on TEC 2010, please go to http://www.theexpertsconference.com/. I hope to see you there!

The Active Directory Recycle Bin is a handy new feature in Windows Server 2008 R2. Once enabled, it is now easier to recover accidentally deleted Active Directory objects.

Read the rest of this entry »

Windows Server 2008 R2, released to manufacturing in July, introduces a number of new features, including a host of new Active Directory Domain Services features. We look at the seven that pack the most powerful punch.

Read the rest of this entry »

A Computer World Canada  feature, Windows 7: Will you or won’t you, on Windows 7 adoption in Canada ran today following an interview with me. The story interviews a number of IT Managers across industries and business environments to present an overview of business’ approach to Windows 7.

One powerful feature in Windows Server 2008 R2 is its ability to recover objects from Active Directory, which is very handy in those "Uh oh" moments. John Policelli, author of Active Directory Domain Services 2008 How-To, explains what the Active Directory Recycle Bin does and how to use it.

Read the online article by going to: http://www.informit.com/articles/article.aspx?p=1374789

Are you having problems with Access Control Lists and permissions? It may be related to AdminSDHolder. Learn exactly what AdminSDHolder is, how it works—and how you can tweak it to better meet your organization’s needs.

Published in the September 2009 issue of Microsoft TechNet Magazine.

Does this sound familiar…you need to determine the port requirements for Active Directory and you find yourself having to refer to multiple KB articles. Well I have found myself in this situation many times, and I am happy to report that Microsoft has published a document that covers all Active Directory components (i.e. Replication, Trusts, GCs, RODCs, DNS, User and Computer Authentication, Group Policy, and Active Directory Web Services). I personally requested this whitepaper from MS, and helped the MS documentation team create it. The document can be found here: http://technet.microsoft.com/en-us/library/dd772723(WS.10).aspx.

I posted an article on the Microsoft Identity and AD blog on Network World’s Microsoft Subnet community.

The blog entry is titled How-To Administer Active Directory Domain Services Groups Using Windows PowerShell and can be read by going to: http://www.networkworld.com/community/node/42601

In an ideal world, users are directed to the appropriate domain controller for Active Directory authentication, but this is not necessarily what happens in most organizations due to IP subnet information not being properly defined in Active Directory. This article presents a solution to ensure users locate the appropriate DC for authentication—a catch-all subnet to catch the authentication from clients on subnets are not defined in Active Directory.

Published in the June 2009 issue of Microsoft TechNet Magazine.

If your organization has multiple Active Directory forests, you need to manage multiple Active Directory schemas and ensure consistency between schemas. Check out our step-by-step guide to comparing and synchronizing Active Directory schemas in multi-forest environments.

Published in the April 2009 issue of Microsoft TechNet Magazine.

In conjunction with Pearson Education, Microsoft Subnet is giving away 15 copies of the hot title "Microsoft Active Directory Domain Services 2008 How-To" by John Policelli and published by Sams (a $39.99 value). Deadline for entries is June 30, 2009.

How to enter to win: 

Read the rest of this entry »

The folks over at IT Knowledge Exchange have been kind enough to post a chapter of my Active Directory Domain Services 2008 How-To book on their IT Bookworm Blog.

The free chapter is Chapter 11: Manage Fine-Grained Password and Account Lockout Policies. You can also click here to download the PDF for this chapter.

I posted an article on the Microsoft Identity and AD blog on Network World’s Microsoft Subnet community.

The blog entry is titled How-To Search Active Directory Domain Services Password and Account Settings Using Windows PowerShell and can be read by going to: http://www.networkworld.com/community/node/42303

I posted an article on the Microsoft Identity and AD blog on Network World’s Microsoft Subnet community.

The blog entry is titled How-To Administer Active Directory Domain Services User Accounts Using Windows PowerShell and can be read by going to: http://www.networkworld.com/community/node/42218

I posted an article on the Microsoft Identity and AD blog on Network World’s Microsoft Subnet community.

The blog entry is titled Introducing the Active Directory Module for Windows PowerShell and can be read by going to: http://www.networkworld.com/community/node/42157

Network World’s Microsoft Subnet site has posted Chapter 1: Introduction to Active Directory Domain Services of the SAMS Active Directory Domain Services 2008 How-To on their Website.

I have been asked to blog for Network World’s Microsoft Subnet community. The Network World blog I will be posting on is called Microsoft Identity and AD, and can be found here.

I added my first post on this blog, which is titled Introducing the New Active Directory Domain Services in Windows Server 2008 R2.

Here’s an excerpt from the post:

Windows Server 2008 introduced the most significant changes to Active Directory Domain Services (AD DS) since its inaugural release in Windows 2000 Server. Microsoft has continued along this path with Windows Server 2008 R2, making it the most noteworthy interim release of Windows Server.

AD DS in Windows Server 2008 R2 includes a number of important new features, including:

• Active Directory Recycle Bin
• Active Directory Module for Windows PowerShell
• Active Directory Administrative Center
• Active Directory Best Practices Analyzer
• Active Directory Web Services
• Authentication Mechanism Assurance
• Offline Domain Join

• Managed Service Accounts

Let’s take a closer look at each of these new features

The rest the post can be read here: http://www.networkworld.com/community/node/42051.

Microsoft has a website called YouShapeIT, which I’ve been featured in this month.

The YouShapeIT TechNet website includes a significant amount of product information, presentations, podcasts, and resources for the theme of the month. For this month, the theme is Windows Server with a focus on Windows Server 2008 and Windows Server 2008 R2 (Beta).

I did an interview for YouShapeIT. The transcript and the MP3 audio file of the interview can be downloaded from http://www.microsoft.com/youshapeit/technet/Podcasts/2009-05/interview_johnpolicelli.aspx

Discover the most recent Active Directory Domain Services user interface improvements.

Read the rest of this entry »

My second book, Active Directory Domain Services 2008 How-To, is nearing publication. Below are some details on this publication:

Specifics:

• Author: John Policelli
• Published May 18, 2009 by Sams.
• Copyright 2009
• Dimensions 5-3/8 X 8-1/4
• Pages: 528
• Edition: 1st.
• ISBN-10: 0-672-33045-8
• ISBN-13: 978-0-672-33045-2

Read the rest of this entry »

International Authority in Windows Technologies, Widely Acknowledged Networking Expert, Best-selling Author and Certification Exam Contributor, Microsoft Most Valuable Professional.

This interview was subsequently featured on a number of websites, including:

Read the rest of this entry »

This new feature in Windows Server 2008 allows you to start, stop, and restart Active Directory Domain Services on a domain controller, thus facilitating more streamlined operations for performing offline tasks on a domain controller.

Read the rest of this entry »

I found out this morning that I was awarded the Microsoft Most Valuable Professional (MVP) designation for 2009. This is the second year that I have been designated as a Microsoft MVP in the Directory Services expertise. It’s truly humbling!

Below is an extract of the note that I got from the MVP program:

Read the rest of this entry »

Recovery processes for Active Directory Domain Service and Active Directory Lightweight Directory Services have been revamped in Windows Server 2008. Major new feature include point-in-time snapshots and stored data database mounting.

To read the article, please go to http://www.enterpriseitplanet.com/networking/features/article.php/3812086.

Discover how read-only domain controllers provide improved security, faster logon times and an expanded set of administrative roles.

To read the article, please go to http://www.enterpriseitplanet.com/networking/features/article.php/3803831

With the advent of Windows Server 2008, password management made a substantial leap. Learn how to improve security and craft policies for just about any situation.

To read the article, please go to http://www.enterpriseitplanet.com/networking/features/article.php/3800436.

Learn how the expanded auditing options offer new levels of insight, granularity and control.

To read the article, please go to http://www.enterpriseitplanet.com/networking/features/article.php/3797931

I am profiled in the Canadian MVP Insider for the month of January.

The article is posted on the Canadian IT Pro Connection’s blog and can be read here: http://blogs.technet.com/canitpro/archive/2009/01/16/mvp-profile-john-policelli.aspx

There are a number of new Active Directory Domain Services features in Windows Server 2008. These new features improve auditing, security, and the management of Active Directory Domain Services and show Microsoft’s commitment to evolving Active Directory Domain Services. The following is an overview of the new Active Directory Domain Services features that are in Windows Server 2008.

To read the article, please go to http://www.enterpriseitplanet.com/networking/features/article.php/3796561