Directory Services Debugging

While trying to troubleshoot some application issues using SSL to connect to an ADLS/ADAM instance over LDAPS, I was curious if extended logging was available.  A quick post to the ActiveDir.org mailing list provided this nugget of Active Directory goodness for future reference.

Read More

Using JAVA code with Active Directory

I tend to run into many JAVA coded applications which are coded simply for LDAP access, but do not utilize Active Directory as well as they could be.  Here are some resources JAVA developers can utilize to create more effective integrations.

Read More

Avoid changing the MaxPageSize LDAP query policy

I came upon a blog post on Scott Lowe’s blog suggesting a solution to resolve AD integration issues where more than 1,000 results are returned in a query on some UNIX/LINUX systems.  I will try to explain why this is a less than optimal solution, which could cause performance issues with the directory server. What…

Read More

Display Previous Logon information for Vista Users

While reading about some of the new enhancements in Windows Vista, this struck me as a potentially useful feature. Windows Vista: Previous Logon Information Essentially,  it provides a way to display certain logon statistics to the logged on user after a successful interactive logon to the workstation. These statistics include: Date and time of the…

Read More

Active Directory Technical Specifications

A friend pointed out that the Active Directory specifications are available online for those who have ever wanted to down to the details on the protocols used. As he said “…all of it downloadable for personal reading pleasure”.

Read More

Searching Active Directory in Windows Vista

In a discussion on the ActiveDir.org mailing list today,  it came up about searching Active Directory in Windows.  From a Windows 2000, or Windows XP,  this can be done from the start menu Find People dialog, but in Windows Vista this feature appears to be completely absent.  The new search feature does not have a…

Read More

UPN and cross-forest LDAP simple binds

Recently I was looking to help an application built on ColdFusion’s CFLDAP module, which relied upon LDAP for “authentication”, and could only be used with simple binds as a mechanism for presenting a username/password. I am working ain a multi-forest, and multi-domain environment, to which I try to minimize the number user accounts needed by…

Read More

ADAM, userProxy, and sidHistory: Not always what you expected

I had an interesting afternoon today, trying to identify an issue that occurred while working on a user migration project.  This is a solution I have used for many apps that only support a single Domain/Naming context when in a distributed directory environment.  The benefits and issues with this for long term use will be…

Read More

Efficiency with LDAP Queries

Today I have to help troubleshoot another application with poor LDAP performance, so I figured I’d tag this here for later reference. Creating More Efficient Active Directory-Enabled Applications Unfortunately LDAP has become the lowest common denominator when applciations say they integrate into Active Directory for “Authentication”.   It seems it’s more of a “Hey we have…

Read More