Ryan Ries

Preview of SAN URI for Certificate Strong Mapping for KB5014754

Hello, this is Matthew Palko, senior product management lead in Enterprise & Security, and today I have some information to share about the new changes to strong certificate mapping in Active Directory. Preview of SAN URI for Certificate Strong Mapping for KB5014754 KB5014754, released in May 2022, introduced changes to Active Directory Kerberos Key Distribution (KDC) […]

Preview of SAN URI for Certificate Strong Mapping for KB5014754 Continue Reading

Deep Dive: Active Directory ESE Version Store Changes in Server 2019

First published on TechNet on Oct 02, 2018 Hey everybody. Ryan Ries here to help you fellow AD ninjas celebrate the launch of Server 2019. Warning: As is my wont, this is a deep dive post. Make sure you’ve had your coffee before proceeding. Last month at Microsoft Ignite, many exciting new features rolling out

Deep Dive: Active Directory ESE Version Store Changes in Server 2019 Continue Reading

TLS Handshake errors and connection timeouts? Maybe it’s the CTL engine….

First published on TechNet on Apr 10, 2018 Hi There! Marius and Tolu from the Directory Services Escalation Team. Today, we’re going to talk about a little twist on some scenarios you may have come across at some point, where TLS connections fail or timeout for a variety of reasons. You’re probably already familiar with

TLS Handshake errors and connection timeouts? Maybe it’s the CTL engine…. Continue Reading

Introducing Lingering Object Liquidator v2

First published on TechNet on Oct 09, 2017 Greetings again AskDS! Ryan Ries here. Got something exciting to talk about. You might be familiar with the original Lingering Object Liquidator tool that was released a few years ago. Today, we’re proud to announce version 2 of Lingering Object Liquidator ! Because Justin’s blog post from 2014 covers the

Introducing Lingering Object Liquidator v2 Continue Reading

Using Debugging Tools to Find Token and Session Leaks

First published on TechNet on Apr 05, 2017 Hello AskDS readers and Identity aficionados. Long time no blog. Ryan Ries here, and today I have a relatively “hardcore” blog post that will not be for the faint of heart. However, it’s about an important topic. The behavior surrounding security tokens and logon sessions has recently

Using Debugging Tools to Find Token and Session Leaks Continue Reading

The Version Store Called, and They’re All Out of Buckets

First published on TechNet on Jun 14, 2016 Hello, Ryan Ries back at it again with another exciting installment of esoteric Active Directory and ESE database details! I think we need to have another little chat about something called the version store. The version store is an inherent mechanism of the Extensible Storage Engine and

The Version Store Called, and They’re All Out of Buckets Continue Reading

Previewing Server 2016 TP4: Temporary Group Memberships

First published on TechNet on Mar 09, 2016 Disclaimer: Windows Server 2016 is still in a Technical Preview state – the information contained in this post may become inaccurate in the future as the product continues to evolve. More specifically, there are still issues being ironed out in other parts of Privileged Access Management in

Previewing Server 2016 TP4: Temporary Group Memberships Continue Reading

“Administrative limit for this request was exceeded” Error from Active Directory

First published on TechNet on Oct 29, 2015 Hello, Ryan Ries here with my first AskDS post! I recently ran into an issue with a particular environment where Active Directory and UNIX systems were being integrated.  Microsoft has several attributes in AD to facilitate this, and one of those attributes is the memberUid attribute on

“Administrative limit for this request was exceeded” Error from Active Directory Continue Reading