I sometimes get very positively surprised by Microsoft. In the work of cleaning and structuring an Active Directory environment we wanted to produce a graphical overview of our current forest. It did not take long before I found Active Directory Topology Diagrammer, which is an absolute perfect tool for this purpose. And it is free!Active Directory Topology Diagrammer gets the entire AD structure according to the parameters you supply and draws the structure in a Visio document. It does however require Visio 2003 or later installed to be able to do this export.
When a person gets married or makes a name change for some other reason this usually means that the login name for the Active Directory-account changes as well. This is rarely a problem, but it turned out to cause some issues on our web server, where the User.Identity property was still returning the old login name. The user logged on with the new login name, but was identified by the web application as the old login name. The reason this occurs is because the User.Identity property relies on the LsaLookupSids method to convert the user SID to a login name. The method first calls the local LSA-cache , which is not synchronized with the Active Directory. For this purpose a simple reboot of the web server to clear the LSA-cache propably would have sufficed. But since we didn't want to take the application offline rebooting was not an option. Instead, it is possible to set the registry value LsaLookupCacheMaxSize in HKLM\SYSTEM\CurrentControlSet\Control\Lsa. If this val
Post a Comment