Domain Controllers no longer automatically renew certificates after configuring “Certificate Services Client – Auto-Enrollment” via GPO

This requires a fairly specific configuration to occur but I didn’t see this documented anywhere so I figured I’d write about it. If you run your own Enterprise Certificate Authority using the Active Directory Certificate Authority and have used the default ‘Domain Controller’ template you may run into this problem. By default, it does not … Read more

How to perform an offline audit of your Active Directory NTLM hashes

It’s read-only Friday so I decided to perform a offline audit of our Active Directory passwords. I found this great tool: which in turn is a fork of this tool: What I’m going to write here is mostly a repeat of these two Gitrepos with a few tweaks and corrections. To perform this … Read more

Script to sync Domain Controller SSL Certificates to a specific host

We have an application that uses LDAP over SSL to authenticate users via Active Directory. The server running the application is a member of the domain and has the domains Root CA installed in it’s local certificate store. Technically the Root CA should be good enough for the server and any applications on it to … Read more

DFS not working properly over VPN for personal computers

We recently switched to a new VPN server after Mac OS dropped support for PPTP and because we were way overdue to do it anyway. Since then personal computers were unable to access network shares via DFS. They could go directly to the file server and that would work. Users who connected to VPN with … Read more

Exchange users unable to share calendars post AD/Exchange migration

We just recently went through an AD forest migration AND an Exchange 2010 -> 2016 migration across forests at the same time. Good times. One of the many issues that came up after the migration was the majority of our users being unable to share their calender’s with other users. When trying to share via … Read more