SID Filtering is also known as Quarantine, Domain Quarantine, or SID Filtering Quarantine. SID Filtering only applies to trusts, it cannot be enabled within a domain. SID Filtering, by default, is not active on automatically created trusts within a forest. You can enable it, but not if the forest functional level is below Windows Server …
Monthly Archives: January 2012
AdminSDHolder, Protected Groups, SDProp and moving mailboxes in Exchange
When you move a mailbox in Exchange 2000 or newer, you sometimes encounter an error saying that you have insufficient permissions to move the mailbox. Although that may be the case, usually this error is caused by the user object associated with the mailbox you are trying to move not having inheritable permissions enabled in …
Continue reading “AdminSDHolder, Protected Groups, SDProp and moving mailboxes in Exchange”
“A certificate cloud not be found that can be used with this Extensible Authentication Protocol” error in IAS
After issuing a new certificate for a Windows Server 2003 running IAS this error presented itself in the IAS console when trying to configure EAP with the new certificate: “A certificate could not be found that can be used with this Extensibel Authentication Protocol.” This was accompanied by these two events in the System Log: …
An overview of groups used by Active Directory Certificate Services
This is a quick list of the groups associated with Active Directory Certificate Services. CERTSVC_DCOM_ACCESS Purpose: Grant DCOM access to Certificate Authority. Default description: This group has no default description. Group type: Local/Domain Local Security group. Default members: Everyone/Domain Users and Domain Computers. This group is created when Windows Server 2003 Service Pack 1 is …
Continue reading “An overview of groups used by Active Directory Certificate Services”