Yes, it's been quite a while since I have written on this blog! Just before TechEd in November, I think. Quite a lot has been happening around me and slowly but surely, I'm finding some semblance of stability again. New job and having to rapidly learn a new environment and start becoming productive has been hard work. Being surrounded by some of the most helpful people I've had the pleasure to work with has made the load lighter and fun. I'll try over the next couple of weeks to regurgitate some of my highlights of the preceding 2-3 months.

Unfortunately, what kicks starts my post today is very sad news about my good friend and colleague, Scotty McLeod, who runs the Windows Server Team Blog. He was involved in an accident at a London Train station on Wednesday on his way home from some work-related meeting with Quest in London. He sustained some sort of head injury and is still unconscious at the neurology intensive care of St Georges Hospital.

I can't for the life of me, make sense of it all. And the "wrongest" person this could/should happen to! We need you well Scotty!!!

I am praying for his swift recovery and ask any of you who pray or can, to please remember him and his family in yours.

Someone on the Activedir newsgroup wanted DNS names in the logon dialog box users see rather than the NetBIOS name. I didn't initially think this was possible but the poster insisted they had seen it done before. Two solutions were provided: Jorge de Almeida Pinto came up with a custom ADM which could apply to the boxes you wanted this feature enabled on and Dean Wells provided a reg hack which did the same thing. Thought I should share both:

Custom ADM:

; Custom ADM to change how domain names are shown in the logon box
; REMARK: these are preferences and NOT policies. As such make sure you enable viewing of preferences in the GPEditor!

CLASS MACHINE

CATEGORY "System"
CATEGORY "Net Logon"
CATEGORY "Domain Name in Logon Box"

KEYNAME "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"

POLICY "Show Full DNS Names At Logon"
EXPLAIN "EXPLANATION: When enabled, the list of domains on the logon dialog will show the full DNS names (hierarchical) rather than the NETBIOS names (flat)."
VALUENAME "DCacheShowDnsNames"
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY

POLICY "Show Additional Domain Information At Logon"
EXPLAIN "EXPLANATION: When enabled, the list of domains on the logon dialog will contain brief information about each domain after the domain name."
VALUENAME "DCacheShowDomainTags"
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY

END CATEGORY
END CATEGORY
END CATEGORY

Registry hack:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DCacheShowDomainTags"=dword:00000001
"DCacheShowDnsNames"=dword:00000001

Both are cosmetic changes and do not change the logon process in any way. Just interesting to know it can be done.

Mark Russinovich and Bruce Cogswell of Sysinternals fame have released ADInsight for Active Directory as one of the free utilities on their Microsoft site. This tool I like to call the MRI Scan for AD. It uses DLL injection techniques into all processes to watch for WLDAP32 transactions. WLDAP32 is where Microsoft implements the LDAP API. You can see how your application talks to AD and what responses are returned. This capability can be invaluable in many application design scenarios when you can't figure out why your app's conversation with AD is spitting errors or even general troubleshooting to see "under the covers".

The Application is very similar to Regmon and Filemon in its GUI and if you've used either before, ADInsight should feel familiar.

The great thing I also see is you can right-click on a call sent to the directory and click on event information which takes you to an MSDN site with an explanation of the transaction. This can be an excellent learning tool as well!

If the tool is pointed against an Active Directory where lots of calls are taking place, you can also filter events with the same flexibility available in Filemon and Regmon. The Process Filter allows the selection of processes to include or exclude. There is also a transaction filter and a transaction group filter which allows the viewing of a collection of transactions e.g. connects.

This is definitely another necessary tool in the arsenal of anyone working with Active Directory.

Anyone who's been to a conference where someone from MSFT's been talking about "How Microsoft Does IT" has probably heard this or something similar but these stats are just awesome I think (Source: Bink.nu):

Microsoft internal IT:

• 600k connected devices
• 10,000 Servers
• 3 Datacenters, 1 operations center
• 11% is virtualized in Microsoft Datacenters
• 330 of 385 servers run Windows Server 2008 (RC0) plus all 85 Microsoft.com servers
• 11 clustered systems
• 30,000 users in Redmond domain (50,000 with vendors)
• NAP reporting 140K clients, 90 clients deferred mode
• The Redmond Active Directory domain is running in Windows Server 2008 mode since last Thursday (Nov 1st)

Microsoft Email:

• 6 million internal emails per day
• 20 Million emails from Internet
• 97% rejected as spam
• 99.999% uptime

Worldwide:

• 140,000 end users
• 550 buildings
• 98 countries
• 1/3 of the sites are connected over Internet only
• 2300 Line of business applications
• 1 single SAP instance (5 Terabyte database)

Windows Live Services:

• 130,000 servers online
• 435 Million unique users
• 280 Billion pageviews daily
• 12 Billion emails daily
• 6 billion Instant Messages daily

Remote connect:

• 1 million VPN sessions per month
• 80,000 unique OWA users
• TS gateway 20,000 users

Microsoft.com figures:

• 55.7 million unique users, #4 overall site in US
• 280.5 Million unique users worldwide, #6 site worldwide
• 15,000 requests a second