Active Directory

Troubleshooting Certificate Services Autoenrollment

On a Windows Server 2003-based or Windows XP-based computer, you cannot obtain certificates from a Windows Server 2008-based certification authority (CA).

This issue can occur if the CA is configured to use SHA2 256 encryption or higher encryption (SHA2 384 or SHA2 512) and the enrolling clients are legacy clients.

See KB 968730 (Hotfix)

Windows 2008 802.11x Wireless Setup/Configuration

I've recently migrated my wireless network from RADIUS/IAS on Windows 2003 with PKI to Windows 2008 R2. It took me a while to get to the bottom of it so I thought I'd write a How-To to help others out.


# One or more 802.1X-capable 802.11 wireless access points (APs).

# Active Directory with group policy

# One or more Network Policy Server (NPS) servers.

# Active Directory Certificate Services based PKI for Server certificates for NPS computer/s and your wireless PC's

Recover/Reset Windows 2003 Server Active Directory Administrator Password

This article assumes that you forgot the AD admin password, someone changed it on you, or you are recovering from an attack.

This is not meant as a how to hack your company’s Active Directory – nope, not in any way, shape, or form. In case you decide to use this tutorial for nefarious purposes, we can not be held liable for your stupidity. With that said let’s move on.

If you are trying to recover a local admin password from Windows XP, Vista, 2000, or NT, please refer to last week’s article on how to reset you local admin password.

Secure LDAP in an Active Directory Environment

By default, the Microsoft LDAP implementation does not support secure LDAP. To setup secure LDAP using SSL, certificates must be installed on both sides, the LDAP Server and LDAP Client. In this case, the LDAP Server is the domain controller running Active Directory. The LDAP Client is the UMRA software, either the UMRA Console application or the UMRA Service.

The certificates required to run secure LDAP using SSL can be configured in many ways. The concept is always the same:

Subscribe to RSS - Active Directory