Get thee hence and be enlightened. (Hat tip to Laura).

Mark Parris has a nifty little tip: http://wp.me/pJxvX-4l

This is why I love the ‘net. On Mark’s blog post from which I stole the above graphic, another person added the following command, using Joe’s adfind command.

adfind -sc u:mark dn

Fully Qualified Domain Name (FQDN): The Fully Qualified Domain Name (FQDN) of an object cannot exceed 64 characters.

Group Memberships: Users, Groups and Computer accounts can be classified as Security Principals and as such Security Principals can be a member of approximately 1015 Groups. This is to do with access token size limitations.

Maximum Number of Users in a Group: In Windows 2000 the recommended maximum number of members in a group was 5000. Starting with Windows Server 2003 FFL , this limited has been removed, due to Linked Value Replication (LVR). There is now no set limit for group memberships.

Active Directory Objects: All Domain Controllers can create nearly 2.15 billion (2 147 483 393) objects. The objects created can be originating locally or created via replication.

Security Identifiers (SIDS): There is a limit of approximately 1 billion (1 073 741 823) Security Identifiers.

File Name Length: The maximum length of a file name including the path must not exceed 260 characters.

NetBIOS: Computer and Domain names are limited to 15 characters.

Domain Name System (DNS): DNS host names are limited to 24 characters.

Organization Units (OUs): OU Names are limited to 64 characters.

Group Policy Objects (GPOs): The maximum number of GPO’s that can be applied to a user or computer account in total is 999.

Display Names: Display Names are limited to 256 characters in the schema.

Pre-Windows 2000 user logon name (SAM-Account-Name): The SAM-Account-Name is limited to 256 characters in the schema – but hard coded to 20 characters to ensure backward compatibility.

Common Names: Common Names are limited to 64 characters in the schema.

Trust Limitations: Kerberos clients can traverse a maximum of 10 trust links to locate a requested resource in another domain.

LDAP Simple Bind operations: Limit the Distinguished Name (DN) of an object to 255 characters or less, else the bind operation will fail.

Recommended Maximum Number of Domains in a forest:
Windows 2000 = 800
Windows Server 2003 (at FFL 2) = 1200

Recommended Maximum Number of Domain Controllers in a Domain: Windows 2003 = 1200 (if you host Active Directory Integrated DNS and plan to exceed 800 DC’s – see KB267855)

Distributed File System – Namespaces(DFS-N) – Number of links per DFS namespace:
Windows Server 2003: Domain based DFS – 5000 Links; Stand alone DFS – 50000 Links

Windows Server 2008: Not Published/Not Tested

Essentially, to reduce the number of client authentication requests processed by a DC, adjusting the server’s DNS weight and/or priority will do the trick. Specifically, the number of client authentications is decided by the weight while to ensure the DC does not receive any client authentication requests unless it is the only accessible domain controller, adjust the priority.

These properties are detailed in the DCs DNS records, but for some strange reason, adjustments are done using regedit(?)

HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

is the key you want. Creating a DWORD value called LdapSrvWeight and setting the decimal value to 50—the default is 100—will ensure the number of client requests is lower than the other DCs with higher weights.

It will be necessary to restart NetLogon.

The default value for all DCs’ priority is 0. The higher this value is, the less likely that DC will receive authentication requests. A value of 200 will effectively ensure the DC will never receive authentication requests. The lower the value, the higher the DC’s utilization.

A DC with an LdapSrvPriority setting of 100 has a lower priority than a DC with a setting of 10 which means clients will use the DC with the 10 setting first. That DWORD (decimal) value can be created in the

HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

key. As usual, restarting NetLogon is necessary. I wonder why this can’t be done by editing the DNS records directly?

It doesn’t matter if you go running every morning, or you’re a regular at the gym. If you spend most of the rest of the day sitting — in your car, your office chair, on your sofa at home — you are putting yourself at increased risk of obesity, diabetes, heart disease, a variety of cancers and an early death. In other words, irrespective of whether you exercise vigorously, sitting for long periods is bad for you.

That last sentence is a bit alarming, most especially for those of you who, like me, don’t exercise but do sit for long periods. So, what’s wrong, specifically, with sitting?

The answer seems to have two parts. The first is that sitting is one of the most passive things you can do. You burn more energy by chewing gum or fidgeting than you do sitting still in a chair. Compared to sitting, standing in one place is hard work. To stand, you have to tense your leg muscles, and engage the muscles of your back and shoulders; while standing, you often shift from leg to leg. All of this burns energy.

There’s more in the article that makes me very worried, especially as I’m already a fatso.

But it looks as though there’s a more sinister aspect to sitting, too. Several strands of evidence suggest that there’s a “physiology of inactivity”: that when you spend long periods sitting, your body actually does things that are bad for you.

As an example, consider lipoprotein lipase. This is a molecule that plays a central role in how the body processes fats; it’s produced by many tissues, including muscles. Low levels of lipoprotein lipase are associated with a variety of health problems, including heart disease. Studies in rats show that leg muscles only produce this molecule when they are actively being flexed (for example, when the animal is standing up and ambling about). The implication is that when you sit, a crucial part of your metabolism slows down.

Some of the solutions some people have advanced are, according to the article:

Some people have advanced radical solutions to the sitting syndrome: replace your sit-down desk with a stand-up desk, and equip this with a slow treadmill so that you walk while you work. (Talk about pacing the office.) Make sure that your television can only operate if you are pedaling furiously on an exercise bike. Or, watch television in a rocking chair: rocking also takes energy and involves a continuous gentle flexing of the calf muscles. Get rid of your office chair and replace it with a therapy ball: this too uses more muscles, and hence more energy, than a normal chair, because you have to support your back and work to keep balanced. You also have the option of bouncing, if you like.

Or you could take all this as a license to fidget.

This has got to be a wake-up call to people like me (and you!) who work in IT, sitting for most of the day. Get moving!

Thanks to Mark Parris for the link.

Prior to today, the magazine’s website was atrocious—the layout was busy beyond belief and, for some weird reason, presented the mobile version of the site regardless of what browser or platform I used.  I’m happy to say that when I logged on today, the site was more streamlined than before.

I still have a problem with them setting some of their more popular articles locked behind an additional fee-required prison, however.

Whatever.

That’s supposed to make me change search providers? I think not. When you jokers start providing good results, maybe I’ll give you a try. Until then, bing off.

Yes, I’m a dye-in-the-wool Googler and always will be. Have you ever tried finding anything on Microsoft’s various sites using the Bing search? Rare is the time you find what you’re looking for the first time out. Case in point: today, I was looking for the outstanding RichCopy tool and decided to search the official Microsoft Download Center site. Using bing, I found … nothing! At. All.

Kind of a nomenclature mess, but who am I to complain?

Anyway, the “Resources and Support” category contains a list that seems to have been generated by the “Best Practices Analyzer”:

If you’ll notice the highlighted recommendation. Apparently, Microsoft would like you to deploy additional domains in order to “isolate the replication of domain data … ” Additionally, it goes on to recommend creating “additional domains for business requirements, such as a planned acquisition of a business unit.”

Grrr … Microsoft must decide: continue to recommend a one forest/one domain as they have in the recent past after the fiasco of the empty forest root model in Windows 2000 or  not. What’s this nonsense about “optimizing resource access” when adding child domains should be your last option if the overriding concern is one of optimization.

This error comes right at the start of the installation, after the so-called “pre-requisites” have been met, supposedly. That’s right, the installation process actually checks to ensure all the proper files and services are in place then, like a sick joke, throws up this error.

What file?!?

My dear mom, French language teacher, taught me there were two types of articles, definite and indefinite. When the word “the” precedes an object, as in “the file,” it is taken for granted that the file in question is a known, definitive object known to both speaker and hearer.

This is as opposed to “a file” which could mean any file in the entire known, unknown and unknowable Universe. Thus, the “indefinite” which means, undefined. All that is known about such a file is that it is a file, period.

Microsoft’s error is mind-boggling and reminds me a story my colleague told me about a cousin of  his who was enamored of the macabre. Apparently, the gentleman in question was in the habit of creating, out of thin air, words whose definitions were known only to himself. That’s not the surprising part: the guy would use these made-up words in everyday conversation only to be deeply surprised and shocked when no one else knew what he was talking about.

Microsoft is my crazy cousin.