Couple of days ago I noticed a strange behavior on network adapter of dozens of clients in my environment. The users were not able to authenticate to their workstations, throwing secure channel error. When one of the helpdesk administrators informed me about this issue, I thought it might be a typical problem of operating system including incorrect DNS configuration or duplicate names, but this was strange because basically everything related to secure channel were in place. Computer accounts were enabled in ADUC, DNS records existed, logintimestamps were updated and etc. So I tried digging in the problem to see what I can find.
User authentication is one of the key principals of Active Directory as a directory system. It is safe to say that when user authentication does not exist in an Active Directory environment, then there is no need to have an Active Directory in our organization.
A friend of mine recently had problems regarding uploading certificates to GAL. As a matter of fact the users were unable to upload certificates when they choose "Publish To GAL". In this case the most errors you get is "Microsoft office Outlook was unable to publish your certificates. The server may be offline or your certificates may be invalid".
Recently I faced a request from a client wanting a Dynamic Security Group in Active Directory which automatically update its members.. However we do have the concept of dynamic objects in Active Directory (I promise to speak on that on another article), but this one was completely different. The client wanted to have a security group which automatically removes the disabled users from it. So I started a lovely conversation with my lovely friend PowerShell.