/var/log

Journal of a SysAdmin

/var/log header image 2

AdminSDHolder

September 9th, 2009 · 3 Comments

Once again, I find I don’t know as much about the inner workings of Active Directory. Joe of joeware dissects a TechNet article about AdminSDHolder which uses his fine tool (AdFind) to query AD for security information. Joe finds a few things lacking in the article (calls it “rough.”)

Once again, it strikes me that one can administer an Active Directory without requiring a deep knowledge of how things work under the hood, so to speak. For most, I expect this is not an issue. Microsoft excels at hiding the complexity of its products and many “administrators” are quite content with yelling for technical support help (at approximately $250 a question) when the SHTF, thank you very much. I am dissatisfied with continuing to manage the largest AD forest I have ever managed without an exhaustive, rigorous knowledge of AD’s nuts and bolts.

Of course, there is an altogether simple course here: study. So it is with some renewed vigor that I break open all my resources to drink deeply from the AD (and Exchange) bowl of knowledge.

I wonder what I’ll find? Will I be even more dissatisfied when I find out how “bad” things? The deeper one travels in the bowels, the closer to crap one gets.

Share and Enjoy:
  • Diigo
  • Digg
  • email
  • Facebook
  • Twitter

Tags: Active Directory · Journal · Miscellaneous

3 responses so far ↓

  • 1 Paul // Feb 11, 2010 at 1257

    So how has the drinking been going? As a sysadmin myself I have had this same thought but its hard to know where to start and what are the best resources to use.

    What are you using to delve deeper into AD?

    Paul

  • 2 fred // Feb 17, 2010 at 1401

    Heh … you ask of course about the beer not the bowl of knowledge?

    Well, with a new baby in the house, keeping mom and me up, it’s a bit difficult to drink from bowls containing anything other than a stiff drink these days.

    (I have to set up my comment form to alert me to new comments. I’m not used to having people comment, I guess!)

    Anyway, there’s the (badly designed) TechNet resource for starters, but the absolute best resource for digging deeper into AD that I have found are books, specifically O’Reilly’s AD, 4th edition. Even then, explanations of such complex topics as LDAP is strained, I think. Although I’m hard-pressed to figure out how exactly to describe anything as complex as LDAP in an easy manner.

    Lightweight my butt.

  • 3 Paul // Feb 17, 2010 at 1515

    Ahh yes. I guess I was referring to both forms of drinking. :) I understand the new baby thing. Mine is 23 months old now and has a little brother or sister on the way. So the house should soon become even more condusive to studying.

    Maybe I will pick up the O’Reilly book for starters.

    Thanks for responding,

    Paul