IT Knowledgebase Articles

AD site topology is the way Active Directory (AD) models your physical network using sites, subnets, and site links. It helps clients find nearby domain controllers and helps replication follow efficient network paths. But the most common Active Directory performance problems are caused by bad site topology, not AD itself. In many environments, administrators spend…

Hybrid IT has become the default operating model for most organizations. Not by design, but through years of incremental decisions driven by business needs. In a recent Petri Dish interview, Brad Cline, Vice President of IT Operations at SolarWinds, shared a frontline perspective on how infrastructure complexity emerged, why it continues to grow, and how…

Implementing passkeys in Microsoft Entra is far more than simply enabling a new authentication method. A successful passkey rollout requires careful planning and coordination. One of the most important aspects of a passkey deployment is using Conditional Access to enforce their use. This article isn’t about how to turn passkeys on but about what tends…

A 2026 Forbes article reported that the previous year’s credential-theft wave exposed 2.86 billion compromised credentials, with infostealers tied to roughly 3.9 million infected machines and 347.5 million stolen logins; business cloud and authentication services accounted for more than 30% of targeted data, while sensitive corporate access points such as Active Directory/ADFS and RDP frequently…

Microsoft is increasingly making security‑critical decisions on behalf of organizations and not through policy, but through defaults. The “Require compliant device or hybrid-joined device” Conditional Access template is one of the clearest examples of security without a rulebook. The no-brainer policy that gets complicated fast Microsoft’s Require compliant or hybrid-joined device Conditional Access (CA) template seems like…

It isn’t hard to guess why Microsoft Intune is a common first choice for Windows device management. For enterprises already using Microsoft 365 and Entra ID, it offered a logical way to extend modern management to Windows devices while keeping administration aligned with the broader Microsoft ecosystem. But as device estates grow and operational demands…

Active Directory DNS is used to locate domain controllers and critical services (LDAP, Kerberos, and the Global Catalog) via SRV and host records. If DNS is missing or misconfigured, common outcomes include failed logons, Group Policy errors, and domain controller replication issues. This article explains how and why Active Directory depends on DNS, with practical…

“Applications can be incredibly powerful. If you own the application, you can act as that application. And if that application is highly privileged, you could effectively become a global admin without ever being in that group.” Nicolas Blank, Identity Architect, Microsoft MVP, and CTO of NBConsult In Microsoft Entra, being an application owner can be…

DFS migration involves moving data from one or more existing file servers to the DFS servers. This process preserves existing UNC file shares and access permissions, meaning that users can continue to access their data in the usual way. Better still, data remains available during the migration process. DFS file server migration goals Before committing…

In Active Directory (AD), a domain is the main administrative boundary, a tree is a DNS-based grouping of related domains, and a forest is the top-level security boundary that can contain one or more trees and domains. Here’s the quick breakdown: AD domains vs forests vs trees: at-a-glance decision guide Domains in Active Directory A…