Guido Grillenmeier


Guido Grillenmeier a chief engineer within the Enterprise Services Group at HP. He is a Microsoft Directory Services MVP, a Microsoft Certified Architect, and the coauthor of Microsoft Windows Security Fundamentals (Digital Press).

Active Directory security
Using the Confidentiality Bit to Hide Data in Active Directory
A look at the confidentiality bit and updated Dsacls utility round out this series on configuring your Active Directory permissions to hide confidential data.
Hiding Data in Active Directory, Part 3: Enabling List Object Mode in a Forest 4
Learn the difference between List Object and List Contents permissions and how to use each.
Hiding Active Directory Objects and Attributes 1
The second part in this multi-part series looks at a simple way to use permissions to hide Active Directory objects and attributes, as well as the basics of using Dsacls.
Hiding Data in Active Directory 1
This first article in a series discusses the challenge of efficiently restricting who can view specific data.
Windows Server Backup for Active Directory 1
Windows Server 2008 offers new tools for backup and recovery of AD. The most noteworthy addition is Windows Server Backup, which replaces the familiar ntbackup.exe.
Storing a DC System-State Backup on the Source Volume
If your AD domain has multiple DCs that replicate with each other (as it should), then you have a replacement for every DC and its backup. In that event, you might decide to do a DC system-state backup to source media.
Active Directory Enhancements in Windows Server 2008
Take a tour through some changes in Windows Server 2008 Active Directory (AD) and use handy tables for an overview of additions. In particular, examine the new read-only domain controller (RODC) to see how it can help lower risks to your organization.
Windows Server 2008 Editions Supporting RODCs
The x86 (32-bit) and x64 editions of Server 2008 feature the RODC mode in all editions (Standard, Enterprise, and Datacenter). The Itanium Edition doesn't.You can deploy RODCs on the Server Core install option of all editions of Server 2008.
Names for AD Services Change in Windows Server 2008
Windows Server 2008 introduces some name changes. Active Directory is now Active Directory Domain Services (AD DS). AD Application Mode (ADAM) is now AD Lightweight Directory Services (AD LDS).
Avoid Active Directory Pain 1
Learn how to solve AD problems such as time synchronization after hardware replacement, cross-forest authentication, usability of the least privilege model, and 64-bit Windows challenges.
Determining Linked-Value Pairs in the Active Directory Schema
Linked values are defined in the AD schema by linkID property. You can use an LDAP editor to determine all AD schema linked values.
Leverage LVR to Simplify AD Object Recovery
Recovering AD data is difficult because it typically replicates across multiple DCs. LVR improves replication of AD linked values and eases object recovery during an authoritative restore; however, this feature isn’t enabled by default.
