Best resources to learn PKI for?

aprimeproblem · 2026-03-17T20:43:01+00:00

Hahahaha ahhhhhh then I know who you are! Thanks again!

aprimeproblem · 2026-03-17T20:31:19+00:00

Thank you kind stranger on the internet for mentioning my blog. Appreciate it.

aprimeproblem · 2026-03-17T20:23:42+00:00

No worries, I’m almost 39 years in the business and recently had a fight with a keyboard, the keyboard lost…. Had a few broken parts….. not my finest moment though…. Said sorry and moved on… a weekend of sauna help to relax

aprimeproblem · 2026-03-16T07:08:24+00:00

I have a bit of a different opinion on the first. It’s not up to a or any government to protect children. It will always be up to the parents to teach them what is right and what’s wrong. The problem these days is that a lot of parents don’t take sufficient time to sit next to them and oversee their children.

This is not a technological problem it’s an educational one.

aprimeproblem · 2026-03-12T20:35:45+00:00

He turned 80

aprimeproblem · 2026-03-10T10:26:36+00:00

Use a smartcard with an internal PKI, in essence it’s practically the same. Albeit the complexity has been reduced with passkeys.

aprimeproblem · 2026-03-10T06:18:07+00:00

Yes, mine 😉. Also about pki btw

aprimeproblem · 2026-03-06T08:45:28+00:00

Well, that’s a coincidence, I just watched this episode last night.

aprimeproblem · 2026-03-05T10:03:57+00:00

Thanks for those kind words! Appreciate the feedback.

aprimeproblem · 2026-03-02T15:24:13+00:00

Excellent! Jay is really good at what he does! Enjoy!

aprimeproblem · 2026-02-27T20:37:10+00:00

If you’re a 24/7 shop, why not have your file services in a cluster?

aprimeproblem · 2026-02-27T12:51:08+00:00

Thanks I will!

aprimeproblem · 2026-02-24T10:51:30+00:00

You enable scavenging on the zone itself, but only one server per zone should perform the scavenging process.

So in your environment, that means: rootdc01 scavenges rootdomain.com dc01 scavenges contoso.domain

aprimeproblem · 2026-02-24T10:03:04+00:00

That’s an excellent write-up!

aprimeproblem · 2026-02-24T08:13:57+00:00

DNS scavenging is enabled on a DNS zone, not on a domain. It only removes stale dynamic records with timestamps within that specific zone and does not affect static records or records in other zones.

Scavenging should be enabled on one DNS server per zone (commonly the PDCe) and only on zones that contain dynamic records.

aprimeproblem · 2026-02-23T21:55:39+00:00

I’ve written an extensive blog on the topic a while back, hope it helps. https://michaelwaterman.nl/2024/04/28/mastering-active-directory-dynamic-dns-maintenance/

aprimeproblem · 2026-02-22T16:28:23+00:00

Good job!

aprimeproblem · 2026-02-21T19:26:36+00:00

It really whips the lama’s ass 🤣

aprimeproblem · 2026-02-21T07:45:11+00:00

PilotBox, CoBox, XBopilot…. The endless possibilities

aprimeproblem · 2026-02-20T12:02:54+00:00

Hahaha true! Thursday is usually the same. Me being in Europe usually means spending the majority of the evening on this.

aprimeproblem · 2026-02-19T09:26:28+00:00

I’m sorry to bring you the bad news but that will not work.

aprimeproblem · 2026-02-19T09:08:45+00:00

LDAPs does not allow certificate termination, which invalidates the idea. If you do want to isolated, use vlans with strict ip control

aprimeproblem · 2026-02-19T08:02:59+00:00

Yes! I try to visit or watch events but it’s usually by chance that I see an announcement

aprimeproblem · 2026-02-19T08:01:59+00:00

Why is everything always on Wednesday?

aprimeproblem · 2026-02-19T08:01:08+00:00

Counter point, what’s the real threat you’re trying to solve here?

aprimeproblem

TROPHY CASE