Active Directory & Identity

 

Active Directory, 5th Edition

I’ve been remiss in posting anything here the past six months as my weekends have been consumed with an update to my book, . The writing and technical reviews  of the fifth edition are complete, thanks to , , and . We’ve now moved in to the production cycle and a copy editor is busy fixing up my writing to make the book a polished all-around easy-to-read product. Meanwhile,  the illustrators will soon be busy with the artwork – figures, diagrams, etc. The final book is now available!

So, to summarize, is now available:

  • The eBook is available from O’Reilly .
  • The printed book is available from O’Reilly .
  • The eBook is available via Safari Books Online at .
  • The printed book is available for from Amazon.com at
Full Article » Share »
Sponsored Content
 

Signing Active Directory, 5th Edition Books at TechEd North America

I’ll be at TechEd North America in New Orleans this week. On Monday, June 3rd from 6:00 to 6:30 PM, I’ll be at the O’Reilly/Microsoft Press booth, booth #511 signing copies of my new book – . If you can’t stop by then, I’ll be at the Access and Information Protection in the Microsoft Solutions Experience Monday from 12PM to 2PM and Tuesday from 12PM to 2:30PM. I’ll also be at the Ask The Experts evening event on Tuesday evening.



Full Article » Share »
 

Active Directory, 4th Edition Updates

Over the past couple years, readers have identified a number of mistakes that unfortunately made it through the edit cycles for . O’Reilly recently launched a process by which authors can make updates to the source files that they use to produce eBooks and print conventional paper books on demand. I took advantage of this a few weeks ago and I resolved all of the which were reported as well as a couple I found myself. Here’s the quick summary on where the updated text can be found:

Print Copies - If you’ve bought a print copy, you’ll need to look at the notes I made on the page. However, as O’Reilly is now doing print on demand for this title, the updates will trickle out into the supply chain over time and newly purchased books will be updated. Obviously this timeline is highly dependent on how much inventory is sitting in warehouses.

eBooks - If you bought any of the various eBook formats O’Reilly offers in their we…

Full Article » Share »
 

Active Directory Group Scopes and Group Nesting

Settle the debate of whether or not you should be using domain local, global, or universal groups on your network with a few simple facts about group scopes - how they work and when they matter. Chances are you're spending valuable time on a purely academic debate, so come find out if this is a topic that really matters, or if there are bigger problems to tackle.
Full Article » Share »
Sponsored Content
 

Managing Local Backups with Windows Server Backup

One of the strategies I often employ when deploying Active Directory is to use the local Windows Server Backup (WSB, previously NTBackup) tool to make system state backups on the local machine. I’ll also often place backups on neighboring domain controllers to provide for redundancy if there is a failure. This strategy ensures that a backup is available in the same site and it also removes the dependency on an external backup team. Many third party backup applications can backup a file share without needing to install an agent on the server as well which is a better all around situation for domain controller backup at many organizations.

The script in this post implements this backup strategy as well as retention and aging of older backups

Full Article » Share »
 

Property Sets and Default Security Descriptors

Every object class definition in the Active Directory schema has the option to define a “defaultSecurityDescriptor” value which holds the initial ACL that will apply to any new instances of that object type. This rule doesn’t hold true if you specify a security descriptor explicitly when creating an object, however, because this case the defaultSecurityDescriptor will be ignored.

The default value for the defaultSecurityDescriptor for the user class has a couple of entries in it which most administrators don’t know about, and fortunately neither do many end users. Out of the box, the user which an object in AD represents has permissions to modify quite a few attributes on their own account. Anyone who can figure out how to make an LDAP call against their object in the directory can take advantage of this. The easiest way to edit or view the value for this attribute is using the Active Directory Schema MMC. Browse to the Classes folder and then open the properties of the user class. Switch to the Default Security tab and click Advanced.

Full Article » Share »

Exchange

 

Cisco ACE Sample Configuration for Exchange 2010

Cisco ACE appliances and modules are a common fixture in enterprise datacenters. This post documents a sample configuration for the Cisco ACE that enables reliable publishing of Exchange Server 2010. At the end of this post, you will have a complete sample configuration for a one-arm load balancer configuration with Source NAT (SNAT). We also will configure the load balancer to redirect clients to the secure (HTTPS) URL.
Full Article » Share »
 

Setting Static Ports for Exchange Client Access

If you are deploying Exchange Server 2010 in an environment with load balancers or firewalls which aren’t able to handle dynamic RPC port ranges, you’ll need to define static ports for the RPC Client Access Service and the Address Book Service on each CAS server. If you are using Public Folders, you’ll also need a third static port on the Mailbox servers hosting Public Folders.

This post includes a script that configures the RPC Client Access service and Address Book service to use static ports. Run this script on each CAS server to configure the services. Finally, on each mailbox server, configure the registry value listed at the bottom of the post.

Full Article » Share »
 

Add Office 365 Exchange Online to your PowerShell Profile

The Exchange Online service in Office 365 as exposes a variant of the Exchange Management Shell (EMS) that you would normally use if you were managing an on-premises Exchange organization. Connecting to the Exchange Online EMS requires a few tedious but well documented steps.

Rather than manually running these steps each time you need to connect, the samples in this post show how you can add a quick shortcut to your Windows PowerShell profile to connect to the Exchange Online EMS.

Full Article » Share »
 

Configuring the Dell/Quest Free/Busy Connector for Lotus Notes and Exchange - Part 1

This is part one of a three part series on configuring the Dell/Quest Free/Busy Connector for Lotus Notes. The Connector is part of Coexistence Manager for Exchange (CMN). In this post, we'll discuss how the connector works and examine the interface with Exchange. Next, we'll configure the Dell/Quest Web Services and the Domino Free Busy Connector Service. Future posts in this series will discuss configuring the remaining components of the connector.

Full Article » Share »
 

Configuring the Dell/Quest Free/Busy Connector for Lotus Notes and Exchange - Part 2

This is part two of a three part series on configuring the Dell/Quest Free/Busy Connector for Lotus Notes. In Part 1 we took at look at the architecture of the Quest Free/Busy (F/B) Connector in Coexistence Manager for Notes (CMN) as well as how Exchange interfaces with it. We also configured the F/B Connector web services and the Domino Free Busy Connector Service. In this post, we’ll configure the Exchange Free Busy Connector Service, the Domino QCALCON task, and the Exchange organization.

Full Article » Share »
 

Configuring the Dell/Quest Free/Busy Connector for Lotus Notes and Exchange - Part 3

This is part three of a three part series on configuring the Dell/Quest Free/Busy Connector for Lotus Notes. In Part 1 we took at look at the architecture of the Quest Free/Busy (F/B) Connector in Coexistence Manager for Notes (CMN) as well as how Exchange interfaces with it. We also configured the F/B Connector web services and the Domino Free Busy Connector Service. In Part 2, we configured the Exchange Free Busy Connector Service, the Domino QCALCON task, and the Exchange organization. In this post, we’ll complete the configuration by configuring Lotus Notes as well as building a test user in Exchange and Lotus Notes to validate the configuration.

Full Article » Share »

Windows Server

 

Using Device Manager Remotely

The Server Core variant of Windows Server offers a variety of benefits, especially with respect to security. The downside is that familiar GUI management tools are not always accessible. While Windows PowerShell and the command line offer alternatives, the learning curve can be steep. Device Manager is one example of a common GUI management tool that cannot be used on Server Core. Fortunately, Device Manager can be used remotely. This post explains how to enable remote access with Device Manager on Server Core.

Full Article » Share »
Sponsored Content
 

Thoughts on Building a Server Image

Repeatable, consistent, and predictable are three things that add an incredible amount of value in IT, and building servers from a base image is one way to deliver on this. I was just replying to a thread on a discussion alias where the person who started the thread had reviewed a blog post on how to build such an image for VMWare. I and a number of people disputed the recommendations made in the referenced blog post in addition to the various other things the individual who started the thread was planning to install in his image/template.

At a high level, the most important thing from my reply, I think, is that you should not be customizing a server for it to be convenient to your work style. The server is there for a purpose driven task.

Full Article » Share »
 

Script to Collect Hardware Inventory Data

This post includes a sample VBScript that will collect key hardware demographics from a list of hosts and output the results to a CSV file. The demographics collected are:

  • Host Name
  • Serial Number
  • Make
  • Model
  • BIOS Version
  • Operating System
  • CPU
  • Memory (MB)
  • Disk Drives

 

Full Article » Share »
 

Date and Time Math with PowerShell

How many times have you had to figure out what date was X days, months, or years ago, or perhaps what time was Y minutes, hours, or seconds ago? In this post, you'll learn how easy it is to calculate date and time math with Windows PowerShell.

Full Article » Share »
 

Installing WinPcap Silently

When silently installing WireShark, WireShark's critical dependency, WinPcap, is not installed automatically. This post shows you how to use a tool called AutoIt to develop a script that can silently automate a point and click process like installing WinPcap.

 

Full Article » Share »