Exchange Server 2007 and the Active Directory, Part 2

Microsoft Exchange Server 2007 is bound to shake up the Active Directory world as we know it. After my first post on the soon to come Exchange Server and the Active Directory I've been playing around for 2 months with it and attended a couple of seminars on the subject. Now we know that there probably won't … Continue reading "Exchange Server 2007 and the Active Directory, Part 2"

MIIS newbie tales – Export password attribute with Extensible MA

Today I had a little chat on e-mail with Alex Tcherniakhovski which was about following topic: how to create export only attribute with Extensible MA to set initial password for newly provisioned account? (OK, this wasn't exactly such topic but this is what it was about 🙂 ). So problem is: we are provisioning new account to … Continue reading "MIIS newbie tales – Export password attribute with Extensible MA"

Playing with new ADFind and ADMod

Today on Microsoft.public.windows.server.active_directory  simple question was asked: Is possible clean all logon scripts from a OU at the same time. This OU contains others sub-OUs. Sure it is :), thanks to joe we have updated versions of ADFind and ADMod in our toolbox. First we need a filter which is simple: (&(objectClass=user)(objectCategory=person)(scriptPath=*)) which should give … Continue reading "Playing with new ADFind and ADMod"

VML patch (MS06-055) released out of band

As we can read on MSRC blog, Microsoft has published out of band patch for VML vulnerability existing in IE. This flaw was described in Microsoft Security Advisory (925568) published lately. Bug patched by this update allows remote code execution so it should be applied as soon as it will be possible (some people do some tests and other … Continue reading "VML patch (MS06-055) released out of band"

Disable simple bind without SSL on ADAM

Today on ActiveDir.org ~Eric pointed out interesting feature in ADAM which allows ADAM administrator to configure ADAM instance to reject simple bind attempts on ports without SSL. To do this one have to edit properties of CN=Directory Service,CN=Windows T,CN=Services,CN=Configuration,CN={<GUID>} object and set RequireSecureSimpleBind attribute value to 1. This will reject authentication attempts which will be made … Continue reading "Disable simple bind without SSL on ADAM"

Auditing directory changes aka "Who deleted this object"

Some question were raised by few peoples about directory object auditing – mostly in a context of question "Who deleted the object?" – so I've decided to give this topic a little space. Windows 20002003 provides us with auditing mechanism which can be used also to track changes for Active Directory objects. Probably this isn't … Continue reading "Auditing directory changes aka "Who deleted this object""