Microsoft Exchange Server 2007 is bound to shake up the Active Directory world as we know it. After my first post on the soon to come Exchange Server and the Active Directory I've been playing around for 2 months with it and attended a couple of seminars on the subject. Now we know that there probably won't … Continue reading "Exchange Server 2007 and the Active Directory, Part 2"
MIIS newbie tales – Export password attribute with Extensible MA
Today I had a little chat on e-mail with Alex Tcherniakhovski which was about following topic: how to create export only attribute with Extensible MA to set initial password for newly provisioned account? (OK, this wasn't exactly such topic but this is what it was about 🙂 ). So problem is: we are provisioning new account to … Continue reading "MIIS newbie tales – Export password attribute with Extensible MA"
Playing with new ADFind and ADMod
Today on Microsoft.public.windows.server.active_directory simple question was asked: Is possible clean all logon scripts from a OU at the same time. This OU contains others sub-OUs. Sure it is :), thanks to joe we have updated versions of ADFind and ADMod in our toolbox. First we need a filter which is simple: (&(objectClass=user)(objectCategory=person)(scriptPath=*)) which should give … Continue reading "Playing with new ADFind and ADMod"
AdMod and AdFind updated
In case that someone who is reading this blog is not subscribed to joe's blog or notification list (unlikely) I want to inform that two of joe's tools, which are ultimate … great tools for AD get updated. These two tools are: AdFind – which allows You to search for anything You want to in … Continue reading "AdMod and AdFind updated"
DCPROMO Debug
I was chatting to a friend of mine and he was complaining of DCPROMO failing during a promotion of a member server to a domain controller. He could not understand why. With him about 17 000km away from me, I couldn't just jump over and help him. He didn't have VPN access for me and … Continue reading "DCPROMO Debug"
VML patch (MS06-055) released out of band
As we can read on MSRC blog, Microsoft has published out of band patch for VML vulnerability existing in IE. This flaw was described in Microsoft Security Advisory (925568) published lately. Bug patched by this update allows remote code execution so it should be applied as soon as it will be possible (some people do some tests and other … Continue reading "VML patch (MS06-055) released out of band"
Disable simple bind without SSL on ADAM
Today on ActiveDir.org ~Eric pointed out interesting feature in ADAM which allows ADAM administrator to configure ADAM instance to reject simple bind attempts on ports without SSL. To do this one have to edit properties of CN=Directory Service,CN=Windows T,CN=Services,CN=Configuration,CN={<GUID>} object and set RequireSecureSimpleBind attribute value to 1. This will reject authentication attempts which will be made … Continue reading "Disable simple bind without SSL on ADAM"
Auditing directory changes aka "Who deleted this object"
Some question were raised by few peoples about directory object auditing – mostly in a context of question "Who deleted the object?" – so I've decided to give this topic a little space. Windows 20002003 provides us with auditing mechanism which can be used also to track changes for Active Directory objects. Probably this isn't … Continue reading "Auditing directory changes aka "Who deleted this object""
Who's testing Windows Vista?
If you're serious about testing Microsoft products you'll want to be in the Microsoft Connect program. But who's in it? Where are they located? With how many are they? This information is now available on the Microsoft Windows Vista program!
Script to populate AD with Excel files
Many times on groups and forums people were asking about script which will populate AD with data from Excel file. Alex Tcherniakhovski has modified one of scripts available in script center to create test data in AD environment based on Excel files. This script was created for testing pourposes but it can be used and … Continue reading "Script to populate AD with Excel files"