So I received loads of comments asking me what the DC* log files log.
Complete list of Ports required for our Windows Server System
I always have to look up in different locations as to which ports are needed for certain functions like Active Directory, DFSR, Certificate Services, Cluster Service, DHCP Server etc. When you need them handy its always a mission to get to the documentation, here is a document that has all these ports in one article … Continue reading "Complete list of Ports required for our Windows Server System"
Active Directory Schema 4 easy steps
So here is a list of things that you need to do when thinking and about to make schema changes: Understand the Active Directory Schema Terminology Then read How the Active Directory Schema Works Once you have that understanding you then go through our Checklist before extending the schema And make sure you know how … Continue reading "Active Directory Schema 4 easy steps"
Exchange Server 2007 and the Active Directory, Part 2
Microsoft Exchange Server 2007 is bound to shake up the Active Directory world as we know it. After my first post on the soon to come Exchange Server and the Active Directory I've been playing around for 2 months with it and attended a couple of seminars on the subject. Now we know that there probably won't … Continue reading "Exchange Server 2007 and the Active Directory, Part 2"
MIIS newbie tales – Export password attribute with Extensible MA
Today I had a little chat on e-mail with Alex Tcherniakhovski which was about following topic: how to create export only attribute with Extensible MA to set initial password for newly provisioned account? (OK, this wasn't exactly such topic but this is what it was about 🙂 ). So problem is: we are provisioning new account to … Continue reading "MIIS newbie tales – Export password attribute with Extensible MA"
Playing with new ADFind and ADMod
Today on Microsoft.public.windows.server.active_directory simple question was asked: Is possible clean all logon scripts from a OU at the same time. This OU contains others sub-OUs. Sure it is :), thanks to joe we have updated versions of ADFind and ADMod in our toolbox. First we need a filter which is simple: (&(objectClass=user)(objectCategory=person)(scriptPath=*)) which should give … Continue reading "Playing with new ADFind and ADMod"
AdMod and AdFind updated
In case that someone who is reading this blog is not subscribed to joe's blog or notification list (unlikely) I want to inform that two of joe's tools, which are ultimate … great tools for AD get updated. These two tools are: AdFind – which allows You to search for anything You want to in … Continue reading "AdMod and AdFind updated"
DCPROMO Debug
I was chatting to a friend of mine and he was complaining of DCPROMO failing during a promotion of a member server to a domain controller. He could not understand why. With him about 17 000km away from me, I couldn't just jump over and help him. He didn't have VPN access for me and … Continue reading "DCPROMO Debug"
VML patch (MS06-055) released out of band
As we can read on MSRC blog, Microsoft has published out of band patch for VML vulnerability existing in IE. This flaw was described in Microsoft Security Advisory (925568) published lately. Bug patched by this update allows remote code execution so it should be applied as soon as it will be possible (some people do some tests and other … Continue reading "VML patch (MS06-055) released out of band"
Disable simple bind without SSL on ADAM
Today on ActiveDir.org ~Eric pointed out interesting feature in ADAM which allows ADAM administrator to configure ADAM instance to reject simple bind attempts on ports without SSL. To do this one have to edit properties of CN=Directory Service,CN=Windows T,CN=Services,CN=Configuration,CN={<GUID>} object and set RequireSecureSimpleBind attribute value to 1. This will reject authentication attempts which will be made … Continue reading "Disable simple bind without SSL on ADAM"