Using multiple UPN suffixes for users in single directory

ActiveDir.org is always a source of all sorts of directory related discussion. In most cases interesting once. I have to admit that I would like to have more time to catch up with ActiveDir.org and to be more active there (note to self) but with Wojtek @ home (he’s growing) it is getting even harder … Continue reading "Using multiple UPN suffixes for users in single directory"

Ex2007SP2 – step towards virtual directory … sort of

There are number of things in which my current employer managed to succeed. Among greatest success I think  one can count way in which Microsoft managed to scare people with Active Directory schema extension. Probably it has started somewhere down the road with Windows 2000 shipped, some communication, talks … but the fact is … … Continue reading "Ex2007SP2 – step towards virtual directory … sort of"

Where to put SSL certificate for LDAP …

Protecting LDAP traffic with SSL is a good idea, especially if in network environment some applications are (ab)using LDAP as authentication protocol. Some explanation of abusing word – LDAP never was designed as authentication protocol (like Kerberos is). Its name states it clear “DIRECTORY ACCESS PROTOCOL”. However because it is simple to use and effective … Continue reading "Where to put SSL certificate for LDAP …"

Default Account Operators permissions on DC object

Active Directory Documentation Team has put on the web interesting post about default permissions of Account Operators (AO) group which might be present on DC object as a result of ACLs placed earlier on computer object.   (cc) ph0t0 {loves you too} In short words: AO are being granted permissions to manage many objects in … Continue reading "Default Account Operators permissions on DC object"