Tag | Active Directory Posts

Here are a few one-liners that use NetCmdlets. Some of these I've blogged about before, some are new. Let me know if you have questions, which ones you find useful, or how you altered these to suit your own needs. Send email to a list of recipient addresses: import-csv users.csv | % { send-email -to $_.email -from lance@nsoftware.com -subject "Important Email" –message "Hello World!" -server 10.0.1.1 } Show the access control list for a specific Exchange folder: get-imap -server $mymailserver -cred ...
WSS 3.0/MOSS 2007 Active Directory Forms Based Authentication PeoplePicker no users found After finding these steps online from http://dattard.blogspot.com... in order to setup Active Directory Forms Based Authentication I was all set to complete this task, except for one problem. These steps are missing one very important vital step in order for FBA to work with Active Directory. A supplement to step 3 before granting access in step 5 through the people picker. ...
(This is a series of posts covering how to include a WinForm app inside a SharePoint 2007 application. For further info, please see Posts Two, Three, and Four. All of the code can be downloaded in Post Two.) Last year, I had the opportunity to build a solution that involved integrating a Windows Form application into a SharePoint 2007 (WSS version 3.0). In this post, I’ll layout our architecture thinking and in part two, I’ll describe the technical details. Business Case Our challenge was this: we ...
While performing the initial Exchange 2010 deployment for a customer migrating from Exchange 2003, I ran into an issue with mail flow between the two environments. The Exchange 2003 mailboxes could send to Exchange 2010, as well as to and from the internet. Exchange 2010 mailboxes could send and receive to the internet, however they could not send to Exchange 2003 mailboxes. After scouring the internet for a solution, it seemed quite a few people were experiencing this issue with no resolution to ...
Windows Identity Foundation (WIF) enables .NET developers to externalize identity logic from their application, improving developer productivity, enhancing application security, and enabling interoperability. It is a framework for implementing claims-based identity in your applications. With WIF one can create more secure applications by reducing custom implementations and using a single simplified identity model based on claims. Windows Identity Foundation is part of Microsoft's identity and access ...
In the last few months, we moved our Active Directory to Windows 2008 R2. We also recently deployed ISA 2006 to front end for all of our internet facing web services including SharePoint, Team Foundation Web Services, and a few others. To allow employees the ability to change passwords externally or after an expiration using ISA, we implemented LDAPS pre-authentication. We have ISA deployed in the single NIC configuration where it lives in the perimeter network (DMZ) since we are already using a ...

Well, in the past we had ADAM – which has migrated to AD LDS for Windows – under Vista, we really only had a hack to get it (ADAM) running on Vista.

Now, we have it for both Server and Client – and it’s known as Active Directory Lightweight Directory Services – aka LDAP!!

Download details: AD LDS for Windows7

Last week, I needed to call the SQL Reporting Services Web Service to export reports as Excel, PDF, and Word formats. I could have used the [Add Web Reference...] as the MSDN Documentation Accessing the Report Server Web Service Using Visual Basic or Visual C#, but I decided to use [Add Service Reference...]. If you are wondering what the difference is between Web Reference and Service Reference, please read this blog post by Andrew Tokeley. Goal Create a common library project which I could reuse ...
Recently, we built a new two-node Exchange 2003 Cluster. Both servers run AMD processors. After building the Exchange Cluster, we ran the Microsoft Exchange Best Practices Analyzer tool. We noticed several Domain controller server response time and Global catalog server response time critical issues listed in the Best Practices Report. After reading the following Microsoft Exchange Server Analyzer articles, we started troubleshooting the reported critical issues. Round-trip times to Active Directory ...
I wanted to pull together all of my notes on compression I've gathered from various sources and bring them together here, in the hope that it would help someone else. All of this information is from reliable sources, such as the online MSDN but these sources aren't always easily found in a pinch. Using HTTP Compression for Faster Downloads (IIS 6.0) If your Web sites use large amounts of bandwidth or if you want to use bandwidth more effectively, consider enabling HTTP compression, which provides ...
The Enable fast message retrieval checkbox for an IMAP4 Virtual Server on an Exchange 2003 Front-end Server is grayed out as shown below. It is grayed out, by default, because the setting does not apply to an Exchange 2003 Front-end Server. For more information about enabling fast message retrieval, please click here. When you run the Microsoft Exchange Best Practices Analyzer tool, a warning message appears stating that the fast message retrieval option is not enabled for an Exchange 2003 Front-end ...
So Brian Jackett tagged me in his blog post, suggesting that I post some goals for 2010. Like Brian, I have a formal goal document at work for professional goals. Unlike Brian, I’m not nearly as ambitious with my goals. Professional I used to have a huge list of technologies that I wanted to learn. After a few years of having that same list, I’ve finally gotten more realistic about what I can accomplish in a year. This year, I’m going to focus on: SharePoint 2007 Development -- I've scheduled my ...
This has bitten me a couple of times. This error surfaced yesterday when running a scripted install with psconfig.exe – the error that appears in the log is: LookupAccountName failed to get the SID for account <domain>\LONG AC NAME > 20 chars When setting up SharePoint, we usually have a bunch of service accounts that generally are setup by different teams that manage the Active Directory accounts – well, that’s how it should work, but that’s another story. Many times organizations will ...
Here are a few one-liners that use NetCmdlets. Some of these I've blogged about before, some are new. Let me know if you have questions, which ones you find useful, or how you altered these to suit your own needs. Send email to a list of recipient addresses: import-csv users.csv | % { send-email -to $_.email -from lance@nsoftware.com -subject "Important Email" –message "Hello World!" -server 10.0.1.1 } Show the access control list for a specific Exchange folder: get-imap -server $mymailserver -cred ...
The best practice for publishing an Internet facing SharePoint site is to use ISA as a reverse proxy solution to provide an additional layer of security between the SharePoint portal and the end user. This eliminates any traffic originating from the Internet from ever reaching the internal protected network. Instead the traffic terminates in the DMZ at the ISA server and it in turn performs Active Directory or Forms Based authentication through LDAP, LDAPS, or Radius. It then proxies the content ...
first a note: I know this is the name of my blog is cloud9 and im supposed to be talking about Azure but just like everyone has thier pronounciation of the word Azure... I have my own defintion or vision of what Azure is. Azure is the core of a software + services platform. At this point in the game you might be saying DUH.. Whatever. Well let me just whatever your whatever lol. Azure = S+S = ( Azure Cloud, ServiceBus, Identity Metasystem (ACS/WIF/ADFS20/Cardspace etc), Dublin, WCF, WF, REST, Silverlight, ...
With the release of Windows 2008 R2, highly available Hyper V deployments have increased in popularity. One of the big questions during these deployments is what to virtualize and what to leave on physical hardware and in particular when it refers to domain controllers. Domain controllers are basically highly transactional database servers which service most basic network functions including authentication, name resolution, replication, and of course many secondary services like DHCP or Radius. In ...
For the past year, I’ve been working with a client that is in a very unusual position, at least one that has been rare in my career. My client is an established business being spun off from their corporate parent, so they are starting up their IT department from scratch. I had a similar experience almost a decade ago, when I joined an IT department right before a huge growth spurt in staff and responsibilities. I was brought on board to help with their SharePoint portal initiative. This included ...
There's been a few discussions going on recently with various colleagues and community members on the back of the SOA Manifesto announcement. In this discussions it made me think back to a year or so ago when I was watching some presentations about various SOA things. At the time there were discussions about why SOA was good, what it offered, why companies struggled with it and all of the usual stuff. At the time I was reflecting on things on the way home and was thinking you know SOA is really just ...
The October Service Update for Microsoft Online Services includes several new features and enhancements designed to improve the service experience for both administrators and users. The Service Update is currently being deployed into production data centers. Many of these service enhancements are the result of customer and partner feedback. The following features and capabilities are included in the October Service Update: Bulk Activation of Users PowerShell commandlets will be added to streamline ...
This past week I was reminded of the “fun” in which hosting an application within SharePoint can present. We are developing a custom application for our client in which some areas must reside within a SharePoint environment. We did quite a bit of our development in this first iteration within a web application in order to pull things together and present the client with a working end-to-end “prototype.” The architecture is composed of several layers all of which will be “in process” communications ...
Für verschiedene Experimente brauchte ich die Möglichkeit mit v6 einen Debian Server auszurollen. Die Anforderungen waren wie folgt: - Es soll für die SW Installation der debian eigene Paket-Manager apt verwendet werden. - Für das unbeaufsichtigte Ausführung der Setups soll preseed zum Einsatz kommen Die Posts werden sich rund um diese Anforderung drehen und folgende Themen erläutern Teil 1: Basis OS Image + Change Root environment Teil 2: Installation von Software via apt und preseed Teil 3: Einen ...
This post is the fourth in a series of postings, containing examples of SharePoint WebParts that anybody can build all by themselves. To read all posts in this series, or to get started with the RSSBus WebPart, go here. #4 – List Active Directory Groups and Users This web part will list each user group and its members, as defined in your Active Directory (or other LDAP server) installation. Step one is to make sure you have the RSSBus Web Part installed. See here for instructions. Step two, make ...
What is Kerberos Authentication? Kerberos (or Cerberus) was a three-headed dog in Greek Mythology which guarded the gates of Haides (King of underworld God of Death). Kerberos was responsible to prevent ghosts of the dead from leaving the underworld. The Kerberos Protocol was created by MIT as a solution to network security problems like: 1) Insecure unencrypted password over the internet 2) Firewalls, which assumes that the bad guys are outside the network, what about the Bad Guys within the network. ...
I recently had to configure Forms Based Authentication for our website (in my case SharePoint, but the same would apply to a plain ASP.NET website) and I wanted to configure it to use Active Directory for the account storage. Our website is going to be accessed at the corporate office, using Windows Integrated Authentication and we’ve set up a separate website pointing to the same content for our extranet users. Both corporate and extranet accounts are going to be stored in AD. Just for review, FBA ...
I’m building out a Windows SharePoint Services 3.0 (SharePoint 2007) site for my client. The site uses two different methods of authentication, one for intranet users and one for extranet users. The intranet users will be logging onto their workstations using their corporate domain based username and password. We have one Url in SharePoint for these users, which is set to the out of the box Windows authentication. When the user goes to this Url, IE6 is set to send the credentials to the site, so ...
Many organizations are faced with the threat of data theft, from which legal battles, hefty fines and negative publicity can arise. Interestingly enough stealing data is not always that difficult. In this post we will review certain aspects of data masking, a technique used to disguise personable and sensitive information. Data masking encompasses two key areas: in-flight and at-rest. In-flight data masking is different than encryption; the goal of this technique is to temporarily transform data ...
With ASP.Net MVC, you can easily use AuthorizeAttribute to control access to controllers and actions. I found it limiting within the context of Windows Authentication. First, I wanted to configure the roles outside of an attibute. Properties of AuthorizeAttribute, as with all attributes, must be set a design-time, such as [Authorize(Roles = “MyCompany\AppAdmin”)]. I want to break that out to configuration so I can have [Authorize(Roles = “Editor”)] and configure the Editor role like this EditorRole=”MyCompany\AppAd... ...
Summary In an Exchange 2003 environment that has matured over time, an enabled Active Directory account may get a #5.2.1 Undeliverable message (NDR) as shown below when they send an e-mail message to another enabled Active Directory account. ---------------------------... From: System Administrator Sent: March 30, 2009 9:30 AM To: Bob Stevens Subject: Let's meet at Noon Your message did not reach some or all of the intended recipients. Subject: ...
I don’t know Joel personally, but some recent posts of his caused a stir within the community, and he seems like a pretty interesting dude… so that makes him a perfect candidate for a NINE Questions interview. Unfortunately, I never got a pic from him with this interview, so this placeholder pic will have to do for now. I know you’re all chomping at the bit to read my latest interview, so without further ado, I give you these NINE Questions with Joel Oleson, aka SharepointJoel. 1. Where are you from? ...
I’ve been running Windows 7 RC for a little over a week now and can’t imagine going back to Vista at this point. I decided to start with a fresh install of Windows 7, so I’ve been in the process of reinstalling all of my applications and cleaning up my disk drives. In the process, I went searching to see if there are any interesting Windows 7 power toys or tricks available. While I didn’t find any power toys, I did discover that all of the Windows Vista tricks are still available on Windows 7. Tim ...
So I am trying to sketch out some mailbox server scenarios for my Exchange 2010 design. I think I am leaning towards iSCSI or perhaps direct-attached SAS drives, but since I am doing virtualized Exchange servers, I don’t think I can load all the storage I need in to the ESX chassis. That leaves me with iSCSI. I am looking at three models to ‘standardize’ on for the business: Config 1: 1Gb mailboxes x 1000 mailboxes max = 1Tb database Config 2: 1Gb mailboxes x 500 mailboxes max = 500Gb database 3Gb ...
I spent the past day trying to figure out why I couldn't log in as myself, Sharepoint would always just say I was logged in as System Account. After a ton of research and changing things I ran into this: To fix this, you must run the following commands: stsadm -o updatefarmcredentials -identitytype NetworkService followed by: iisreset http://social.technet.micro... That solved my problem. I'm using NTLM authentication and ...
I saw Jeff Hicks’ great Get-LocalMember post this morning, in which he has extensive demonstration of retrieving information about AD group members. I thought it might be a good time to show some of the power of the get-ldap cmdlet. Yes, using the get-ldap cmdlet does require familiarity with the LDAP protocol itself, so in this way it is for more advanced users who just need to do quick LDAP operations without a lot of required coding and with just one universal cmdlet. So, how do I list the group ...
Saving money has never been easier! Email me at bfavilla@nhmn.com to talk discounts about any of the classes listed... CXS-200-1l Implementing Citrix XenServer Enterprise Edition 5.0 March 30 - March 31 6235 Implementing and Maintaining Microsoft SQL Server 2008 Integration Services March 30 - April 1 6425 Configuring Windows Server 2008 Active Directory Domain Services March 30 - April 3 Effective Business Writing March 10 Access Level 3 March 12 Illustrator CS4 Level 2 March 16 Business Writing ...
I’ve known Lou Vega a really long time and he’s a terrific guy. He’s the leader of the Charleston, SC .NET User Group (GC.NUG) and uber geek extraordinaire. I’ve been bugging Lou for a while to do a 9Q interview, and when he finally got back to me I ended up shelving it for a couple months. (Sorry about that man… travel gigs are a bear.) So without further ado, here’s Lou: 1. Where are you from? (if it's different than where you are now, please feel free to elaborate.) Hmmm – I was an “army brat” ...
We have lots of great classes coming up! The classes listed below are conformed to run, but still have open seats, so let’s make a deal! Email me at bfavilla@nhmn.com to reserve your seat and start the process! Acrobat 8 Level 1 3/6/09 InDesign CS4 Level 1 3/9/09 Office 2007 New Features 3/9/09 Effective Business Writing 3/10/09 Access Level 3 3/12/09 Illustrator CS4 Level 2 3/16/09 Excel Level 2 3/16/09 Business Writing Workshop 3/19/09 Crystal Reports Level 1 3/19/09 InDesign Level 2 3/20/09 Word ...
Join us for TechFuse 2009 on March 17! It’s back and even bigger than last year! With 36 sessions and two keynote presentations to choose from, TechFuse 2009 is the most cost-effective way for IT and Developer pros to get up-to-date, 200-300 level education on the topics that matter to your role. TechFuse will provide you resources on the latest developments in IT and Developer trends, technologies, application implementation issues, products and services from tons of local professionals. Website: ...
A fellow peer was looking at an error when trying to configure another developer's database. All of us are working on the same application, but our install doesn't seem to be working correctly, which causes the DB to not be properly installed, thus this guy is trying to configure it manually. We are using SQL 2005 (either Express or the regular versions) for our DB servers. He's using SQL Management Studio, logged in using Windows Authentication and was trying to bulk insert some records (BULK INSERT ...
Most often Active Directory has got all the information needed for handling profiles in MOSS, but sometimes you might need to update the profiles with data from other systems too (ie CRM). So what do you do? The answer of course is BDC. Recently I was working for a customer that had a rather complex solution for handling access control to various sites and systems based on information in the profiles. Part of the information was found in the AD and the rest was found through a web service. So in ...
Download the design template here. In my role, I am lucky enough to get to design lots of very cool software to solve (sometimes difficult) business problems. Many times, these applications involve design solutions that leverage SharePoint technologies. In this series, I will be discussing some of the design patterns and documentation patterns that I have encountered in my applications. Disclaimer: this documentation is given as-is, so please use it and modify it as needed to meet your needs. This ...
Hosting Your Own Websites For years now I’ve been building our company websites on external hosting systems. The problem has always been that I have limited control over the hosting environment. During the past year my host has been webhost4life and they do a good job of providing services including DotNetNuke but my desire to host multiple websites made hosting in-house more and more attractive. I’ve accumulated 18 domain names from Network Solutions over the years and I really wanted to build sites ...
Here's the complete list of sessions from PDC and my personal favorites. You can find all the recordings of these sessions at www.microsoftpdc.com. Here's my personal favorites: Windows Azure (Hosted ASP, Workflow, Silverlight, RAW / Azure Storage) A Lap Around Windows Azure (ES16) - 0:46 Slides | WMV-HQ | WMV | Zune A Lap Around the Azure Services Platform (BB01) - 1:12 Slides | WMV-HQ | WMV | Zune Live and Mesh (Sync, Feeds, Resources, Contacts, etc.) A Lap around the Live Framework and Mesh Services ...
Ray Ozzie, chief architect at Microsoft, opened the keynote. Here are my random notes: Ray thanked everyone for coming to the event and stressed how important we all are in Microsoft's success. He then stressed his work as an ISV in the past and how he also sat in the audience like we are today. PDC is about Microsoft's take on the revolutions happening in the world. It is about combining the best aspects of combining software along with the best aspects of services. Tomorrow Ray will talk on stage ...
SharePoint Permissions... Part 2 Dependencies and descriptions Most of the permissions are dependent on other permissions. When choosing a permission which has dependencies on other permissions, these are automatically selected. For permissions who have dependencies, visit the following link: http://office.microsoft.com... Tips on Administration of SharePoint Permissions It is suggested that at the beginning one uses the standard SharePoint groups which ...
I have started doing some preliminary planning/design work for a new web-based project. This project is extremely important for our organization since it will be the foundation for a portal that we will build in the future. In addition, this application will not only going to be used by our employees but also by some of our customers and partners. Our customers/partners will also have the option to integrate our application into their portals. That means the application will be used in many ways ...
When registering the Windows Rights Management Services (RMS) in Central Administration in MOSS, I received the "The required windows rights management client is present but the server refused access. IRM will not work until the server grants permission", even if I followed the 'To add SPS-SRV to the RMS Certification Pipeline' step from 'Deploying Windows Rights Management Services with Microsoft Office SharePoint Server 2007 Step-By-Step Guide'. Solution: the Central Administration web application ...
Classes the week of July 21 at New Horizons of MN New Horizons of MN, located in Edina MN, has the following classes running next week. Most classes are offered either as a public class here at our facility or as a remote class, which is the same instructor led class, but instead of coming in to our office, you take the class from anywhere. For more information on what remote learning is, please visit http://www.nhmn.com/Service... IT Courses 1456AI Citrix Access Suite 4.0: Build/Test ...
There are 3 seminars this week: SharePoint Server 2007: Connecting People Process and Information - Tuesday morning How I Became a Software Quality Muscle Man - Tuesday afternoon Server 2008 Active Directory Services and Your Infrastructure (Windows Server 2008 - What's new?) - Wednesday morning Details Below for each one: SharePoint Server 2007: Connecting People, Process and Information Date:Tuesday, June 24, 2008 from 9-11:30am Registration Link: http://www.nhmn.com/Courses... ...