Tag | Active Directory Posts

Just wanted to note down some really useful (and Free) Active Directory Tools that I've come across in the field over the last few weeks: Have looksy and add to the list if you can think of more, but I would consider these 'must haves' in the Active Directory consulting world. • Setspn Syntax *For those double-hop Kerboros authentication scenarios between SQL and IIS. • Replmon • Repadmin • Movetree.exe • Ldp • Dsastat • Clonepr • Adsiedit • Acldiag • Xcacls • Sidwkr.dll (Sidwalker Security Administration ...
I wanted a simple way to display all the locked out users on my domain. So I created this simple query to do so. To use this:: 1. Open Active Directory Users and Computer. 2. Right click on "Saved Queries" 3. Select " New " - > "Query" 4. Select " Define Query " 5. In the find box select " Custom Query ". 6. Select the " Advance " Tab. 7. Paste the following code in: (objectCategory=Person)(obj... 8. Give ...
Just did a John Craddock 2-Day Intensive Seminar on "Security Active Directory Access" at the Novotel in London. Four Words: What an amazing event! To see Craddock peel the layers behind Microsoft's Premier Directory Services was absolutely incredible. If you think you know Active Directory Services, do this course with John. He and and his colleague Sally Storey are very talented presenters in tune with demands of the market place and delivering secure, stable technologies geared towards the ENTERPRISE. ...
I found my more detailed notes on the package flags. A couple of corrections: The flag “524288” specifically tells whether an app is published or assigned – it’s set for assigned, unset for published. 8 is typically set for published apps and cleared for assigned. I promised code. private void SearchAD(string target, string policy, string policyname) { DirectoryEntry entry = null; try { entry = new DirectoryEntry(policy); } catch (COMException Ex) { toolStripStatusLabel1.Text = "Couldn't connect ...
Sorry about the delay. Last time I dug into the SYSVOL portion of app distribution via Group Policy. This time, the Active Directory side. I'm sure you already know that the net result of GP distribution is that if the user is in the appropriate group, the app appears in Add/Remove programs. The file on the Sysvol is important -- we've seen cases where for some reason the .AAS file disappeared; when it did, the app stopped appearing in Add/Remove Programs. The other half is, of course, in Active ...
Have put together some tips on Clustering VMWare Server, have a look, hope it helps... Clustering VMWare: Virtual Machines Clusters Objective: To build two virtual machines that will be highly available Clustered nodes. Purpose: To test and build applications that use the clustered resource. NOTES: (1) Virtual machines have always the same hardware, they don't depend from the HOST hardware type and for the same reasons you can save, move and load a virtual machine anywhere where VMWare is installed. ...
Kyle and I are running into a small problem with Team Foundation Server when it comes to assigning tasks. In a typical software development company, a Project Manager receives a bug or feature request. He then assigns associated tasks to his developers. Once the developer is finished, the task is re-assigned to the PM for review. At EnGraph, things are a bit more collaborative. Partly because of our size, but also because we like to manage support and development from a team perspective. Back to ...
When migrating our TFS from a workgroup based install to Active Directory, we got a couple errors when running Team Build. Access to the path 'C:\...BuildLog.txt' is denied To fix this error, I simply deleted the root Team Project folders in Windows Explorer and re-ran the build. The build then recreated the folders. You may have to run the builds in a specific order if your solutions reference assemblies that live in these folders. The other error occurred after a build started: TF42004: Team Build ...
Moving our TFS Server to Active Directory wasn't that bad. I followed these instructions from MSDN. They are meant for people moving from one domain to another. But the steps worked for moving from a TFS workgroup based install to a domain based install. All of the tasks that were assigned to Kyle or myself were migrated over to our new domain usernames and using this handy permissions tool, I was able to get all of our permissions set correctly. The only problem is initiating a build. When I right ...
I added my main workstation to our new Active Directory domain last night with out a hitch. This morning, I added my Vista laptop and ran into a bit of a problem. So I added a DNS role to the server and was able to add the laptop to the domain. Then we started in on Kyle's laptop. When attempting to log on, we got "The system cannot log you on now because the domain engraph is not available". After much googling, I discovered that the DNS role was incorrectly set up. I thought that just removing ...
Today I get to learn how to change a Team Foundation Server from a workgroup based install to a domain based install. We've had Active Directory for a while, but it was never set up right. Thanks to Robert Oderkirk at Free State Business for helping us figure out what was wrong. So now, we have to attach all of our computers to the domain, set up the network users, and hope that TFS plays nicely with the transition. I need to do more research, but hopefully, I just have to switch the TFS accounts ...
Here's how you can change your active directory (or other ldap server) password with the set-ldap cmdlet in /n software NetCmdlets. Also, recently I also showed how to this using the IP*Works! SSL LdapS dev component. PS C:\> set-ldap -server myserver -binddn Domain\Administrator -password admin -dn "cn=BillyBob,ou=Employees,d... -newpassword mynewpassword -ssl implicit Update: the -password parameter is now a secure string. There is also a -credential parameter. So the cmd to change the ...
Previously with NetCmdlets, authentication details were only accepted using plain text parameters. This is still supported, but now these cmdlets support PSCredentials through a new -credentials parameter. This works for almost all of the cmdlets included in NetCmdlets, like FTP, LDAP, HTTP, SMTP, Rexec, RSS, IM, SMS, SSH, etc. Here's an example with get-ldap. Before, you had to bind to the directory server using plain text parameters, like this: PS C:\> get-ldap -server testboy -binddn mydomain\admin ...
MOW's "PowerShelled" blog is another awesome PowerShell resource. Of particular interest to me was MOWs series on PowerShell and Active Directory. He used the .Net System.DirectoryServices classes to do all the work. here is how you can use /n software's LDAP cmdlet to manage directory servers like AD. The LDAP cmdlet supports plain connections as well as secure SSL connections. The LDAP cmdlet will work with any directory server, including AD, ADAM, OpenLDAP, Novell, etc. The LDAP cmdlet uses its ...
I love reading TechNet Magazine. They always have a host of timely and well-written articles in every issue. And as much as I try to go "paperless" having a printed magazine comes in handy when in an airport or when I have to spend extended amounts of time in "my office." On occasion they will have some bonus posters or materials included in each issue. My all time favorite is now available from Microsoft Downloads as a .pdf file. It loses some of its impact and grandeur not being in poster form, ...
Last year I posted the rules about how to remotely change your LDAP password. Its not very obvious because of the fact that the procedure depends on what server you're using (Active Directory, OpenLDAP, Novell, etc), and even then how your server is configured. Here is how you would change your password using the LDAPS component of IP*Works!! SSL (note, an SSL connection is required in order to change your password remotely if you are an Active Directory user. Otherwise you can do this with the LDAP ...
Wow. I get buried for a week and get transported into a parallel universe. Microsoft and Novell make an historic agreement. And while some folks in the open source community aren't happy, it seems most (including me) think this is a pretty good deal for building software in general... I mean, being able to just these three things: "...Microsoft and Novell will jointly develop a compelling virtualization offering for Linux and Windows..." - Right on! "...make it easier for customers to federate Microsoft ...
…How To… Backing up Active Directory should always be a very crucial part of your backup regime. If Active Directory gets corrupted for whatever reason (a virus written to do this very thing for example) then without a backup you are in trouble. Here I describe exactly how to backup Active Directory. Read the rest of this entry ...
Had a small issue at the shop today with permissions in TFS – one of the things I still occasionally get spun up about is the different ways it handles security between TFS itself, the SharePoint portal and Reporting Services, I mean why can’t it all go based on Active Directory if it’s deployed in a domain environment or Local Groups if deployed in a Workgroup environment? Or am I just being picky? I know I’ve heard before that when Microsoft was rolling this out there was sufficient enough feedback ...
A good article on CodeProject detailing code for a Directory.Copy() method. This version also is a good example of how to use events with your background threaded code. I was near the end of a drawn out development project for adding users to an Active Directory server when I was informed I would also need to set up their Thunderbird client settings. This required me to create a copy of a directory, sub-directories, and files over at the user's "My Documents" folder. I tried using Microsoft's MSDN ...
Any application of cryptography in building a secured infrastructure uses many of encryption, hashing and signature ciphers. In fact all the cryptographic solutions that are available today include a comprehensive infrastructure with many ciphers, extensive security policies, rich tools for creating, deploying and managing secure applications and other integrated set of cryptographic services. One such infrastructure that comes with Windows 2000 is Public Key Infrastructure (PKI). The challenge for ...
To retrive all imformation from avtive directory through ldap protocol using objX509Cert = System.Security.Cryptograph... string filter = "mail=*"; xd = lcl.LDAPInfo(filter); public XmlDocument LDAPInfo(string filter) { XmlDocument xd = new XmlDocument(); string domainAndUsername = string.Empty; string userName = string.Empty; string passWord = string.Empty; string Sur = ""; string Cn = ""; string Name = ""; string GName = ""; string DGname = ""; string Member = ""; string Init = ...
In Addition to the links that I posted previouslyhttp://geekswithb... Here are some more useful links Source: http://www.sharepointblogs.... Free SharePoint Web Parts (3rd Party) ActiveX Scripting Web Part (Simon Mourier) AD Management Web Part (Fabian) Alert Manager, Subweb Viewer Web Parts (Mart Muller) Avail Lists & Libraries (Sig Weber) Blogparts (Steen Molberg) Breadcrumb Site Navigation Web Part ...

Microsoft's podcast page. Find links and RSS feeds for mp3 and wma versions of all podcasts as well as feeds for product specific podcasts like SQL, Exchange, Vista, Active Directory and Scripting. 

Link to Podcasts: Download Audio of Webcasts and Hear Them on the Go

I am beginning to create a large specialized content management system for my workplace. This Content management system is for a School District. I have looked at a handful of CMS's and came to the conclusion that in order to get mine to do what I want, it would take more effort to re-work their open source CMS's than to just create one myself. This is mainly due to the fact that this CMS will perform ALOT of specialized functions. I am going to do my best to blog about the entire process, about ...
I have had trouble in the past when installing the Exchange System Manager (ESM) on my laptop so I can modify email information about a user in Active Directory Users and Computers (ADUC). I get conflicts with Outlook (some shared or overwritten DLLs I imagine) or in the case of Outlook 2007 Beta 2, outright consistent crashes. I found this article by Jim McBee on how to copy just the needed DLLs from an Exchange server to the workstation in question. The page isn't available on his site for some ...
…How To… In this article I describe how to install Active Directory on Windows 2003 server. It should be noted that the procedure is virtually identical to install Active Directory on Windows 2000 server. This is what Windows is all about and knowing Active Directory is something necessary for both MCSE exams and day to day running of a Windows domain. Read the rest of this entry » ...
• What is SharePoint? Portal Collaboration Software. • What is the difference between SharePoint Portal Server and Windows SharePoint Services? SharePoint Portal Server is the global portal offering features like global navigation and searching. Windows SharePoint Services is more content management based with document libraries and lists. You apply information to certain areas within your portal from Windows SharePoint Services or directly to portal areas. • What is a web part ...
Keith Brown has written a great article for MSDN on how to build identity-aware applications for .NET. From the introduction: What is an "identity-aware" application, anyway? In my mind, first and foremost it's an application that relies upon details of its clients' identity, adjusting its behavior based on those details. That's why the first section of this paper focuses on authentication. Another part of being identity-aware is being directory aware. I'm not here to tell you to throw away SQL Server ...
Resume – Senior, Hands-On, .NET, C#, VB, ASP, XML, SQL, SharePoint, Crystal, Reporting Services Developer, Team Leader, Hard-Core Coder Rodney Vinyard, 29 Windermere Road, Montclair, NJ 07043 rodney.vinyard@gmail.com · Seeking North NJ/Manhattan .NET/SQL developer job. · Hands-on .NET, C#, VB, SQL, ASP, XML, XSLT, Reporting Services, Crystal. · 30 years of productive, software engineering experience. · Inventive, focused, hands-on software designer, engineer & coder. · Effective leader, writer ...
Built-in security features critical for today's enterprise applications Although most corporations take security precautions at the network level, the majority of application security must be built into the application itself. Several important application security features including role-based access control, automatic sign-out, and database-resident password storage. Role-based access control You can automatically add end-user authentication (sign-in) and role-based access control as a standard ...
This article explains how to add the users to a PDL programmatically. In large organizations, most of the employees may belong to more than one project project/work groups. Each project/workgroup maintains a separate distribution list for communicating with its members. As number of members in a workgroup increases, maintaining the PDL becomes an overhead. One way to do it is to automate the process In this process, official email-id of the all members are entered in a text file. We will read from ...
So among several other things this week I managed a quick sneak peak at an early (Alpha?) release of Citrix's Tarpon (Application Streaming) yesterday, what I found interesting was not that it would appear that Citrix are leaning towards using blue instead of red for some of the pretty bits? nor that there was a nice shiny new Citrix Client, but I suddenly realised that I was examining Tarpon from a purely Technical Focus and to really appreciate what might be possible meant that I had to shift to ...
I recently took a look at using Windows Workflow Foundation to create a simple Human Workflow to manage a procurement process on SharePoint Portal Server. So I set about integrating SharePoint Portal Server (SPS), InfoPath and Windows Workflow Foundation to achieve this goal was it easy … well yes. Here are the blog entries I can remember which really helped me out. Which Style of Workflow When Windows Workflow + SharePoint 2003 + BizTalk Scenario Built Out (Unfortunately SharePoint Portal Server ...
For Authorization we had the requirements that we had to be able to easily assign a specific user to a certain "role" and they would have all the priveledges associated with that role. We had to be able to make users members of multiple roles. We also had to be able to configure what specific priveledges belonged to each role. In addition, we had to be able to assign a specific user to a specific role, but then also give them access to one or more specific priviledges in addition to those granted ...
I had to come up with a solution to provide Authentication for our ERP applications. There were two major use case scenario's. Either the user would be logged into Windows/Network using a domain account, and we could authenticate them by using Impersonation on our Web Server, or the user would be a shop floor operator who don't have domain accounts, primarily because multiple operators share the same computer. The operators would have to authenticate themselves at the application level using a fingerprint ...
I've been looking for and testing many different Content Management Systems and this one takes the cake. On top of offering top noch workflow management, Active Directory and LDAP Integration, it has a concept called "Smart Spaces". This allows the administrator to easily control security by creating rules on each space (folders) that allow, deny, or direct content to another location. I have a very large collection of electronic documentation, such as word documents and PDF files. The Alfreso search ...
At the June Capital Area Microsoft Integration and Connected Systems User Group (MICSUG) meeting on the 22nd, I will be presenting on how to use Extensions to perform custom tasks such as migrating users from one SharePoint Web Site to another, transforming identity information, etc. I found a useful link on MSDN which contains some of the code samples that come with the MIIS installation. Under the Using Microsoft Identity Integration Server 2003 page, listed are the following of note at least to ...
I attended the first SharePoint (Session #1 - Level 100 - June 3rd, 2006) at Devry University in Miramar, Room #240, from 2:00 pm to 5:00 pm this weekend. I am very impress with the SharePoint class today, and from Duray Akar's lecture and I have learned more about: 1. List items in calendar 2. Automatically convert Office documents in SharePoint repository, such as World and Excel to Adobe ® allow distribution of read-only, non-editable copies 3. Establish a referential integrity relationship between ...
Well, according to the Microsoft Rep we are offically able to talk more about SharePoint 2007. So I guess the best way for me to relate what I am finding with the program that I am participating in would be to go through the general lessons that we are doing. Hands On Lab 1: This is pretty much a whats new in the SharePoint 2007. SharePoint 2007 is drastically changed from teh blocky old view that was 2003. It is cleaner and seems to be way more organized. Navigation has been cleaned up a lot since ...
If you need to find a username but only have an ip address, if you use active directory (AD) then you can use the following method to find out the username: At the command prompt enter the following command:nbtstat –a ipaddressWhere ipaddress is the ip address.This will list the machine name using that ip address. Then run the following command:net view /domain:ad > somefile.txtWhere ad is the name of the domain you want to search and somefile.txt is the name of the file to contain the output. ...
In a previous post I detailed some conditions existing on development teams that would suggest some changes need to be made in order to bring about better performance and ultimately higher quality software. In this post I will identify a couple more Team Smells and discuss how these issues can be remedied and why these conditions should be addressed in the first place. Smell: Developers Spent Way Too Much In The Debugger (AKA Debugger Junkies) A good feature-rich debugger like the one that comes ...
I implemented mixed Authentication for DotNetNuke ( Use Windows Integrated Authentication for seamless logon intranet logon and use Forms authentication for users unable to use Windows Integrated authentication), similar to as I did it before for my ASP.NET application . See my previous post about some problems that I had. It is also required to promote imported from Active Directory Administrator user to SuperUser. The current DNN core doesn't support this.It only allows to create a new SuperUser. ...
A great set of “HOWTO”’s from the p&p group at Microsoft. They cover quite a bit of territory: How To: Call a Web Service Using Client Certificates from ASP.NET How To: Call a Web Service Using SSL How To: Create a Custom Account to Run ASP.NET How To: Create a Custom Encryption Permission How To: Create a DPAPI Library How To: Create an Encryption Library How To: Create GenericPrincipal Objects with Forms Authentication How To: Configure the Machine Key in ASP.NET 2.0 How To: ...
Expected launch dates Product Date expected Current status Comment Windows Server 2003 R2 Feb 2006 RTM Includes Active Directory Federation Services and UNIX password synchronisation, improved replication technology, .NET 2.0 and new tools for distributed storage configuration. Visual Studio Team Foundation Server Mar 2006 Beta 3 The server component of Visual Studio Team System. BizTalk 2004 Server 2006 Q1 2006 Beta 2 Support for SQL Server 2005 and Visual Studio 2005. New management console. Internet ...
I was passed on this Microsoft announcement today of the release of WSSRA Virtual Environment for Development and Test. This set of documents and prescriptive guidelines shows you how to build an accurate emulation of a corporate enterprise data center. “By building with Microsoft Virtual Server and implementing only the IT services relevant for development and test, this instantiation is compact, requires far less hardware, and is easier to build and maintain.” The WSSRA-VE package contains ...
What is UDP, and how do I use it? UDP stands for User Datagram Protocol, and it is also known as RFC678. What does RFC stand for? UDP is an alternative protocol to TCP, Transmission Control Protocol, which is used for serving webpages. It is used for a variety of things including networked games. I'm interested in understanding how to read the Endpoint Mapper found at port 135 in Window's machine. Microsoft has a tool called PortQry, which enables one to do UDP queries in a straight-forward manner. ...
I have realised that I have made something of an error in that I have failed to include Doug Brown @ DABCC.com in my list of RSS feeds, so I have taken a good look through the items that have been posted in the last month or so and posted a consolidated list here: But please take time to check out Doug's site and keep an eye on the MIAB ver 4.0 coming soon.... Web Interface 4.0 Command-line Installation and Site Management Web Interface 4.0 supports installation, uninstallation, site creation, site ...
No rest for the wicked! My first week back has meant clocking up the miles and visiting vendors and attending meetings. One of the software vendors I went to visit was Sybase at their Maidenhead office and particularly their mobility division. I would like to thank Ian Matthews and Tim Roberts for there hospitality. The day visit was a deep dive into the Afaria mobility management product. Afaria, if you have done your homework, is the pretty much the market leader in the mobility management space ...
As part of a new global Active directory roleout, we recieved 4 xSeries 346 servers today, which will function as domain controllers. Here are some pictures I made (also on my Flickr! work page) IBM xSeries 346 server, with a 5 disks in the front. Mark is placing the controller. The Blower-array of the IBM xSeries 346 server. Each fan can be taken out seperately, or you can take the entire rack of fans out in one go. This little module that looks much like a memory stick, is in fact the Adaptec/IBM ...