Dave Horner's Website - Yet another perspective on things...
Home Tech Talk Windows OS Windows Server notes - NT, win2003, ws2008, win2008
83 guests
Rough Hits : 2999624
moon and stars
how did u find my site?





 
onomastics (seen in code)












 
If you can't explain it simply, you don't understand it well enough.
--Albert Einstein

Windows Server notes - NT, win2003, ws2008, win2008

Wednesday, 28 November 2007 14:48

Windows Server 2008

Download details: Windows Server 2008 Step-by-Step Guides


Deven Kampenhout's Tech Blog : Windows Server 2003 Resource Kit (How I learned to freely burn ISO images in Windows)
Talks about using active directory software restriction policies.
WindowsDevCenter.com -- Windows Server Hacks: Disable "Run As"


Password Complexity

Changing your password policy is not straight forward with Win2003. You actually have to create a new password filter DLL to do it correctly. While this is fine and well...I am a programmer. You'd think it would be something easy to do for server administrators....this is not a good solution for them.
Sample Password Filter (Windows)
Redmond | Feature Article: New Password Mantra: Go Long
I don't like the idea of turning off complexity, but the following website describes how to do it...
Disable Password Requirements in Windows Server 2003 Domains
Ten Windows Password Myths

Password reset

CodeProject: How to change a user's password on a remote computer?.


Active directory and group policy

Deploy applications, ctrl-alt-delete settings, etc.
Don't know group policy, you don't know security!
Group policies are updated on the clients when they restart, when they login, or when they poll for changes.
Group policies are pulled they are not pushed.
GPMC - Group policy management console (built in to Vista and Server 2008), also available to download.
AD Explorer
Download details: Group Policy Management Console with Service Pack 1
Group Policy Resource Center : GPanswers.com
SDM Software Group Policy Freeware - checkout SDM GPMC PowerShell Cmdlets.
Intellectual Ponderings: Enumeration of All Users in a Group (traversing nested groups) in Active Directory
Intellectual Ponderings: Enumeration of All Groups for a User (traversing nested groups) in Active Directory
Super simple Active Directory with Samba | kieranbarnes - installing samba on Ubuntu and joining it to an Active Directory domain. This doesn't allow you to login to Ubuntu with domain credentials but allows you to share and access files with domain credentials.
Active Directory DHCP Authorisation Issues | kieranbarnes - The specified servers are already present in the Directory Service || DHCP Server not authorized - Force replication of Active Directory to the other sites, or wait for the replication cycle to be completed.
[Snippet] Forcing Replication Between Domain Controllers | kieranbarnes
Win32::NameTranslate - Convenience perl wrapper around IADsNameTranslate interface - metacpan.org - Perl programming language NameTranslate FAQ
Active Directory Cookbook, 3rd Edition - O'Reilly Media
# This Perl code finds all disabled user accounts in a domain.

# ---------------------------------------------------------------
# Adapted from VBScript code contained in the book:
#      "Active Directory Cookbook" by Robbie Allen
# ISBN: 0-596-00466-4
# ---------------------------------------------------------------

# ------ SCRIPT CONFIGURATION ------
my $strDomainDN = "";    # e.g. dc=rallencorp,dc=com
# ------ END CONFIGURATION ---------
use Win32::OLE;
$Win32::OLE::Warn = 3;
my $strBase   =  ";";
my $strFilter = "(&(objectclass=user)(objectcategory=person)" . 
                "(useraccountcontrol:1.2.840.113556.1.4.803:=2));";
my $strAttrs  = "name;";
my $strScope  = "subtree";

my $objConn = Win32::OLE->CreateObject("ADODB.Connection");
$objConn->{Provider} = "ADsDSOObject";
$objConn->Open;
my $objRS = $objConn->Execute($strBase . $strFilter . $strAttrs . $strScope);
$objRS->MoveFirst;
while (not $objRS->EOF) {
    print $objRS->Fields(0)->Value,"\n";
    $objRS->MoveNext;
}


Find name of Active Directory domain controller - Server Fault - nslookup set type=all _ldap._tcp.dc._msdcs.<Domain FQDN>

LDAP

LDAP Binding Strings
WinNT vs. LDAP
LDAP Admin: Overview
Use PHP and LDAP to list members of an Active Directory group (Improved) | sam j levy
.NET Active Directory - Understanding LDAP Active Directory User Object Properties/Attributes
Grok LDAP fast
Creating a simple LDAP application (python specific)
| Sys Admin Extraordinaire | » Blog Archive » Configuring Active Directory for LDAPS (LDAP over SSL)
FreeIPA - FreeIPA is an integrated Identity and Authentication solution for Linux/UNIX networked environments.
LDAP Synchronization Connector [LSC] - LSC is an Open source connector to synchronize identities between an LDAP directory and any data source, including any database with a JDBC connector, another LDAP server, flat files, REST API ...
pGina - Open source Windows authentication


Asset management

MS is rolling out some new asset management with AIS and MDOP. Looks like it is going to be easy to see exactly what it on all machines enterprise wide. Something to watch for sure.
System Center Online : Introducing Microsoft Asset Inventory Service (AIS)


Exchange

Windows Mail Server Software, Webmail Exchange Alternative, SmarterMail 5.x - SmarterTools
Michael's meanderings... - great blog on exchange, powershell, and active directory stuff.


freeIPA || identity, policy, audit

Enable Single Sign On (SSO) authentication for all your systems, services and applications.
FreeIPA
purpleidea/puppet-ipa - puppet-ipa a puppet module for freeipa.
Securely managing secrets for FreeIPA with Puppet | The Technical Blog of James


OWIN - Katana Project

new set of middlewares meant to support enterprise grade authentication and claims based identity via standard protocols, making integration with Azure Active Directory and ADFS straightforward.
WS-Federation, OpenId Connect (id_token and id_token+code, via form_post), OAuth2 bearer token authentication for Web API
OpenID,Twitter,JSON token exchange,wsfederation, it's like authentication for the 21st century!
Microsoft.Owin.Security.MicrosoftAccount - Middleware that enables an application to support the Microsoft Account authentication workflow.
Microsoft.Owin.Security.Google - Contains middlewares to support Google's OpenId and OAuth 2.0 authentication workflows.
Katana Project - Home
Microsoft Azure Active Directory Samples and Documentation
Last Updated on Thursday, 05 May 2016 16:13