Click here to Download DSDebug

DSDebug will be made on available on the Apps page as well.

Similar Articles:

• Setting up a Dual Directory with Snow Leopard Server
• Mac OS X: Trusted Binding
• Mac OS X Server: Directory Services Just Stops working
• Mac OS X: What is Open Directory?
• Password Protecting QuickTime Streams

The skew in Windows is actually customized using the Maximum tolerance for computer clock synchronization Kerberos policy. If you cannot change the time on the client (ie – you don’t have a local account)… Unique circumstance, but if it didn’t happen it likely wouldn’t end up here…Similar Articles:

None Found

• Mac OS X: Setting a Software Update Server without Open Directory
• Snow Leopard & Directory.app
• Mac OS X Server: Software Update Server Setup
• Mac OS X: User Templates
• Samba 4: A Poor Mans Active Directory

Therefore, even if your computers time changes provided that the relative time to the time on the KDC (be it Active Director or Open Directory) is accurate then you should still be in good shape. Overall, this is a great new feature of Snow Leopard. It’s been integrated into Firefox as well (in your about:config page look for geo.enabled) and I’d expect to start seeing it on a number of devices and in a number of applications that can be geography-aware without having to implement GPS.Similar Articles:

• Automating NTP Setup on Mac OS X
• Automating Locations with networksetup
• What Version of Mac OS X Am I Running?
• Mac OS X: Changing Locations from the CLI
• iostat on Mac OS X

• Allow ARD Access into an ARD Server
• Snow Leopard + SkyHook = Kerb Problems?
• Snow Leopard & Managed Client Preferences
• Snow Leopard & Directory.app
• Likewise Open 5.3 Supports Snow Leopard

get-WmiObject -class Win32_Share

Assuming communication is working as intended, you can also query for the shares of other systems, by adding a -computer switch and specifying the host you’re listing shares on, as follows:

get-WmiObject -class Win32_Share -computer dc1.krypted.com

One can also list shared printers with a little trickeration in the {} side of things:
get-WmiObject -list | where {$_.name -match “Printer”}Similar Articles:

• Show Logical Disks in Windows with PowerShell
• Exchange 2007: Change Default Domain with PowerShell
• Scripting Compellent
• Exchange 2007: Find Hidden Users using PowerShell
• Exchange 2007: Using PowerShell To Create A Database

Password Monitor is a simple utility that will count down the days until a user’s Active Directory password is due to expire. An OS X 10.5 (or newer) system properly bound to an Active Directory is the only requirement. Additional features include the ability to display the exact expiration date on the logon window (admin rights required) and to automatically launch the utility at startup. The number of days between required password changes has to be manually set in the preferences. The range has to be between 5 and 365 days. The default is 60 days.

Similar Articles:

• Mac OS X: dirt
• Getting Started with tar
• Programatically Setting Password Policies
• Mac OS X: User Templates
• Password Encryption

• Mac OS X: What is Open Directory?
• 5 Tools for Extending Google Apps
• Mac OS X Server 10.5: Self Updating Directory Entries
• Moving the LDAP Database in Open Directory
• Replica Trees & Tuning Open Directory

Next, log into Amazon Web Services. If you don’t yet have a login you will obviously need to create one to proceed. Additionally, if you don’t yet have a private key you’ll need one of those too – in that case there will be a big green box to create it when you first log in. When the keys are created you can double-click on the x.509 certificate file to install it into Keychain. This key is a private key so make sure not to give it out. You can return to this screen later if you need to.

Next, go to the AWS Management Console. Because I don’t personally find the site terribly user friendly I like to keep the Management Console bookmarked. Once you have the Management Console open, click on Instances and then click on Launch Instance. You will then be greeted by a list of prebuilt virtual machines that you can use. Amazon has built Fedora and Windows for you, which will be listed under the QuickStart tab of the Launch Instances screen; however, you can also click on Community AMIs in order to use one that has been built and made available by others within the EC2 community. These include Debian, Ubuntu and CentOS (amongst others).

Once you have picked your poison, click on Select and you will then be prompted to create a key pair specifically for the instance. The reason for this is that you might have instances that you’ld like to distribute information for to people you wouldn’t want to access all of your images globally to your account. You can skip this step or enter a name for the keypair and click on Create. Now click on Continue and you’ll be prompted to create a security group. A security group controls the ports that are opened to/from your virtual machine. For Windows you’ll pretty much always want RDC (3389) open (pretty much) and for *nix, typically SSH. Amazon tries to make this easy and so pre-fills the form with common ports based on your use. Think of a security group like an Access Control List on a Cisco. You can resuse them across various instances. Next, click Continue.

Next, you’ll be asked to provide a name for the VM (aka AMI), a number of instances of the VM and whether the AMI is to be a smaller, standard item or whether it will be hit with high CPU utilization. You’ll also be able to select the security group to apply to the host based on the previous information. The name will be automatically filled in based on the template you chose to use, so you can actually click on the Change button if you’d like to supply a new name.

Next, click Launch and the AMI will start to fire up, becoming an instance. Windows AMIs will take a little longer in my experience than Linux AMIs. While the instance is booting, it is worth mentioning that at this point you’ll notice the option to launch/create volumes and what Amazon calls Elastic IPs. Amazon doesn’t provide an IP for free, as you may have noticed when you accepted their terms of service. Therefore, if you are going to create an instance that will have static access over the WAN using a static IP, you will need to go ahead and assign an elastic IP to it. Unless that is, you can communicate with the instance even if it has a dynamic IP (there are a ton of ways to do this). The volumes option allows you to build storage that is independent of the instance. This can be used to mount on multiple instances (although I haven’t found a way to do so concurrently) or to simply have storage independent of the instance so that you can easily move data.

Now click on Instances. Here, you’ll note that your newly created instance is listed. Click on it and then click on More Actions and select Get Password (where OS is the OS you chose to setup). Here, you’ll receive an option to decrypt the password using the Private Key. You can cat the .pem file that was downloaded when you setup the key and copy/paste the entire contents into the field. Once the field has been populated, click on the Decrypt button and you will see the Admin/root password for your new virtual host.

Next, click on Connect and you’ll find instructions to connect to your new instance (for Windows it will be a dynamic DNS entry to use RDC with). You can now login. Once you have connected it is as though you are in a typical VM environment. Next, you’ll want to take a look at the options for Bundle Tasks (if you’re using Windows), which allows you to duplicate an AMI into multiple instances. You’ll also want to look at Volumes, as mentioned previously and Snapshots, which can be used to back up the Volumes.

Overall, we were able to create a new instance of Fedora, Windows or Ubuntu (even those tuned to be Active Directory domain controllers, LAMP hosts or SQL), faster than if we installed it from scratch and without using any resources outside of Amazon to do so. Later, we’ll look at doing all of this from the command line. And don’t forget to stop your instance so that you don’t get billed for all that time that you’re not using it!Similar Articles:

• Custom VMs using S3+EC2
• Looking at Amazon's Cloud
• Windows XP: Reset Product Key
• Windows: Local Policies
• Bubble Alerts w/ Silent Installs

If SMB signing is required then you can set it to enabled/not required for testing.  To do so, you will use the Microsoft network client: Digitally sign communications (always) policy in Group Policy (gpedit.msc from Start->Run of the host in question or edit the policy from a DC).  Setting the policy to disable would still have the policy enabled if the client and server can negotiate signing.  At times we may think that the attempt at signing will cause a failure, although this is pretty rare; therefore you can disable signing by setting the Digitally sign communications (if client agrees).

These values can also be controlled using the following registry path:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters

Similar Articles:

• Mac OS X: Force LDAP Signing using dsconfigad
• Programatically Setting Password Policies
• Automating NTP Setup on Mac OS X
• Mac OS X 10.5: Disable Glass Shelf in Dock
• Basic pkcs12 Management with security