• Windows Server

    Windows Server: Pick What Goes into AD Next

    What you would like to see in the next version of Active Directory Users and Computers? This is a great opportunity for you to provide feedback and help ensure that the features you want make it into ADUC’s next version. If you are interested, or know someone who might be interested in participating, and can make it to Microsoft’s main campus in Redmond, Washington for a two-hour study session, e-mail us at itusable@microsoft.com with ADUC in the subject line.

  • Windows Server

    Windows Server: Who Deleted My Frickin' OU?!?!

    Well, we knew it was possible, but we didn’t know anyone would actually do it.  Based on the title here, you probably already know that someone deleted a whole OU.  Given that about 6-7 people could have done it and none were owning up of course you’re gonna’ get forced to figure out who it was.  Well, let’s get started then.   First, restore the OU.  To do this we’re gonna’ use the ldp.exe utility from the Windows Server 2003 Support Tools.  THen we’re going to open it up and click on the Connection menu and connect to your DC (and authenticate as a Domain Admin or above of course).…

  • Active Directory,  Mac OS X,  Mac OS X Server,  Xsan

    Mac OS X: adplugin and AD DNS

    Let’s say you bind a Mac to AD.  Let’s say you have two NICs in there.  Now let’s say you get entries for both NICs in DNS.  How do you fix that?  Well, go ahead and create an ipfw rule to block traffic on port 54 for the second NIC.  You aren’t using it for that anyway if you’re using Xsan, which seems to be the big place we’re seeing this issue…  File a bug report if you don’t like the ipfw workaround but don’t hold your breath… UPDATE: Apple actually posted a fix for this: To set Mac OS X Server version 10.5 to only register a single network…

  • Active Directory,  Mac OS X,  Mac OS X Server

    Mac OS X: dirt

    dirt is a new utility in Leopard that can be used to test Directory Services.  You can use dirt to test authentication for LDAP or Active Directory.   The -u flag uses the username from the node you are testing against, in the above example it is the Active Directory username.  dirt tests whether an account exists in any node and can be used with the following structure: dirt -u username -n This would result in the following output if the account is located in Active Directory: User username was found in: /Active Directory/domainname The -p flag can also be used to test passwords.  You can also specify the node in Directory…

  • Active Directory,  Mac OS X,  Mac OS X Server,  Mac Security

    Bind to AD Using the Command Line

    dsconfigad can be used to bind to Active Directory from the command line.  Use as follows:      dsconfigad -h      dsconfigad -show [-lu username] [-lp password]      dsconfigad [-f] [-a computerid] -domain fqdn -u username [-p password]                 [-lu username] [-lp password] [-ou dn] [-status]      dsconfigad -r -u username [-p password] [-lu username] [-lp password]      dsconfigad [-lu username] [-lp password] [-mobile enable | disable]                 [-mobileconfirm enable | disable]                 [-localhome enable | disable] [-useuncpath enable | disable]               …

  • FileMaker

    FileMaker and Directory Services

    I originally posted this at http://www.318.com/TechJournal Did you know FileMaker can be configured to authenticate with Open Directory and Active Directory? What does that mean? Well, most companies use a Windows Server or Macintosh Server to allow their employees to log in every day. FileMaker Server 7 now has the ability to connect to those same user accounts instead of having to remember usernames and passwords for both your FileMaker account and your computer account. This also allows companies easier account maintenance when employees join or leave companies. You no longer have to add an account for both the network and FileMaker. In addition to all these benefits, external authentication…