Active Directory – Page 6

Active Directory, Articles and Books, Business, Consulting, Network Infrastructure, SQL, Ubuntu, Unix, VMware, Windows Server

Getting Started with Amazon's EC2 Cloud

May 1, 2009

Yesterday I did a quick review of the various cloud offerings from Amazon. Previous to that I had done a review of using S3, the Amazon storage service, with Mac OS X, primarily through the lens of using S3 as a destination for Final Cut Server archives. Today I’m going to go ahead and look at using EC2 from Mac OS X. To get started, first download the EC2 tools from Amazon. Next, log into Amazon Web Services. If you don’t yet have a login you will obviously need to create one to proceed. Additionally, if you don’t yet have a private key you’ll need one of those too –…

Read More

krypted
Active Directory, Mac OS X, Mac OS X Server, Mac Security, Windows Server

Disable SMB Signing

April 27, 2009

Mac OS X 10.5 supports SMB signing. But if you have some older operating systems you may need to disable SMB signing when using Windows Server 2003 and up to host your files, typically when the 2003 Server is also a Domain Controller (DC). To determine if SMB signing is required use Netmon (Network Monitor). When using Netmon it is best to use a hub rather than a switch. Once you have set the addresses and performed a capture, you’ll then look for the SMB negotiation string. Options here are values of 3, 7 and 15 meaning SMB signing is disabled, enabled/not required and required respectively. If SMB signing is…

Read More

krypted
Active Directory, Mac OS X, Microsoft Exchange Server

Address Book.app and Exchange Contacts

February 17, 2009

Over the years Apple has slowly been adding Exchange functionality to a number of their products, quietly. While Snow Leopard is reported to add even more functionality there are still a number of things you can do with Exchange from the Mac OS X client. For example, Address Book can pull information from your Exchange contacts. This isn’t to say that every single field will work, but the basics do work – and pretty well. To connect to your Exchange server from Address Book, open the program and then open the Preferences menu. From the General tab check the box for Synchronize with Exchange as seen here: Now click…

Read More

krypted
Active Directory, Mac OS X Server, Unix

Samba 4: A Poor Mans Active Directory

January 21, 2009

Today I pulled down the Samba 4 binaries and installed it using the instructions the developers are slowly building on the Samba 4 wiki. Overall it was a fairly painless experience, although I do believe I have a couple of bug reports to file (not surprising considering it is not out yet). Overall I found the process to be far easier than it has been in the past. The Samba team seems to realize that in order for Samba 4 to compete with Active Directory that it needs to integrate really well in the *nix server ecosystem. For example, like Active Directory you can choose to have Samba integrate into…

Read More

krypted
Active Directory, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment, Windows Server

Mac OS X: Directory Services Debug Log

October 25, 2008

When you’re trying to troubleshoot issues with Directory Services on Mac OS X sometimes the best thing you can do is put the directoryservices daemon into debug mode. To do so you would use the following command: killall -USR1 Directory Service By default errors get trapped into this file: /Library/Logs/DirectoryService/DirectoryService.error.log But when in debug mode using -USR1 you can see more specific errors in the /Library/Logs/DirectoryService/DirectoryService.error.log file. You can then use commands such as tail in conjunction with grep in order to isolate issues to specific strings such as ADPlugin. If you choose to use -USR2 for debugging then the logs will get written into the /var/log/system.log file. To disable verbose…

Read More

krypted
Active Directory

Extend the AD Schema in 2008 Server using ldifde

October 6, 2008

To import directory objects, at the command prompt, type the following command, and then press ENTER: ldifde–i-ffilename-sservername:port-m-ausername domain password To export directory objects, at the command prompt, type the following command, and then press ENTER: ldifde-e-ffilename-sservername:port-m-ausername domain password

Read More

krypted
Active Directory, Mass Deployment, Windows Server

Windows Server 2008: Install RIS and WDS

September 29, 2008

In Windows Server 2008 you can use the Server Manager application to enable RIS (part of Windows Deployment Services, WDS). To do so, open Server Manager and click on Roles in the left column. Then click on Next and read the Introduction to WDS items. It’s worth noting that you can setup your server as a Transport Server in WDS, which is a bit like Multicast clustering (eg – multicast ASR imaging for the Mac). It’s also worth noting that a Deployment Server will use parts of the Transport Server to do its job so you’ll need to install both. Once you’re satisfied with your selection, click Next and then…

Read More

krypted
Active Directory, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment, Windows Server

Mac OS X: Force LDAP Signing using dsconfigad

September 27, 2008

dsconfigad did not support signing of LDAP packets in 10.4.x. However, this was an upgrade that was introduced in the 10.5 version of the AD Plug-in. Provided that your Active Directory environment uses LDAP signing, a standard policy with DCs, you can mirror your settings on the DC in dsconfigad by using the -packetsigning option followed by either an allow, disable or require variable. To force LDAP signing, just run the following command: dsconfigad -packetsigning required To then disable signing if your environment doesn’t support it use the following command: dsconfigad -packetsigning disable The default variable is allow, which will use LDAP signing when possible.

Read More

krypted
Active Directory, Windows Server

Windows Server 2008: AD Schema

September 23, 2008

Importing ldf files is one way to extend an Active Directory Schema. In 2003 you could use ldifde to import ldif or ldf files. In 2008 you’ll be happy to know the syntax hasn’t changed. To import directory objects use the following command ldifde–i-ffilename-sservername:port-m-ausername domain password To export directory objects use the following command ldifde-e-ffilename-sservername:port-m-ausername domain password

Read More

krypted
Active Directory, Mac OS X, Mac OS X Server, Mac Security

Mac OS X Server 10.5: Customizing Trust Time for the adplugin

August 14, 2008

You can use the adplugin to customize the amount of time a client is trusted by Active Directory. It can be done by using the following command: dsconfigad -passinterval 30

Read More

krypted