To find all the printers you have available through Active Directory: dscl ‘/Active Directory/All Domains’ -list /Printers PrinterURI
-
-
Mac OS X: adplugin and AD DNS
Let’s say you bind a Mac to AD. Let’s say you have two NICs in there. Now let’s say you get entries for both NICs in DNS. How do you fix that? Well, go ahead and create an ipfw rule to block traffic on port 54 for the second NIC. You aren’t using it for that anyway if you’re using Xsan, which seems to be the big place we’re seeing this issue… File a bug report if you don’t like the ipfw workaround but don’t hold your breath… UPDATE: Apple actually posted a fix for this: To set Mac OS X Server version 10.5 to only register a single network…
-
Mac OS X: dirt
dirt is a new utility in Leopard that can be used to test Directory Services. You can use dirt to test authentication for LDAP or Active Directory. The -u flag uses the username from the node you are testing against, in the above example it is the Active Directory username. dirt tests whether an account exists in any node and can be used with the following structure: dirt -u username -n This would result in the following output if the account is located in Active Directory: User username was found in: /Active Directory/domainname The -p flag can also be used to test passwords. You can also specify the node in Directory…
-
Bind to AD Using the Command Line
dsconfigad can be used to bind to Active Directory from the command line. Use as follows: dsconfigad -h dsconfigad -show [-lu username] [-lp password] dsconfigad [-f] [-a computerid] -domain fqdn -u username [-p password] [-lu username] [-lp password] [-ou dn] [-status] dsconfigad -r -u username [-p password] [-lu username] [-lp password] dsconfigad [-lu username] [-lp password] [-mobile enable | disable] [-mobileconfirm enable | disable] [-localhome enable | disable] [-useuncpath enable | disable] …
-
Managing the Keytab with ktutil
clear_list – Clears the current keylist read_kt or rkt – Reads a krb5 keytab into the current keylist read_st or rst – Reads a krb4 srvtab into the current keylist write_kt or wkt – Writes the current key listing into a krb5 keytab write_st or wst – Writes the current key listing to a krb4 srvtab add_entry or addent – Adds an entry to the current key listing delete_entry, delent – Deletes an entry from the current key listing list – Lists the current key listing list_requests or lr – Lists available keys
-
Exchange 2003: Applications that Access the Information Store
I would always create a service-specific (Atempo, Blackberry, GFM, Symantec, etc) account that is not a Domain Admin but is an Administrator. Then I would provide the rights mentioned here. So, once you do that then you can go to Services and provide the service with an account to fire up as (eg – AtempoAdmin). Then make sure this key is in the registry (according to which SP you have it might not be) HKEY_CURRENT_USERSoftwareMicrosoftExchange EXAdminShowSecurityPage DWORD value =1 Then fire up Exchange System Manager, click on the Organization, click on the Admin Group and then your group and then properties for it. Then you’ll notice that nice security tab.…
-
Triangle vs. Dual Directory?
It’s just a terminology thing… 😉
-
Microsoft SCCM
Yet another package-based management solution. The monolithic image is dead.
-
Mac OS X: Namespace support?
Tiger does not have any namespace support in dsconfigad. So no multi-domain same account name functionality. Hint: Might be in Leopard (might not).
-
What is a Kerberos Realm
A realm is where the kerberos database is stored. The realm lives on one computer (KDC) and can have read-only slave servers (kinda’ like a cluster). Each realm will have a listing in the following files /private/var/db/krb5kdc/ .k5.FQDN.OF.REALM (secret key) kdc.conf (configuration file for the KDC) kadm5.acl (access control list for KDC)