03 janvier 2013

Retour expérience migration DFS-R en inter-forêt

Les migration Active Directory se suivent et se ressemblent à quelques exceptions près. Chaque nouvelle version de système d’exploitation Microsoft vient apporter son lot de nouvelles fonctionnalités que les clients pourront mettre en œuvre à loisir. C’est lors d’une ces ces migrations que j’ai eu l’occasion de travailler sur la migration de namespaces DFS-N et groupes de réplication DFS-R, le tout hébergé sur plateforme Windows Server 2008 R2.   Quelques points à connaitre Une racine DFS-N de domaine est basées sur le nom du... [Lire la suite]
Posté par jcdemarque à 11:45 - - Permalien [#]
Tags : , , , , , ,

12 décembre 2012

Samba 4 released, brings Free alternative to Active Directory

The long wait is over — the Samba project has announced the release of an Active Directory-compatible domain controller. No longer does having an Active Directory (AD) domain controller on a network automatically mean that, somewhere in the building, a Microsoft server is lurking. Today's release announcement of Samba 4.0 means that it is now possible to control an AD domain from a non-Windows system. "Samba 4.0 comprises an LDAP directory server, Heimdal Kerberos authentication server, a secure Dynamic DNS server, and... [Lire la suite]
23 novembre 2012

Au revoir Repadmin /showreps !

Suite au conseil d'un collègue, je vous propose de découvrir un outil qui permet de remplacer Repadmin en étant plus agréable à l'oeil.. il s'agit de AD Replication Status Tool. Ce logiciel permet d'avoir un visuel des réplications AD à un instant T. Relativement léger, il permettra lors d'audit ou de préventives d'avoir un rapide état des lieux de l'AD entre les différents contrôleurs de domaines.   https://www.microsoft.com/en-us/download/details.aspx?id=30005   Merci à Damien Charbonnel pour cet outil! Il faut un... [Lire la suite]
Posté par jcdemarque à 13:53 - - Permalien [#]
Tags : , , , , ,
04 novembre 2012

How To Find When A User Password Expires?

As an admin, how do we find out when a user’s password expires?   It is easy to find, once you know the command The one we need to run is Net User username /domain from the command prompt. It gives you more info than what you are looking for, but it has all the info about the password – when the password was changed, when will it expire etc. --> Please see the rest on the blog : http://www.howexchangeworks.com/2012/11/how-to-find-when-a-user-password-expires.html
Posté par jcdemarque à 16:14 - - Permalien [#]
Tags : , , , ,
27 septembre 2012

HOW TO: P2V a domain controller

A lot has been written about P2V’ing Windows Domain controllers. The preferred way is to build a new domain controller based on a virtual machine and demote the physical domain controller. Rebuilding a new domain controllers may not always be possible due to time constraints or other dependencies like additional software running on the domain controller which can not be easily migrated. However, P2V’ing of a domain controller is possible under the right conditions. These conditions are the same for any other transactional service... [Lire la suite]
Posté par jcdemarque à 11:04 - - Permalien [#]
Tags : , , , , , , , ,
24 septembre 2012

Windows Server 2012 Virtualized Domain Controllers

Domain controllers are very different from non-domain controller computers on your network and that makes duplicating or cloning them somewhat problematic. Domain controllers present important security considerations and virtualizing DCs is something that must be done with care. Windows Server 2012 makes it much easier to deploy and manage secure virtualized domain controllers. In this article, we will discuss some of the issues involved. Issues and solutions One example of the issues you might encounter is when you have two domain... [Lire la suite]

12 septembre 2012

Creating a AD user without knowing it’s initial password

That’s a tricky question. Every user we create in active Directory require an initial password that user will use to connect for the first time. At this step, user account can (and should be configured) to enforce a password change. From a security point of view there might have some problems with this initial password. It must be communicated to the end-user. If someone have access to the initial password and user identity, he can perform operation on behalf of someone else. To avoid such a situation, one solution can be to disable... [Lire la suite]
Posté par jcdemarque à 10:22 - - Permalien [#]
Tags : , , , , ,
09 août 2012

Active Directory Replication Status Tool

After a decade, we have a GUI tool to troubleshoot AD replication problems. It is called Active Directory Replication Status Tool.   Gone are the days where we used repadmin and all it’s different syntax to troubleshoot replication issues in AD. The Active Directory Replication Status Tool (ADREPLSTATUS) analyzes the replication status for domain controllers in an Active Directory domain or forest. ADREPLSTATUS displays data in a format that is similar to REPADMIN /SHOWREPL * /CSV imported into Excel but with significant... [Lire la suite]
Posté par jcdemarque à 15:00 - - Permalien [#]
Tags : , , , , , , , , ,
07 juin 2012

Exchange 2010 Notes from the Field - ActiveSync and Active Directory Permissions Inheritance : ActiveSync not working for users?

One of my earlier Exchange 2010 deployments was at a client that had modified the default inheritance settings of Active Directory such that default security permissions did not apply to some Organizational Units (OUs). This prevented ActiveSync from creating necessary objects and setting necessary attributes to provision iPhones for these users against their Exchange 2010 mailboxes. Similar issues occur if you attempt to configure an ActiveSync device for a mailbox associated with a user that is a member of certain privileged groups... [Lire la suite]
Posté par jcdemarque à 11:34 - - Permalien [#]
Tags : , , , , , , , , , , , ,
22 novembre 2011

Office 365 – Mise en place de la Synchronisation d'Annuaires – Partie 1

Le passage de la messagerie d'une entreprise vers Exchange Online de Office 365 doit être traité comme un projet à part entière. Que l'on soit responsable informatiques ou impliqué dans le projet, l'une des étapes associé à un tel projet est au une phase pilote. Cette phase pilote permet en général de valider l'adoption de la solution et des nouveaux outils associés par les utilisateurs. C'est aussi au cours de cette phase pilote que seront identifié et rectifier les incidents liés à la prise en main d'une nouvelle technologie. Que... [Lire la suite]
Posté par jcdemarque à 15:12 - - Permalien [#]
Tags : , , , , ,