Archive for the ‘Active Directory’ Category

« Older Entries

OCS – List All AD Enabled User Accounts That Are Also OCS Enabled

Monday, February 6th, 2012

2012-02-06 Initial Post
Windows Server 2003 SP2
Office Communications Server 2007 (non-R2)

csvde -f getOCSUsersListCSVDE-Output.csv -r "(&(objectCategory=user)(msRTCSIP-UserEnabled=TRUE)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))" -s dc001 -l "displayName" -j .

See http://support.microsoft.com/kb/269181 for explanation of userAccountControl and using bitwise filters with LDAP.

Posted in Active Directory, Batch File, LDAP, OCS | No Comments »

Active Directory LDAP Authentication and Security

Thursday, February 2nd, 2012

2012-02-02 Updated

2012-01-23 Initial post

One of our application administrators asked me to help him troubleshoot why LDAP user authentication didn't work correctly in his application, Oracle Agile PLM (Product Lifecycle Management) 9.3.1. I decided to look into LDAP authentication a little more and here are some notes I made. I wasn't able to find a nice simple article that answers this question: How is LDAP user authentication handled in AD? (more...)

Posted in Active Directory, IT Security, LDAP | No Comments »

Configuring Active Directory for LDAPS (LDAP over SSL)

Thursday, September 1st, 2011

2011-10-01 Reformatted for clarity

2009-01-13 Initial post

BACKGROUND

By default, Kerberos will encrypt the LDAP authentication only, but not the actual LDAP traffic. You can enable LDAPS (LDAP over SSL) to encrypt the entire LDAP session in Windows AD. (more...)

Tags: , , , , ,
Posted in Active Directory, IT Security, LDAP | No Comments »

Details about Administrator Audit Logging in Exchange 2010

Thursday, August 11th, 2011

2011-08-11 Updated

2011-06-16 Initial post

Exchange Server 2010 SP1

When I checked the other week, I could not find any good documentation on the Administrator Audit Logging feature. I'm writing this post to share my research on this feature. (more...)

Posted in Active Directory, Exchange Server | No Comments »

Details about Service Connection Point for Exchange Autodiscover

Saturday, June 4th, 2011
2011-06-04 Initial Post
(I don't know why WordPress isn't spacing the paragraphs correctly, and I don't have the patience to mess with this anymore so that's why this post is all jumbled together.)
Summary
The Autodiscover service is not a separate Windows service—it’s a Web-based service that runs under Default Web Site. The Autodiscover Service Connection Point (SCP) data in AD is what internal Outlook 2007 and newer clients use to find information about the Exchange configuration such as the Availability Service URL. Each Exchange CAS server has an SCP object under its Exchange server object. The SCP object uses the CAS server’s name (I think it’s the NetBIOS computer name). The serviceBindingInformation property of the SCP object contains the value of the Autodiscover service’s internal URI/URL. That URL is what clients use to connect to. (more...)

Posted in Active Directory, Exchange Server | 2 Comments »

« Older Entries