Archive for the ‘LDAP’ Category

« Older Entries

OCS – List All AD Enabled User Accounts That Are Also OCS Enabled

Monday, February 6th, 2012

2012-02-06 Initial Post
Windows Server 2003 SP2
Office Communications Server 2007 (non-R2)

csvde -f getOCSUsersListCSVDE-Output.csv -r "(&(objectCategory=user)(msRTCSIP-UserEnabled=TRUE)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))" -s dc001 -l "displayName" -j .

See http://support.microsoft.com/kb/269181 for explanation of userAccountControl and using bitwise filters with LDAP.

Posted in Active Directory, Batch File, LDAP, OCS | No Comments »

Active Directory LDAP Authentication and Security

Thursday, February 2nd, 2012

2012-02-02 Updated

2012-01-23 Initial post

One of our application administrators asked me to help him troubleshoot why LDAP user authentication didn't work correctly in his application, Oracle Agile PLM (Product Lifecycle Management) 9.3.1. I decided to look into LDAP authentication a little more and here are some notes I made. I wasn't able to find a nice simple article that answers this question: How is LDAP user authentication handled in AD? (more…)

Posted in Active Directory, IT Security, LDAP | No Comments »

Configuring Active Directory for LDAPS (LDAP over SSL)

Thursday, September 1st, 2011

2011-10-01 Reformatted for clarity

2009-01-13 Initial post

BACKGROUND

By default, Kerberos will encrypt the LDAP authentication only, but not the actual LDAP traffic. You can enable LDAPS (LDAP over SSL) to encrypt the entire LDAP session in Windows AD. (more…)

Tags: , , , , ,
Posted in Active Directory, IT Security, LDAP | No Comments »

OCS – Find All Users With Federation Enabled via msRTCSIP-FederationEnabled Attribute

Saturday, February 12th, 2011

2011-02-12 Initial Post

Windows Server 2003 SP2

Office Communications Server 2007 (non-R2)

If you want to search for OCS users with federation enabled, use the simple LDAP query filter below. It took me some testing to figure out that "TRUE" had to be in all uppercase/all capitals. Other LDAP filters are case insenstitive, but it looks like searching for boolean values, at least in this case, requires upppercase. (more…)

Posted in Active Directory, LDAP, OCS, Scripting / Batch File / Automation | No Comments »

ActiveSync – Find Enabled Users via msExchOmaAdminWirelessEnable Attribute

Saturday, February 12th, 2011

2011-02-14 Updated

2011-02-12 Initial Post

Windows Server 2003 SP2

Exchange Server 2003 SP2

In the IT business, sometimes what seems like a simple question can result in a few hours of work to get a satisfactory answer. The other day I was asked to look at why a query for all ActiveSync enabled users wasn't returning the correct results. The query was using the msExchOmaAdminWirelessEnable attribute. That attribute holds the values for the settings under user properties --> Exchange Features tab --> Mobile Services. (more…)

Posted in Active Directory, Exchange Server, LDAP, Scripting / Batch File / Automation, VBScript | 1 Comment »

« Older Entries