AD

Force Azure AD Connect DirSync to sync with Office365 Azure AD

Update:

With build 6862 the PowerShell module has moved.  The location for this module is now:

C:\program Files\Windows Azure Active Directory Sync\DirSync\ImportModules.ps1

To allow us to execute the Start-OnlineCoexistenceSync cmdlet we can either:

Java Deployment Rule Set and Enterprise CA

 

My goal is to get a Java Deployment Rule Set in place in my organization, but I do not want to pay third-party certificate authority for a code signing cert when we have a working CA running through Active Directory. I have followed what I think is the correct procedure to get this accomplished, however when I finally go to run any Java applet I receive the following error:

Can not verify self-signed Deployment Rule Set jar

The steps I followed are:

Disable a wireless adapter using an Active Directory Group Policy

How to create container objects in Active Directory

By default, Active Directory will not give a option for creating "Container" objects. It only allows you to create Organization units for grouping the AD objects. However, if your situation demands, you can create a container objects by following the below procedure.

  • Open adsiedit.msc and navigate to schema partition
  • Select Cn=Schema,CN=Configuration, DC=domain,DC=com in left plane

LDAP and Active Directory tools

Using LDIFDE to export Active Directory Objects:http://support.microsoft.com/kb/237677 Start > All Programs > ADAM > ADAM Tools Command Prompt. vbtools adfind 
adfind –b dc=mycompany,dc=com –s subtree -f

"(&(objectCategory=person)(objectClass=user)(samAccountName=j*))"
 http://www.joeware.net/freetools/index.htm  

Add SSL Certificates in Active Directory

For CAs that are not well known, you must add the root CA certificate and intermediate certificate in Active Directory. These steps allow the root CA certificate to be installed in your client systems' Trusted Root stores. For example, you might need to take these steps if your organization uses an internal certificate service.

Adding vCenter template deployed VMs into a specific Active Directory OU

Use the WMIC.EXE with an example command as below:

wmic.exe /interactive:off ComputerSystem Where “name = ‘%computername%’” call JoinDomainOrWorkgroup AccountOU=”OU=XP Workstations;DC=my;DC=domain;DC=com” FJoinOptions=1 Name=”my.domain.com” Password=”xyz” UserName=”admin@my.domain.com

 

We had the same issue here. We solved it using the customization spezification with sysprep functionality to add the VM`s to a specific OU.

 

vCenter SSO AD Source configuration

Note: When adding a SSO source to vCenter SSO in the Web client you MUST add the Domain lookup user with the domain(netBios)\<user> form.

e.g. <netBIOS_Name>\<AD lookup user>

Windows 2008 802.11x Wireless Setup/Configuration

I've recently migrated my wireless network from RADIUS/IAS on Windows 2003 with PKI to Windows 2008 R2. It took me a while to get to the bottom of it so I thought I'd write a How-To to help others out.

Requirements:

# One or more 802.1X-capable 802.11 wireless access points (APs).

# Active Directory with group policy

# One or more Network Policy Server (NPS) servers.

# Active Directory Certificate Services based PKI for Server certificates for NPS computer/s and your wireless PC's

Creating a Java keytool CSR in PKCS#10 format for Microsoft AD Certificate Services Web Enrollment

 

Procedure

  1. Generate a Certificate Signing Request (CSR).

    Before ordering SSL certificates, you must generate a CSR, an encrypted body of text, on your server. Your CSR contains encoded information specific to your company and domain name.

    Use this command to generate a CSR, using the PKCS#10 format.

Pages

Subscribe to RSS - AD