Active Directory Cookbook Blog

Top-selling Active Directory Book for the first half of 2004: Active Directory Cookbook 

[http://www.amazon.com/exec/obidos/tg/detail/-/0596004648/ref=ase_robbieallensh-20/103-5762472-7215055?v=glance&s=books]

Active Directory Cookbook has been the best selling AD book according to both Amazon and B&N since its release last October! I'm glad the book turned out to be as useful as I hoped it would. Perhaps one day I'll post some of the wonderful reviews I've received from readers.

I plan on updating the book some time in 2005. If you there are additional topics you'd like to see covered, drop me a note. On my short list so far I have ADAM, Exchange, Kerberos, Display Specifiers (maybe), Tracking Changes, and Authorization Manager.

# posted by Robbie (8/30/2004 01:13:02 AM)

Latest version of rendom supports Exchange 

[http://www.microsoft.com/windowsserver2003/downloads/domainrename.mspx]

You can rename domains that have Exchange in them now. (This was one of the big limitations with the original version of rendom.) You must be running Exchange Server 2003 SP1.

# posted by Robbie (8/30/2004 01:03:58 AM)

Summary of the recent spate of /3GB articles 

[http://weblogs.asp.net/oldnewthing/archive/2004/08/22/218527.aspx]

Here you can find all sorts of information on the boot.ini /3GB switch. Apparently there is still lots of confusion about what that switch does or doesn't do.

# posted by Robbie (8/30/2004 12:59:36 AM)

Changes and enhancements to Windows XP Support Tools under SP2 

[http://techrepublic.com.com/5100-6270_11-5312919.html]

There are some updates to the AD utilities in the XP SP2 Support. Nothing major, but you'll want to see if you can take advantage of any of the updates.

# posted by Robbie (8/30/2004 12:55:17 AM)

Article: Using pGINA to Authenticate Users in Microsoft Windows Environments 

"This article addresses a common challenge -- how to authenticate users in a mixed environment running the Solaris and Microsoft Windows operating systems. This article describes how you can use pGINA software with a variety of authentication plug-ins to authenticate users to a unified authentication scheme. The pGINA software also provides a way to avoid deployment of Microsoft Active Directory. The article is intended for technical people who are interested in directory services and the integration of Microsoft Windows into a heterogeneous environment. This article is valuable to technical readers of any level."

# posted by Robbie (8/28/2004 09:01:25 AM)

Why we named a bit in the directory after BillG 

http://blogs.msdn.com/exchange/archive/2004/08/23/218924.aspx
Here is some interesting trivia about the origins of Ambiguous Name Resolution in Active Directory. For more on ANR, see recipe 10.13 in AD Cookbook.

# posted by Robbie (8/23/2004 01:50:39 PM)

Where Art Thou MS AD Team Bloggers?? 

The MS Exchange team has been maintaining a very informative blog for over 6 months. Where are the MS AD bloggers? I know a lot of people would love to hear about the latest goings on with AD straight from the horses...uh...blog.

# posted by Robbie (8/23/2004 01:48:22 PM)

OpenLDAP Developers' Day - San Diego - 2004 

The presentations are available from the recent OpenLDAP Developers' Conference. There is some interesting stuff in here. Specifically, Kurt Zeilenga's preso mentions a couple of new specs that are in the works. The new matching rules (RFC 3698) look interesting along with entryDN (draft-zeilenga-ldap-entrydn-xx.txt), which should allow you to create filters that search against the content of a DN (I've been asking for this for years). Hopefully AD will follow suit.

# posted by Robbie (8/22/2004 11:46:23 AM)

RSS Feeds for Exchange Administration 

RSS feeds for Exchange administration is an interesting idea. It would be fairly straightforward to do something similar on the AD side: create an RSS feed based on one of AD's change tracking features.

# posted by Robbie (8/22/2004 11:15:16 AM)

LiveTime Software Announces Multi-Domain Active Directory Access to Its J2EE Support Products 

"LiveTime Software today announced that the latest versions of LiveTime Support Desk and LiveTime Help Desk now fill the gap between multi-domain Active Directory (AD) access and J2EE support applications. LiveTime has the ability to scan across multiple domains to locate its users, enabling customer support with greater security and lower administration overhead. The user details are synchronized between LiveTime and the AD to ensure the information is up-to-date at all times." Continue at source.

# posted by Robbie (8/18/2004 08:09:58 PM)

Article: Put Your Finger on Proper Security 

Here is a good article by Roberta Bragg about using Biometrics with Active Directory.

# posted by Robbie (8/18/2004 08:06:23 PM)

Whitepaper: Windows Server 2003 Security Guide 

This whitepaper includes tips on hardening domain controllers, among other types of servers. The download also has numerous security templates for various types of servers including domain controllers.

# posted by Robbie (8/18/2004 08:00:24 PM)

New Download: PortQryUI - User Interface for the PortQry Command Line Port Scanner 

Microsoft has just made a graphical interface available for their PortQry command-line tool. It is pretty cool. Check it out.

# posted by Robbie (8/18/2004 07:55:04 PM)

Whitepaper: Five Key Lessons to Securing Your Active Directory 

"Abstract: Active Directory (AD) is the backbone of a Windows Server 2003 or Windows 2000 Server domain infrastructure, providing a channel for security implementation and maintenance in the forest. Secure AD and you have advanced the protection of all forest elements. Ignoring AD security can put your entire infrastructure at risk.

Securing AD, however, is not a trivial task. Many Windows security subsystems are integrated with it, and many of them can be used to secure it. The account database, Kerberos authentication protocol, password policy, definition of user rights and system controls, assignment of object permissions—all are contained in or managed with AD. You must also consider the distribution of its elements and the nature of the people who interact with it. AD is not some entity that can be localized on a single machine but spans multiple computers and networks. It presents a broad attack surface and many threats must be evaluated. There are literally hundreds of steps that should be at least considered when designing, implementing, and maintaining AD security. This e-book can help you with that task. "

# posted by Robbie (8/18/2004 07:24:30 PM)

Article: Microsoft prepping directory upgrade 

"Microsoft says it is readying synchronization technology that makes it easier and safer for companies to build directory-enabled applications that sit on Windows servers in certain departments or outside corporate firewalls.

New technology in the works for the next version of Windows Server, code-named R2, would let the applications make use of select data from a corporate Active Directory infrastructure without exposing the internal directory to the Internet. The release is slated for next year."
Continue at source.

# posted by Robbie (8/02/2004 08:22:08 AM)

This page is powered by Blogger. Isn't yours?