Welcome to Dirteam.com/ActiveDir.org Blogs Sign in | Join | Help

Browse by Tags

All Tags » Directory servi... » Security   (RSS)

Kerberos and non-standard port number

Posted Sunday, December 20, 2009 8:52 PM by tomek
Kerberos in Windows Operating System is around for about 10 years and it is still causing problems and for many people it is like black magic voodoo . In most cases organizations and people in it are not aware that it is now working until it problem will Read More...
2 Comments

userPassword

Posted Sunday, November 22, 2009 10:59 PM by tomek
One of my friends PFE has asked me a question regarding userPassword attribute in directory which was related to some behavior he was observing in customer environment. We had a little chat about it and then I thought that maybe other has such questions Read More...
0 Comments

Where to put SSL certificate for LDAP …

Posted Wednesday, June 17, 2009 10:06 PM by tomek
Protecting LDAP traffic with SSL is a good idea, especially if in network environment some applications are (ab)using LDAP as authentication protocol. Some explanation of abusing word – LDAP never was designed as authentication protocol (like Kerberos Read More...
0 Comments

Critical vuln in MIT Kerberos implementation

Posted Monday, March 24, 2008 9:38 PM by tomek
This isn't something which is in line with my day to day work, however this is something which may affect many organizations so I've decided to add my blog to list of sties which will duplicate this information. Secunia has reported critical vulnerability Read More...
0 Comments

Schema extensions for Vista new features

Posted Monday, December 04, 2006 10:58 PM by tomek
Vista introduces several new functionality and few of then (to be specific two) requires our AD environment to get prepared through schema extension. These schema extension needed to run new Vista's features will be part of LH schema, but LH is still Read More...
1 Comments

Office 2007 ADM templates

Posted Saturday, November 11, 2006 3:56 PM by tomek
Microsoft has published on Downloads Office 2007 ADM templates for downloads. As Office 2007 will be launched soon and may start to show up in our networks maybe it is worth to take a look at ADM possibilities before this will happen. Read More...
0 Comments

MIIS newbie tales - Export password attribute with Extensible MA

Posted Tuesday, October 03, 2006 11:43 PM by tomek
Today I had a little chat on e-mail with Alex Tcherniakhovski which was about following topic: how to create export only attribute with Extensible MA to set initial password for newly provisioned account? (OK, this wasn't exactly such topic but this is Read More...
2 Comments

Disable simple bind without SSL on ADAM

Posted Sunday, September 24, 2006 9:57 PM by tomek
Today on ActiveDir.org ~Eric pointed out interesting feature in ADAM which allows ADAM administrator to configure ADAM instance to reject simple bind attempts on ports without SSL. To do this one have to edit properties of CN=Directory Service,CN=Windows Read More...
3 Comments

Auditing directory changes aka "Who deleted this object"

Posted Thursday, September 21, 2006 9:02 AM by tomek
Some question were raised by few peoples about directory object auditing - mostly in a context of question "Who deleted the object?" - so I've decided to give this topic a little space. Windows 2000\2003 provides us with auditing mechanism Read More...
5 Comments

Auditing policy changes misunderstanding

Posted Monday, August 21, 2006 9:17 PM by tomek
This topic is probably familiar for most of peoples who are playing with Windows systems for a while, but maybe some newbie will get here so here’s the post. Today I responded in some thread on Polish web portal regarding how to audit changes in Read More...
0 Comments

Apache and kerberos authentication within AD domain

Posted Sunday, August 06, 2006 3:24 PM by tomek
I was asked lately to check some things connected with authentication users accessing Apache based web-site against AD. It is quite simple but requires some configuration so I’ve gathered things all together and here is is – how to make Apache Read More...
2 Comments

Using ADFS with Content Management Server 2002

Posted Friday, July 21, 2006 8:22 AM by tomek
Maybe CMS 2002 is not most popular content management software in the world but some people are using it in the real world. This is a case with our customer here who will deploy web application based on CMS 2002 in his network. This company maintains Read More...
0 Comments

Dynamic objects aka why You should upgrade to Windows 2003 SP1 if You haven’t done it yet

Posted Friday, June 23, 2006 10:08 AM by tomek
Today I finally arrived into office after long time being on-site at customer’s office and I had some time to read blog feeds I’m subscribed to. One of my ‘must read’ blogs is Joe’s blog and I’ve noticed some new entries Read More...
0 Comments

Confidential bit follow-up

Posted Tuesday, November 29, 2005 12:45 AM by tomek
After my previous post about confidential bit I received great feedback through blog comment system (Thanks Jorge and Lee) and in off-line conversation on newsgroup. I’ve decided to gather this additional information in next post as an update to Read More...
0 Comments

How to create and use confidential attributes

Posted Monday, November 21, 2005 9:53 PM by tomek
Lately I have to explain to one of our customers how to create attribute in Active Directory which can be protected with additional permissions from reading its content. Such possibility was introduced in Windows 2003 SP1 but when I looked for some information Read More...
14 Comments