Vista introduces several new functionality and few of then (to be specific two) requires our AD environment to get prepared through schema extension. These schema extension needed to run new Vista's features will be part of LH schema, but LH is still somewhere behind the horizon and we have to take care about it by ourselves. Two new ...

Some question were raised by few peoples about directory object auditing - mostly in a context of question "Who deleted the object?" - so I've decided to give this topic a little space. Windows 2000\2003 provides us with auditing mechanism which can be used also to track changes for Active Directory objects. Probably this isn't ...

I was asked lately to check some things connected with authentication users accessing Apache based web-site against AD. It is quite simple but requires some configuration so I’ve gathered things all together and here is is – how to make Apache web server authenticating users against AD using mod_auth_kerb module. Here’s a ...

Maybe CMS 2002 is not most popular content management software in the world but some people are using it in the real world. This is a case with our customer here who will deploy web application based on CMS 2002 in his network. This company maintains two separated AD forests, one is internal forest for company itself and second is AD forest for ...

Today I finally arrived into office after long time being on-site at customer’s office and I had some time to read blog feeds I’m subscribed to. One of my ‘must read’ blogs is Joe’s blog and I’ve noticed some new entries there. Among them on which I found very interested, and everyone who is still running ...

After my previous post about confidential bit I received great feedback through blog comment system (Thanks Jorge and Lee) and in off-line conversation on newsgroup. I’ve decided to gather this additional information in next post as an update to my original one. First of all when You want to use confidential bit for some attribute You ...

Lately I have to explain to one of our customers how to create attribute in Active Directory which can be protected with additional permissions from reading its content. Such possibility was introduced in Windows 2003 SP1 but when I looked for some information to point our customer to I didn’t found much documentation so I decided to ...