Welcome to Dirteam.com/ActiveDir.org Blogs Sign in | Join | Help
 
 

in Search

Browse by Tags

All Tags » Security » Directory servi... » Active Directory
  • Kerberos and non-standard port number

    Kerberos in Windows Operating System is around for about 10 years and it is still causing problems and for many people it is like black magic voodoo. In most cases organizations and people in it are not aware that it is now working until it problem will occur on a surface with some application not working or reports not being displayed on MOSS web ...
    Posted to Tomek's DS World (Weblog) by tomek on December 20, 2009
  • userPassword

    One of my friends PFE has asked me a question regarding userPassword attribute in directory which was related to some behavior he was observing in customer environment. We had a little chat about it and then I thought that maybe other has such questions as well so … here’s a topic for a blog.  Behavior my friend was observing was related to ...
    Posted to Tomek's DS World (Weblog) by tomek on November 22, 2009
  • Where to put SSL certificate for LDAP …

    Protecting LDAP traffic with SSL is a good idea, especially if in network environment some applications are (ab)using LDAP as authentication protocol. Some explanation of abusing word – LDAP never was designed as authentication protocol (like Kerberos is). Its name states it clear “DIRECTORY ACCESS PROTOCOL”. However because it is simple to use ...
    Posted to Tomek's DS World (Weblog) by tomek on June 17, 2009
  • Schema extensions for Vista new features

    Vista introduces several new functionality and few of then (to be specific two) requires our AD environment to get prepared through schema extension. These schema extension needed to run new Vista's features will be part of LH schema, but LH is still somewhere behind the horizon and we have to take care about it by ourselves. Two new ...
    Posted to Tomek's DS World (Weblog) by tomek on December 4, 2006
  • Auditing directory changes aka "Who deleted this object"

    Some question were raised by few peoples about directory object auditing - mostly in a context of question "Who deleted the object?" - so I've decided to give this topic a little space. Windows 2000\2003 provides us with auditing mechanism which can be used also to track changes for Active Directory objects. Probably this isn't ...
    Posted to Tomek's DS World (Weblog) by tomek on September 21, 2006
  • Apache and kerberos authentication within AD domain

    I was asked lately to check some things connected with authentication users accessing Apache based web-site against AD. It is quite simple but requires some configuration so I’ve gathered things all together and here is is – how to make Apache web server authenticating users against AD using mod_auth_kerb module. Here’s a ...
    Posted to Tomek's DS World (Weblog) by tomek on August 6, 2006
  • Using ADFS with Content Management Server 2002

    Maybe CMS 2002 is not most popular content management software in the world but some people are using it in the real world. This is a case with our customer here who will deploy web application based on CMS 2002 in his network. This company maintains two separated AD forests, one is internal forest for company itself and second is AD forest for ...
    Posted to Tomek's DS World (Weblog) by tomek on July 21, 2006
  • Dynamic objects aka why You should upgrade to Windows 2003 SP1 if You haven’t done it yet

    Today I finally arrived into office after long time being on-site at customer’s office and I had some time to read blog feeds I’m subscribed to. One of my ‘must read’ blogs is Joe’s blog and I’ve noticed some new entries there. Among them on which I found very interested, and everyone who is still running ...
    Posted to Tomek's DS World (Weblog) by tomek on June 23, 2006
  • Confidential bit follow-up

    After my previous post about confidential bit I received great feedback through blog comment system (Thanks Jorge and Lee) and in off-line conversation on newsgroup. I’ve decided to gather this additional information in next post as an update to my original one. First of all when You want to use confidential bit for some attribute You ...
    Posted to Tomek's DS World (Weblog) by tomek on November 28, 2005
  • How to create and use confidential attributes

    Lately I have to explain to one of our customers how to create attribute in Active Directory which can be protected with additional permissions from reading its content. Such possibility was introduced in Windows 2003 SP1 but when I looked for some information to point our customer to I didn’t found much documentation so I decided to ...
    Posted to Tomek's DS World (Weblog) by tomek on November 21, 2005
Powered by Community Server (Personal Edition), by Telligent Systems