AD LDS resources

Main entry point: AD DS vs AD LDS – Active Directory solutions compared http://technet.microsoft.com/en-us/library/cc731868(v=ws.10).aspx step1 – backup AD LDS: http://technet.microsoft.com/en-us/library/cc730941(WS.10).aspx step2 – restore AD LDS: http://technet.microsoft.com/en-us/library/cc725903(WS.10).aspx On MS Technet:   AD LDS Replication Step-by-Step Guide Step 1: Practice Managing Replica AD LDS Instances Step 2: Practice Managing Site Objects Step 3: Practice Managing Site Link ObjectsContinue reading “AD LDS resources”

Unix interoperability (SSSD) with a Microsoft Domain

SSSD principle: SSSD for SuSE (sles): https://www.suse.com/support/kb/doc/?id=7022002 http://www.novell.com/support/kb/doc.php?id=7014572 RHEL: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/index https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/SSSD-Introduction.html Troubleshooting SSSD: https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/SSSD-Troubleshooting.html Resolution:   id  <userid> ; getent passwd <userid> Authentication: ssh <userid>@localhost   In addition to redhat guide, there are tones of interesting links: http://thornelabs.net/2014/01/30/authenticate-rhel-5-and-6-against-active-directory-on-windows-server-2008-r2-with-sssd-using-kerberos-and-ldap.html http://www.chriscowley.me.uk/blog/2013/12/16/integrating-rhel-with-active-directory/

Free Tools for System and Network or DB Administrators

Free tools for Windows sysadmin   – Find string if files on Windows: using findstr /s /i findstr /s /i /C:”provider=sqloledb” d:\dir\*.* Find and replace string in file (Find and Replace == fnr) : http://findandreplace.io/download other tool requiring also JAVE: FAR https://sourceforge.net/projects/findandreplace/ – Test SSL and TLS: https://www.qualys.com/sslchecker _Well-known online tools for network engineers: https://dnschecker.org https://www.whois.net/ https://mxtoolbox.com/ https://whatismyipaddress.com/ http://ping-test.org/ https://www.portcheckers.com/Continue reading “Free Tools for System and Network or DB Administrators”

Portqry failed with UDP/389

Understanding UDP 389 portqry error and how to solve this issue: https://social.technet.microsoft.com/Forums/windowsserver/en-US/a6d07279-6852-4dfb-afc7-f06f5b1034c2/port-389udp?forum=winserverDS https://social.technet.microsoft.com/Forums/sharepoint/en-US/70e97298-42f3-4908-a55f-a18c28572185/udp-389-ldap-did-not-respond-?forum=winserverDS Solution: check windows firewall check AV software (McAfee, Symantec…) check if IPV6 is disabled else renable it: http://tenof11.blogspot.fr/2013/08/disabling-ipv6-causes-389udp-to-fail-on.html

What is OAuth? OAuth versus Kerberos ! ADFS and OAuth !

Introduction: When Kerberos was chosen to be AD’s authentication protocol in the mid- to late-1990s, the World Wide Web was a shadow of what the Internet offers today. Although the Kerberos ticket contained an encrypted password hash that could be attacked, there wasn’t any substantial requirement to provide support outside the highly protected corporate firewall.Continue reading “What is OAuth? OAuth versus Kerberos ! ADFS and OAuth !”

Active Directory: How to limit ldap queries ?

Hi, here is a new article to explain how to limit ldap queries (in order to minimize attacks or to minimize impact on the performance of ldap/AD server): Technet article: https://social.technet.microsoft.com/wiki/contents/articles/14559.active-directory-ldap-policy.aspx AD does not allow anonymous connection: http://support.microsoft.com/kb/326690/en-us By default, anonymous Lightweight Directory Access Protocol (LDAP) operations to Active Directory, other than rootDSE searches andContinue reading “Active Directory: How to limit ldap queries ?”

AD CS (PKI) Installing and Troubleshooting SSL certificate

The simplest way is using the MMC certificates. However is it only available for the GUI-based Windows servers. If you are using Core-based Servers, you cannot use the MMC. Or if you prefer, it is also possible using the command line: Note: To request a SSL certificate on w2k8-w2k8r2, it is recommended to use the default CA template:Continue reading “AD CS (PKI) Installing and Troubleshooting SSL certificate”

Searching AD objects with ldapsearch

Ldapsearch is available by default on most of Linux/Unix with Openldap packages installed. else ldapsearch is also available on Windows servers: http://sourceforge.net/projects/openldapwindows/?source=directory syntax: ldapsearch -x -LLL -E pr=200/noprompt -h [AD Host] -D [AD User] -w [AD Pass] -b [Base DN] -s sub “([LDAP Filter])” [attr list] example: ldapsearch -b dc=mydomain,dc=net -h dc1.mydomain.net -D ‘cn=app-nceldap,ou=services&applis,dc=mydomain,dc=net’ -wContinue reading “Searching AD objects with ldapsearch”

LDAP resources

LDAP LDAP (Lightweight Directory Access Protocol) est un protocole d’accès à un annuaire,  dérivé d’ X500, au dessus de TCP/IP. C’est une implémentation allégée du protocole ISO DAP. Il est devenu le standard des annuaires électroniques qui prennent de plus en plus d’importance dans les systèmes d’information des entreprises… Pointeurs pour démarrer Le tutorial LDAPContinue reading “LDAP resources”