PREMNAIR'S Blog

"..Unnatural work produces too much stress.."

Active directory users joining from Mac machine

Active Directory

Joining a Mac to the Domain on Mac OS X

Snip20130701_4

Click Users & Group from System preference and click Unlock button

Snip20130701_5

Select the Network Account Server by clicking “Edit” button…this will open the below screen option., then click “Open Directory Utility…

Snip20130701_9

Unlock the edit button and click the Active Directory to select and bind

Snip20130701_8

When you click the edit button, next screen will open to type

  • Active Directory Forest:
  • Active Directory Domain:
  • Computer ID

after typing all the above values, click “Bind

Here another screen will appear to enter Domain Administrator and Password for bind process. type the information and click ok

If the details are correct, below screen will appear with the GREEN button, showing that you have successfully bind the AD to your machine.

Snip20130701_7

After the Bind process to the domain, Expand the “Show Advanced Option” and select the “User Experience” and check the following.

Snip20130701_10

Above selection of “Create mobile account at login”, is only for, if the AD user wants to login at offline mode. This can only be done, if the AD user has logged in once at the on-permises time, so that the system can cached it.

Click ok and go back to Users & Group

Click the “Option” button from “Allow network users to log in at login window”

Snip20130701_11

Another screen will pop-up..by default “All network Users” is selected (if you want to keep all the AD users to log into this computer, keep it as it is or select “Only these network users” and then click the “+” button at the bottom. This will open another window with all the AD users list. Select the user that you want to add and click “Done”

Snip20130701_12

Now go back to the Users & Group, click the Login Option and select the “Display login window as”

Snip20130701_13

If you select “List of users” then this will show only all the active users in that machine at the login time.

If you select the “Name and Password” option, then you can type the user name and the password.

To give the AD user, LOCAL ADMIN right, at the Users & Group Login option, Select the user and then check mark the “Allow user to administer this computer”

Snip20130701_14

Now you are good to go…now unlock the “Login Option” to save the settings and prevent from unauthorised mistakes

Restart the Mac machine and login

Enjoy!!!

Advertisements

July 1, 2013 Posted by | Active Directory, Apple, Mac Mini, Macbook Pro, Microsoft, Mountain Lion, Software | Leave a comment

Add UPN Suffixes to Active Directory users

UPN (User Principal Name) Suffixes: You can use Active Directory Domains and Trusts to add user principal name (UPN) suffixes for the existing user account. The default UPN suffix for a user account is the Domain Name System (DNS) domain name of the domain that contains the user account. You can add alternative UPN suffixes to simplify administration and user logon processes by providing a single UPN suffix for all users. The UPN suffix is used only within the Active Directory forest, and it is not required to be a valid DNS domain name.

To perform this procedure, you must be a member of the Domain Admins group or Enterprise Admins group in Active Directory Domain Services (AD DS), or you must have been delegated the appropriate authority. For using the appropriate accounts and group memberships, Click here.

To add UPN suffixes

  1. To open Active Directory Domains and Trusts, click Start, click Administrative Tools, and then click Active Directory Domains and Trusts.
  2. In the console tree, right-click Active Directory Domains and Trusts, and then click Properties.
  3. On the UPN Suffixes tab, type an alternative UPN suffix for the forest, and then click Add.

The procedure forusing the Active Directory module for Windows PowerShell. To open the Active Directory module, click Start, click Administrative Tools, and then click Active Directory Module for Windows PowerShell.

Sample AD PowerShell command to update UPNs in bulk

Get-ADUser-Filter * -properties homemdb | where {$_.homemdb -ne $null} | ForEach-Object ($_.SamAccountName) {$CompleteUPN = $_.SamAccountName + “@contoso.com”; Set-ADUser -Identity $_.DistinguishedName -UserPrincipalName $CompleteUPN}

The above script:
·        Gets all users with something in their homemdb attribute (i.e. mailbox users)
·        Creates a temporary variable called $completeUPN which is a combination of every user’s samaccountname plus @contoso.com
·        Sets each user to this new upn

Enjoy!!!

March 18, 2012 Posted by | Active Directory, ADFS, Cloud Computing, DIR Sync, Microsoft, Office 365, Power Shell, Software, Windows Server 2008 R2 | , , , , | 1 Comment

Cannot Join Apple OS X Lion to Windows Active Diretory – How to fix it!!!

Action: New Mac OS X Lion to Active Directory binding.

Issue: Everytime I get the following error: authentication server encountered an error while attempting the requested operation.

Findings: Even if I’m connected to the internet, and using the Apple time server, the time on machines is not at all correct, which prevents the machines from binding to Windows Active Directory.

Solutions: Change the date and time to the correct values in your Apple machine and then restart the apple machine. Without a restart, this will not work.

 

October 12, 2011 Posted by | Active Directory, Apple, Lion OS, Microsoft, Software, Windows Server 2008 R2 | , , , | Leave a comment

Remote Server Administration Tools for Windows 7 with Service Pack 1 (SP1)

Remote Server Administration Tools for Windows 7 with SP1 enables IT administrators to manage roles and features that are installed on remote computers that are running Windows Server 2008 R2 with SP1 or Windows Server 2008 R2 (and, for some roles and features, Windows Server 2008 or Windows Server 2003) from a remote computer that is running Windows 7 or Windows 7 with SP1. It includes support for remote management of computers that are running either the Server Core or full installation options of Windows Server 2008 R2 with SP1, Windows Server 2008 R2, and for some roles and features, Windows Server 2008. Some roles and features on Windows Server 2003 can be managed remotely by using Remote Server Administration Tools for Windows 7 with SP1, although the Server Core installation option is not available with the Windows Server 2003 operating system.

This feature is comparable in functionality to the Windows Server 2003 Administrative Tools Pack and Remote Server Administration Tools for Windows Vista with Service Pack 1 (SP1).

To download Remote server administration tools for Windows 7 SP1, click here

Installing Remote Server Administration Tools for Windows 7 with SP1
You must be either a member of the Administrators group on the computer on which you want to install the Administration Tools pack, or you must be logged on to the computer by using the built-in Administrator account.

  • On a computer that is running Windows 7 or Windows 7 with SP1, download the Remote Server Administration Tools for Windows 7 with SP1 package from the Microsoft Download Center.
  • Open the folder into which the package downloaded, double-click the package to unpack it, and then start the Remote Server Administration Tools for Windows 7 with SP1 Setup Wizard. Important: You must accept the License Terms and Limited Warranty to start to install the Administration Tools pack.
  • Complete all installation steps in the wizard, and then click Finish to exit the wizard when installation is finished.
  • Click Start, click Control Panel, and then click Programs.
  • In the Programs and Features area, click Turn Windows features on or off.
  • If you are prompted by User Account Control to enable the Windows Features dialog box to open, click Continue.
  • In the Windows Features dialog box, expand Remote Server Administration Tools.
  • Select the remote management tools that you want to install and click OK.
  • Configure the Start menu to display the Administration Tools shortcut, if it is not already there.
  • Right-click Start, and then click Properties.
  • On the Start Menu tab, click Customize.
  • In the Customize Start Menu dialog box, scroll down to System Administrative Tools, and then select Display on the All Programs menu and the Start menu. Click OK.
  • Shortcuts for snap-ins installed by Remote Server Administration Tools for Windows 7 with SP1 are added to the Administrative Tools list on the Start menu.

April 9, 2011 Posted by | Active Directory, Microsoft, New Service Pack, Remote Server Administration Tool, Software, Windows 7, Windows Server 2008 R2 | , , , , | Leave a comment

Old public folder – How to remove from Exchange server

It is difficult to delete old public folder from EMC. How to do it, use the ADSIEDIT to clear the old ones.

Right click on the folder you want to delete from CN=Exchange Administrative Group, CN=Databases,  and click delete. The go to Active directory Sites and Services and initiate the replication across the domain.

Go to EMC and refresh.

Thats it.

February 12, 2011 Posted by | Active Directory, Exchange Management Console, Exchange Management Shell, Exchange server 2010, Exchange Server Profile Analyzer, Mailbox Server Requirements Calculator, Mails, Microsoft, Public Folder, Windows Server 2008 R2 | , , | Leave a comment

Active Directory – Difference in between SYSVOL and NETLOGON folders

Regarding this topic, Oz Casey Dedeal Virginia, VA, United States had a good article on this topic..Read more Click here

February 10, 2011 Posted by | Active Directory, Microsoft, Software, Windows Server 2008 R2 | , | Leave a comment

Changing your domain password in OWA

In the previous edition of OWA and Exchange server 2007, there was a problem for users to change their password…because the loss of the IISADMPWD virtual directory as a supported feature in Windows Server 2008/IIS 7.0. This prevented OWA users with expired passwords from being able to change their password and log on. This was a problem for many OWA users ; especially remote/mobile users with non-domain-joined computers..From Exchange Server 2010 Service Pack 1 and Exchange Server 2007 Service Pack 3 (running on Windows Server 2008 or Windows Server 2008 R2) onwards, they have a new feature that will allow users with expired passwords to change their password. This also works for users who have their accounts configured to change password on next logon.

Use this procedure to enable it on Exchange 2007 SP3 and Exchange 2010 SP1 Client Access servers. If you are using a CAS Array, you must perform these steps on each CAS in the array.

  1. On the Client Access Server (CAS), click Start > Run and type regedit.exe and click OK.
  2. Navigate to HKLM\SYSTEM\CurrentControlSet\Services\MSExchange OWA.
  3. Right click the MSExchange OWA key and click New > DWord (32-bit).
  4. The DWORD value name is ChangeExpiredPasswordEnabled and set the value to 1.
    Note: The values accepted are 1 (or any non-zero value) for “Enabled” or 0 or blank / not present for “Disabled”
  5. After you configure this DWORD value, you must reset IIS. The recommended method to reset IIS is to use IISReset /noforce from a command prompt.

NOTE : User can’t use a User Principal Name (UPN) (eg: myname@domain.com) in the Domain\user name field in the Change Password window like below. It should be domain\myname

Once you done with it, click submit…make sure that your new password should match with the domain password policy.

December 14, 2010 Posted by | Active Directory, Exchange Server 2007, Exchange server 2010, Microsoft, Office, Office 2010, Outlook, OWA, Software | , | Leave a comment

Exchange Server 2007 Service Pack 3 released

Exchange Server 2007 SP3 supports all Exchange 2007 roles on the Windows Server 2008 R2 operating system.

Exchange 2007 SP3 provides support only for a new installation of Exchange on Windows Server 2008 R2.

Exchange 2007 SP3 is not supported in an upgrade scenario on Windows Server 2008 R2. For example, Exchange 2007 SP3 does not support the following installation scenarios:

  • A new Exchange 2007 SP3 installation on a Windows Server 2008 R2-based computer that has been upgraded from Windows Server 2008
  • Upgrading Exchange 2007 SP2 to Exchange 2007 SP3 on a Windows Server 2008 R2-based computer that has been upgraded from Windows Server 2008
  • Upgrading the operating system from Windows Server 2008 to Windows Server 2008 R2 on a computer that has Exchange 2007 SP3 installed

Exchange Server 2007 SP3 provides

  • further flexibility with the addition of Windows Server 2008 R2 support for server roles and Windows 7 support for the Exchange management tools.
  • These additions, along with enhancements for the advanced protection options against e-mail security threats, such as spam and viruses and the tools which help manage internal compliance and high availability needs provide Exchange administrators with the tools they need to manage their Exchange 2007 environments efficiently.
  • Exchange 2007 SP3 introduces password reset functionality for Internet Information Services (IIS) 7.
  • Exchange 2007 SP3 includes updates to the Exchange Search (MSSearch) component.
  • MSSearch provides support for creating full text indexes for Exchange stores.
  • Exchange 2007 SP3 updates the MSSearch binary files to MSSearch 3.1.
  • Exchange 2007 SP3 includes Active Directory schema changes for certain Unified Messaging (UM) mailbox attributes.
  • Exchange 2007 SP3 includes support for Right-to-Left text in e-mail message disclaimers in a right-to-left language, such as Arabic.
  • In earlier versions of Exchange, when you use a transport rule to create a disclaimer in a right-to-left language on an Exchange 2007 Hub Transport server, the text appears incorrectly when you view it from Outlook 2007.
  • Exchange 2007 SP3 adds functionality to the transport rule setting to fully support right-to-left text in disclaimers

Useful Links

Other downloads

Issues

  1. In the recently released Exchange 2007 Service Pack 3, there’s a version mismatch between the Outlook Web Access (OWA) S/MIME Control, an Active X control used to provide S/MIME support in OWA. After you install SP3, users who have the control installed will get prompted to install the latest version of the control. The way this works – the code compares the “Version” property of the client S/MIME control (MIMECTL.DLL) on the user’s computer with the ProductVersion property of the MSI file (OWASMIME.MSI) on the Client Access Server. to know more click Exchange 2007 SP3 and OWA S/MIME Version Mismatch from Microsoft Exchange Team Blog

July 13, 2010 Posted by | Active Directory, Exchange Server 2007, Internet Information Services (IIS), Microsoft, New Service Pack, Software | , , | Leave a comment

Configure EWS, Autodiscover, OWA, OAB, ECP on Exchange Server 2010

As you all know that the service connectivity for a mail server is the  main concern to all of us. In Exchange server 2010, the connectivity is as same as Exchange server 2007. Once you migrate or install the new version, this should be tested with the proper credentials and certificate..or else, you will end up with your mail server IP going to the blacklist, because of the wrong pointers and configurations. First of all, do the internal test. Go to your computer start bar, right side where Date and time is showing, you will find the Outlook icon, hold Ctrl + right click on the outlook icon and click “Test Email Auto Configuration…”

Select the “Use AutoDiscover” and click Test..

Above one is a success one..If failed, do the below. The Exchange Web Service (EWS) is the web service that allows access to the Out of Office service. If either the internal or external URL for the EWS is missing or incorrect, OOF will fail and other services may not work as expected. Using Exchange Management Shell, check the URLs assigned to the web service virtual directory using the Get-WebServicesVirtualDirectory command

First goto CAS server

Type the following Power Shell command for EWS (Exchange Web Service)

Copy code Get-WebServicesVirtualDirectory |fl identity,internalurl,externalurl

You will get the result like below

Identity    : ECAS1\EWS (Default Web Site)
InternalUrl : https://mailv.domain.com/EWS/Exchange.asmx
ExternalUrl : https://mailv.domain.com/ews/exchange.asmx

Identity    : ECAS2\EWS (Default Web Site)
InternalUrl : https://mailv.domain.com/EWS/Exchange.asmx
ExternalUrl : https://mailv.domain.com/ews/exchange.asmx

If this is not correct, you need to fix it.. This has to be done on Powershell command on the CAS server.

To do that…Copy code

[PS]C:\Windows\system32>Set-WebServicesVirtualDirectory -Identity “ECAS1\EWS (Default Web Site)” -InternalUrl https://mail.domain.com/EWS/Exchange.asmx -BasicAuthentication:$true

[PS]C:\Windows\system32>Set-WebServicesVirtualDirectory -Identity “ECAS2\EWS (Default Web Site)” -InternalUrl https://mail.domain.com/EWS/Exchange.asmx -BasicAuthentication:$true

[PS] C:\Windows\system32>Get-WebServicesVirtualDirectory |fl identity,internalurl,externalurl

Identity    : ECAS1\EWS (Default Web Site)
InternalUrl : https://mail.domain.com/EWS/Exchange.asmx
ExternalUrl : https://mail.domain.com/ews/exchange.asmx

Identity    : ECAS2\EWS (Default Web Site)
InternalUrl : https://mail.domain.com/EWS/Exchange.asmx
ExternalUrl : https://mail.domain.com/ews/exchange.asmx

Now you can see that the URL has been fixed. This is for Web Services.

Now for Autodiscovery….

[PS] C:\Windows\system32>Get-AutodiscoverVirtualDirectory

To see the settings

[PS] C:\Windows\system32>Get-ClientAccessServer |fl identity,autodiscoverserviceinternaluri

RESULT

[PS] C:\Windows\system32>Get-ClientAccessServer |fl identity,autodiscoverserviceinternaluri
Identity                       : ECAS1
AutoDiscoverServiceInternalUri : https://mailv.domain.com/Autodiscover/Autodiscover.xml

Identity                       : ECAS2
AutoDiscoverServiceInternalUri : https://mailv.domain.com/Autodiscover/Autodiscover.xml

To FIX it..

[PS] C:\Windows\system32>Set-ClientAccessServer -Identity ECAS1 -AutoDiscoverServiceInternalUri https://mail.domain.com/Autodiscover/Autodiscover.xml
[PS] C:\Windows\system32>Set-ClientAccessServer -Identity ECAS2 -AutoDiscoverServiceInternalUri https://mail.domain.com/Autodiscover/Autodiscover.xml 

 Now for the Outlook Web Apps, Exchange Control Panel, Exchange ActiveSync, Offline Address book…you have to go to Exchange Management Console (EMC)

  1. Goto one of the CAS server
  2. Open EMC
  3. Goto Server Configuration
  4. Select Client Access
  5. On the Middle top pannel, you can see the CAS server listed.
  6. Select one, on the bottom pannel, you will see like below.

Select each tab and then right click on the object and change the path as required. Once you done with the first CAS servr, do the same for the second as well.

Thats it…you are good to go for production.

July 3, 2010 Posted by | Active Directory, Active Sync, ECP, EWS, Exchange Management Console, Exchange Management Shell, Exchange server 2010, Internet Information Services (IIS), Microsoft, OAB, Office, Office 2010, Office 2011, Outlook, Outlook Webapps, OWA, Public Folder, Software, Transport architecture, Windows Server 2008 R2 | , , , , , , , , | 10 Comments

%d bloggers like this: