Pages

July 7, 2014

Understanding Proxy Authentication with multiple domains in AD LDS


Understanding Proxy Authentication with multiple domains in Active Directory LDS


What is Proxy Authentication?

Proxy Authentication allows a user to authenticate against an AD LDS instance while using the password that is stored in Active Directory. In AD LDS you can use AdamSync.exe to create a UserProxy or UserProxyFull object in AD LDS. The Proxy object in AD LDS looks like a traditional user object however it does not have a password stored on it. When an application is pointed to the AD LDS instance and tries to authenticate the AD LDS server pass the SID and password to the domain controller to verify the credentials are correct.


Proxy Authentication with Multiple Domains

READ MORE »
No comments:
Labels: ,

July 1, 2014

ADMT Unable to create or merge object




Problem:

Recently i was migrating a large group of user accounts from one domain to another and the ADMT tool crashed on me unexpectedly. When i restarted the tool one of the accounts gave me the following error "2014-07-01 09:40:15 WRN1:7665 Unable to create or merge object 'CN=John Doe,OU=Users,DC=Domain,DC=com' as another instance of ADMT is currently creating or merging the same object." After searching online i figured out the following steps to resolve this issue.

Resolution:

READ MORE »
No comments:
Labels: ,

June 26, 2014

WMIC Tips

Overview


WMIC (Windows Management Instrumentation Command-Line) extends WMI for operation from several command-line interfaces and through batch scripts.


Command Examples

-- Display installed applications

READ MORE »
2 comments:
Labels: ,

May 12, 2014

Restoring ActiveDirectory Objects

Description

     This document provides tips for restoring Active Directory objects if the Active Directory Recycle Bin is enabled.

Tips


READ MORE »
No comments:
Labels: , ,

January 21, 2014

Granting Non-Admin Users permission to manage specific services

Granting Non-Admin Users permission to manage specific services
1. Login as an administrator 
2. Install subinacl.exe (http://www.microsoft.com/en-us/download/details.aspx?id=23510)
3. Open a command prompt
4. Navigate to c:\program files (x86)\Windows Resource Kits\Tools\
5. Below are examples of the syntax to use to grant permissions to a particular service
   - SUBINACL /SERVICE \\MachineName\ServiceName /GRANT=[DomainName\]UserName[=Access]
   - subinacl.exe /service \\localhost\gupdate /GRANT=domain.com\username=F
   - subinacl.exe /service \\localhost\VMTools /GRANT=domain.com\username=F
6. Log out the administrator and let the end user log back in.

Valid Access Values
 F : Full Control
 R : Generic Read
 W : Generic Write
 X : Generic eXecute
 L : Read controL
 Q : Query Service Configuration
 S : Query Service Status
 E : Enumerate Dependent Services
 C : Service Change Configuration
 T : Start Service
 O : Stop Service
 P : Pause/Continue Service
 I : Interrogate Service
 U : Service User-Defined Control Commands
No comments:
Labels: , , ,
Subscribe to: Posts (Atom)