Office 365 is booming.. everyday new companies decide to make the switch to easy online messaging and collaboration services on the cloud. While the cloud should make life easier for administrators, setting up the co-existence environment seems a bit harder. Although Microsoft has tons of help material available .This post is to clearify the interaction when settings up a co-existence environment with Office 365.
For this example I have added a TMG server to validate the requests. As many companies have additional firewalls in front of the TMG server, this is also displayed. And the TMG server serves another role to in the advanced setup, where we explain that it is possible to have OWA users use two-factor authentication while ActiveSync users can continue to authenticate against the federation server with their “passive” clients. (see the next post)
I was trying to get a test environment up and running that should reflect the production environment of my customer (off course at the customers site.. secured and all).. one task was to duplicate the OU structure, group structure and user information (without passwords). Browsing through the web I found a VBS script that can […]
So no posts for a long time, been busy though.. and the latest addition to this blogpost is about SharePoint. Who would have thought.. In my case the customer wanted to enrich the User profiles that came from Active Directory with Novell attributes that where in a central identity store. While SharePoint is capable of […]
So this post is more of an advertisement.. Office 365, the latest version of BPOS (Business Productivity Suite Online) is in beta stage at the moment and more enterprises decide to go for it. It is based on Exchange 2010, Lync (new OCS), SharePoint 2010 and lots more.. My colleagues have decided to create a […]
So everybody should enable firewall policies in order to keep their environment secure. Best practice is to manage the firewalls through policies.. keep a default policy to enable the firewall and do not allow incoming connections.. then based on server role add exceptions and ports. That way, each server added to the domain is secured by the firewall by default, but additional policies can enable applications to receive traffic.
I’ve been working with CCF the last days, CCF you say what is that? Well its a product from Microsoft that can be used to enhance the experience of users when working with multiple applications that require the same input. Say we have a call center with many applications. When a customer calls the agent asks for your zip code or address. Then you state your problem and the agent needs to open a different program and re-enter your zip code, then the company needs to send you a package and for that application he again needs your address details.. annoying for you (every time the agent asks you for your creds and even more annoying for the call center agent since he/she has to type the same info multiple times.
So CCF can help you with that..it requires a lot of programming to integrate all the apps, but it could be worth it.. are you designing CCF? are you interested in the architecture.. check out this post …
A new post about kerberos.. indeed some techno stuff nobody seems to understand but is very important for security. A new feature in Windows 2008 IIS7 is the kernel mode support, what does it do, and more important how can it help you?
Once in a while, antivirus companies create a new signature file that kinda stops the entire system instead of just the virus..
It’s like the docter amputates the heart of the patient, just to cure a brooze
Congratulations McAffee this time:
When creating a forest trust, each domain within the trusted forest becomes trusted. While this is sometimes not desired it is possible to limit the scope by implementing selective-authentication. It is possible to only allow authentication between those domains you want by granting the allowed to authenticate right to only those domains objects.
In a previous entry I’ve explained how you can run services under the new Managed Service Account. Say now that we want to use this service account in combination with Kerberos and the account needs to be trusted for delegation. We set an SPN to it, but in the Active Directory Users and Computers, we seem to be unable to find the trusted for delegation option.. Let’s take a closer look at these accounts once they have been created, to do this we’ll be using ldp.exe