Brian Redmond's Weblog

Good IT Stuff

Browse by Tags

Related Posts
  • Blog Post: Excellent Web Cast on the Identity Management Solution Series

    The Microsoft Identity and Access Management Solution Series is a set of prescriptive guidance, code samples, and architecture references that guide customers on building real life Identity Management solutions. This web cast will cover the upcoming release on Provisioning and Workflow as well as a roadmap...
  • Blog Post: New MS Press Group Policy Book

    This book has some great details on Active Directory Group Policies. I can't wait to get a copy myself. http://www.microsoft.com/MSPress/books/8763.asp
  • Blog Post: New command line tools for W2K3 Active Directory

    These aren't really that new, but they were newly added when Windows Server 2003 was released. Windows had some AD command line tools like ldifde and csvde, but the new tools can be very handy. In fact, there are actually tons of new command line tools in Windows 2003 worth taking a look at. Article...
  • Blog Post: What it is like to work for MCS...

    I got a question asking what it is like to work for Microsoft Consulting Services. This may very well be one of my friends messing with me, but regardless, I thought it might be worth telling some stories now and then. The particular question was about work/life balance. There is no sugar coating here;...
  • Blog Post: If you exporting to AD/Exchange with MIIS, you might need to disable the RUS

    I was working on a project recently and the Exchange 2003 Recipient Update Service (RUS) was adding X.400 addresses and other junk to my mail enabled users. I was basically mail enabling a bunch of users in AD to synchronize the GAL with another email system. I could certainly configure the recipient...
  • Blog Post: Identity Management hurts

    Seriously, this stuff is really hard. I work in the Identity Management space and most of my time has focused more on enterprise Idm solutions (things like metadirectories and provisioning). Recently, I have been studying this from a more wholistic internet identity management topic. Much of the discussion...
  • Blog Post: MIIS cold stand-by licensing change

    New licensing rules from Microsoft to Software Assurance customers allow for cold stand-by MIIS servers without the additional cost. Read here: http://www.microsoft.com/downloads/details.aspx?FamilyId=12D01621-2A23-4EAB-91C0-064A47D64AB6&displaylang=en Why does this matter? The need for high...
  • Blog Post: Just update the schema and quit worrying about it!!!

    I am a little sick and tired about hearing that people are tentative about modifying the Active Directory schema! Maybe this is Microsoft's fault since we put so many warnings up about doing this. I say modify it like crazy. In fact, I think we should all add a schema attribute called "i-modified-the...
  • Blog Post: Sorry, but I have been busy

    What ends up happening is that I start a new project and get horribly busy and have no time to post. I ended up making a bunch of notes of good things to post, so I have a little backlog of things. Expect a bunch here over the next couple days.
  • Blog Post: AD to ADAM Synchronizer Beta

    In many cases, you might just be looking to setup an ADAM instance that is pretty much a replica of the AD data. MIIS could easily solve this requirement, but maybe you need something more lightweight. The AD to ADAM Synchronizer tool might be the perfect solution. Two key things to remember: One way...
  • Blog Post: Federation... Schmederation. Can't we all just get along?!?

    The eWeek article below talks about Microsoft and the Liberty Alliance. I guess IBM recently decided to join the Liberty Alliance (along with already being a part of designing the ws-federation standards with Microsoft). Interesting article. http://www.eweek.com/article2/0,1759,1681595,00.asp This stuff...
  • Blog Post: What is ADAM?

    ADAM stands for Active Directory Application Mode and is a new application released with Windows Server 2003 (though it can run on Windows XP). It is a lightweight LDAP directory that offers basic LDAP functions with a subset of Active Directory functionality. From the introduction whitepaper on microsoft...
  • Blog Post: Active Directory LDAP Compliance

    Good paper on the compliance of Windows 2000/2003 and LDAPv3 standards. http://www.microsoft.com/windowsserver2003/techinfo/overview/ldapcomp.mspx
  • Blog Post: MIIS Deprovisioning and using ShouldDeleteFromMV

    In general, MIIS solutions have one connected data source that is authoritative for deletes and drives the deprovisioning process. A common MIIS configuration is to set the object deletion rule to delete the MV object when the connector is removed from this authoritative MA. This will cause a MV delete...
  • Blog Post: Identity Management Resources - Getting Started

    I have had people email me looking for information on how to get started. There is a TON of great information out on the web. I have some good places to start below. One of the best things available to learn from is the “scenarios” or “walkthroughs” that are on the web and on...
  • Blog Post: Microsoft and Sun Partnership Progress

    This is somewhat old news by now, but I wanted to remind folks about the announcements in this press release. http://www.microsoft.com/presspass/press/2005/may05/05-13MSSunEventPR.mspx Basically, Microsoft and Sun have really started to show some progress on partnerships that were annouced a year...
  • Blog Post: Interesting Performance Monitoring Tool - Download on microsoft.com

    I recently found a tool that can help do performance analysis on servers in your environment. This tool gathers the data from the Performance Monitor and does some level of analysis to help diagnose issues. It is especially good at IIS 6.0 and Active Directory. Link: http://www.microsoft.com/downloads...
  • Blog Post: Consulting from home...

    I have posted on this Blog recently about life in MCS. This probably holds true for consulting engagements in general. Setting a comfortable travel schedule is really important when you are on the road all the time. On the other hand, this travel schedule would need to be negotiated with the client....
  • Blog Post: It's been a while...

    It seems that I have not been able to find time to post for a while. I am still here. I was starting a new project that was keeping me busy and then we went to our annual Microsoft Global Meeting in Atlanta. Anyway, I have some things queued up, so keep looking. Here is something related to identity...
  • Blog Post: Painful dcpromo experience (Solved!)

    I guess I find it valuable to post painful experiences here. Maybe it will help someone else and it certainly gives me a chance to vent. We were setting up a test forest (single domain) for some very simplistic testing. For some reason, we could not add machines to the domain or dcpromo a second DC...
  • Blog Post: Cool Performance Monitor tools

    If you have ever used Windows Performance Monitor and had trouble changing the time period for really big perf log files, there is a helpful tool for you. I have often driven myself crazy trying to squeeze that time window down to the hour I want and gone crazy. The link below points to a few helpful...
  • Blog Post: File Replication Service (FRS) troubleshooting tools

    The File Replication Service, or FRS, is a critical component of an Active Directory deployment. When it has problems, it can be a lot tougher to troubleshoot than basic AD replication. There are some good Microsoft tools out there that can help. There are probably good 3rd party and freeware tools too...
  • Blog Post: Using the jpegPhoto attribute in AD - Part I

    One of the big advantages of an Active Directory implementation is to store all of someone's personal data in their AD object. Nothing could be more personal than a photo. In many cases, companies already have pictures of users for ID badges, portals, etc. It seems like it would make a lot of sense to...
  • Blog Post: Does my MIIS AD MA account need to be a domain admin?

    The answer here is no . People often grant these accounts domain admin rights to quickly get things working, but this would not be considered a best practice. The best practice is to only grant the account the specific rights it needs to function. This includes: Grant the account read access...
  • Blog Post: 2004 MIIS Users' Group Meeting

    First off, does everyone know there is a really good users' group for MIIS/MMS? Good community out there to help with questions/issues around MIIS. http://groups.yahoo.com/group/MMSUG . Also, this users group is holding its annual users' group meeting in Redmond on 6/24 and 6/25. The info is below...