I wanted to share some information about Storage Server 2008.
First, did you know that Storage Server 2008 has a default password when you install it? Well, I wasn't aware of this until I recently installed this to do some testing. I would imagine there are a lot of people who are not aware of this since in every other version of Windows Server that I have installed you either get to set the password or it makes you change it the first time you login.
The default password is: wSS2008!
I highly recommend you changing this password once your install has finished.
The second thing I wanted to touch on was that you can now download Microsoft iSCSI Software Target 3.2 for Storage Server 2008 via MSDN or Technet. As the name implies this gives you the ability to make your server an iSCSI target without having to purchase 3rd party software. This is very useful when you need a shared storage solution for clustering in Windows Server.
Th iSCSI Software Target is available in x86 and x64.
Well that is it for today. Until next time...
Today we will be discussing how to export users from Active Directory. I will be using the ldifde command to perform this operation.
LDIFDE is a command line utility that is used to import or export information from Active Directory.
Warning: Before attempting this please make sure you have a valid backup.
When exporting users from Active Directory it is recommended to know what attributes are needed. By having this information ahead of time you will ensure you only have the data that is needed.
Non-importable Attributes
When you are exporting users there are certain attributes that should be omitted if the ldif file will be used as an import file into another Active Directory environment. Those attributes are as follows: badPasswordTime, badPwdCount, lastLogoff, lastLogon, logonCount, memberOf, objectGUID,objectSid, primaryGroupID, pwdLastSet, and sAMAccountType
Switches
The following switches will be used to perform the export: -f, -s, -d, -p, -r, and –o
Explanations of the switches are explained below.
-f - this is the file that you are exporting to
-s - This specifies what server you want to run the command against. This is not a required switch since ldifde can select a DC at random. It is recommended that it be used.
-d - Specifies the RootDN – defaults to Naming Context
-p – This is the search scope that ldifde will perform (options are base/one level and subtree)
-r - Specifies the filter that will be used. In our command we are filtering on the User class
-o - This switch tells ldifde what attributes to omit
Commands
The following command will export the user accounts and all attributes that have a value with the exception of the attributes mentioned above.
Example:
ldifde -f Exportuser.ldf -s <Domain Controller Name Here> -d "dc=YourDomain,dc=Com" -p subtree -r "(&(objectCategory=person)(objectClass=User)(givenname=*))" -o "badPasswordTime,badPwdCount,lastLogoff,lastLogon,logonCount, memberOf,objectGUID,objectSid,primaryGroupID,pwdLastSet,sAMAccountType"
In the next example I will show you how to export only a few of the available attributes.
Example 2:
ldifde -f Exportuser.ldf -s <Domain Controller Name Here> -d "dc=YourDomain,dc=Com" -p subtree -r "(&(objectCategory=person)(objectClass=User)(givenname=*))" -l "cn,givenName,userPrincipalName,objectclass,samAccountName"
Once you have determined what you need exported and executed your command your output should look similar to the following (depending on what you are exporting). The following only displays the output of 1 user.
Output:
dn: CN=John Doe,CN=Users,DC=YourDomain,DC=Com
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: John Doe
sn: Doe
givenName: John
distinguishedName: CN=John Doe,CN=Users,DC= YourDomain,DC=Com
instanceType: 4
whenCreated: 20090122031550.0Z
whenChanged: 20090122031551.0Z
displayName: John Doe
uSNCreated: 73758
uSNChanged: 73763
name: Your Name
userAccountControl: 512
codePage: 0
countryCode: 0
accountExpires: 9223372036854775807
sAMAccountName: jdoe
userPrincipalName: jdoe@YourDomain.com
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=YourDomain,DC=Com
mail: John Doe@YourDomain.com
Note: If you plan to import your users into Active Directory you are required to have the following attribues: objectclass and samAccountName
References:
http://support.microsoft.com/kb/555636
http://technet.microsoft.com/en-us/library/cc731033.aspx
http://support.microsoft.com/default.aspx/kb/555638
Today I will be discussing how to digitally sign software for Vista. I had to put these directions together for a customer and I thought I would share them.
When digitally signing software for Vista you should meet the following requirements:
- A valid code signing certificate from a CA that is trusted within your environment - Please click here to read how to setup an Enterprise CA
- The certificate must be installed on the workstation/server that you are performing the following steps
- Windows SDK - The SDK can be downloaded HERE
Once you have met the above requirements you can proceed to the following steps.
1. Click on Start, All Programs, Microsoft Windows SDK and click CMD Shell
2. At the cmd prompt type "cd bin"
3. Type "signtool.exe signwizard" - Click next on the following Welcome screen
4. Select the file that you want to digitally sign and click Next
5. To keep this simple we will select Typical and click Next
6. The following 2 screens are asking for the certificate you would like to use to sign the software. Click on Select from Store and highlight your certificate and click Ok.
7. The following screen is requesting optional information on the data you are signing. You can opt to fill it in or not fill it in and click Next.
8. When signing a software/driver package, you should always use the option to timestamp the signature. This timestamp specifies when the signature was created. If a certificate expires or is revoked for security reasons, then only signatures created before the expiration or revocation are valid. If a timestamp is not included in the signature, then Windows cannot determine if the package was signed before or after the expiration or revocation, and will reject the signature. You can use the following timestamp service Url: http://timestamp.verisign.com/scripts/timestamp.dll
To add the timestamp url, check the box "Add a Timestamp to the data" and put in a valid url and click Next.
9. At this point you have almost finished digitally signing your software. Click Finish.
10. After clicking Finish a dialog box will appear requesting access to a protected item. Click Ok.
11. Now you have completed digitally signing software for Vista. Click Ok.
Note: If you would like to verify your signature you can right click on the file that was just signed and go to properties. Within the properties tab you will now have a Digital Signatures tab. You can click that tab and see your digital signature.
That concludes how to digitally sign software for Vista.
