Microsoft PKI Planning and Deploying Certificate Services Part 2
KB ID 0001310 Problem In Part One we deployed our offline Root CA Server, now we are going to deploy a ‘Certificate Revocation Location’ server. Solution Before you start: Create a DNS record for ‘pki’ that points to the IP address, that you will have the CRL web server hosted on. I’m installing my CRL server on a separate web server because thats good practice. Starting with a domain joined member...
ADMT (Active Directory Migration Tool) Domain Migration – Part 4
KB ID 0001308 Problem On the homeward stretch now, back in Part Three, we migrated service accounts, groups, and users. Now we turn our attention to our machines. Note ADMT 3.2 Only support the migration of Operating Systems up to Windows 7, (that doesn’t mean Windows 8 and Windows 10 wont work, it just means they are not supported). Migrating Windows 8 and 10 throws a lot of security translation errors, because of the way it...
Microsoft PKI Planning and Deploying Certificate Services
KB ID 0001309 Problem “I don’t know what it is about Certificates, I just don’t like them, I don’t understand them, and I don’t like working with them” I hear this a lot, In fact I heard it this week, and as I’m usually the ‘go-to-guy’ for certificates and PKI, it winds me up! IT pros take the time to learn concepts like DNS, DHCP, Kerberos etc. But mention Certificate Services and...
ADMT (Active Directory Migration Tool) Domain Migration – Part 3
KB ID 0001307 Problem Seems like ages since I wrote Part Two, now we are ready to actually start moving objects from one domain to another. Solution ADMT: Service Account Migration Why would you want to do this first? Well this replaces any service accounts on the OLD domain machines with migrated service accounts form the NEW domain, so when the client machines, (or servers,) are migrated they’re already using the new service...
ADMT (Active Directory Migration Tool) Domain Migration – Part 2
KB ID 0001306 Problem Back in Part One we setup our migration admin account, and installed ADMT. Now, as I’m going to migrate the users passwords I need a ‘Password Export Server’, but first I need to tackle the subject of user SIDs Solution Domain Migrations and SID Filtering Every user has a SID (Security Identifier) it’s the thing AD uses to refer to and apply security to users, (and other objects). This...
ADMT (Active Directory Migration Tool) Domain Migration – Part 1
KB ID 0001305 Problem I’ve not used ADMT for ages, I’ve got a domain migration to do soon, so I thought I’d get on the bench and have a reminder. Although ADMT 3.2 was ‘re-jigged’ to support Server 2012 R2, I’m still going to install it on Server 2008 R2. I’ve got a test domain built to migrate from, and a new domain setup ready to migrate into. Old/Source Domain: olddomain.com Old/Source...
Using the VI Editor (For Windows Types)
KB ID 0001304 Problem I dont have a ginger ponytail, nor do I wear sandals, couple these two things together and you will understand why I find VI so confusing! Many times I’ve had to alter a config file on an appliance, or a Linux box, and sat frowning at VI wondering why I can’t change a one to a zero. Note: Nano is easier, if possible try nano {filename} to save hassle. But on hardened appliances for example, it wont...
How To Install Exchange 2016 (Greenfield Site) – Part 3
KB ID 0001303 Problem In Part-One we covered Exchange Pre-Install Tasks, in Part-Two we installed Exchange 2016, but it still won’t be working properly, so we need to carry out a few Post-Install Tasks. Solution Install Exchange 2016 Product Key Log into Exchange Admin Center > Servers > Servers > Select the Server > Enter Product Key. Manually enter your product key > Save. Heed the warning > OK. Open an...
How To Install Exchange 2016 (Greenfield Site) – Part 2
KB ID 0001302 Problem Back in Part-One, we looked at all the things to consider before you start to install Exchange 2016. Now we will start installing software, and getting to a point where we can configure Exchange 2016 and carry out some post deployment. Solution Your forest functional level needs to be at ‘Windows Server 2008’ before you can install Exchange 2016. The server you intend to deploy Exchange on, needs to...
How To Install Exchange 2016 (Greenfield Site) – Part 1
KB ID 0001301 Problem As the title implies, this article assumes you do not already have Exchange of any flavour in your organisation. If you do and you simply want to migrate to Exchange 2016, then this is NOT the article you want, instead head to the following link; Migration From Exchange 2010/2007 to Exchange 2016 (& 2013) Solution Now before you sit at the keyboard there are a few things to consider; Media: At the time of...