כיצד אוכל להגדיר עבודה ב- LDAP over SSL?

כיצד אוכל להגדיר עבודה ב- LDAP over SSL?

הקדמה

כברירת מחדל, פרוטוקול ה- LDAP הינו פרוטוקול שאינו מוצפן, ומאפשר תעבורה בטקסט פשוט (Clear text). ניתן להצפין את תעבורת פרוטוקול ה- LDAP באמצעות טכנולוגיית SSL/TLS. מאמר זה מסביר כיצד לבצע זאת צעד-אחר-צעד בסביבת Windows Server 2012 R2 Active Directory.

 להגדרת העבודה עם תשתית LDAP over SSL (או LDAPS בקצרה) נדרשים הרכיבים הבאים:

  1. תשתית Public Key Infrastructure (PKI)
  2. תשתית Active Directory Domain Services

 במאמר הנ”ל, אבצע שימוש בתשתית Windows Server 2012 R2 Active Directory Domain & Certificate Services.

 ראשית, נתחבר לשרת ה- Certification Authority (או CA בקצרה) אשר מנפיק תעודות (בתשתית PKI המורכבת ממספר שרתי CA מדובר ב- Issuing CA), ונפעל לפי הצעדים הבאים:

  1. תחת Administrative Tools נבחר ב- Certification Authority.

     

     

Read More
authoritative restore non authoritative restore

authoritative restore non authoritative restore

command prompt Nonauthoritative Restore wbadmin get versions wbadmin start systemstaterecovery –version:Time Restart SServer command prompt authoritative restore Wbadmin Get vesion Wbadmin Start Systemstaterecovery -version:version identifier Ntdsutil activate instnace ntds authoritative restore restore subtree&Restore Object Mor: http://technet.microsoft.com/en-us/library/cc779573(WS.10).aspx http://technet.microsoft.com/en-us/library/cc784922(WS.10).aspx  

Read More
Active Directory Replication Status

Active Directory Replication Status

download http://www.microsoft.com/en-us/download/details.aspx?id=30005 Supported Operating System Windows 7, Windows 8, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Vista, Windows XP  

Read More
Install the AADSync Service

Install the AADSync Service

The objective of this section is to list the requirements that need to be fulfilled to install AADSync in your environment. AADSync enables you to integrate your on-premises Active Directory Domain Service with your Azure AD directory. As a consequence of this, you need access to your on-premises Active Directory Domain Service as well as …

Read More
Use automatic configuration script IE

Use automatic configuration script IE

Create another batch file called “add proxy.bat” To gpo reg add “HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings” /v AutoConfigURL /t REG_SZ /d “http://proxyserver/proxy.txt” /f

Read More
Run Adprep /Rodcprep Error Message DC=DomainDnsZones,DC=UoDomainName,DC=Local

Run Adprep /Rodcprep Error Message DC=DomainDnsZones,DC=UoDomainName,DC=Local

could not contact a replica for partition DC=DomainDnsZones,DC=UoDomainName,DC=Local failed the operation on partition DC=DomainDnsZones,DC=UoDomainName,DC=Local Adprep encountered an LDAP error Error code 0x0 Server extended error code 0x0 Server error Adprep completed with errors Not all partitions are updated Fix This Problem

Read More
Active Directory Explorer

Active Directory Explorer

Active Directory Explorer Active Directory Explorer (AD Explorer) is an advanced Active Directory (AD) viewer and editor. You can use AD Explorer to easily navigate an AD database, define favorite locations, view object properties and attributes without having to open dialog boxes, edit permissions, view an object’s schema, and execute sophisticated searches that you can …

Read More
Active Directory Explorer

Active Directory Explorer

Active Directory Explorer Active Directory Explorer (AD Explorer) is an advanced Active Directory (AD) viewer and editor. You can use AD Explorer to easily navigate an AD database, define favorite locations, view object properties and attributes without having to open dialog boxes, edit permissions, view an object’s schema, and execute sophisticated searches that you can …

Read More