Fine Grained Password Policy in Windows 2012 RC

 

No need to ADSI or LDIFDE Tools to configure the “Fine Grained Password Policy” in windows 2012 RC. All it’s done by GUI “Graphical User Interface”. It’s pretty simple and cool. As Microsoft Certified Trainer, my students found many difficulties when configuring PSO with the ADSI Tool.

1. The first step: “ Active Directory Administrative Center”

Remember, with windows 2008, we find the PSO object already created in a special container called “Password Setting Container”, under the “System” Container. So let’s go there…

2. Create the PSO object

Double click the container called “Password Setting Policy”, then, let’s do a right click…. Amazing, we can create the PSO object here. So simple…

3. A pretty cool GUI

This is the GUI to create a PSO object, I created “My first PSO Object” as you see in the following picture, the GUI is divided into two parts, the first one for the configuration purpose and the second to apply the created PSO to a user or group.

Best regards.

Active Directory Recycle Bin In Windows 2012 RC

 

With Active Directory in Windows 2008 R2, configuring AD Recycle Bin request doing some pretty tasks with Powershell to activate this new feature and some others tasks to restore object. With Windows 2012 RC, such tasks become so simple relying to the GUI. You will find here, step by step in order to activate the recycle bin and for restoring an object with graphical user interface.

1. Activate the “Active Directory Recycle Bin”

You have to open “Active Directory Administrative Center”, Don’t forget, you must have at least a forest functional level equal or greater than “Windows 2008 R2”. Then click the option in the red square. (See the following picture)

2. The famous container “Deleted Object”

After activating the “ADRB”, refresh the screen, you will see a new container called “Deleted Object”, double click it.

3. Restoring an Object

Now, restoring a deleted object is pretty cool, you have only to make a right click, then you have a list of choice. (See the following picture)

 

Thanks Microsoft

Error When Installing the SP1 for Exchange 2010

After you install the SP1 for Exchange 2010, you try to open the Exchange PowerShell, you receive this error:

La chaîne commençant par :
Au niveau de ligne : 1 Caractère : 5
+ « . <<<< 'C:\Program Files\Microsoft\Exchange Server\V14\\bin\RemoteExchange.ps1´; Connect-ExchangeServer -auto »
n'a pas de terminateur : '.
Au niveau de ligne : 1 Caractère : 109
+ « . 'C:\Program Files\Microsoft\Exchange Server\V14\\bin\RemoteExchange.ps1´; Connect-ExchangeServer -auto » <<<<
+ CategoryInfo : ParserError: (C:\Program File...eServer -auto »:String) [], ParentContainsErrorRecordExc
eption
+ FullyQualifiedErrorId : TerminatorExpectedAtEndOfString

To troubleshoot this issue, proceed by:

-  Open the command prompt and execute the following command line:

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -noexit -command ". 'C:\Program Files\Microsoft\Exchange Server\V14\bin\RemoteExchange.ps1'; Connect-ExchangeServer <var><target server></var>"

where <target server> is the name of your Exchange server.

If this command line doesn’t function do the following:

- Install the Rollup Update 4 for Exchange 2010 SP1

Good luck

Exchange 2010 SP2 Update Rollup 1 released

Microsoft released the Update Rollup 1 for Exchange 2010 SP2. For more information about the description of this RU1, you can visit this link .

To download RU1 For Exchange 2010 SP2.

Best Regards.

How to integrate AD RMS with Exchange 2010 SP2(Part 3)

In this third part, we will configure AD RMS and Exchange 2010 server to communicate with each others. Let see how to do that:

1- This is the console of AD RMS. You can open it by accessing the administrative tools.

2- You have in this step to grant at least read and execute permission to “Exchange servers group” and the RMS service account in the “servercertification.asmx” file. You will find this file under “C:\inetpub\wwwroot\_wmcs\certification”

3- In the AD RMS console, enable the super user and specify a security distribution group that have an email address that match his name

4- In Exchange server, run the PowerShell. After that, type the following Cmdlet. Test-IRMConfiguration –Sender administrator@contoso.local

You will find only some warning with the last test. If you have have any other other errors or warning in the steps before, you have to troubleshoot them.

5- Now, we have to enable IRM for internal recipients by running the following PowerShell Cmdlet: Set-IRMConfiguration –InternalLicensingEnabled $True

6- To verify if IRM is enabled with OWA, we have to make a test with this PowerShell Cmdlet: Get-OWAVirtualDirectory |FL *RM*

All is OK. Exchange 2010 SP2 and AD RMS interact correctly with each others. In the next part, we will deploy a policy and use it with an Outlook 2010 user.

How to integrate AD RMS with Exchange 2010 SP2(Part 2)

In the part 1, we spoke about IRM. Now we will focus on the deployment process. First of all, we begin with AD RMS:

1- Add the“AD RMS” role

2- AD RMS rely on database to store its configuration, you have to choose between the Microsoft internal database or a remote SQL server instance.

3-  Specify the service account, if AD RMS is also a domain controller “Not recommended”, you have to add the account to the “domain admins group”

4- Specify the location of the AD RMS cluster key

5- Specify a strong password for the AD RMS cluster key

6- Select the website in IIS where you want to store the virtual directory of the certification

7- Specify the AD RMS cluster address, you have to specify the FQDN and don’t forget to validate it. If the name you specified is different from the server name hosting the AD RMS, you have to add a CNAME record in DNS. In fact, client will request for license from that URL.

8- Choose the certificate. This step is so important, because the certificate must contain the name provided in the previous step. In my scenario I used a self signed certificate

9- Specify the licensor certificate name

10- You have now to register the Service Connection Point (SCP) of AD RMS in Active Directory

11- Now, install

We have finished the installation of AD RMS. In the next part of this article, we will configure AD RMS and Exchange 2010 to communicate with each others.

ADRMS: The remote certificate is invalid according to the validation procedure

Trying to put in place IRM functionality to cooperate with Exchange 2010, I have to install AD RMS and test the IRM configuration with the Exchange PowerShell. Moreover, I encountered the following error:

When I added the ADRMS role, I have chosen a self signed certificate. After that, I took a look at the IIS, I found my certificate bind with the “Default Web site”. I tried this ADRMS URL, “https://dc.contoso.local/_wmcs/licensing/server.asmx” , and I got a certificate error. I guessed then that my certificate must be in the container of my “Trusted root certification authorities” and the problem is solved.

Good luck