Tag: Active Directory

Z-Hire Active Directory User Creation Tool

I want you to inform about a great tool.

Z-Hire automates the IT user account creation process for Exchange mailbox, and Active Directory and Lync accounts. With just a click of the button, your Exchange mailbox, and Active directory user, Lync account and SalesForce User account will be created simultaneousy. Z-Hire serves as the platform for new hire accounts by allowing auto-creation of major IT accounts with the option for custom scripts. Z-hire will decrease your account deployment time by 600%, without the need for complicated and expensive identity management solutions. This tool makes creating Active Directory users a breeze. Some of the features include:

– Environment Auto discovery (AD/Exchange/Lync/SalesForce)
– Support for Active Directory user, Exchange, Lync 2010 and SalesForce user accounts
– Template based deployment (allows consistency for all user accounts)
– Active Directory user creation with major attributes
– Active Directory group selection
– Active Directory user duplicate SamAccountName detection – Lync 2010 / 2013 user account creation supporting all policies
– SalesForce user account creation supporting all attributes
– Faster performance (compared to previous version)

Supported Environments / IT systems
– Active Directory (all versions)
– Exchange 2007 (all versions)
– Exchange 2010 / 2013 (all versions)
– Lync 2010 / 2013 (both Standard and Enterprise versions)
– Office 365 Cloud
– SalesForce Cloud

Screenshot #1 – Active Directory
Screenshot #2 – Active Directory
Screenshot #3 – Active Directory
Screenshot #4 – Exchange
Screenshot #5 – Lync
Screenshot #6 – Supported Systems

SYSTEM REQUIREMENTS
– .NET 3.5 and .NET 4.0
– Domain Joined

COMPATIBLE OS
– Windows 7 X64
– Windows Server 2008 X64
– Windows Server 2008 R2 X64
– Windows Server 2012

Please download administration guide:1
http://www.zohno.com/docs/Z-Hire_V4_Administration_Guide.pdf

Download: Z-Hire

Z-Term Active Directory User Termination Tool

I want you to inform a about a great tool Z-Term Active Directory User Termination Tool

This application allows IT administrators to automate common tasks when an employee leaves the company. Usually, IT administrators use multiple consoles and perform variety of tasks to terminate user accounts. This tool allows IT administrator to automate:

Active Directory Tasks
– Disable Active Directory Account
– Reset Active Directory Password
– Move users to dedicated OU
– Remove Active Directory Group membership
– Clear Manager field in AD
– Set Description field
– Set Notes field
– Remove Active Directory Account

Exchange Tasks
– Change Distribution List ownership to
– Set customAttribute5
– Set out of office reply
– Forward Email
– Grant full access permission
– Hide user from Global Adress List
– Remove Calendar items from resources.(remove calendar items where user is an organizer of)
– Cancel meetings from termined user’s mailobx(cancel meetings where user is an organizer of)
– Disable mailbox
– Export mailbox to PST format
– Remove ActiveSync device partnership
– Remote wipe user’s ActiveSync device

Lync
– Disable Lync Account

Office 365
– MSOL User – Reset Password
– MSOL User – Remove Office 365 License
– MSOL User – Remove User
– MSOL Exchange – Clear Out of Office Reply
– MSOL Exchange – Hide User from GAL
– MSOL Exchange – Change Distribution List Ownership
– MSOL Exchange – Set CustomAttribute
– MSOL Exchange – Set Out of Office Reply
– MSOL Exchange – Set Grant FullAccess Permission
– MSOL Exchange – Set email forwarding
– MSOL Exchange – Remove calendar items from resource mailboxes

File Operations
– Move home folder
– Export user settings to XML (dump all user data to xml as backup)
– Run custom script ( for advanced users only, contact support for more info )

Screenshot #1 – Active Directory
Screenshot #2 – Exchange
Screenshot #3- File Operations

SYSTEM REQUIREMENTS
– .NET 3.5 and .NET 4.0
– Domain Joined

COMPATIBLE OS
– Windows 7 X64
– Windows Server 2008 X64
– Windows Server 2008 R2 X64
– Windows Server 2012

Please download administration guide: http://www.zohno.com/docs/Z-Term_V4_Administration_Guide.pdf

Download: Z-Term

Active Directory Replication Status Tool

The Active Directory Replication Status Tool (ADREPLSTATUS) analyzes the replication status for domain controllers in an Active Directory domain or forest. ADREPLSTATUS displays data in a format that is similar to REPADMIN /SHOWREPL * /CSV imported into Excel but with significant enhancements.
Specific capabilities for this tool include:

    • Expose Active Directory replication errors occurring in a domain or forest
    • Prioritize errors that need to be resolved in order to avoid the creation of lingering objects in Active Directory forests
    • Help administrators and support professionals resolve replication errors by linking to Active Directory replication troubleshooting content on Microsoft TechNet
    • Allow replication data to be exported to source or destination domain administrators or support professionals for offline analysis

System Requirements

Supported Operating System

Windows 7, Windows 8, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Vista, Windows XP

      • ADREPLSTATUS does not install on server core installs of Windows
      • Windows 2000 not supported due to lack of support for .NET Framework 4.0

    Domain membership requirements:

      • Must be joined to the Active Directory domain or forest you intend to monitor

    .NET Framework requirements:

      • .NET Framework 4.0 (you may be prompted to install .NET Framework 3.5.1 first on Windows Server 2008)

    Required User Credentials:

      • Target forest/domain user account

    Supported DC OS versions that can be monitored by ADREPLSTATUS:

      • Windows Server 2003
      • Windows Server 2003 R2
      • Windows Server 2008
      • Windows Server 2008 R2
      • Windows Server 2012

      image

Active Directory Accidental Deletion – Prevention

Accidental deletions in active directory can cause havoc and unfortunately. This may have been avoided and secondly could have been fixed in less than 10 % of the actual time spent if the environment was using one of the latest features that we included in Windows 2008 R2 ( Active Directory Recycle Bin ). Most critical situations arise due to accidental human /tool interference or configuration and it is important to be able to come out of such situations within minimal down time, Accidental Deletion in Active Directory is one such situation.

Powershell Enable Protected From Accidenta lDeletion:
Get-ADobject -Filter * -SearchBase “DC=wardvissers,DC=local” | Set-adobject -ProtectedFromAccidentalDeletion $true

Immidio releases new version of Flex+ with Support of Windows 8 & Server 2012 & APP-V 5.0

Today, Immidio releases an updated version of its flagship product Flex+. With the Immidio Flex+ workspace virtualization solution, end users get a personalized and dynamic Windows desktop that adapts to their specific situation based on aspects like role, device and location.

Modern workforces expect flexibility from their employers; users need to have the capability to work anywhere with multiple devices and a high degree of self-service. With Flex+ workspace virtualization, Immidio enables such a flexible workstyle in a simple, scalable, extensible and affordable manner, without introducing additional complexity. Immidio Flex+ uses the existing Windows infrastructure, ensuring a low total cost of ownership.

Next to many small improvements, the latest version of Immidio Flex+ contains new features that were mostly developed based on feedback from Immidio’s partners and customers. The focus of this release is to support the latest Windows versions and application virtualization technologies, providing users with an even more dynamic desktop experience and improving the administration of Flex+ in enterprise environments.

Flex+ multi-tenancy support for IT departments
Immidio Flex+ has always supported multi-tenant environments, and this release introduces much improved management of scenarios with multiple environments, such as different customers, DTAP, or separately managed organizational divisions, for instance.

Such setups can now be managed from within a single instance of the Flex+ management console, making it possible for the IT department to switch between these environments and also export configuration items from one environment to another.

An even more dynamic desktop experience
In the initial release of Flex+, Immidio introduced many capabilities for managing the user environment. Flex+ support for shortcuts, file type associations and printers is now even more powerful thanks to the new UEM Refresh feature, which during a Windows session reapplies these user environment settings, dynamically re-evaluating conditions.

Another new feature is Triggered Tasks which executes a custom or built-in task (like UEM Refresh) when a certain trigger occurs. The triggers that Flex+ supports are the lock/unlock of a workstation and disconnect/reconnect of a remote session in VDI and RDS environments.

To improve the dynamic adaption of the Windows user environment, based on role, device and location, this release extends the conditions available in Flex+. The new battery condition makes it easier to detect laptops and tablet devices. The new “Computer or User in Active Directory” condition helps determine the role of the user within the organization and the place of the currently used device within the IT infrastructure.

Support of latest technologies
Immidio Flex+ now supports personalization for Microsoft App-V 5.0, in addition to the existing App-V 4.x integration. Platform support has been extended with Windows 8 and Server 2012.

Other improvements
Many other improvements have been made to the Flex+ management console and client component. These are all documented in the Administrator’s Guide of this Flex+ release.

CreateCluster failed with 0×5 adding members to DAG in Exchange 2013

Last weekend I was building a Exchange 2013 cluster. Since everything so far was working as expected, I proceeded with creation of DAG. From EAC, creating DAG itself worked with no issues. I then went ahead and added first mailbox server to DAG. this step, however, refused to complete with error:

A server-side database availability group administrative operation failed. Error The operation failed. CreateCluster errors may result from incorrectly configured static addresses. Error: An error occurred while attempting a cluster operation. Error: Cluster API ‘”CreateCluster() failed with 0×5. Error: Access is denied”‘ failed.. [Server: ward-02.wardvissers.local]

Assigning “Full Control” to Exchange Trusted Subsystem on , I assumed should fix the issue, however, it actually produced a completely different error when I tried to add the mailbox server to DAG again:

An Active Manager operation failed with a transient error. Please retry the operation. Error: The fully qualified domain name for node ‘DAG01′ could not be found.

Solution:

Pre-stage the CNO (CLUSTER NAME OBJECT)

  1. Open Active Directory Users and Computers.
  2. Expand the forest node.
  3. Right-click the organizational unit (OU) in which you want to create the new account, select New, and then select Computer.
  4. In New Object – Computer, type the computer account name for the CNO in the Computer name box. This is the name that you’ll use for the DAG. Click OK to create the account.
  5. Right-click the new computer account, and then click Disable Account. Click Yes to confirm the disable action, and then click OK.

Assign permissions to the CNO (CLUSTER NAME OBJECT)

  1. Open Active Directory Users and Computers.
  2. If Advanced Features aren’t enabled, turn them on by clicking View, and then clicking Advanced Features.
  3. Right-click the new computer account, and then click Properties.
  4. In <Computer Name> Properties, on the Security tab, click Add to add either the computer account for the first node to be added to the DAG or to add the Exchange Trusted Subsystem USG:
    • To add the Exchange Trusted Subsystem, type Exchange Trusted Subsystem in the Enter the object names to select field. Click OK to add the USG. Select the Exchange Trusted Subsystem USG and in the Permissions for Exchange Trusted Subsystem field, select Full Control in the Allow column. Click OK to save the permission settings.
    • To add the computer account for the first node to be added to the DAG, click Object Types. In the Object Types dialog box, clear the Built-in security principals, Groups, and Users check boxes. Select the Computers check box and click OK. In the Enter the object names to select field, type the name of the first Mailbox server to be added to the DAG, and then click OK. Select the first node’s computer

 Pre-Stage the Cluster Network Object for a Database Availability Group

Setting Up Windows 8 Mail for Exchange or Office 365

Before beginning these steps, ensure that:

You have setup a Microsoft account in Windows 8.

You have your Active Directory (AD) username and password. Your username is usually the first part of your UCSD email address (before the @ symbol). If you forgot your password, you can reset it.

You have an Exchange account in the UCSD Campus Exchange Organization.

Click the Mail tile in the Start screen to open the Mail program

Press Windows key + I on the keyboard to open Mail settings

Select Accounts

win8mailsettings
win8mailaddaccount1

image

Enter your e-mail address in the Email address field

Enter your AD passsword in the Password field

Select Show more details

image
Enter <yourservername> in the Server address field

Enter <yourdomain> in the Domain field

Enter your AD username in the Username field

Click Connect to add the account

Microsoft Office 2013 KMS Volume License Pack

Volume license editions of Office 2013 client products require activation. This download enables IT administrators to set up a Key Management Service (KMS) or configure a domain for Active Directory-Based activation. Either of these volume activation methods can locally activate all Office 2013 clients connected to an organization’s network.

Download

Overview

If you want to activate volume license editions of Office 2013, Visio 2013, or Project 2013 with a KMS host or Active Directory-Based activation, you need to first install Office 2013 Volume License Pack. When an Office 2013 volume edition client is installed, it will automatically attempt to activate via either Active Directory by using its existing domain pairing or a DNS-discoverable KMS host on your organization network. To set up Active Directory-Based activation, you must be running Windows Server 2012, Windows 8, or newer.
All volume editions of Office 2013 client products are pre-installed with a Generic Volume License Key (GVLK) key, which supports automatic activation for both KMS and Active Directory-Based Activation, so you will not need to install a product key.
This download contains an executable file that will extract and install KMS host license files. These license files are required for the KMS host service to recognize Office 2013 KMS host keys. On Windows Server 2012 and volume license editions of Windows 8, you can use your same KMS host key to set up Active Directory-Based activation.

System requirements

Supported operating systems: Windows 7, Windows 8, Windows Server 2008 R2, Windows Server 2012

    • KMS Host: Windows Server 2008 R2, Windows 7 (volume editions), Windows Server 2012, or Windows 8.
    • Active Directory-Based Activation
      • Set-up and Configuration: Windows Server 2012, Windows 8 or newer.
      • Domain controller: Active Directory Domain Services with the Windows Server 2012 schema installed.

Instructions:Microsoft Office 2013 Volume License Pack

  1. You need to perform this step only if you’re setting up a KMS host on Windows Server 2008 R2 or Windows 7 (volume editions). Download and run the update contained in the KB article below. This update enables your Windows Server 2008 R2 or Windows 7-based KMS host to successfully activate Office 2013 clients that are running on Windows 8 or Windows Server 2012:
    KB 2691586
  2. Download and run the executable file on this page on a supported operating system.
  3. Enter your Office 2013 KMS host key when prompted.
  4. Activate the product key online.
  5. If setting up a KMS host, open port 1688 to allow the KMS host service through the firewall:
    1. Open Control Panel and click on the Windows Firewall icon.
    2. Click the “Allow a program through Windows Firewall” link.
    3. Click the Change Settings button.
    4. Check the box for Key Management Service.
  6. To learn more about configuring your KMS host with slmgr.vbs, see the TechNet documentation found on this page.

Group Policy Settings Reference for Windows 8 and Windows Server 2012

These spreadsheets list the policy settings for computer and user configurations that are included in the Administrative template files delivered with the Windows operating systems specified. You can configure these policy settings when you edit Group Policy Objects.

You can use the filtering capabilities that are included in this spreadsheet to view a specific subset of data, based on one value or a combination of values that are available in one or more of the columns. In addition, you can click Custom in the drop-down list of any of the column headings to add additional filtering criteria within that column.
To view a specific subset of data, click the drop-down arrow in the column heading of cells that contain the value or combination of values on which you want to filter, and then click the desired value in the drop-down list. For example, to view policy settings that are available for Windows Server 2012 or Windows 8, in the Administrative Template worksheet, click the drop-down arrow next to Supported On, and then click At least Microsoft Windows Server 2012 or Windows 8.

What’s New?

The Administrative Template spreadsheet contains three columns that provide more information about each policy setting’s behavior related to reboots, logoffs, and schema extensions. These columns are the following:

  • Reboot Required: A “Yes” in this column means that the Windows operating systems requires a restart before it applies the described policy setting.
  • Logoff Required: A “Yes” in this column means that the Windows operating system requires the user to log off and log on again before it applies the described policy setting.
  • Active Directory Schema or Domain Requirements: A “Yes” in this column means that you must extend the Active Directory schema before you can deploy this policy setting.
  • Status: A “New” in this column means that the setting did not exist prior to Windows Server 2012 and Windows 8. It does not mean that the setting applies only to Windows Server 2012 and Windows 8. Refer to the column entitled “supported on” to determine to which operating system the policy setting applies.

WindowsServer2012andWindows8GroupPolicySettings.xlsx
Group Policy Settings Reference for Windows 8 and Windows Server 2012

BINK

Updated eBook Introducing Windows Server 2012 RTM Edition

Mitch Tulloch and the Windows Server team have released a new updated version of the FREE e-Book for IT professionals: Introducing Windows Server 2012 RTM Edition. This book is a great way to get quickly skilled up on all the new improvements in this latest Windows Server – one of the most ambitious releases of Windows Server for IT Pros since Active Directory was released in Windows Server 2000! In this 256-page eBook, you’ll find 5 chapters of detailed technical content covering the following key improvements to building a Private Cloud at your shop with Windows Server 2012:

2012bookrtm

Get it for free by posting a tweet Smile

Updated eBook for IT Pros on Windows Server 2012

Translate »