Tag: Exam

Important update for Azure Active Directory Connect – Version 1.1.553.0

Microsoft released Azure Active Directory Connect version 1.1.553.0 on June 26, 2017. More importantly, they published an important security advisory one day later.

Microsoft Security Advisory 4033453 – Vulnerability in Azure AD Connect Could Allow Elevation of Privilege explains,

The [ADD Connect version 1.1.553.0] update addresses a vulnerability that could allow elevation of privilege if Azure AD Connect Password writeback is misconfigured during enablement. An attacker who successfully exploited this vulnerability could reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts. The issue is addressed in the latest version (1.1.553.0) of Azure AD Connect by not allowing arbitrary password reset to on-premises AD privileged user accounts.

Microsoft highly recommends all customers update to version 1.1.553.0 or later to mitigate this vulnerability, even if you don’t use the optional password writeback feature. If you are unable to update immediately, the article above describes mitigation steps you can consider.

  • If the AD DS account is a member of one or more on-premises AD privileged groups, consider removing the AD DS account from the groups.
  • If an on-premises AD administrator has previously created Control Access Rights on the adminSDHolder object for the AD DS account which permits Reset Password operation, consider removing it.
  • It may not always be possible to remove existing permissions granted to the AD DS account (for example, the AD DS account relies on the group membership for permissions required for other features such as Password synchronization or Exchange hybrid writeback). Consider creating a DENY ACE on the adminSDHolder object which disallows the AD DS account with Reset Password permission using Windows DSACLS tool.

Expta

Very Important: Security update KB3159398 will break Group Policy

There is a known issue with the MS16-072/KB3163622 patch. This update will break GPO’s with faulty rights. Examples: Drives appear on domain systems that should be hidden, mapping drives don’t work, and other typical GPO settings aren’t getting applied.

To resolve this issue, use the Group Policy Management Console (GPMC.MSC) and follow one of the following steps:

1. Add the Authenticated Users group with Read Permissions on the Group Policy Object (GPO).

2. If you are using security filtering (WMI), add the Domain Computers group with read permission.

Windows Server 2016 certification

Microsoft is pleased to announce the release of the new MCSA: Windows Server 2016 certification.

The new MCSA can be earned by taking and passing the following three exams:

  • 70-740 – Installation, Storage, and Compute with Windows Server 2016
  • 70-741 – Networking with Windows Server 2016
  • 70-742 – Identity with Windows Server 2016

Exam 740 is scheduled for beta release in early October 2016, with the other exams following soon after.

Individuals who currently hold either an MCSA: Windows Server 2012 or MCSA: Windows Server 2008 certification will be able to upgrade to the new 2016 certification through a single, upgrade exam:

  • 70-743 – Upgrade Your Skills to MCSA: Windows Server 2016

Exam 743 is scheduled for beta release in late July 2016. 

MOC courses corresponding to all four Windows Server 2016 exams are scheduled for release in September 2016, while practice tests will be available shortly after each exam beta period ends.

New options for specialization and continuing education through the MCSE program will be announced later this summer.

Don’t use DHCP Option 60/66/67 when you want to use UEFI & Legacy PXE Boot with MDT

If you want to use EUFI Boot with MDT 2013 Update X.
Don’t use DHCP Option 60/66/67!!!

DC01 = Windows Server 2008 R2 SP1
DC02 = Windows Server 2012
MDT01 = Windows Server 2012 R2

UEFI Client: Dell Laptop E5450
BIOS Client: HyperV Virtual machine with Legacy network adapert

DC1; MDT01 and DHCPServer all in Subnet1.
(IP Helper is set for DHCPServer for DHCP and for DC01 & MDT01 for DHCP and BootP – I checked serveral times if everything is right here)
UEFI Client and BIOS Client in Subnet2.

Situation1 — Using no DHCP Options and WDS running (IP HELPER-ADDRESS):
UEFI Client – Boots perfectly (contacting Server MDT01)
BIOS Client – Boots perfectly (contacting Server MDT01)

Situaion2 — Using no DHCP Options and WDS just running on MDT01:
UEFI Client – Does not boot (no error information is provided)
BIOS Client – Does not boot (no Bootfilename recieved)

Situation3 — Using DHCP Options(Option 66=”IP of MDT01″ Option 67=”\x86\wdsnbp.com”) and WDS just running on MDT01:
UEFI Client – Does not boot (no error information is provided)
BIOS Client – Boots perfectly (contacting Server DP1)

Situation4 — Using DHCP Options(Option 60=”PXEClient” Option 66=”IP of MDT01″ Option 67=”\x86\wdsnbp.com”) and WDS just running on MDT01:
UEFI Client – Boots perfectly (contacting Server DP1)
BIOS Client – Does not boot (taking hours to recieve dhcp options..)

Solution:

On most switches you can configure ip helper-addresses. This is most time al ready configured for the use of DHCP.

Add the IP of the MDT server als ip helper-address:

Example:

interface Vlan100
description GEBRUIKERS VLAN
ip address 192.168.101.254 255.255.254.0 show
ip helper-address 192.168.25.6   (DC01)
ip helper-address 192.168.25.7   (DC02)
ip helper-address 192.168.25.30 (MDT01)
end

Exchange Analyzer is a great tool for every Exchange Admin

Exchange Analyzer is a PowerShell tool that scans an Exchange Server 2013 or 2016 organization and reports on compliance with best practices.

Exchange Analyzer is a community project, and is currently a beta release seeking feedback and results from real world environments.

To read the latest information about Exchange Analyzer click here to visit the project’s ReadMe on Github. More information can also be found in the Exchange Analyzer Wiki.

Installation Instructions

1. Download the latest Zip file

2. Extract or copy the following files and folders to a computer that has the Exchange 2013 or 2016 management shell installed. For example, place all of the files and folders in a C:\Scripts\ExchangeAnalyzer folder.

    • Run-ExchangeAnalyzer.ps1
    • \Data
    • \Modules
    • \Tests

    3. Copy the folders in the \Modules folder to C:\Windows\System32\WindowsPowerShell\v1.0\Modules\

    4. Open a new Exchange Management Shell

    Important Note: if you are updating your copy of Exchange Analyzer please make sure you copy the updated module in step 3.

    Running Exchange Analyzer

    To run the Exchange Analyzer open an Exchange management shell, navigate to the folder with the script files (e.g. C:\Scripts\ExchangeAnalyzer) and run:

    Interpreting Results

    Exchange Analyzer produces a HTML report with a simple “Passed/Failed” indicator and a list of passed and/or failed objects. Links to more info are provided to assist you with further interpretation of the report.

    Feedback and Questions

    Before submitting feedback or questions please review the Exchange Analyzer FAQ.

    You can help with bug fixes by submitting issues on Github. If you would like to contribute fixes or other code please review theExchange Analyzer Wiki.

    You can also send email to feedback@exchangeanalyzer.com.

    Change Log

    14/01/2016 – v0.1.0-Beta.1

    • First public beta release

    28/01/2016 – v0.1.1-Beta.2

    • Second beta release. Details of changes are here.

    image

    Beta Exam 345: Designing and Deploying Microsoft Exchange Server 2016 NOW AVAILABLE

    Are you an expert in designing and managing Exchange Server? Are you responsible for the Exchange Server 2016 messaging environment in an enterprise environment? If so, here’s your chance to start down the path to the MCSE certification for free AND help us improve the quality of this exam!

    We are opening up 350 beta seats for this beta exam (exam number: 70-345)… This means you can take the exam for free!! BUT… the seats are limited to first come, first served basis–so, register today (these codes will only work through February 12, 2016, meaning you have to register AND take the exam on or before that date)–and we need you take the exam as soon as possible so we can leverage your comments, feedback, and exam data in our evaluation of the quality of the questions. The sooner you take the exam, the more likely it is that we will be able to use your feedback to make improvements to the exam. This is your chance to have a voice in the questions we include on the exam when it goes live. 

    To prepare for the exam, review our prep guide and practice the skills listed: https://www.microsoft.com/en-us/learning/exam-70-345.aspx. To prepare for this beta exam, check out my recent blog for ideas: https://borntolearn.mslearn.net/b/weblog/archive/2015/12/31/just-how-does-one-prepare-for-beta-exams-without-preparation-materials.

    ***Register for the exam at the same site and use code EXCH2016010B to take it for free, but these codes are only valid for exam dates on or before Feb. 12, 2016. Remember: There are a limited amount of spots, so when they’re gone, they’re gone. You should also be aware that there are some country limitations where the beta code will not work (e.g., Turkey, Pakistan, India, China, Vietnam); you will not be able to take the beta exam for free in those countries.

    Also, keep in mind that this exam is in beta, which means that you will not be scored immediately. You will receive your final score and passing status once the exam is live.

    Well…what are you waiting for? Register before all the seats are gone!

    https://borntolearn.mslearn.net/b/weblog/archive/2016/01/13/designing-and-deploying-microsoft-exchange-server-2016-beta-exam-now-available

    Translate »