Archive for the 'Tools' Category

Web Active Directory Releases Replacement for Microsoft IISADMPWD for Windows IIS7

Published January 6, 2012 Active Directory , Active Directory Password , IIS , IISADMPWD Replacement , Product Releases , Tools Leave a Comment
Tags: , , , , , , ,

We officially launched our Microsoft® IISADMPWD Replacement Tool today. Our simple solution addresses several issues with previous versions of IISADMPWD and allows you to delegate Windows password changes for web applications running on IIS 7 and later. At $599 USD, the new solution provides lots of value to allow users to self manage passwords for a small price. You can get more info about the solution at http://www.webactivedirectory.com/products/iisadmpwd/.

More Information

I have blogged about the need for an IISADMPWD replacement in the past and check out the articles below to learn more about why we built this solution for IIS 7.

A Replacement for IISADMPWD in IIS 7

Published September 29, 2011 Tools , Windows Server 2008 , IIS , Active Directory , Windows Server 2008 R2 Comments
Tags: , , , , , , , ,

Many organizations have employed Microsoft’s IISADMPWD tool to allow password changes in Active Directory for web applications. Originally intended as the way to change passwords for access in Outlook Web Access (OWA), IISADMPWD became quite a useful solution for any organization that wanted to delegate access to AD password changes via a web application.

With the release of IIS 7 and its architectural and security changes from previous versions of IIS, there are certain situations where the old IISADMPWD will not work. In fact, Microsoft doesn’t even support IISADMPWD on IIS 7 and later although some organizations have been able to deploy it in an unsupported fashion.

The main situation where IIS 7 behaves differently from previous versions of IIS is when a user needs to change her password and the “User must change password at next logon” flag is set in Active Directory. In this situation, we’ve not found a way to authenticate a user with either Windows or Basic authentication in IIS and the old IISADMPWD tool cannot meet the requirements to allow the password change for users with this flag set. This is problematic since the scenario where a user needs to change her password after an administrative reset is very common.

Web Active Directory has developed a replacement for IISADMPWD that uses anonymous authentication to work around the IIS 7 authentication issue when the ”User must change password at next logon” flag is set for a user. Tomorrow we will take a closer look at the architectural approach and a new tool that WebAD developed to help in this scenario.

Contact Web Active Directory for more information about the IISADMPWD replacement tool for IIS 7.

Help for Windows Geeks: Demystify the Regular Expression World

Published September 7, 2011 Development , Regular Expressions , Tools , Validation Leave a Comment
Tags: , , , , , ,

Back in my Windows system engineering and administration days I worked in a group that included Unix system engineers in addition to us Windows geeks. I was always impressed by the power of the Unix grep text search utility but even more amazed at the dexterity with which the Unix admins could whip out a regular expression (regex) for “grepping” all kinds of information from systems. We didn’t work much with regular expressions in the Windows world at that time so the grepping Unix admins seemed to be working a lot of black magic.

Once I made the jump to full-time web development it became apparent that the black magic of regular expressions wielded a lot of power and utility in coding scenarios. From data validation for email addresses and URLs to searching for a piece of code, regular expressions empower a whole host of extremely powerful text search abilities.

Unfortunately, I still lack the divinely-granted expertise of the Unix admin when it comes to regular expressions so I often have to resort to one of my favorite code resource sites ever: http://www.regular-expressions.info/ from Jan Goyvaerts. This wonderful corner of the web provides a host of critical regular expression expertise, including tutorials, references and other educational materials. Best of all, though, especially if you’re a somewhat lazy programmer (or just too busy!) like me, the site includes lots of examples of regular expressions. The examples not only quickly solve many common regular expression needs for data validation but include a thorough explanation of each example to help you learn the nuances of the regular expression language.

Handy WordPress Blog Tip: Display Source Code Markup with Syntax Highlighting

Published August 25, 2011 Development , HTML , Tools Leave a Comment
Tags: , , ,

I’m relatively new to blog authoring in general and to using the WordPress platform for blogging in particular. The first few months of articles I’ve authored have included a number of source code references—PowerShell, C#, HTML, CSS and others—and I’ve put in source code using the Preformatted style. This works okay but I kept drooling over the blogs that had the fancy syntax highlighting.

Alas, I came across a great component from Alex Gorbatchev to integrate syntax highlighting into a blog article. Check out the SyntaxHighlighter project and you can easily integrate this JavaScript-based component into your site for beautiful code syntax highlighting.

Best of all, if you use WordPress.com then you already have access to the component! Check out the shortcode documentation for the sourcecode tag to learn more about all the wonderful syntax highlighting options available. As a teaser, I’ve marked up a simple HTML snippet below. Have fun!

<div id="MyHtmlSnippet" style="background-color: Fuchsia">

<p>You can put some cool content in here. Of course it will look terrible with a Fuchsia-colored background, but this is just a demo of code syntax highlighting.</p>

</div>

Early and Often or Wait Til It’s Right?

Published August 23, 2011 Apple , BlackBerry , Tools Comment
Tags: , , ,

We work hard to produce great software that helps address Active Directory management needs in an intelligent user-friendly manner. We recently changed to a release-early-and-often model a while back and this means we sometimes ship with fewer features than we’d like for a release. While we work quickly to add features and address bugs, I wonder if it is annoying for our customers to go through small release cycles or wait longer for larger changes.

What do you think about waiting a long time for a release until it’s 100% complete (which never really seems to happen) or having a release with key features in your hands earlier but fewer bells and whistles? Is it better to get feedback on a constant cyclical basis or work in a vacuum and deliver a behemoth release once a year? What about using “soft launches” and betas to meld both worlds—the long- and short-release cycle worlds?

Did you get an iPhone when it first shipped and love it even though it lacked basic features like copy and paste? Have you bought the first year model of a completely-redesigned car and overlooked the little annoyances in favor of the new great features? Since we live in an instant-demand world now it seems we should move forward quickly with smaller release.

Let me know your thoughts about early and often versus slow and behemoth. What things make you stay with a product even if it has a few inadequacies? Remember the iPhone model…it really wasn’t ready to compete with other platforms like BlackBerry on some basic OS functions but it had so many other great innovative features that it revolutionized the market anyway. Oh yeah, and you could download an iOS update that added copy and paste not too long after the initial model shipped.

Updating the country Attribute in Active Directory

Published July 29, 2011 Active Directory , Active Directory Updates , Active Directory Users and Computers (ADUC) , Development , Microsoft Active Directory , Tools Leave a Comment
Tags: , , , , , , , , ,

Active Directory stores most of the commonly-used attributes internally in a string syntax, including most naming and address attributes as well as many organizational attributes. The process used to programatically update string attributes is usually very straightforward and merely requires you update the attribute value and then commit the changes to the directory.

Ah, but exceptions seem to always come up even with straightforward processes. In many cases, we see this happen when updating the country attribute in Active Directory. At first glance this attribute seems just like the other address attributes in AD: streetAddress, l, st, postalCode, etc. When you look at the country for a user account in Active Directory Users and Computers (ADUC), you see the nice friendly name for the country. Updating this value merely requires you to select another country and update the changes.

But try updating the country attribute programatically in Active Directory. Looking through the raw attributes for a user account using a tool like ADSI Edit or Active Directory Explorer shows several promising candidate attributes to use to update the country data. As you dive deeper, though, you’ll notice that there are actually three different country-related attributes. What gives?

At the end of the day, to update a country value in Active Directory requires you to update three different attributes at the same time: the countryCode, c and co attributes. Better yet, you must update two of the values, countryCode and c, using the appropriate integral and string ISO 3166 country code values or the update will fail.

  • countryCode (Country-Code): ISO-3166 Integer value
  • c (Country-Name): ISO-3166 2-digit string value
  • co (Text-Country): Open string value
So just remember if you are updating the country attribute in AD that you actually need to update the countryCode, c and co attributes together. You can get a great downloadable list of ISO 3166 country codes from the ISO and this can help you create a drop-down list with matching values for your application.

IISADMPWD: IIS 7 Authentication with “User must change password at next logon” Flag Set in Active Directory

Published July 25, 2011 .NET , Active Directory , ASP.NET , Exchange , IIS , Microsoft Active Directory , Tools , User Experience , Windows Server 2008 , Windows Server 2008 R2 Comments
Tags: , , , , , , , ,

We’re working with a customer to replace the Microsoft IISADMPWD tool the customer uses to allow Active Directory password changes in their hosted software offering. This tool, a legacy ASP application that runs on IIS 5 and 6, has been around for a while to allow AD password changes using OWA, Outlook Web Access. Beginning with IIS 7 on Windows Server 2008, support for IISADMPWD was dropped and users can now change passwords directly in OWA on Exchange 2007 and 2010 without IISADMPWD.

But what if you’re in a situation like our customer and you use IISADMPWD to change passwords in your Active Directory credentials store? There are several ways to port IISADMPWD to IIS 7 and Server 2008 but these are outside the context of Microsoft technical support. Plus, IISADMPWD does not work on IIS 7/7.5 when a user account has the “User must change password at next logon” flag set in Active Directory. Why?

As far as I can tell from experimenting in our test environment and searching the web, IIS 7 and later versions do not allow a user to access a site secured with Basic or Windows authentication if the ”User must change password at next logon” flag is set in AD. IIS 7 was completely re-architected from previous versions and the “back door” ISAPI DLL access that previously allowed this feature has now been turned off since its primary reason to exist—resetting AD passwords for OWA—now is properly built into OWA.

There is a pretty simple workaround if you want to still use a tool like IISADMPWD. Web Active Directory provides several AD management tools that change passwords and we have a replacement for IISADMPWD that runs on IIS 7 and later. The tool uses Anonymous IIS authentication but you can pre-populate the username for changing a password using the URL query string or passing the username value in a custom HTTP header. Using Anonymous authentication allows the application to run without asking the user for credentials and all AD password changes are securely executed under a Windows service account security context.

Cloud CRM Options

Published July 22, 2011 Cloud , CRM , Customer Service , Tools Leave a Comment
Tags: , , , , ,

We’re looking at new cloud-based CRM options and we’ve identified several reputable vendors in the space. Part of the challenge in moving from our current CRM solution is that we want to preserve some advanced capabilities like auto-responding to form submissions while getting a good web-based user experience.

The current system has a host of features we never touch and it seems each release adds more useless features. I get annoyed at the poor usability of basic features we use every day like reviewing activity history for a prospect or following up on cases. The usability of these features has not improved in the four years we’ve been with our vendor and we’re tired of the bloat of more and more useless features at the expense of basic usability.

So, please chime in with your thoughts and experience with your hosted CRM vendor. Do you love them or hate them? What do you like or dislike about them? What would you change if you could? Is the way we’re doing CRM just plain wrong in the first place and is there a better way?

Presentation Links: Free Active Directory Tools and Tips

Published May 10, 2011 Active Directory Users and Computers (ADUC) , Microsoft , Microsoft Active Directory , Powershell , Tools Comment
Tags: , , , , , , , , , , , , ,

WebAD is presenting today at the 17th Annual Technology Planning Conference for Region 10 of the Texas Education Service Center (ESC) in Richardson, Texas. The presentation highlights free tools and technologies that can help K-12 school districts manage their Active Directory environment, especially the automated creation, moving and deletion of student user accounts. Check out the notes below for additional resources for managing AD.

Active Directory Lifecycle Management: A practical guide to automating maintenance of your Active Directory environment

 Learn how to use free tools and technologies for common Active Directory management tasks. Automate account creation, bulk data updates and account deletion to synchronize AD data with your Student Information System. Employ free tools and technologies including CSVDE, LDIFDE and PowerShell to ease the burden of administration on your technology shop.

Tools

Introduction to CSVDE and LDIFDE

http://www.computerperformance.co.uk/Logon/CSVDE_LDIFDE.htm

Introduction to CSVDE

http://www.computerperformance.co.uk/Logon/Logon_CSVDE.htm

Ldifde

http://technet.microsoft.com/en-us/library/cc731033(v=ws.10).asp

Csvde

http://technet.microsoft.com/en-us/library/cc732101(v=ws.10).asp

Dsmod

http://technet.microsoft.com/en-us/library/cc732406(WS.10).aspx

Active Directory Explorer v1.42

http://technet.microsoft.com/en-us/sysinternals/bb96390

ADSI Edit (adsiedit.msc)

http://technet.microsoft.com/en-us/library/cc773354(WS.10).aspx

Ldp Overview

http://technet.microsoft.com/en-us/library/cc772839(WS.10).aspx

Using Ldp.exe to Find Data in the Active Directory

http://support.microsoft.com/kb/224543

Windows Server 2003 – LDP Support Tool Utility

http://www.computerperformance.co.uk/w2k3/utilities/ldp.htm

LDP.exe | Query Active Directory Tool

http://activedirectorytools.net/ldp-exe-query-active-directory-tool

PowerShell downloads

http://technet.microsoft.com/en-us/scriptcenter/dd772288

Scripting for Active Directory

http://technet.microsoft.com/en-us/scriptcenter/dd793613.aspx

PowerShell Scripting Tools

Welcome to PowerGUI.org – a free community for PowerGUI, a graphical user interface and script editor for Microsoft Windows PowerShell!

http://powergui.org/index.jspa

Introducing the Windows PowerShell ISE

http://technet.microsoft.com/en-us/library/dd315244.aspx

Procedures

Using LDIFDE to import and export directory objects to Active Directory

http://support.microsoft.com/kb/237677

How to use Csvde to import contacts and user objects into Active Directory

http://support.microsoft.com/kb/327620

Step-by-Step Guide to Bulk Import and Export to Active Directory

http://technet.microsoft.com/en-us/library/bb727091.aspx

Resources

Windows PowerShell Blog

http://blogs.msdn.com/b/powershell/

Windows PowerShell Owner’s Manual

http://technet.microsoft.com/en-us/scriptcenter/ee221100

PowerShell Scripts, Tips, Expert Advice & Training, Forums, and Resources

http://powershell.com/cs/

PowerShell Pro!

Tutorials and educational resources like a script library, esp. for AD management.

http://www.powershellpro.com/

General AD

LDAP Query Basics

http://technet.microsoft.com/en-us/library/aa996205(EXCHG.65).aspx

Search Filter Syntax

http://msdn.microsoft.com/en-us/library/aa746475(v=vs.85).aspx

Binding to Active Directory Domain Services

http://msdn.microsoft.com/en-us/library/aa772152.aspx

LDAP ADsPath

http://msdn.microsoft.com/en-us/library/aa746384.aspx

Active Directory

http://en.wikipedia.org/wiki/Active_Directory

About Active Directory Domain Services

http://msdn.microsoft.com/en-us/library/aa772142(v=VS.85).aspx

Active Directory

http://technet.microsoft.com/en-us/library/bb742424.aspx

Active Directory Administrative Center: Getting Started

http://technet.microsoft.com/en-us/library/dd560651(WS.10).aspx

Disable loading the default drive using Active Directory Powershell module

Published June 15, 2010 Microsoft Active Directory , Powershell , Tools Leave a Comment

I’m sure I’ll run in to this one, especially since I use PC’s that aren’t joined to the domain.  I’m going to probably put this in my Powershell profile to avoid waiting for it to load and potential error messages.

http://blogs.msdn.com/adpowershell/archive/2010/04/12/disable-loading-the-default-drive-ad-during-import-module.aspx

For more information contact us at www.webactivedirectory.com, or call us at (+1) 800-747-3565

Next Page »

Slipstick Systems Outlook and Exchange Solutions Center
Utilities, how to's and other solutions for Microsoft Outlook and Microsoft Exchange users, administrators and developers

Share this blog

Facebook Twitter More...

Enter your email address to subscribe to WebActiveDirectory blog via email.

Join 243 other followers

Web Active Directory Products

Download PDF product data sheets:
Follow

Get every new post delivered to your Inbox.

Join 243 other followers