0

How-to : Integrate Cisco Easy VPN authentication with Microsoft NPS RADIUS on Windows Server 2008 R2

-

In this article will go through configuration of Cisco Easy VPN along with Microsoft NPS RADIUS on Windows Server 2008 R2.

Article covers:

  1. Basic information about Cisco Easy VPN
  2. Cisco IOS router configuration for Easy VPN
  3. Windows Server 2008 R2 NPS and RADIUS configuration

Let’s go…

(more…)

3

How-To : Promote Windows Server 2012 Core to first Domain Controller in Forest

-

In order to create new Forest and promote Windows Server 2012 Core to be Domain Controller for that Forest, first Active Directory Services Role has to be added:

Install-WindowsFeature AD-Domain-Services –IncludeManagementTools

Once Active Directory DOmain Services role is installed we can promote server to be first Domain Controller in the Forest.

Install-ADDSForest -DomainName "lab.corp" -DomainNetbiosName "LAB" -DomainMode Win2008R2 -ForestMode Win2008R2 -InstallDns -Force

And after some time new Forest and Domain Controller is ready to use.

43

How-to : Integrating Cisco devices CLI access with Microsoft NPS/RADIUS

-

Many times I came across one issue… how to grant access to CLI (Command Line Interface) on Cisco devices without creating separate username and password for each user on each device? In order to resolve that I did use AAA features of Cisco IOS and built-in Windows Server 2008 R2 component – NPS (Network Policy Server).

Those two mixed together can create very nice environment which allows flexible management who, when and how can access network devices. Same time, Active Directory will be central place to grant or deny access to devices as well as enforce specific privilege level.

Below is simple diagram of the whole process and steps which take place when accessing Cisco device integrated with NPS/RADIUS.

(more…)

6

Config snippets : ADLDS : Reset password without SSL

-

By default ADLDS does not allow to reset password on users created in ADLDS repository over connection without SSL. As sometimes there is a need to build test environment with ADLDS quick, SSL is the last thing which anyone would care about, especially if main thing to test is script automating password resets.

So, for convenience of the developers ADLDS allows to disable requirements for SSL connection to reset passwords. How to disable that reuqirement? See below how it was done on server where ADLDS was installed on port 50389:

(more…)

0

Config snippets : ADLDS : Disable password policy

-

By default password policy from Active Directory domain will impact ADLDS and users created in ADLDS instance. To prevent domain policies from enforcing password restrictions and rules on ADLDS users one simple setting has to be adjusted:

  • ADAMDisablePasswordPolicies

Here is how it looks on computer which has ADLDS instance installed on port 50389:

(more…)

25

How-to : Use SQL Server to query Active Directory

-

I think it’s common problem as Active Directory gets bigger in organizations, control over content of that mission-critical component seems to be lost. Same happened in my place. In addition to that we had to provide information from AD on a regular basis in a form of report. We had no tools to pull all data from AD, process it and present in some readable format. However, I was working with skilled SQL guy who was also very good in Reporting Services. So, I proposed that we can link Active Directory with SQL Server and use Transact-SQL to pull information from AD, process it on SQL and then make it readable and presentable through Reporting Services. That would allow SQL guy to process all information and do all kind of reporting required.

Here are components of our LAB environment before solution went to production:

And below steps how we made SQL Server 2008 R2 to work with Active Directory to use Transact-SQL queries to pull information from directory database.

(more…)