Microsoft Exchange and Active Directory Blog
In part 1, the root CA was installed, which will later be taken offline (i.e. shut down). Now, however, we will first take care of the sub-CA that is to be integrated into Active Directory. This is the second part of the PKI installation. The first step is to publish the certificate and the revocation list of the root CA in the Active Directory. The easiest way to do this is ... Read more
A certification authority is quickly installed under Windows Server. Essentially, the "Certification authority" role is added, "Next" is clicked a few times and you have a CA that can issue all possible certificates. So you have a PKI, which works, but is bad. A PKI and its CAs need to be well planned, and this involves ... Read more
From time to time it can be quite helpful to be able to access snapshots of drives, be it to quickly restore a file or to compare the contents of two files. A VSS snapshot can always be made accessible without having to restore the snapshot. However, there are two different ways, depending on the attributes ... Read more
Anyone who publishes Exchange servers and their web interfaces directly via port forward on the Internet may be familiar with the problem: Someone tries to guess the users and passwords or tries to access the mail accounts using brute force. Unfortunately, neither the Windows on-board tools nor Exchange Server offer the possibility to block the IP address after a few failed login attempts. Here ... Read more
Here is another small script from the "Quick & Dirty" series. The script can restart a server and sends a mail with the status: #Server restart $servername = "SERVER01" $to = "frank@frankysweb.de" $from = "rebooter@frankysweb.de" $smtpserver = "smtp.frankysweb.local" Send-MailMessage -To $to -From $from -SmtpServer $smtpserver -Subject "Restart for server $servername" -body "The server $servername ... Read more
Unfortunately, the IIS web server does not offer the option of automatically deleting older log files. Either you write log files to disk continuously, or only one with a selectable size. I have therefore created a small script which deletes the log files after a selectable period of time. The script is available for download: Using a scheduled task, the script can be ... Read more
I have always had the problem that VSS snapshots on servers were not cleaned up. At some point, the hard disk would fill up because the operating systems had countless snapshots that were never cleaned up. I have therefore created a small script that determines the number of active snapshots and the date of the first and last snapshot. $serverlist ... Read more
Anyone who has followed my howtos (Server 2008R2-Exchange 2010 and Server 2012-Exchange 2013) for an internal certification authority and SAN certificates may also want to issue certificates with a validity of more than 2 years. A validity of more than 2 years can already be specified in the certificate template. However, the certificates are still only valid for ... Read more
Overlong file paths can become a problem during migrations and backup/restore processes. A file path must not normally be longer than 260 characters. However, sometimes this limit is exceeded. This small Powershell script can be used to identify such long paths: #Directory or volume to be checked: $Directory = "D:\Shares" #PPath to CSV file for ... Read more
This topic is not directly related to Active Directory, but it often seems to receive little attention. Many companies do not configure DNS aliases for services such as shares, printers, web servers or any other services. This is usually not a problem, but it can lead to frustration and overtime for administrators (and ... Read more
