Month: March 2010

Using Microsoft IT Environment Health Scanner to diagnose our Active Directory

Today we see a utility called Microsoft IT Environment Health Scanner, it will help us to diagnose our Microsoft environment, at the Active Directory level. First we will install it and see the number of tests it performs, indicating the status of them. In addition, if we have any problem, it will propose a document from the KB of the Microsoft Support website. It's important, as it can serve as support before making any migration or major change, knowing the state of everything.

Installing certificates for our users via GPO

In any organization, Our users need certificates to access certain websites, whether for your own authentication or on behalf of your company. The most normal thing is that it is? install the certificate on the computer with the logged-in user, which is a manual process and that we have to take into account when a new person enters the organization, or when we have to renew a certificate, We have to do this process as many times as necessary. Well, we can use the directives of our Active Directory to assign certificates to users fully automatically.

How to renew Exchange self-signed certificates 2007

This article shows a task that we will have to perform in our Microsoft Exchange organization 2007, as the services offered by Exchange use certificates to ensure connectivity, whether internal or external communication. In principle, once we have installed Exchange Server 2007, The certificates you generate for each service will last us a year, so before they expire we will have to renew them, We will detect this with events in the Event Viewer, or directly due to a drop in said service.

How to renew Exchange self-signed certificates 2010

In Exchange 2010 It is well known that in order to communicate securely, each Microsoft Exchange Server service uses a secure connection using certificates; these certificates ensure the IMAP connection (Internet Message Access Protocol), POP (Post Office Protocol), SMTP (Simple Mail Transfer Protocol), IIS (Internet Information Services) and UM (Unified Messaging). And we will take special care to keep them renewed or valid. On Exchange Server 2007 this renewal process was carried out with three commands in PowerShell and now they have implemented the possibility of doing it through a wizard!

Installing an Exchange in the DMZ 2010 with the perimeter transport function

If we have a Microsoft Exchange Server organization already deployed on our network and we want to give it more security, we may deploy an Exchange server in the DMZ or DMZ with the intent not to directly expose our Exchange servers on the LAN to the internet. Microsoft has a role or function called Edge Transport function that will allow us to filter spam, as well as antivirus or create transport rules.

RODC Password Replication Policy

The Password Replication Policy (PRP) indicates which user credentials will be cached on the Read Only Domain Controller (RODC) based on Windows Server 2008 o Windows 2008 R2. This is necessary when we have delegations in our company and we want to put an RODC in the delegations with the functions that we are interested in and also allows users to authenticate in these DCs and the authentication process is faster since no traffic is generated by the WAN with this type of traffic.