Windows 2008 R2 | Blog Bujarra.com

Migrating GPO's between different domains

If we need to carry policies from one Active Directory to another and we don't have a trust relationship, or there is no possible communication between them, we could make a backup of the GPO's that we are interested in in the source domain and import them through the migration tables in the destination domain. This document is valid for migrating GPO's between any version of Windows Server, since 2000, 2003, 2003 R2, 2008 or 2008 R2; In this document we will see how to perform these steps.

Data Migration between 2 Untrusted domains (Subinacl)

In some not very frequent cases we find domain migrations in which we do not have permissions to manage the current domain completely and only access to OUs where we manage only the users within them. In the event that we need “Becoming independent” and migrate the data to a new domain, we will not be able to use Microsoft's common tools such as FSMT since they require a trust relationship to be able to pass the permissions. The first thing we must have is to create the same users and groups on the new server. To do this, we have two options: Create them by hand or use a tool such as ldifde that will allow us to export them from the OUs we have permissions to a text file and import them into the new domain. As there is no trust relationship, we will not have the same SIDs in the users of the domain 1 and mastery 2 so when performing […]

Installing Windows 2008 R2 or Windows 7 from a pen drive

If we need to install a server without a CD/DVD drive, we can install it using a pen drive or an external USB drive, it is a very simple process but it is usually necessary when we find equipment that comes without CD-ROM or DVD-ROM. In this document you can see the very simple process that will work both for Windows 2008 R2 How to Windows 7.

Associating the DNIe with Active Directory users and authenticating with SmartCard

In this document we will see how we can associate the digital certificates of the DNIe with SmartID (Electronic ID card) with the user accounts in our Active Directory, It is ideal for authenticating our employees without a username and password, of course, we can later associate it with the rest of the services we need, if we have access via the web, Citrix… we'd just need a card reader on each piece of equipment and you're good to go, It could even be used to put a device at the front door in the office to validate physical entry, Time Management… all through smart card-based authentication.

Using ThinStation to Reuse Computers as a Thin Client

I've been working with this kind of wonder for a long time, It is an ideal for companies, Incredible savings of all kinds, The use of thin client philosophy in an organization. In this document we will see a free project that allows us to use any computer and convert it into a light computer or thinclient. There are other Linux distributions that are also based on this philosophy, And this seems to me to be the best, since it has a lot of packages that we can add to the posts and people who contribute.

Using Microsoft IT Environment Health Scanner to diagnose our Active Directory

Today we see a utility called Microsoft IT Environment Health Scanner, it will help us to diagnose our Microsoft environment, at the Active Directory level. First we will install it and see the number of tests it performs, indicating the status of them. In addition, if we have any problem, it will propose a document from the KB of the Microsoft Support website. It's important, as it can serve as support before making any migration or major change, knowing the state of everything.

Installing certificates for our users via GPO

In any organization, Our users need certificates to access certain websites, whether for your own authentication or on behalf of your company. The most normal thing is that it is? install the certificate on the computer with the logged-in user, which is a manual process and that we have to take into account when a new person enters the organization, or when we have to renew a certificate, We have to do this process as many times as necessary. Well, we can use the directives of our Active Directory to assign certificates to users fully automatically.

RODC Password Replication Policy

The Password Replication Policy (PRP) indicates which user credentials will be cached on the Read Only Domain Controller (RODC) based on Windows Server 2008 o Windows 2008 R2. This is necessary when we have delegations in our company and we want to put an RODC in the delegations with the functions that we are interested in and also allows users to authenticate in these DCs and the authentication process is faster since no traffic is generated by the WAN with this type of traffic.

New Windows 2008 R2: Offline domain join

Otra de las novedades que trae Windows 2008 R2, es la posibilidad de unirnos a un dominio sin conexión, This is, no tenemos por qué tener conectividad entre el equipo y el controlador de dominio para poder unirnos y no tener que generar tráfico entre ambos equipos. Esto es ideal para cuando desplegamos equipos en grandes cantidades o los mandamos a nuestras delegaciones preparados para ser arrancados (generados a partir de imágenes), para no tener que unirles en dominio desde ahí y mediante AIK unirles al dominio mediante un archivo de respuesta (For example).

New in Windows 2008 R2: Managed Service Account

One of the new features brought by Microsoft Windows Server 2008 R2 is the 'Managed Service Accounts', which are user accounts that we may assign to our services. It is well known that in our Active Directory we have assigned password expiration policies and we always have a service that does not start with a local system account or SYSTEM, with more privileges. To avoid this hassle of managing accounts with expiring passwords, or that they are vulnerable since the password is always the same and can allow someone to take advantage of that, Microsoft has released this new feature, Of course, to be able to use it, our Active Directory has to be in “Windows Server 2008 R2”.