Tag Archives: AD DS

Windows Server 8 Documentation

The first wave of Windows Server 8 documentation is available online: Windows Server 8 Beta There’s quite a bit of it.  Couple of notable points: AD FS 2.1 is a server role.  Features and functionality are the same as AD … Continue reading

Posted in Active Directory, AD FS | Tagged , , , | Leave a comment

Delegating the minimum set of permissions for mailbox-enabled user and linked mailbox provisioning

In my previous post I described the minimum set of permissions required by the ADMA account to provision an AD DS user object.  In this post I’d like to expand on that and provide the minimum set of permissions required … Continue reading

Posted in Active Directory, FIM, FIM 2010, FIM 2010 R2 | Tagged , , , , , , , , , , , , , , , , , , , | 2 Comments

Delegating the minimum set of permissions for user provisioning

The purpose of this post is to provide information on the permissions required by the user account that the Active Directory Domain Services (AD DS) Management Agent (MA) or ADMA uses when it interfaces with an AD domain.  I’ve seen … Continue reading

Posted in Active Directory, FIM, FIM 2010, FIM 2010 R2 | Tagged , , , , , , , , , , , , , , , | 3 Comments

exported-change-not-reimported error when provisioning a linked mailbox

When provisioning a linked-mailbox using Forefront Identity Manager (FIM) 2010, Identity Lifecycle Manager (ILM) 2007 or Identity Integration Server (MIIS) 2003 the Active Directory Management Agent (ADMA) throws an exported-change-not-reimported error for each new mailbox-enabled user. Upon closer inspection you … Continue reading

Posted in Active Directory, FIM, FIM 2010 | Tagged , , , , , , , , , , , , , , , | 2 Comments

How to update unicodePwd in LDP

Quick and cheerful reminder –if you want to perform a password set operation in LDP there’s two main ways of doing it: You can supply a string value to userPassword (providing the domain functional level is Windows Server 2003 or … Continue reading

Posted in Active Directory | Tagged , , , , | Leave a comment

Querying AD DS 64-bit integer (date time as ticks) using LDP (or anything else)

I hacked together a .NET command line application for a customer yesterday that basically resets the password of all users within scope to two random passwords.  Such functionality was required because we’d P2V’d a production DC into the lab.  I … Continue reading

Posted in Active Directory, Scripting, Troubleshooting | Tagged , , , , , , , , , | Leave a comment

Setting Boolean attributes using LDP

Quick and gentle reminder.  LDP expects you to replace a Boolean attribute with either TRUE or FALSE.  True, False, true or false don’t cut it… If you try and use True, False, true or false you’ll get this error: ***Call … Continue reading

Posted in Active Directory, Troubleshooting | Tagged , , , , , | Leave a comment