[NTSysADM] RE: Active Directory LDAP MaxPageSize limit

I wonder what they will ask for when that great piece of kit encounters ranged retrieval:) From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith Sent: Thursday, June 16, 2016 1:45 PM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE:

[NTSysADM] RE: OT: WAM replacement

My day job has me working for an IAM software vendor. My interests here don’t represent my day job usually so I keep the two distinct. Seems to me if you’re a Ping shop already you’d be best served remaining that way, and I don’t thing ForgeRock (the only real open source IAM product I know of)

Re: [NTSysADM] Active Directory LDAP MaxPageSize limit

Seems reasonable Ed On Jun 16, 2016 3:34 PM, "Dave Lum" wrote: > I’ve had a request to increase the LDAP MaxPageSize to 5000 (from 1000) > due to an application limitation – DC’s are 2012 (non-R2). I see the hard > coded limit is 2. > > > > The environment in question is

[NTSysADM] RE: Active Directory LDAP MaxPageSize limit

+1 for Michael's comment. Paging is a core concept for LDAP directories. Applications that do not understand how to do that properly will probably also do lots of other 'bad' things to your directory. If the application cannot be fixed and your management insists on moving forward with it

Re: [NTSysADM] Reminders for SSL certs (and other things)

I'm not sure why you suggested that Outlook is clunky for that, but in a number of places we've worked, we have used shared mailboxes for this very thing. Sometimes, there are just no good canned, pre-built tools… Regards, ASB http://XeeMe.com/AndrewBaker Providing Expert Technology

Re: [NTSysADM] Reminders for SSL certs (and other things)

We use share point notifications against inventory lists. We're converting these lists into our LANDesk asset management to report, notify, and ticket on the same things. This enables management to report for budget needs, notify SA's of upcoming needed tasks, and assign tickets to SA's when

[NTSysADM] Heads up if you use NPS and certificates for authentication

We had a major problem that was a real head scratcher today. Due to Microsoft's acceleration of deprecating SHA1 hashed certificates, we updated the certificate templates on our domain CA and renewed our master certificate so that it would have a SHA256 hash. We use NPS (network policy server)

RE: [NTSysADM] Reminders for SSL certs (and other things)

Owners are not Google fans…..so that would be frowned upon. But good idea! Thanks, Jonathan From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Richard Stovall Sent: Thursday, June 16, 2016 2:06 PM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM]

RE: [NTSysADM] Reminders for SSL certs (and other things)

We actually do have Service Now, and have been told that this functionality exists in it, however because we are part of a MSP, the MSP owns Service Now and any changes or new features have to be cleared by them.whichtakes.a.looong...time..

[NTSysADM] RE: Reminders for SSL certs (and other things)

We've thought about it. Just was wondering what others were doing before going down that route. Thanks, Jonathan From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Doug Barrett Sent: Thursday, June 16, 2016 1:17 PM To: ntsysadm@lists.myitforum.com

[NTSysADM] RE: Active Directory LDAP MaxPageSize limit

This is a very bad idea. Fix the application. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Dave Lum Sent: Thursday, June 16, 2016 3:31 PM To: 'ntsysadm@lists.myitforum.com' Subject: [NTSysADM] Active Directory LDAP MaxPageSize limit I've had a

[NTSysADM] Active Directory LDAP MaxPageSize limit

I've had a request to increase the LDAP MaxPageSize to 5000 (from 1000) due to an application limitation - DC's are 2012 (non-R2). I see the hard coded limit is 2. The environment in question is fairly small, and the DC's are multi CPU VM's with 8GB RAM and there are under 2000 user

[NTSysADM] RE: Reminders for SSL certs (and other things)

While it's likely overkill, since its free you might look at Spiceworks. If you add the renewals, etc., as vendors you can define renewal frequency, etc., and it'll give you alerts beforehand. You don't have to use all the other stuff. There's even a free hosted version but I don't know if

[NTSysADM] OT: WAM replacement

Anyone out there gone through the exercise of looking to replace any of the larger WAM suites (CA SiteMinder, IBM ITAM, Oracle OAM, etc)? Specifically looking at PingAccess or F5 Big-IP APM? We are a PingFederate shop, and had a presentation on PingAccess that was pretty impressive. Also

RE: [NTSysADM] RE: Reminders for SSL certs (and other things)

Crontab required tabs, because dates could have spaces in them. -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff Sent: Thursday, June 16, 2016 1:58 PM To: ntsysadm Subject: Re: [NTSysADM] RE: Reminders for SSL certs

RE: [NTSysADM] Reminders for SSL certs (and other things)

Free Google accounts have a calendar... On Jun 16, 2016 1:51 PM, "Jonathan Raper" wrote: > We have no desire to implement PRTG or Nagios, as we have a management > system in place (Zenoss). It does alert on some of the certs, but only if > the device is monitored/managed. Some

Re: [NTSysADM] RE: Reminders for SSL certs (and other things)

Hmmm.. Do you remember - does crontab use spaces or tabs? :) The day is still now, on my FreeBSD boxen... Kurt On Thu, Jun 16, 2016 at 10:42 AM, Michael B. Smith wrote: > "Back in the day" we used cron for this, several careers back. Same idea as a > scheduled

RE: [NTSysADM] Reminders for SSL certs (and other things)

We treat certs or other similar things that need renewals like other and put them into our ticketing system with an expiration date. This triggers an email when the expiration is coming up. Our ticket tracking system has a section that pretty much acts like an asset tracker. Does your company

RE: [NTSysADM] Reminders for SSL certs (and other things)

We have no desire to implement PRTG or Nagios, as we have a management system in place (Zenoss). It does alert on some of the certs, but only if the device is monitored/managed. Some devices we do not want monitored for various reasons….but when the cert expires, it’s a problem. Unfortunately

RE: [NTSysADM] RE: Reminders for SSL certs (and other things)

"Back in the day" we used cron for this, several careers back. Same idea as a scheduled task...of course, the issue is remembering to transfer those scheduled tasks when you move to a new piece of hardware or OS. The shared mailbox is a really good idea. -Original Message- From:

Re: [NTSysADM] RE: Reminders for SSL certs (and other things)

For reminders of those kinds of things, we've made a shared mailbox for a team calendar in Exchange, and set up meeting reminders in it that with members of our team as attendees. We also use that for keeping track of on-call rotation, vacation days and other things needing reminders. Everyone on

[NTSysADM] RE: Reminders for SSL certs (and other things)

Shared Outlook calendar that's updated when a cert/contract/renewal is updated, by the person doing the updating? From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Jonathan Raper Sent: Thursday, June 16, 2016 11:18 AM To: ntsysadm@lists.myitforum.com

Re: [NTSysADM] GPanswers.com » Never a dull moment with Group Policy (or what to do about MS16-072):

Thanks Susan. On Thu, Jun 16, 2016 at 11:36 AM, Susan Bradley wrote: > GPanswers.com » Never a dull moment with Group Policy (or what to do about > MS16-072): > > http://www.gpanswers.com/never-a-dull-moment-with-group-policy-or-what-to-do-about-ms16-072/ > > > -- > > > >

[NTSysADM] GPanswers.com » Never a dull moment with Group Policy (or what to do about MS16-072):

GPanswers.com » Never a dull moment with Group Policy (or what to do about MS16-072): http://www.gpanswers.com/never-a-dull-moment-with-group-policy-or-what-to-do-about-ms16-072/ --

[NTSysADM] RE: Reminders for SSL certs (and other things)

Thanks, but this ISN'T just about certs. Monitoring is not the solution I am looking for. We're also looking to manage reminders for non technical items, like other renewals, contracts, etc. Jonathan From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of

[NTSysADM] RE: Reminders for SSL certs (and other things)

The PRTG free license comes with 100 sensors, and if you're monitoring Windows boxes you can install remote probes to monitor all sorts of things. Otherwise you can monitor using SNMP. You just need a system to run it and access to the resource you wish to monitor. Neil Standley Cascadia

[NTSysADM] RE: Reminders for SSL certs (and other things)

Unfortunately it is not that simple. Multiple sites, and some are internal certs for dev environments, some are on network equipment that is internal, one is on a hosted environment in a co-lo that is purely internal, but we don't manage the system, only the cert And we have a management

[NTSysADM] RE: Reminders for SSL certs (and other things)

You might look at how you could centralize where these certs are installed (e.g. a load balancer/reverse proxy) so you only have one place to check as opposed to having things scattered around. Thanks, Brian Desmond w - 312.625.1438 | c - 312.731.3132 From: listsad...@lists.myitforum.com

[NTSysADM] % of common updates files for all Windows OS

Hi Just a simple query, Any idea what will be the percentage of common files (updates) applicable to all OS/Office when MS releases a set on Tuesday? For instance, I believe that the below one file is the only file required to update MRT for all versions of Windows 8, 8.1, 10 and Windows Server