How long does it take your organization to get around to updating an Active Directory group? According to a survey recently compiled by Imanami, a provider of group lifecycle management solutions, you’re not a slacker if it takes you nine days.
Imanami also discovered that in the organizations surveyed, two percent of the people still in Active Directory are no longer employed by the company, or 60 people in an organization of 3,000 users. Imanami surveyed IT pros involved in managing groups and other aspects of Microsoft Exchange management in organizations with at least 1,000 email users.
Based on responses, Imanami calculated that for every 1,000 users, some lucky IT pro spends about six hours per week managing groups in AD. Assuming an organization hires an IT pro at $90,000 a year and his or her job includes this task, Imanami calculates it costs $13,050 per year to manage groups in Active Directory.
“We know how much our solution costs—what surprised us was how much they're paying: one employee for every 5,000 users,” says Edward Killeen, Imanami’s director of sales and marketing. “At up to 250 employees, it's okay to manage groups manually. We usually find at 250 employees the pain starts---there are a lot of groups. Why not automate it and be done with it?”
“People aren’t aware of a solution,” Killeen says. “The good news is that you don’t have to buy ILM. ILM comes with its own nomenclature. Most product suites are ‘Frankenproducts,’ made from acquired products put together. We’re purpose built. Our customers appreciate that they can deploy this without hiring someone.”
Imanami’s conclusions, among other things are that "Group management is not the most serious problem faced by Exchange managers, but it is a serious one that presents a number of security problems.” To compare your experience to those of the IT pros surveyed, visit Imanami’s website.
Source: windowsitpro.com/article/articleid/101004/managing-groups-exchange-and-active-directory-admins-sound-off.html
Tuesday, December 30, 2008
Monday, December 22, 2008
Disable the Password for a User in Windows Server 2003 Active Directory domain
Windows Server 2003 provides security policies that ensure that all users select strong passwords. Creating a password policy involves setting the following options in the Default active directory services domain group policy object. These policies, with the exception of those settings related to password lifetime, are enforced on all users in a domain.
The default password filter (Passfilt.dll) included with Windows Server 2003 requires that a password:
Is not based on the user’s account name.
Contains at least six characters.
Contains characters from three of the following four categories:
Uppercase alphabet characters (A–Z)
Lowercase alphabet characters (a–z)
Arabic numerals (0–9)
Nonalphanumeric characters (for example, !$#,%)
Security Warning: Bare in mind that this setting can only be enabled/disabled at the domain level, and NOT on an OU level. Disabling the password requirement for an entire domain will lower your security configuration, and should only be done when absolutely necessary.
In order to disable this requirement you need to edit the Default Domain Policy for your domain.
1. Go to Administrative tools folder.
2. Double-click on the Default Domain Security Policy icon.
3. Note: If for any reason you don't see that icon you can still edit the Default Domain Group Policy from the AD Users and Computers snap-in, or from a GPMC window.
4. Navigate to Security Settings > Account Policies > Password Policy.
5. Right-click on the Minimum Password Length option in the right pane and select Properties.
6. Keep the V on the Define Setting selected! Do not remove the V from that check-box. Removing the V will cause the GPO to revert to the default setting, which is what we are trying to remove in the first place.
7. Enter 0 (zero) for the number of minimum characters required in a password.
8. Now double-click on the Passwords Must Meet Complexity Requirements option in the right pane.
Again, do not remove the V from that check-box. Instead, select Disabled.
9. Click OK all the way out and close the GPO window.
Source: petri.co.il/disable_password_requirement_in_win2003_domain.htm
The default password filter (Passfilt.dll) included with Windows Server 2003 requires that a password:
Is not based on the user’s account name.
Contains at least six characters.
Contains characters from three of the following four categories:
Uppercase alphabet characters (A–Z)
Lowercase alphabet characters (a–z)
Arabic numerals (0–9)
Nonalphanumeric characters (for example, !$#,%)
Security Warning: Bare in mind that this setting can only be enabled/disabled at the domain level, and NOT on an OU level. Disabling the password requirement for an entire domain will lower your security configuration, and should only be done when absolutely necessary.
In order to disable this requirement you need to edit the Default Domain Policy for your domain.
1. Go to Administrative tools folder.
2. Double-click on the Default Domain Security Policy icon.
3. Note: If for any reason you don't see that icon you can still edit the Default Domain Group Policy from the AD Users and Computers snap-in, or from a GPMC window.
4. Navigate to Security Settings > Account Policies > Password Policy.
5. Right-click on the Minimum Password Length option in the right pane and select Properties.
6. Keep the V on the Define Setting selected! Do not remove the V from that check-box. Removing the V will cause the GPO to revert to the default setting, which is what we are trying to remove in the first place.
7. Enter 0 (zero) for the number of minimum characters required in a password.
8. Now double-click on the Passwords Must Meet Complexity Requirements option in the right pane.
Again, do not remove the V from that check-box. Instead, select Disabled.
9. Click OK all the way out and close the GPO window.
Source: petri.co.il/disable_password_requirement_in_win2003_domain.htm
Monday, December 15, 2008
NET's UC Gateways AddingIntegration Capabilities to MS Active Directory
NET's UC Gateways AddingIntegration Capabilities to Microsoft Active Directory to its VX Series gateways..
VoIP technologies innovator Network Equipment Technologies gave its unified communications platform a boost today by adding integration capabilities of Microsoft Active Directory (AD) and other Lightweight Directory Access Protocol solutions to its VX Series gateways.
The directory integration is designed to provide migration benefits to a converged data/voice infrastructure, such as Microsoft Office Communications Server 2007.
While the benefits of the upgrades are many, its primary function is to allow customers to leverage the directory integration features of the VX Series UC Gateway. By using information from AD, customers now have the ability to add enterprise mobility applications to the UC solution.
The applications include the use of AD or LDAP as a single point-of-administration, which is important for allowing customers to perform all moves, adds and changes in one place, according to Talbot Harty, chief development officer at NET.
"The ability to use AD to drive voice and fax functions in a converged environment saves administrators and end-users significant time and effort, while also enabling companies to implement all kinds of useful call management rules," said Harty.
In addition, the ability to flexibly define call-routing rules using AD or LDAP fields has an important function for administrators. This simplification of phased technology migrations – through identification which end-users are served by Microsoft OCS, the PBX,Cisco Manager – has significant business value, according to Harty.
"By delivering robust AD and LDAP integration in our VX Series UC Gateways, we provide customers migrating to Microsoft OCS and other UC solutions.”
NET Quintum, the wholly owned subsidiary of NET, has increased its footprint in recent months within the OCS Server 2007 community. The company has developed VoIP solutions that allow OCS 2007 to be connected to the PSTN, allowing for voice communications outside the IP network. NET Quintum Tenors make it easier to connect Microsoft Office Communications Server 2007 with a Microsoft specific configuration wizard and a wide variety of product options.
The VX Series UC Gateway's AD and LDAP support also provides advantages to resellers and integrators making it easier to install, configure and maintain convergence solutions, according to Jeff Zaremba, senior director of Collaboration Technologies at Avanade.
"Directory integration provides real value to customers by providing a consistent method for managing call routing based on Active Directory when implementing unified communications solutions such as Microsoft Office Communications Server 2007," said Zaremba. Avanade was founded in 2000 byAccenture and Microsoft Corporation.
"Additionally, it provides flexibility in migration by allowing customers to migrate over time as their business requirements dictate. For Avanade, directory integration enables us to implement more sophisticated solutions for our customers with less time, effort, and technical complexity."
More information about the VX Series UC Gateways and the application of directory integration is available at VX Gateways and Active Directory.
Source: http://unified-communications.tmcnet.com/topics/enterprise-voip/articles/47298-nets-uc-gateways-provide-integration-with-ms-active.htm
VoIP technologies innovator Network Equipment Technologies gave its unified communications platform a boost today by adding integration capabilities of Microsoft Active Directory (AD) and other Lightweight Directory Access Protocol solutions to its VX Series gateways.
The directory integration is designed to provide migration benefits to a converged data/voice infrastructure, such as Microsoft Office Communications Server 2007.
While the benefits of the upgrades are many, its primary function is to allow customers to leverage the directory integration features of the VX Series UC Gateway. By using information from AD, customers now have the ability to add enterprise mobility applications to the UC solution.
The applications include the use of AD or LDAP as a single point-of-administration, which is important for allowing customers to perform all moves, adds and changes in one place, according to Talbot Harty, chief development officer at NET.
"The ability to use AD to drive voice and fax functions in a converged environment saves administrators and end-users significant time and effort, while also enabling companies to implement all kinds of useful call management rules," said Harty.
In addition, the ability to flexibly define call-routing rules using AD or LDAP fields has an important function for administrators. This simplification of phased technology migrations – through identification which end-users are served by Microsoft OCS, the PBX,Cisco Manager – has significant business value, according to Harty.
"By delivering robust AD and LDAP integration in our VX Series UC Gateways, we provide customers migrating to Microsoft OCS and other UC solutions.”
NET Quintum, the wholly owned subsidiary of NET, has increased its footprint in recent months within the OCS Server 2007 community. The company has developed VoIP solutions that allow OCS 2007 to be connected to the PSTN, allowing for voice communications outside the IP network. NET Quintum Tenors make it easier to connect Microsoft Office Communications Server 2007 with a Microsoft specific configuration wizard and a wide variety of product options.
The VX Series UC Gateway's AD and LDAP support also provides advantages to resellers and integrators making it easier to install, configure and maintain convergence solutions, according to Jeff Zaremba, senior director of Collaboration Technologies at Avanade.
"Directory integration provides real value to customers by providing a consistent method for managing call routing based on Active Directory when implementing unified communications solutions such as Microsoft Office Communications Server 2007," said Zaremba. Avanade was founded in 2000 byAccenture and Microsoft Corporation.
"Additionally, it provides flexibility in migration by allowing customers to migrate over time as their business requirements dictate. For Avanade, directory integration enables us to implement more sophisticated solutions for our customers with less time, effort, and technical complexity."
More information about the VX Series UC Gateways and the application of directory integration is available at VX Gateways and Active Directory.
Source: http://unified-communications.tmcnet.com/topics/enterprise-voip/articles/47298-nets-uc-gateways-provide-integration-with-ms-active.htm
Friday, December 5, 2008
Microsoft's new hosted services: What are your options?
Today's announcement officially means Microsoft is the latest entry in a market of services that Microsoft actually made feasible: It can now host Exchange mailboxes for Active Directory users that do not have Exchange Server 2007.
Whether today's announcement of Microsoft-branded hosted services actually adds up to a savings for a business customer, depends on how that customer is getting or has gotten its software. Right now, the Exchange Online service can host mailboxes for as little as $10 per month per client, with a five-user minimum. That's about the industry average; other firms presently offer Exchange hosting for between $8 and $15 per month.
But Microsoft's not entering this market to simply lend its voice to the ongoing chorus. On an a la carte basis, it's also offering SharePoint Online hosting for managing a collaborative document sharing site (at $7.25 / user / month), secure instant messaging and presence with Office Communications Online (at $2.50 / user / month), and Web conferencing with Office Live Meeting, a pre-existing service (now at $4.50 / user / month).
In a very compelling alternative package, though, the company is rolling all four of these services into a single bundle called Business Productivity Online Standard Suite, for $15 per user per month. Package licensing deals are available for "midmarket" customers with between 25 and 499 users, and "enterprise" customers with 500 users and above.
Compare this against the way licensing works now. Microsoft offers Exchange Server 2007 Standard Edition for $699 up front, plus $67 for each Client Access License (CAL). So in small-quantity bundles, just the CAL could be paid for in under seven months' time, which would leave a seven-person business another seven months to break even on the up-front costs.
However, just last week, Microsoft rolled out four buildouts of Small Business Server 2008 and Essential Business Server 2008, which include Exchange Server. For the Standard Edition of SBS 2008 (which does not include SQL Server), a five-CAL package sells for $1,089, plus $77 for each additional user. SBS also includes Windows Server 2008, of course, as well as SharePoint Services 3.0, and additional extras such as Forefront Security.
Technically, Microsoft's Online hosted services do not require Windows Server. However, if your business uses networked systems and if you want to take full advantage of Exchange synchronization, you should probably have a domain controller, which means one copy of Windows Server 2008 Standard Edition. That will get you Active Directory Services (AD DS, and yes, the "D" is indeed repeated there). You could get hosted e-mail without Windows Server, in which case you'd be running Outlook 2007 through Windows XP or Vista, but most of the ActiveSync functionality that Exchange provides would be useless. The street price for Windows Server 2008 Standard is about $749, coming down a bit since the rollout of SBS and EBS 2008, and you may still need additional CALs.
Source:betanews.com/article/Microsofts_new_hosted_services_What_are_your_options/1226954182
Whether today's announcement of Microsoft-branded hosted services actually adds up to a savings for a business customer, depends on how that customer is getting or has gotten its software. Right now, the Exchange Online service can host mailboxes for as little as $10 per month per client, with a five-user minimum. That's about the industry average; other firms presently offer Exchange hosting for between $8 and $15 per month.
But Microsoft's not entering this market to simply lend its voice to the ongoing chorus. On an a la carte basis, it's also offering SharePoint Online hosting for managing a collaborative document sharing site (at $7.25 / user / month), secure instant messaging and presence with Office Communications Online (at $2.50 / user / month), and Web conferencing with Office Live Meeting, a pre-existing service (now at $4.50 / user / month).
In a very compelling alternative package, though, the company is rolling all four of these services into a single bundle called Business Productivity Online Standard Suite, for $15 per user per month. Package licensing deals are available for "midmarket" customers with between 25 and 499 users, and "enterprise" customers with 500 users and above.
Compare this against the way licensing works now. Microsoft offers Exchange Server 2007 Standard Edition for $699 up front, plus $67 for each Client Access License (CAL). So in small-quantity bundles, just the CAL could be paid for in under seven months' time, which would leave a seven-person business another seven months to break even on the up-front costs.
However, just last week, Microsoft rolled out four buildouts of Small Business Server 2008 and Essential Business Server 2008, which include Exchange Server. For the Standard Edition of SBS 2008 (which does not include SQL Server), a five-CAL package sells for $1,089, plus $77 for each additional user. SBS also includes Windows Server 2008, of course, as well as SharePoint Services 3.0, and additional extras such as Forefront Security.
Technically, Microsoft's Online hosted services do not require Windows Server. However, if your business uses networked systems and if you want to take full advantage of Exchange synchronization, you should probably have a domain controller, which means one copy of Windows Server 2008 Standard Edition. That will get you Active Directory Services (AD DS, and yes, the "D" is indeed repeated there). You could get hosted e-mail without Windows Server, in which case you'd be running Outlook 2007 through Windows XP or Vista, but most of the ActiveSync functionality that Exchange provides would be useless. The street price for Windows Server 2008 Standard is about $749, coming down a bit since the rollout of SBS and EBS 2008, and you may still need additional CALs.
Source:betanews.com/article/Microsofts_new_hosted_services_What_are_your_options/1226954182
Subscribe to:
Posts (Atom)
