Skip to content

Automatically Provisoning and Deprovison Postini

Today our team uploaded an Policy Extension to the ActiveRoles community for Postini!  This policy will both provision and deprovision Postini gateway accounts when the associated Active Directory account is updated. To use this policy you simply download the policy, install it in ActiveRoles Server then configure the policy with your Postini account details. The new policy is free for ActiveRoles customers and you can download the the new policy here: DOWNLOAD NOW

ARS Postini Policy

ActiveRoles Change History showing Postini Provsioning

Post to Twitter

Posted in Active Directory.

No comments

By Bob Bobel September 2, 2010

Visual Studio Lightswitch

This has been needed for the past 20 years and now Microsoft has finally stepped up to the plate and will cover the gap between tech savy business users and developers. I can not tell you how many Access Databases, Monster Excel Spreadsheets and Microsoft Word Macro’s I’ve seen/written/replaced over the past 25 years but it is in the hundreds. Most of these were started for the right reasons, even though Microsoft office probably wasn’t the best platform. The challenge is simple to articulate – I’m a business user, I don’t have a staff of developers, I know enough to be dangerous and I want to keep my paycheck. Microsoft Access was pretty close – but it couldn’t make the leap and required some pretty specific knowledge.

Microsoft announced Visual Studio Lightswitch at the VS Live conference – a solution designed to bridge that gap. The application is a part of Microsoft Development Platform Visual Studio and promises to allow the savvy business user to build apps for desktops or cloud delivery by pulling data from Databases, SharePoint as well as integrate with Microsoft’s Cloud solution; Azure. It seems obvious that since this is part of Visual Studio when the app gets too big for the business user, I’m guessing (and I hope it does this) the app can be put into the hands of a experienced developer. This will probably drive the developer’s crazy, but it certainly will be fun to watch.

Post to Twitter

Posted in Active Directory.

No comments

By Bob Bobel August 5, 2010

PING Identity’s Cloud Identity Conference

I’ve had the good fortune to find myself at the Ping Identity Cloud Identity Conference. The conference, as the name inplies, is dedicated to dealing with Identity in a SaaS world and all the interesting challenges that happen when identity traverses or is moved into the Internet.

Today I’m sitting through one of Ping’s Experts (Ian Barnett) who is going through how organizations can implement SAML for a host of reasons. One interesting conversation that came up was around the differences between SAML and OpenID and how their origins put them on a similar path but for different reasons.

A similar discusssion arose around Microsof’t's ADFS 2.0 and SAML 2.0 and there was certainly more than a little confusion about how the two do or do not interoperate effectivly.

Post to Twitter

Posted in Active Directory.

Tagged with , , , , , .

No comments

By Bob Bobel July 20, 2010

Apple Bumper – they are kidding right?

I like the apple touch phones, but a bumper is stupid – just fix the problem.

 I’m glad I’m now a HTC droid man.

http://www.cnn.com/2010/TECH/mobile/07/16/consumer.reports.iphone.case/index.html?eref=igoogle_cnn

Post to Twitter

Posted in Active Directory.

Tagged with , , , .

1 comment

By Bob Bobel July 16, 2010

Use PowerShell to easly find Obsolete Accounts

One of the great new capabilities new to ActiveRoles AD CMDLETS version 1.4 is the ability to define criteria for how you want to identify obsolete or inactive accounts. You define the criteria as an “InactiveAccountsPolicy” that can be called from the Get-QADUser cmdlet to list accounts matching the obsolete policy then delete, disable or if you own ActiveRoles Server execute the Deprovisoning policy.

 

Set-QADInactiveAccountsPolicy

 Set the current user preference on what accounts to consider inactive by default.

Syntax

Set-QADInactiveAccountsPolicy [-AccountExpiredPeriod <Int32>] [-PasswordNotChangedPeriod <Int32>] [-AccountNotLoggedOnPeriod <Int32>]

Parameters

AccountExpiredPeriod

Use this parameter to specify the number of days after which an expired account is considered inactive by default. Thus, an account is considered inactive if the account remains in the expired state for more days than specified by this parameter.

AccountNotLoggedOnPeriod

Use this parameter to specify the period, in days, that an account is not used to log on, after which the account is considered inactive by default. Thus, an account is considered inactive if no successful logons to that account occur for more days than specified by this parameter.

PasswordNotChangedPeriod

Use this parameter to specify the password age, in days, after which an account is considered inactive by default. Thus, an account is considered inactive if the password of the account remains unchanged for more days than specified by this parameter.

Detailed Description

Use this cmdlet to specify the default conditions that must be met for a user or computer account to be considered inactive. The inactivity conditions are specific to the current user, and have an effect on the cmdlets that support the Inactive parameter (such as Get-QADUser or Get-QADComputer). If no account-inactivity related parameters other than Inactive are supplied, then the Inactive parameter retrieves the accounts that meet the conditions defined by this cmdlet. To view the inactivity conditions that are currently in effect, use the Get-QADInactiveAccountsPolicy cmdlet.

 

Get-QADInactiveAccountsPolicyView the current user preference on what accounts to consider inactive by default.

 

Syntax

Get-QADInactiveAccountsPolicy

Detailed Description

Use this cmdlet to examine the settings that were specified by using Set-QADInactiveAccountsPolicy, and are in effect for the current user session. These settings specify the default conditions that must be met for a user or computer account to be considered inactive. The inactivity conditions are specific to the current user, and have an effect on the cmdlets that support the Inactive parameter (such as Get-QADUser or Get-QADComputer). If no account-inactivity related parameters other than Inactive are supplied, then the Inactive parameter retrieves the accounts that meet the conditions defined by the AccountExpiredPeriod, AccountNotLoggedOnPeriod, and PasswordNotChangedPeriod settings that you can examine using this cmdlet. For details regarding each of these settings, see the corresponding parameter description for the Set-QADInactiveAccountsPolicy cmdlet.

 

 

 

 

Set-QADInactiveAccountsPolicy

Post to Twitter

Posted in Active Directory.

Tagged with , , , , , , .

2 comments

By Bob Bobel July 15, 2010

AD CMDLETS 1.4 now live!

The 1.4 version of the ActiveRoles AD CMDLETS went live a few moments ago and you can download them here http://www.quest.com/powershell/activeroles-server.aspx.

Post to Twitter

Posted in Active Directory.

Tagged with , , , , , , , , , .

No comments

By Bob Bobel July 15, 2010

Microsoft KIN – RIP

I was surprised to read on Engadget that Microsoft killed its entire KIN phone line, less than two months after launch. To me this is scary that a company like Microsoft has struggled to figure out the mobile market despite having Apple and Google showing them how it should be done. Well, Kin is now in a far better place with Microsoft BOB and Microsoft Clipit – may they all rest in peace.

http://www.engadget.com/2010/06/30/what-killed-the-kin/

Post to Twitter

Posted in Active Directory.

Tagged with , .

No comments

By Bob Bobel July 1, 2010

ActiveRoles User’s Groups Denmark & Sweeden

Following up on our UG in Boston, Berlin, Toronto and Los Angeles, last week I had the tremendous opportunity to help our regional offices in Copenhagen Denmark and Stockholm Sweden hold their first ActiveRoles User’s Groups. Both events were held in the Quest regional offices and were well attended by both existing customers and those new to ActiveRoles. I look forward to next year’s events! I need to make a special thank you to Christian Dinesen for being the moderator of the User’s groups as well as my official tour guide in the evening. There was a royal wedding taking place the day after I left Stockholm, but I did get to see some of the wedding entertainers practicing their acrobatics. I recorded the following video with my Droid Incredible.

Post to Twitter

Posted in Active Directory.

Tagged with , , , .

No comments

By Bob Bobel July 1, 2010

Google Apps goes mutli-domain

Google Apps was limited in that it didn’t support multiple domains so admins had to do all sorts of workarounds to accommodate this scenario. By adding support for users from different domains with different name spaces that share a common instance of Google Apps. (See the picture from the Google Blog below)

Google Apps Blog

Post to Twitter

Posted in Active Directory.

Tagged with , , , , .

No comments

By Bob Bobel June 23, 2010

Review, Droid HTC Incredible, My First Week

Friday of last week I brought my wife home from the hospital where she had undergone surgery for errant gall stones. When I got back to the house there was a shipping tag saying I missed my delivery company and that they had a package waiting for me at the local pickup – I just knew it was my Android phone. Fortunately, the delivery offices were open until 10pm so despite it being late in the day (and Friday) I still was able to pickup my package. Based on the dates Verizon had given me I actually ended up getting the package a week earlier than expected and I wouldn’t have the phone for the weekend to get used to moving off Windows Mobile.

I walked out to my car and climbed in the driver’s seat. Next to me was a younger couple and the guy had a box that was strangely similar in size to mine, but I quickly forgot about that and decided to concentrate on using my keys to cut though the tape on my box. Inside that dirty brown box was a smaller white box that held my new droid incredible. I quickly opened the smaller box carefully lifted the phone out and and without regard to the instructions I pushed the power button; nothing happened. Realizing my mistake I quickly rummaged through the box to find the battery that they never would have shipped pre-installed in the phone.

After fumbling around figuring out how to open the phone and inserting the bright red battery (very cool btw)  - I closed the phone, held my breath and pushed the ON button. I now know it was at that moment my mobile life changed for good.  I wasn’t sure about the best way to “migrate” from Windows Mobile so I decided to just use the device for a phone until I came up with a plan to switch over my email. That plan lasted less than 2 hours before I made the leap and started having my email directed to my Incredible – and out of the box it is working extremely well.

I have been using my HTC Incredible relentlessly for the past week and while I am still getting used to some aspects of the phone I would not hesitate to recomend  this phone to anyone considering it – the phone is more than incredible – it is awesome.

Post to Twitter

Posted in Bobel.

Tagged with , , , .

2 comments

By Bob Bobel June 11, 2010