Skip to main content

Posts

Showing posts from 2010

Programming AD with C#.NET – part 4

Our transition to the System.DirectoryServices.Protocols has in the whole gone very smooth, but there have been some issues with one environment that contains subdomains. Most things are working fine, but writing to a subdomain does not work in the same way as it did before.

What is generally bad with the System.DirectoryServices.Protocols is the documentation, which is practically non-existent. But most things can  be figured out anyway since most classes just are wrappers for the wldap32.dll, which in turn is way better documented.

I would like to have as little bindings to a specific server as possible but still be able to access the domain. In the LdapConnection it is possible to set the identifier to null and use the executing computer as a starting point to find a domain controller. But sometimes I must know that I am using a Global Catalog, and with more and more RODC in the environment I sometimes must know that I am working against a writeable domain controller.

With the pro…

Programming AD with C#.NET – part 3

So far we have managed to exclude System.DirectoryServices because of our original issues, and System.DirectoryServices.AccountManagement because of performance issues. What is left for us now is System.DirectoryServices.Protocols, and that is the namespace of our choice.

Generally the System.DirectoryServices.Protocols is pretty similar to System.DirectoryServices, so it is not a big deal to rebuild our existing classes to a newer version. But there are always some small obsacles that need to be conquered. A very good guide to get started with these classes is written by Ethan Wilansky and published on MSDN, Introduction to System.DirectoryServices.Protocols.

An small issue is that you always have to know if an attribute exists before you try to remove it. The same thing applies when an attribute is saved, you must know if it is a new attribute to be created or an existing attribute that should be updated. If an incorrect action is taken a DirectoryOperationException will be thrown. …

Programming AD with C#.NET – part 2

To work around the memory leaking issues in the .NET classes is in theory quite simple, do not use those classes. That is the starting point we had. Instead what we want to do is, by minimizing the affection on all our projects, rebuild our AD classes to use a beter way to communicate with the Active Directory.

In .NET 2.0 the System.DirectoryServices.Protocols was introduced, which is a collection of general classes to communicate with practically any directory over LDAP. Unlike System.DirectoryServices which builds on ADSI, the System.DirectoryServices.Protocols builds on the newer and better wldap32.dll.

Heres an overview of the different namespaces and what teqniques they rely on, taken from Introduction to System.DirectoryServices.Protocols.


In .NET 3.5 yet another namespace arrived, namely System.DirectoryServices.AccountManagement. This is excactly as it sounds a set of classes for account management. In theory this is exactly what we need. The classes are very easy to use and …

Programming AD with C#.NET – part 1

We have a pretty old class library to communicate with Active Directory, shich is built on System.DirectoryServices. It has worked very well during all these years, but since the size of the systems and the number of users have increased we have begun to see some performance related issues.

The environment that is least stable at the moment consists of a root domain and a subdomain. The problem is the following error that sometimes occur on a search in the subdomain:
System.DirectoryServices.DirectoryServicesCOMException (0x8007202B): A referral was returned from the server. This is not an unusual issue, but we have taken some steps for these issues not to occur. What is also interesting is that they seem to occur at random. Once the problem occured once the subdomain is unreachable for the current application until the application or application pool is restarted.

Part of the problem is some poor memory management in SearchResultCollection, which never disposes of the COM-objects that…

Clients cannot connect to Exchange

I ran into a problem this week that caused a lot of headaches. In an existing Exchange environment everything seems to be working just fine for existing users. The problems occur when you try to configure an account on a new client. This scenario did not apply to all the mailboxes in the organization.

These are some of the messages that were presented during different stages in the configuration:
Outlook cannot log on. Verify you are connected to the network and are using the proper server and mailbox name. The connection to Microsoft Exchange is unavailable. Outlook must be online or connected to complete this action.The name cannot be resolved. The connection to Microsoft Exchange is unavailable. Outlook must be online or connected to complete this action.The action cannot be completed. The connection to Microsoft Exchange is unavailable. Outlook must be online or connected to complete this action.Your server or mailbox names cannot be resolved. The environment is a pure Exchange 200…

Internet Explorer 9 beta

Microsoft have released a beta version of Internet Explorer 9 and you cal tell that this is a true competitor in the browser war. For several reasons I have been running Google Chrome for a while but I always get curious when Microsoft makes a new release.

Among other things, IE 9 comes with HTML 5 support and an well thought through integration with Windows 7. Apart from that the browser is faster, more secure and the user interface is redisigned to give more focus to the web sites. I have not tested it enough to say if they have succeeded, but as always I think highly of Microsoft.

Read mor and download the beta version on http://www.beautyoftheweb.com/.

Get DNS-information using WMI

With the purpose of automation DNS documentation I needed to get information programatically from the DNS servers. The answer to this, and many other similar tasks is spelled WMI. That is short for Windows Management Instrumentation, which is an infrastructure for getting information from Windows using a specific query language.

Here is a method to get the host names and IP addresses for each A-record on the specified domain.

public string Server = "192.168.0.1"; public string Domain = "domain.local"; public string Username = "DOMAIN\User"; public string Password = "Pa$$w0rd"; public Dictionary<string, string> GetHosts() { Dictionary<string, string> hosts = new Dictionary<string, string>(); ManagementScope scope = new ManagementScope(String.Format(@"\\{0}\Root\MicrosoftDNS", Server)); scope.Options.Impersonation = ImpersonationLevel.Impersonate; scope.Options.Username = Username; scope.Options.Pass…

Windows Server 2008 R2 and AD for RADIUS-authentication for Cisco-routers

Instead of investing in a TACACS server solution we wanted to build switch and router logon on Active Directory authentication. This is possible by installing a RADIUS server to handle the communication between the Cisco devices and Active Directory.

Windows Server 2008 R2 can be made into a RADIUS server by installing the role Network Policy Server.

Aaron Walrath has put together a guide with everything that needs to be done to get the RADIUS authentication in the Cisco devices and how to connect this to the Active Directory. This guide is divided into two blog posts.
RADIUS authentication for Cisco router loginsInstall Windows 2008 R2 NPS for RADIUS authentication for Cisco router logins

MCTS: .NET Framework 3.5, Windows Forms Application Development

I finally took the time to go through with a certification that I have been wanting to do for a while, MCTS: .NET Framework 3.5, Windows Forms Application Development. During my years as a .NET developer I have been working a lot with Windows Forms, so this was not a painful experience.

The next step will propably be to aim for MCPD in the same area before it is time to move on to the new Visual Studio 2010 and .NET 4.0 certifications.

BriForum 2010

I just got home from BriForum 2010 in Chicago. It has been a really fun and exciting week and a very interesting conference. This years main focus was desktop virtualization, or VDI.

This is a truly interesting subject and instead of a practically oriented conference there were a lot of discussions about the role of the computers in the near future and how we as IT staff would keep up with the rapid development. IT organizations often tend to be very stiff and having a hard time adapting to the user requests. This is something that hopefully will change, but it will take time and there are a lot of obstacles on the way.

Technically we got to see a preview of Microsofts RemoteFX, which basically is GPU-support over remote desktop. The next BriForum will take place in London 2011. Form more information about the conference and what was presented, visit briforum.com or brianmadden.com.

AD-diagnostics in Windows Server 2008 R2

Active Directory have always been a little tricky to troubleshoot and monitor. There is a wide variety of  Performance Counters and other parameters to investigate, but this is heavy work to do manually. There is also a bunch of third party tools to do this for us but usually the price tag is big  With Windows Server 2008 a new set of tools were delivered which could be very useful when troubleshooting performance in Active Directory amongst other services. And the best of all is that they are free!

Data Collector Sets
The role Active Directory Domain Services includes a Data Collector Set intendet for Active Directory diagnostics. This can be found in Server Manager/Diagnostics/Performance/Data Collector Sets. Run the Active Directory Diagnostics for a limited time, but do not forget to stop it. A large amount of data is collected and when the job is stopped a nice and thorough report is generated.

Windows System Resource Manager
The Resource Manager is installed as a feature in Window…

Microsoft Cloud Day

I spent this tuesday at Microsoft in Kista for an event with the name Cloud Day. The main topic was of course Windows Azure. It is really not a question if the cloud should be used, but more what the cloud could be used for, and how?

When it comes to PaaS (Platform as a Service) Windows Azure offers a great advantage compared to traditional hosting. You only pay for the bandwidth and server needs you have at the moment. There are great savings to be made. But at the same time this presents a new challenge for system architechts, who have to think of for instance each database call as a potential cost.

In the future Microsoft will publish an online version of all their software as SaaS (Software as a Service). Today there is already the Business Productivity Online Suite (BPOS), which contains Exchange, SharePoint, Office Communicator and Office Live Meeting.

Apart from these topics we also got a preview of what is coming up in the cloud area. Two products were named, Windows Intune an…

Getting started with Silverlight and Bing Maps

I have a relatively new found love for Silverlight, and when I got the chance to create a demo with Silverlight and Bing Maps I got very excited. The application gets objects from an existing Web Service. The objects contains meta data and coordinates in the format SWEREF 99. On silverlight.net there are information on how to get started with Silverlight. In addition, this is what you need to do to get started with Silverlight and Bing Maps:
Download and install Bing Maps Silverlight Control SDK.Create an account at Bing Maps Account Center to be able to create Bing Maps Keys. In the Silverlight applicationen you only need to add a reference to Microsoft.Maps.MapControl.dll, and after that you are ready to use Bing Maps in Silverlight.

<UserControl x:Class="SilverlightApplication1.MainPage" xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation" xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml" xmlns:d="http://schemas.micr…

Do not create a Work Item at Build Failure

The default settings in TFSBuild.proj includes among other things that a Work Item (bug) is created whenever a build failes. This is a very useful feature, but if you do not want it this way it is possible to turn this feature off.

The definition of the CoreCreateWorkItem target in Microsoft.TeamFoundation.Build.targets looks like this:

<Target Name="CoreCreateWorkItem" Condition=" '$(SkipWorkItemCreation)'!='true' and '$(IsDesktopBuild)'!='true'" DependsOnTargets="$(CoreCreateWorkItemDependsOn)"> <PropertyGroup> <WorkItemTitle>$(WorkItemTitle) $(BuildNumber)</WorkItemTitle> ... </PropertyGroup> <CreateNewWorkItem TeamFoundationServerUrl="$(TeamFoundationServerUrl)" BuildUri="$(BuildUri)" BuildNumber="$(BuildNumber)" Description="$(WorkItemDescription)" TeamProject="$(TeamProject)…

NUnit in Team Foundation Build

Not everyone have embraced Microsofts testing platform, but prefer to use other tools for unit testing, for instance NUnit. Because this is such a common scenario there is lots of information and components to help with integrating NUnit in Team Foundation Build.

The easiest solution is to use two add-on components. MSBuild Community Tasks to make configuration easier and NUnit for Team Build to integrate the testresults in the build log and get the results in reports. Both of these components are open source and free to download.

Begin with installing NUnit, MSBuild Community Tasks and NUnit for Team Build. After that only some changes in TFSBuild.proj are needet to get a really nice integration of NUnit in Team Foundation Server.

Import MSBuild Community Tasks by adding the following row:

<Import Project="$(MSBuildExtensionsPath)\MSBuildCommunityTasks\MSBuild.Community.Tasks.targets" />
Now we have the possibility to use every task that is defined in the imported file…

Move Team Foundation Server to a new domain

Since we want to simplify administration by minimizing our server farm the subdomain that currently hosts our Team Foundation Server is going to be removed. This means that we will have to move the entire installation to the parent domain. Luckily we only have one server as application-tier and data-tier, and we are very few users, which makes the process a whole lot less dramatic.

First of all we have to make sure that the new domain is ready to incorporate the server. It is not possible to perform any kind of user mapping, so all user accounts must have the same login name on the new domain as on the current domain. This also applies to the service accounts used by Team Foundation Server.

The documentation around this procedure is well documented on MSDN. The article describes the scenario to move from a workgroup to a domain, but the scenario from one domain to another works exactly the same. The entire process can be summarized in 5 steps:
Ensure that all users have accounts on the…

Automatically configure Team Explorer connections

The first time you open Team Explorer to connect to Team Foundation Server there are three things that needs to be done before you can start working against the server.
Register server in Visual StudioSelect active projects in Team ExplorerCreate workspace in Source Control I got a request if there was a way to automate these steps. Of course it can be done, but there are some light hacking involved. Here is what I cam up with:

Register server
Registered servers are easy to manage since they are saved in the registry. Given that the user has write access to the registry this step is easy to automate. The structure is as shown below, where my server is called ServerName. The key names explain themselves and this is all that is needed for Visual Studio to find the server as a registered Team Foundation Server.

[HKEY_CURRENT_USER\Software\Microsoft\VisualStudio\9.0\TeamFoundation\Servers] "ServerName"="http://servername:8080/" [HKEY_CURRENT_USER\Software\Microsoft\Visu…

Getting started with Silverlight

In my work with the Cornball as my first Silverlight project I have had to solve a huge amount of problems which turned out to be quite a high threshold before I could get started with the development for real. Not the least in the difference between a WinForms application and a Silverlight application. In this post I will mention a couple of the things i encountered.

Splash Screen/Preloader
The builtin preloader in Silverlight does not look too bad, but it is definately more fun to create a custom preloader to fit with the rest of the application. I choose to create a very simple but functional preloader. First I had to include all the images as resources in the application for the preloader to actually have a purpose. By adding the images to the project and select Resource as Build Action the images will be included in the XAP-file. To show the images in the application, something of the following will do.

XAML
<Image Name="Card" Source="/SilverlightApplication1;compo…

System.DirectoryServices.AccountManagement

Ever since .NET 2.0 System.DirectoryServices.Protocols have been a part of the framework and in .NET 3.5 even more directory related classes were added, namely System.DirectoryServices.AccountManagement. That is exactly as it sounds a namespace containing methods for account management.

This fits perfectly for a little project I have chosen to call AD Cleanup Tool. This tool will go through all accounts in a domain to clean up certain account properties, such as naming, password policy etc.

Some older solutions does not work with todays versions of Active Directory, for instance if I want to set the property User must change password at next logon. This has earlier been done by setting the property userAccountControl with the flag ADS_UF_PASSWD_CANT_CHANGE. It is not possible to set that flag anymore, but S.DS.AM gives us an even easier solution:

using(PrincipalContext context = new PrincipalContext(ContextType.Domain, "192.168.0.1", "DC=domain,DC=com", "domain…