Welcome to MOBS Bangladesh   Click to listen highlighted text! Welcome to MOBS Bangladesh Powered By GSpeech
Sep 12

Deploy Microsoft Lync Server 2010 in Two Physical Servers

Download PDF

This brief solution document focuses on the deployment options regarding Lync 2010 in two physical servers. Hardware and Software Sizing as well as configuration are reflected within this document. This document also released in the Article section of this blog. Click on the blue “Articles” button for all the released articles.

Access the Document from the link: Deploy Microsoft Lync Server 2010 in Two Physical Servers

lync2010-2servers

comments: Closed tags:
Sep 9

Prepare to Deploy Active Directory – Checklist

Download PDF

Number One – Hardware: Is your hardware ready for the AD? How good are your sizing for this? Are they (PDC, BDC) going to be virtualized or not? Well in my opinion theres no need for deploying a stand alone AD on a dedicated physical server, unless you really need it for a large organizational forest or you need to create geographically located AD’s. Now in a 2000 User’s environment a 4GB memory space for a medium sized company with a 100GB RAID-5 drives would produce a mere 1~4% processor on simply AD with no other roles installed. But with Branches you would require different arrangements:

  • DirectAccess
  • Certificate Services
  • BranchCache

But please do deploy these services in different VM’s and in member servers. Now it would be even better if you could Place at least one domain controller in every site, and make at least one domain controller in each site a global catalog. And you should not login into the Domain Controller as an Admin, rather use a minimized access account. In that way you would make less mistakes.

Number Two – Security: Deploying AD is fairly simple, but failure to plan ahead would be catastrophic. After deploying AD, you should focus on strengthening your AD. Assuming your physical servers has restricted access control and properly air conditioned.

  • First thing to do is to disable the Administrator account or you can rename it to your choosing.
  • Do set time settings, as this server will be your time provider.
  • Configure your TCP/IP static settings before you deploy your first Forest. I would do NAT to connect to AD for all Network Resources including Network Printers.
  • Decide on the Forest Functional Level and Domain Functional Level.
  • Internet Sharing Settings should be disabled.
  • Remove all users from schema admin group, and create your own designated SU’s or domain admin’s.
  • Plan & Implement Master Operation Roles
  • Check your AD as designated to the Global Catalog Server, and trust relationships
  • Authentication method checkup, PAP/CHAP with proper Kerberos and TLS encryption methods should be used to communicate clients with MD5 hash algorithms, this is where you would require PKI/Certificate Services.
  • If you have multiple forests, do secure these as well with security relationships
  • Start configuring the forwarders, subnets, pointers, records check etc.
  • Start restricting shared resources by implementing Group Policy.
  • Now Designate a DNS Server; should not be on the Domain Controller, a VM would do as well.

Number Three – Post Operations:

  • Create a Backup Domain Controller
  • Create another replicated Domain Controller if you wish. I would rather have one while not needed, but when disaster strikes, I would really have it :)
  • Start updating your servers, regularly patched and keep updated state for unwanted states. I would go for SCCM for all my server/client patch management.
  • Open/Configure necessary Firewall rules to properly communicate to AD by network attached devices.
  • Backup all your domain controllers. Schedule it for a recurring basis. Partial/Differentials will not give you total backup solution. So, Choose wisely. You should have a solid plan on this, as a complete weekly backup of all AD’s is desired.
  • Monthly health check report is desired. You can use SCOM for it.
  • Most importantly, use a snapshot to keep. And restore copies in lab as your AD evolves in time. Test out changes in the LAB then apply them in the production environment.

Here is a sample video for deploying AD @ my YouTube Channel: https://www.youtube.com/watch?v=glH8mfw7IH8

Sep 9

Microsoft Exchange Server 2013 Operating System (OS) Requirements

Download PDF

A friend of mine requested this; as you might already know that Exchange Server 2013 can be installed on Winwk12R2 and also optimized. But none the less older versions of windows server do support Exchange 2013…and the list follows

Exchange Server Version Compatibility

Version Windows 2000 Server Windows Server 2003 Windows Server 2003 R2 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012
Exchange 2000 Server Yes No No No

No

No
Exchange Server 2003 Yes Yes Yes No No No
Exchange Server 2007 No Yes* Yes* Yes* Yes* No
Exchange Server 2010 No No No Yes* Yes* Yes*
Exchange Server 2013 No No No No Yes* Yes*
* 64-bit editions only supported
Aug 18

Channel9 Video: Deploying and Managing Exchange Server 2013

Download PDF

As a continual effort to let IT folks know that how these Exchange Server 2013 solution works, how to manage and maintain it. Microsoft released those video’s in the Channel9 site on October 2013. Content follows:

ch9ex2k13

 

 

 

 

 

 

 

 

 

 

 

 

Full course outline:

Aug 18

What is ADSI?

Download PDF

ADSI stands for “Active Directory Service Interfaces” Editor which lets you edit & manage Active Directory Objects and it’s attributes, while working for ADDS.

Quoting from TechNet “ADSI Edit (adsiedit.msc) provides a view of every object and attribute in an Active Directory forest. You can use ADSI Edit to query, view, and edit attributes that are not exposed through other AD DS Microsoft Management Console (MMC) snap-ins: Active Directory Users and Computers, Active Directory Sites and Services, Active Directory Domains and Trusts, and Active Directory Schema.”
 

ADSI is an LDAP (Lightweight Directory Access Protocol) which let’s you edit AD Objects and it’s attributes as mentioned earlier. There is another editor Microsoft provides is the “ldp” editor.

More on ldp: http://go.microsoft.com/fwlink/?LinkId=143517

ADSI edit comes as an MMC snap-in. In most recent operating systems ADSI comes as a standard tool for maintaining AD objects. This service automatically loads in with the current user statistics and loads the current domain in it’s pane. The following snapshot is the GUI for the ADSIeditor.

 

adsi

 

 

 

 

 

 

 

 

 

 

 

 

 

***Picture Taken from TechNet

More on ADSI Edit: http://technet.microsoft.com/en-us/library/cc731547.aspx

 

 

comments: Closed tags: , ,
Click to listen highlighted text! Powered By GSpeech