Now on the Microsoft Rights Management (RMS) Team blog - Announcement: Azure RMS Documentation Library Update for June 2015...(read more)![]()
↧
Doc Updates for Azure RMS - June 2015
↧
Doc Updates for Azure RMS - July 2015
Now on the Microsoft Rights Management (RMS) Team blog - Announcement: Azure RMS Documentation Library Update for July 2015
In addition to other doc updates, you'll find out how all the recent releases affect the support statements for AD RMS and...(read more)![]()
↧
↧
Doc Updates for Azure RMS - August 2015
Now on the Microsoft Rights Management (RMS) Team blog - Announcement: Azure RMS Documentation Library Update for August 2015
In addition to the doc updates, you might be interested in the new " Also known as ... " section. Do you know the...(read more)![]()
↧
Doc Updates for Azure RMS - September 2015
Now on the Microsoft Rights Management (RMS) Team blog - Announcement: Azure RMS Documentation Library Update for September 2015
The latest support statements for new versions and applications, plus improving the docs for Windows PowerShell....(read more)![]()
↧
Doc Updates for Azure RMS - October 2015
Now on the Microsoft Rights Management (RMS) Team blog - Announcement: Azure RMS Documentation Library Update for October 2015
The recurring theme for this month is more power with PowerShell - helping out admins with FCI, configuring OneDrive for...(read more)![]()
↧
↧
Active Directory Documentation Team blog is retired
This blog is now officially retired. No new posts will be published on this blog but the old posts will remain available as archives.
The Active Directory Documentation Team Blog has covered a wide range of products and services. You can continue...(read more)![]()
↧
Doc Updates for Azure RMS – March 2015
Now on the Microsoft Rights Management (RMS) Team blog – Announcement: Azure RMS Documentation Library Update for March 2015
↧
Doc Updates for Azure RMS – April 2015
Now on the Microsoft Rights Management (RMS) Team blog – Announcement: Azure RMS Documentation Library Update for April 2015
We usually post these announcements at the end of every month, but this time, the publication was delayed a few days because of the announcement (and demo) in Brad Anderson's keynote speech about RMS doc tracking at the Microsoft Ignite conference. If you didn't see this, you can watch the full recording or read just the recap of the demo. This is a demo that is always well received because people can see how it makes protecting important documents not just easy for their users, but also fun! Security, fun? Yes, really – watch the demo and you'll see why.
If you're new to Azure RMS and want to try this out for yourself, we've just published a new tutorial – 5 steps, in 15 minutes (or less): Quick Start Tutorial for Azure Rights Management
↧
Doc Updates for Azure RMS – May 2015
Now on the Microsoft Rights Management (RMS) Team blog – Announcement: Azure RMS Documentation Library Update for May 2015
This blog post also references the Microsoft Virtual Academy Core Skills Jump Start session for Azure Rights Management. This is just one of many great training events they provide, always full of demos and inside information, with tips and answers from the experts. If you haven't already, check out what they have available: Microsoft Virtual Academy
These sessions are free to attend live or you can watch the recording afterwards – all you need is a Virtual Academy account to sign in. For example, the Azure RMS session is part of the Enterprise Mobility Core Skills series, and coming up soon is the Core Skills Jump Start for Azure RemoteApp. You can now watch the recording for Azure Active Directory Core Skills Jump Start and Microsoft Intune Core Skills Jump Start. Great resources!
↧
↧
Doc Updates for Azure RMS – June 2015
Now on the Microsoft Rights Management (RMS) Team blog – Announcement: Azure RMS Documentation Library Update for June 2015
↧
Doc Updates for Azure RMS – July 2015
Now on the Microsoft Rights Management (RMS) Team blog – Announcement: Azure RMS Documentation Library Update for July 2015
In addition to other doc updates, you'll find out how all the recent releases affect the support statements for AD RMS and Azure RMS.
↧
Doc Updates for Azure RMS – August 2015
Now on the Microsoft Rights Management (RMS) Team blog – Announcement: Azure RMS Documentation Library Update for August 2015
In addition to the doc updates, you might be interested in the new "Also known as …" section. Do you know the correct, full name of "Azure RMS"? Are you sure?
↧
Doc Updates for Azure RMS – September 2015
Now on the Microsoft Rights Management (RMS) Team blog – Announcement: Azure RMS Documentation Library Update for September 2015
The latest support statements for new versions and applications, plus improving the docs for Windows PowerShell.
↧
↧
Doc Updates for Azure RMS – October 2015
Now on the Microsoft Rights Management (RMS) Team blog – Announcement: Azure RMS Documentation Library Update for October 2015
The recurring theme for this month is more power with PowerShell – helping out admins with FCI, configuring OneDrive for Business, and supporting Office apps on mobile devices.
This is the last cross-blog announcement I will be posting on this blog. For future doc updates for Rights Management, you can directly monitor the The Official RMS Team Blog, or follow Dan Plastina @TheRMSGuy for notifications.
↧
Active Directory Documentation Team blog is retired
This blog is now officially retired. No new posts will be published on this blog but the old posts will remain available as archives.
The Active Directory Documentation Team Blog has covered a wide range of products and services. You can continue to follow service and documentation announcements by visiting the Active Directory Team Blog, RMS Team Blog, and the Application Proxy Blog. These blogs are monitored by engineering and content teams.
Thank you to everybody who has supported this blog and sent us feedback and comments.
↧
Clarification regarding the status of Identity Management for Unix (IDMU) & NIS Server Role in Windows Server 2016 Technical Preview and beyond
Note: The original blog article has been updated to address a number of questions we received and to further clarify what has been removed and what remains. Due to the Active Directory Documentation Blog being retired in October 2015, the comments have been removed. Please post your questions/comments in the Directory Services TechNet Forum.
With Windows Server 2012 R2, Microsoft announced the deprecation of the Identity Management for Unix (IDMU) and NIS Server role which will not be included starting with Windows Server 2016 Technical Preview. This has been documented in a couple of places:
In this blog article we will go into further detail and answer questions on what this means to you when you are migrating/upgrading to Windows Server 2016 and are using Identity Management for Unix/NIS Server with Windows Server today.
Why did Microsoft remove IDMU/NIS Server role from Windows Server?
After carefully reviewing and considering the feature usage, industry trends, availability of native Active Directory options on Linux/Unix and security concerns of NIS in general, the decision was made to remove the functionality from Windows Server. We announced the deprecation in the development phase of Windows Server 2012 R2 and have removed it from Windows Server 2016.
What IDMU/NIS Server components are removed from Windows Server 2016?
IDMU/NIS Server has been removed, specifically the following components are no longer included with Windows Server 2016:
- Network Information Service (NIS) Windows Server role
- The Unix Attributes plug-in for the Active Directory Users and Computers Management Console (MMC) snap-in
Note: RFC2307 attributes (e.g. GID/UID etc.) in Active Directory continue to exist. See below for further details.
I am using Windows Server IDMU/NIS Server role today, what should I do?
We recommend to start planning for alternatives, for example: native LDAP, Samba Client, Kerberos or other non-Microsoft options. Existing Windows Server 2012 R2 or earlier deployments will continue to be supported in accordance with the Microsoft Support lifecycle.
What happens when I have the NIS Server Role installed and try to upgrade to Windows Server 2016?
If you try upgrade to Windows Server 2016 from a Windows Server that runs any of the Identity Management for Unix (IDMU) components, the upgrade will stop and you will be prompted to remove the IDMU components as explained in “Installing or removing Identity Management for UNIX by using a command line”.
Can I continue to use the GID/UID (RFC 2307) attributes I am using today with Active Directory after I upgrade to Windows Server 2016?
Active Directory does not remove the populated UID/GID Active Directory attributes during the upgrade to Windows Server 2016 from Windows Server 2012 R2. The attributes will remain part of your Active Directory setup. These attributes were introduced as part of RFC 2307 support that was added in Windows Server 2003 R2.
For example, you may require the RFC 2307 attributes in combination with Network File System (NFS) Server (which does not require NIS Server role to be installed on Windows Server) to map the identity.
How do I continue to edit the GID/UID RFC 2307 attributes now that the Unix Attributes Plug-in is no longer available for the Active Directory Users and Computers MMC snap-in?
There are a couple of ways to continue to administer the attributes:
1. Active Directory Users and Computers MMC snap-in
1. Open Active Directory Users and Computers.
2. From the dropdown menu, select View -> Advanced Features:
3. Open the properties of a User, Group or Computer Object
4. Navigate to “Attribute Editor” tab to edit the following attributes:
-
- uidNumber
- gidNumber
- Loginshell
- unixHomeDirectory
- MemberUid
- ipHostNumber
2. Active Directory Administrative Center
1. Open Active Directory Administrative Center
2. Navigate to a User, Group or Computer Object
3. Navigate to Extensions
4. Navigate to “Attribute Editor” tab to edit the following attributes:
-
- uidNumber
- gidNumber
- Loginshell
- unixHomeDirectory
- MemberUid
- ipHostNumber
3. Scripts (preferred method for bulk operations and automation)
· Using Active Directory PowerShell Cmdlet:
o Below is sample code to query/configure the various attributes
Import-Module ActiveDirectory
#To query Unix Properties of a User Object
$username = "guest"
Get-ADUser $username -Properties * | Select SamAccountName, msSFU30NisDomain,uidNumber, unixHomeDirectory, loginShell, gidnumber, @{Label='PrimaryGroupDN';Expression={(Get-ADGroup -Filter {GIDNUMBER -eq $_.gidnumber}).SamAccountName}}
#To query Unix Properties of a Group object
$groupname = "Unix Sample Group"
Get-ADGroup $groupname -Properties * | Select SamAccountName, msSFU30NisDomain,gidnumber, @{Label='Members';Expression={(Get-ADUser -Filter {GIDNUMBER -eq $_.gidnumber}).SamAccountName}}
#To query Unix Properties of a Computer Object
$computername = "server123"
Get-ADComputer $computername -Properties * | Select SamAccountName, msSFU30NisDomain,ipHostNumber, msSFU30Aliases
#Set unixHomeDirectory on a user (replace this with any of the attributes you’d like to set)
$username = "guest"
set-ADUser $username -Replace @{unixHomeDirectory="/usr/sbin/guest"}
o Below, is sample output from the sample code above
Sample output from the PowerShell Script:
SamAccountName : Guest
msSFU30NisDomain : woodgrove
uidNumber : 10001
unixHomeDirectory : /usr/sbin/guest
loginShell : /bin/sh
gidnumber : 10001
PrimaryGroupDN : Unix Sample Group
SamAccountName : Unix Sample Group
msSFU30NisDomain : woodgrove
gidnumber : 10001
Members : {Administrator, Guest}
SamAccountName : Server123
msSFU30NisDomain : woodgrove
ipHostNumber : {10.2.2.2}
msSFU30Aliases : {bla, unixtestclient}
· Using NFS PowerShell CmdLet Set-NfsMappedIdentity: Please see the following page for more information: Set-NfsMappedIdentity.
· Using VBScript: There is also a TechNet blog article from a while back that has some additional detail to configure and populate the attributes in Active Directory http://blogs.technet.com/b/dsix/archive/2009/04/16/integrating-unix-client-in-active-directory-using-ldap-part-i.aspx.
What Active Directory Attributes did the Unix Attribute tabs expose in the Active Directory Users and Computers MMC snap-in prior to Windows Server 2016?
The following Active Directory Attributes were configurable from the Unix Attributes tabs in Active Directory Users and Computers prior to Windows Server 2016. This table is provided as a reference and with Windows Server 2016 all of these attributes can be modified using the methods described as part of this blog article above:
|
Dialog name
|
AD Attribute
|
RFC2307 attribute
|
Example
|
User object
|
Group object
|
Computer object
|
|
UID
|
uidNumber
|
X
|
1000
|
X
|
|
|
|
Login Shell
|
Loginshell
|
X
|
/bin/bash
|
X
|
|
|
|
Home Directory
|
unixHomeDirectory
|
X
|
/home/username
|
X
|
|
|
|
Primary Group name/GID
|
gidNumber
|
X
|
10002
|
X
|
X
|
|
|
Members
|
MemberUid
|
X
|
Administrator
|
|
X
|
|
|
iphostnumber
|
ipHostNumber
|
X
|
10.2.2.2
|
|
|
X
|
|
NIS Domain
|
maSFU30NisDomain
|
|
“example”
|
X
|
X
|
X
|
|
Members
|
msSFU30PosixMember
|
|
CN=Group,CN=Schema, CN=Configuration, DC=Woodgrove,DC=Local
|
|
X
|
|
|
Name
|
msSFU30Name
|
|
“Server123” or “Administrator” or “unix group”
|
X
|
X
|
X
|
|
Computer Aliases
|
msSFU30Aliases
|
|
Alias1; alias2
|
|
|
X
|
Thank you for reading this article!
Note: Questions and comments are welcome. However, please DO NOT post a request for troubleshooting by using the comment tool at the end of this post. Instead, post a new thread in the Directory Services Technet forum. Thank you!
↧