AD – Ramblings of an IT Admin

Creating an AD Realm on a Cisco ASA 5508-x running FTD (via FTM)

Creating an AD Realm on a Cisco ASA 5508-x running FTD (via FTM)

This was done on FTD vs 6.2.3-83.

In the Top Menu (Monitoring, Policies, Objects, Device), Select Objects
Under the Object types side menu, select Identity Realm
Enter a Realm name (I entered Client domain).
For me, the Type: Active Directory was grayed out (it was my only choice anyway)
For base DN, I entered: dc=example,dc=com
for AD Primary domain, I entered our domain name
Hostname, I entered the ip of the AD server and port I left at the default of 389
I left encryption as None. I then tested satisfactory and saved the config.

Setting up AnyConnect VPN’s on the Cisco ASA 5508x (FTD)

Unable to activate BitLocker after imaging Surface Pro or Surface Book

I ran into the following error after pushing an image to a Microsoft Surface Book and configuring the imaged device for a new user. I tried to Turn on BitLocker and immediately saw:

This device cannot use a Trusted Platform Module. Your administrator must set the “Allow Bitlocker without a compatible TPM” option in the “Required additional authentication at startup” policy for OS volumes

During the imaging process I had turned off TPM via BIOS, so I rebooted into BIOS ad made sure TPM was enabled. Next I saved and exited BIOS and restarted. WIth TPM enabled in BIOS I did the following:

Entered Device manager: (Type device Manager in Start Menu)
In Device Manager, look for “Security Devices” (If you don’t see “Security Devices”, click on “View” and “Show hidden devices”.
Under Security Devices you should See “Trusted Platform Module 2.0” or similar
Right Click on that and select Properties
Mine showed the device was not detected
I then clicked on cancel (In the TPM Properties screen)
I then Right Clicked on TPM module and selected “Uninstall device”
This required a reboot which I did.
After reboot I checked the device manager and TPM was shown as working properly. I was then able to turn on and configure BitLocker

Speedup Apple/MAC AD logon

1. Unbind from AD & reboot

2. Login and bind to AD. While Replace the “/Active Directory/All Domains” entry in the search path with “/Active Directory/adshortname/longadname” (ie:/Active Directory/whatever/whatever.local) Do the same for contacts in search policy. This is accomplished by unchecking the “Allow authentication from any domain in the forest” on the ‘Administrative’ tab of the AD utility. Make sure create mobile account @ login is checked and require confirmation isn’t.

3. Open ‘Network Preferences’ for both your Airport/wifi connection and Ethernet connection (any that might possibly be used off the LAN) and go to the DNS settings. In the “Search Domains” section create two entries: longdomainname local (make sure longdomainname is 1st)

4. reboot

DNS Scavenging

This is a great article on DNS Scavenging

#DNS #AD #Windows

Force static IP clients to move to DHCP

The following will set the client to use DHCP:

netsh interface ip set address “Local Area Connection” dhcp

Unfortunately, you will need to do the same with DNS as well (otherwise it remains statically assigned)

netsh interface ip delete dns “Local Area Connection” all

Place that in GPO as a startup script after testing.