Moving to AD FS it is wise to prepare to lab to test the whole infrastructure and then move to the production. One of the most frustrating things you will have to do is the claim transformation rules that you will have to setup between all Claims Providers and the Relying parties. Fortunately instead of using the UI and adding the rules one by one, you can setup only one and the export and import the claims rules to the rest of the parties.
Tuesday, November 20, 2012
Friday, November 9, 2012
Create self signed certificate
Visual studio comes with an exquisite tool to create a self signed certificate which you can use for Exchange/IIS/ADFS/whatever you like.
I have also created a .bat file in order to automate the localhost certificate generation. Don't forget to export the ca.localhost certificate and add it as a trusteed root certificate authority.
makecert -r -pe -n "CN=name.domain.com" -e 01/01/2020 -ss my -sr localMachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12Note that this will store the certificate in your local machine certificate store but it’s marked as “private key exportable” (-pe) so you can export it from there.
I have also created a .bat file in order to automate the localhost certificate generation. Don't forget to export the ca.localhost certificate and add it as a trusteed root certificate authority.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @ECHO OFF | |
| @rem Check for visual studio tools if not already loaded | |
| if defined VCINSTALLDIR goto GenerateCerts | |
| @rem Ensure that visual studio is available | |
| if not defined VS120COMNTOOLS goto msbuild-not-found | |
| if not exist "%VS120COMNTOOLS%..\..\vc\vcvarsall.bat" goto msbuild-not-found | |
| call "%VS120COMNTOOLS%..\..\vc\vcvarsall.bat" | |
| @rem Check that vs is properly loaded | |
| if not defined VCINSTALLDIR goto msbuild-not-found | |
| :GenerateCerts | |
| @REM Generate a CA | |
| makecert -r -pe -n "CN=ca.localhost" -e 10/25/2985 -ss my -sr CurrentUser -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 | |
| @REM Generate sts signing certificate | |
| makecert -pe -n "CN=localhost" -e 01/01/2982 -is my -ir CurrentUser -in "ca.localhost" -ss my -sr CurrentUser -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 | |
| @REM In order to export the newly created certificates | |
| @REM Run mmc.exe | |
| @REM File-> Add or Remove Snap-ins | |
| @REM Select Certificates from the left and then My User account (if above is CurrentUser) | |
| @REM They should be in the Personal->Certificates folder. | |
| pause | |
| exit /B 0 | |
| :msbuild-not-found | |
| echo Visual studio tools were not found! Please check the VS100COMNTOOLS path variable | |
| exit /B 1 |
Friday, November 2, 2012
Migrating from eSXi to Hyper-V
In order to transfer a virtual machine from vmware’s eSXI server to Hyper-V we used disk-2-vhd to clone the disk in a vhd. If you are planning to do such a task, make sure you remove the vmware tools *before* you clone the disk cause otherwise the installer will not do it afterwards.
Subscribe to:
Posts (Atom)