Links for OpenLDAP as AD-Proxy, with Attribute hiding and allow only specific paths

Windows Enterprise CA – Certificate Services

Auto-Renewal of Multidomain- / SAN-Certificates via GPO

How to Avoid Having Users Enroll for Multiple Certificates

Multiple CAs in AD-Domain

Discussion about how to issue certs with SAN – do not always use „EDITF_ATTRIBUTESUBJECTALTNAME2“


Very usefull PowerShell Module for working with CAs

Certificate enrollment policy server URI format
LDAP URI for Certificate Enrollment Policy

Certificate Enrollment Web Services in Active Directory Certificate Services

Very useful information on having more than one issuing CA in specific AD

Write-Up and thoughts about CRLs and OCSP


SCEP / NDES – getting Linux in the MS CA

Windows Eventlog Forwarding

Bin grad über das Thema Windows Eventlog Forwarding gestolpert… Nix mehr mit Agenten verteilen, Updaten und Gedöns. Logserver definieren, GPO bauen, Einstellungen treffen und verlinken. Fertsch. Klingt gut – das wird demnächst ausprobiert.

Some hints from Microsoft, to help IDS with Windows Eventlog Forwarding:

A Walk-through, to get 2 scenarios up and running:

Cut down the collected eventsources to under about 20:

Write-up of some common problems:

The Windows Event Forwarding Survival Guide:

Write your forwarded logs to a specified log file:


VMware Ressource Pools

Just a bunch of link s on this topic:



Microsoft SQL Server – Orphaned users ()

In short: If you restore a database – which was backed up on a different server – and want to create a server login and map it to your database user, you may get an error message. Reason: the user already exists in your database and cannot not be re-created. So you have to find the orphaned user in your database;



EXEC sp_change_users_login ‚Report‘;

The result should be something like this:

UserName|UserSID dbo|0x6975A7DA42EE2440BDF292BF4D8D338F

You can now link the login to the db user or create a new Login with the resulted SID above (tested, and working):

CREATE LOGIN [YourSQLServerLogin] WITH PASSWORD = 0x02003A95B96423C3D260F29BE27C39B139426666AEA07E8B8EBA75FG8F4EABB7ACBEEAF9E5E3510A58735E396309ABF3E9DF047378352B8868A0FBDF0BD8EEFE66CAE6C14963 HASHED, SID = 0x6975A7DA42EE2450BDF222BC4D8D338F, DEFAULT_DATABASE = [master]

Link an existing Login to the db-user:

EXEC sp_change_users_login ‚update_one‘, ‚db_login1‘, ‚db_login1‘;

Unfortunatelly ‚dbo‘ is an unallowed argument to the procedure sp_change_users_login … – so i’ve done with creating a new user 🙂 Afterwards you can manage your Login like before via SQl-Statments and/ or SQL Server Management Studio. Additional Links:Understanding and dealing with orphaned users in a SQL Server database

Change the owner of the database:

SQL Server 2008 and earlier:

use somedb
sp_changedbowner [ @loginame = ] 'login'

SQL Server 2012 and alter:

use master
 ON database::[Test-DB]
 TO [someLogin]

Documentation on Alter Authorisation can be found here:


How To Install ADFS 2012 R2 For Office 365:

TechNet: ADFS 3.0

Creating a Claim-Aware enabled test-app:

Setting up a ADFS 3.0 Test-Lab

Handy guide for OS- in this case Windows Server 2008 R2:

Windows Identity Foundation Runtime fpr W2k8R2:

Windows Identitiy Foundateion with Sample Apps and FedUtil.exe: Windows Identity Foundation

Microsoft PFE DeepDive:

ADFS 3.0 Debug Logging