Active Directory Round Up 3/12/2010

The end of another week means another round up of Active Directory and Identity related news.

First up, several AD bloggers recommended an ebook by Matias Woloski, Claims-Based Identity and Access Control Guide. This is a free PDF covering patterns and practices for service authentication and authorization on the web. Here's the summary from the online version at MSDN.

Imagine a world where you don't have to worry about authentication. Imagine instead that all requests to your application already include the information you need to make access control decisions and to personalize the application for the user.

In this world, your applications can trust another system component to securely provide user information, such as the user's name or e-mail address, a manager's e-mail address, or even a purchasing authorization limit. The user's information always arrives in the same simple format, regardless of the authentication mechanism, whether it's Microsoft® Windows® integrated authentication, forms-based authentication in a Web browser, an X.509 client certificate, or something more exotic. Even if someone in charge of your company's security policy changes how users authenticate, you still get the information, and it's always in the same format.

This is the utopia of claims-based identity that A Guide to Claims-Based Identity and Access Control describes. As you'll see, claims provide an innovative approach for building applications that authenticate and authorize users.

Definitely worth your time to check out.

The Active Directory team blog has a couple of posts worth mentioning and your time. First is an explanation on how to provision mailboxes in Exchange 2007 and 2010 using ILM and FIM. Clear cut with detailed notes and screen shots. The other entry is on managing different aspects of Active Directory that don't have a clear cut or easy to use GUI counterpart. For example, how do you create a custom application partition or manage advanced trust properties? This article will show you the way. The post appears to be the first in an upcoming series.

I'm always talking about having a test lab, and I trust many of you do. But if not, there are a number of scripts that can build a test AD. Dmitry Sotnikov posted a short article about an update to his setup script by Ted Wagner that goes above and beyond the call of duty.  You can download the script from PoshCode.org.

Finally, Brian McCann posted a nice entry that discusses several methods for locking your workstation. If you want to lock the workstation automatically, then take a look at Group Policy. Or if you are fortunate to have  the budget, there are proximity cards and readers that will automatically the lock the workstation when the user moves out of range.

Of course, don't forget all the other articles posted directly on The Experts Community.  Why don't you contribute something? Until next week.