Windows Server - Setup Root Certificate Authority CA wish OCSP Certificate Roles When we setup an internal LAN for a corporate environment we should need services like SSL, Encrypted VPN, Direct Access and a lot more. They depend on the use of a CA with root and other service certificates. One can buy such certificates or use our own that are created for free. This video shows you how to setup the CA with the OCSP role that enables client computers to check the validity i.e. not revoked of our certificates. For more visit: https://www.windows10.ninja https://www.servers2016.com Transcript (machine generated so it contains errors) Hello were very good day to you. This video is gone off show you how to set up a certificate authority okay on your windows server am also ensure that basically the certificate checking to see whether the certificates are valid is also set up so basically, those ESP service okay role is also that there now. There are a number of steps okay. However, they can be summarised into literally from about three. The first one. A setting up the certificate authority okay setting are the OCSP and also give a policies and the template. It's all become fairly straightforward. Here I get the first-ever is we've open server manager very simple. This is a domain joined computer, so a dial is help if it is that way again. The ServerManager is endlessly, you get the screen and then add roles and features. Next next next. Okay, so that the very first part, click next next next. We are creating a certificate authority now for future use. Like for example, when we VPNs et cetera we are all add this web enrolment. Okay, you don't really need to do that right now by registering it at the same time, and the online responder. This is the service a service. The role that actually runs on the server and whenever a certificate is used by a client computer. Another server, et cetera check to see that the media is still valid and the server's actually does the verification and say silly was valid. All good continue with what you wanted it back out next. Click next. Okay, because we click the web enrolment did those do a lot of IIS Internet information service server am better added as well, so we'll take a little bit longer to install okay once in, it has finished installing a will ask you to configure in click on your configure enclose here and then click over there and is the same thing. Okay, now it's out of with the main screen. It does a little bit nerve checking and then goes ahead, the first thing, because with. The web enrolment will just installed that one first and then quickly come back and another to say and take a few seconds. Next, make sure is an enterprise CA, make sure it's a root CA. Next, we are creating a private key. Okay, and you can choose the defaults okay. You can create a common name. A good system that will use the past was lying the domain name. Okay, or the IP address, which makes it easy to find, however, it is the default will just go ahead with that. Click next. Okay, that's that again next and then configure and will happily create our spirit authority and allow us lose another two things were just click both of them, and click next...
Views: 19195 Windows Ninja
In this video tutorial we will learn how to install and configure ssl certificate in exchange 2016. For this demonstration i will be using my local enterprise root certificate authority to get ssl certificate with subject alternative name for our Exchange 2016. 1) Create a certificate request 2) Get certificate from Certificate Authority 3) Import certificate on Exchange 2016 4) Assign certificate to exchange services
Views: 20150 MSFT WebCast
Microsoft Certificate Authority (CA) Installation and ISS Web Server Certificate Request - Windows Server 2012 R2 http://siberblog.org/index.php/microsoft-certificate-authority-ca-installation-windows-server-2012-r2/
Views: 39493 Bekir Yalçın
Info Level: Intermediate Presenter: Eli the Computer Guy Date Created: February 25, 2013 Length of Class: 38:56 Tracks Windows Server 2012 Prerequisites Introduction to Windows Server 2012 Purpose of Class This class teaches students the basic concepts in building out Active Directory Infrastructure for Windows Server 2012. Class Notes DC's or Domain Controllers are the server that control the Active Directory Service Domains are made up of Domain Controllers and Member PC's and Servers. There can be multiple Domain Controllers in a Domain for fault Tolerance and Load Balancing. DC's keep data synchronized through replication. The schedule for replication is called the "replication strategy". DC's can be grouped into Sites. Sites are comprised of Domain Controllers located at the same geographic location. Sites are used to reduce bandwidth consumption used due to Replication. DC's are normally set to be Read/ Write. For security purposes you can make DC's Read only. Read Only DC's are used at Remote Offices to lessen the danger of Hacking. Sites are connected through Site Links Sites can Replicate Through Site Link Bridges. Site Link Bridges are kind of like routers for replication. Global Catalog Servers store searchable Indexes of the Active Directory database. There should be at least one Global catalog server at each site. It is best to use Microsoft's built in DNS Server on a Windows Server 2012 network. You can use a Unix DNS Server, but... WINS (Windows Internet Naming Service) was Microsoft's attempt to compete with DNS. You will rarely ever see it, but if you have very old legacy systems you may need to create a WINS server. Using Microsoft's DHCP Server is usually the best bet on a Windows Domain. Using Windows DNS and DHCP allow for multiple servers for fault tolerance and increased security.
Views: 568296 Eli the Computer Guy
How to install Enterprise Root Certificate Authority in Windows Server 2016
Views: 2760 Yaniv Totshvili
There is a problem to install new Exchange Server 2013 if you have domain name with Underscore symbol - for example: "Domain_Server" This video about new exchange server 2013 installation and not migration from old exchange version. Note: This video for Organizations that don't have Exchange server and want to install Exchange server 2013. In the future I will Upload a video that talks about migration from server exchange 2010 SP3 to 2013 - hope see you there :) Import-Module ServerManager Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation Yaniv Totshvili Microsoft MVP | Office Servers and Services My Site: http://yshvili.com Blog: http://blogs.microsoft.co.il/blogs/yanivlea/
Views: 2085 Yaniv Totshvili
Installing an Additional Domain Controller on Windows Server 2019 1. Prepare - DC31 : Domain Controller(Yi.vn) | DC32 : Domain Member 2. Step by step : Installing an Additional Domain Controller on DC32 - DC32 : Installing an Additional Domain Controller + Server Manager - Manage - Add Roles and Features - Next to Server Roles - Select "Active Directory Domain Services" - Add Features - Next and Install - Close + Click Notifications - Click "Promote this server to a domain controller" - Select "Add a domain controller to an existing domain" - Type the Directory Services Restore Mode (DSRM) password : Enter Password and Confirm password - Next to Install - Restart + Logon use account Yi\administrator + Server Manager - Tools - Active Directory Users and Computers = OK + Start - cmd - Type : nltest /dclist:Yi.vn === Check Domain Controllers -----------------------******************** Youtube.com/c/MicrosoftLab ********************-----------------------
Views: 657 microsoft lab
Author, teacher, and talk show host Robert McMillen shows you how to create a Self Signed Certificate and Bind in IIS in Windows Server 2016.
Views: 29236 Robert McMillen
In this tutorial you will learn: How to Generate or Create (CSR) Certificate Signing Request in IIS 8.5 on windows server 2012 R2. This video contains: 1) How to create / request domain certificate in IIS 8.5 2) How to Generate or Create (CSR) Certificate Signing Request in IIS 8.5 3) How to Install / Assign certificate to IIS 8.5 4) How to test SSL certificate on IIS 8.5
Views: 77490 MSFT WebCast
Clients can connect to your new server from the Internet, you need to configure the external domains After you've configured the external URL on the Mailbox server virtual directories, you need to configure your public DNS records for Autodiscover, Outlook Web App, and mail flow. FQDN DNS record type Value company.com MX mail.company.com Mail.company.com A 192.168.1.20 Owa.company.com CNAME mail.company.com Autodiscover.company.com CNAME mail.company.com
Views: 212 It System
This tutorial will show you how to reset forgotten domain admin password on Server 2012. To accomplish the task you would need the Windows Server 2012 installation disc. http://www.avoiderrors.net/?p=23163
Views: 118842 AvoidErrors
In this video we will look at how to install a Root Certificate Authority on Windows Server 2012 R2. The root CA forms the top of the certificate hierarchy. By MSFTWebCast
Views: 16932 MSFT WebCast
Microsoft Certificate Services - Creating a CA (PKI) Hierarchy (Stand Alone Root / Ent Sub) Part 1 of 2 - MCT - William Grismore will demonstrate in detail how to install a Microsoft Certificate Server Hierarchy. In Part 1 of 2 he will demonstrate how to install a Stand Alone Root CA. Then be sure to check out Part 2 where he pulls it all together buy demonstrating how to then install the Enterprise Subordinate and make is a child CA of the Root.
Views: 38089 William Grismore
Author, teacher, and talk show host Robert McMillen shows you how to create Group Policy settings to trust a self signed certificate in Windows Server 2016. By binding the certificate in IIS you can use a self signed certificate and have them trusted by domain PCs to be used internally and work without errors.
Views: 2433 Robert McMillen
Install and Configure Certificate Authority in Windows Server 2016 Install Certificate Authority on Windows Server 2016 Configuring Certificate Authority on Windows Server 2016 Assigning Certificate on Exchange Server 2016
Views: 6772 It System
Subscribe for free lectures and IT news www.youtube.com/c/shafqatmehmood Like our Facebook Page www.facebook.com/ezxprt visit our website: www.ezxprt.com In this lecture i went through the domain installation and Active Directory Domain services. What is Active Directory? Active Directory Domain Services is Microsoft's Directory Server. It provides authentication and authorization mechanisms as well as a framework within which other related services can be deployed (AD Certificate Services, AD Federated Services, etc). It is an LDAP compliant database that contains objects. The most commonly used objects are users, computers, and groups. These objects can be organized into organizational units (OUs) by any number of logical or business needs. Group Policy Objects (GPOs) can then be linked to OUs to centralize the settings for various users or computers across an organization. When people say "Active Directory" they typically are referring to "Active Directory Domain Services." It is important to note that there are other Active Directory roles/products such as Certificate Services, Federation Services, Lightweight Directory Services, Rights Management Services, etc. This answer refers specifically to Active Directory Domain Services. What is a domain and what is a forest? A forest is a security boundary. Objects in separate forests are not able to interact with each other, unless the administrators of each separate forest create a trust between them. For example, an Enterprise Administrator account for domain1.com, which is normally the most privileged account of a forest, will have, no permissions at all in a second forest named domain2.com, even if those forests exist within the same LAN, unless there is a trust in place. If you have multiple disjoint business units or have the need for separate security boundaries, you need multiple forests. A domain is a management boundary. Domains are part of a forest. The first domain in a forest is known as the forest root domain. In many small and medium organizations (and even some large ones), you will only find a single domain in a single forest. The forest root domain defines the default namespace for the forest. For example, if the first domain in a new forest is named domain1.com, then that is the forest root domain. If you have a business need for a child domain, for example - a branch office in Chicago, you might name the child domain chi. The FQDN of the child domain would be chi.domain1.com. You can see that the child domain's name was prepended forest root domain's name. This is typically how it works. You can have disjoint namespaces in the same forest, but that's a whole separate can of worms for a different time. In most cases, you'll want to try and do everything possible to have a single AD domain. It simplifies management, and modern versions of AD make it very easy to delegate control based on OU, which lessens the need for child domains. I can name my domain whatever I want, right? Not really. dcpromo.exe, the tool that handles the promotion of a server to a DC isn't idiot-proof. It does let you make bad decisions with your naming, so pay attention to this section if you are unsure. First of all, don't use made up TLDs like .local, .lan, .corp, or any of that other crap. Those TLDs are not reserved. ICANN is selling TLDs now, so your mycompany.corp that you're using today could actually belong to someone tomorrow. If you own mycompany.com, then the smart thing to do is use something like internal.mycompany.com or ad.mycompany.com for your internal AD name. If you use mycompany.com as an externally resolvable website, you should avoid using that as your internal AD name as well, since you'll end up with a split-brain DNS. When a user tries to log in to a computer that is joined to AD using their AD credentials, the salted and hashed username and password combination are sent to the DC for both the user account and the computer account that are logging in. Yes, the computer logs in too. This is important, because if something happens to the computer account in AD, like someone resets the account or deletes it, you may get an error that say that a trust relationship doesn't exist between the computer and the domain. Even though your network credentials are fine, the computer is no longer trusted to log into the domain. -~-~~-~~~-~~-~- Please watch: "How to Secure your USB drive?" https://www.youtube.com/watch?v=A7mGYw6Rokc -~-~~-~~~-~~-~-
Views: 441 ezxprt
Watch full screen in 720p. This walks you through the process of configuring WPA2-EAP authentication to enable wireless encryption using your wireless access point. In this example, Windows Server 2008 R2's Network Policy And Access Services Server Role is configured as the RADIUS server. A Windows 7 computer acts as the client, and automatically authenticates to the protected network using the user and computer domain privileges. For more, check out the Microsoft Press 70-642 Training Kit (2nd edition), and visit http://www.vistaclues.com.
Views: 117207 Tony & Chelsea Northrup
Connecting a Windows 7 client computer to a WIndows Server 2008 R2 Active Directory Domain http://www.danscourses.com/Windows-Server-2008/week-3-installing-active-directory-and-dns-services-379.html
Views: 312264 danscourses
Configure Exchange 2016 certificates 1. Prepare - DC11 : Domain Controller (pns.vn), IP 10.0.0.11 | DC12 : Exchange server 2016, IP 10.0.0.12 | DC13 : Certificate server, IP 10.0.0.13 | WIN101 : Domain Member, IP 10.0.0.101 2. Step by step : Configure Exchange 2016 certificates for DC12 - DC11 : Create a record named mail.pns.vn point to DC12 on DNS - DC12 : Set Internal URL for OWA : https://mail.pns.vn/owa + Start - Exchange Administrative Center - Servers - virtual directories - owa (Default Web Site) - general - Internal URL : https://mail.pns.vn/owa - Save - WIN101 : Test access link https://mail.pns.vn/owa === Certificate error - DC12 : Request Certificate + Create and share a folder named Cert + Exchange Administrative Center - Servers - certificates - '+' - Choose 'Create a request for a certificate from a certification authority' - Friendly name for this certificate: mail.pns.vn - Store certificate request on this server : - Browse... : DC12 - Specify the domains (host names)... : Choose 'Outlook Web App (when accessed from the intranet)' - Based on your selections, the following ... : Choose 'mail.pns.vn' - Organization name: pns, Department name: IT, City/Locality: Ha Noi, State/Province : Ha Noi, Country/Region name: Viet Nam - Save the certificate request to the following file: \\DC12.pns.vn\Cert\CertEX.req - Finish + Interner Explorer - http://10.0.0.13/certsrv/ - Request a certificate - advanced certificate request - Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file - Base-64-encoded certificate request (CMC or PKCS #10 or PKCS #7): Open CertEX.req ... - Certificate Template: Web Server - Submit - Download certificate - Save + Copy certnew.cer to \\DC12.pns.vn\Cert\ + Exchange Administrative Center - Servers - certificates - mail.pns.vn - Complete - File to import from: \\DC12.pns.vn\Cert\certnew.cer - OK + Server Manager - Tools - Internet Information Services (IIS) Manager - DC12 - Sites : + Default Web Site - Bindings... - https - Edit... - SSL certificate : Choose 'mail.pns.vn' + Exchange Back End - Bindings... - https - Edit... - SSL certificate : Choose 'mail.pns.vn'- DC12 - Restart - WIN101 : Refresh IE - Check access link https://mail.pns.vn/owa === OK -----------------------------------------------------------------******************** Youtube.com/c/MicrosoftLab ********************-------------------------------------------------------------
Views: 2033 microsoft lab
This video demostrates installing a Microsoft single Tier PKI, a single Enterprise Root CA. The analogy of a DMV is used to make understanding the concpet of the Enterprise Root as simple as possible
Views: 38954 William Grismore
This video looks at how the DNS name space is broken up and divided between servers. Check out http://YouTube.com/ITFreeTraining or http://itfreetraining.com for more of our always free training videos. This allows the DNS name space to be controlled while still allowing individual administrator to have the power to make changes. http://itfreetraining.com/Handouts/DN... Fully Qualified Domain Name A Fully Qualified Domain Name (FQDN) is a domain name that indicates a domain name's exact location in the DNS hierarchy. A FQDN in other words is the full domain name. For example, www.ITFreeTraining.com. DNS uses a hierarchy of servers to resolve a single FQDN. Each DNS server resolves part of the domain name until the final DNS server is able to return a record for the FQDN. Dividing up the DNS name space allows decentralized control, fault tolerance and load balancing. DNS Name Space A DNS name is resolved from right to left. The first part of the DNS name is dot. All DNS names end in dot, however you do not need to enter this in as the DNS software will automatically add it to the end of the domain name. There are hundreds of DNS servers that are on the internet that can be used to start the resolving process starting with dot. The function of this DNS server, known as a root hint server, is to provide the address of a DNS server that can resolve the next part of the DNS name. The next part, top level domain, contains the name next part of the domain name. e.g. .com, .net, .au. The next level is the second level domain name. These domains name can be registered to a company or individual. Once registered, the administrator has complete control over the domain name. They can create records at this level or additional sub domains under that domain. For example, third and fourth level domain names. Resolve Example 1) When a DNS name is resolved, the request is first sent to the DNS server configured on the client. This DNS server is responsible for resolving the DNS name. A DNS server that contain source records for a DNS name is called authoritative. In other words, these records are configured directly by the administrator and are not cached. If a DNS server does not have the record required in its cache, it needs to find a DNS server that is an authoritative for that domain name. 2) In order to resolve the DNS name, the DNS server will contact a root hint server. These servers are preconfigured in the DNS server. The root hint server will provide a DNS server that will be able to resolve the name part of the DNS address. In the example, a .com DNS server. 3) The .com DNS server will be able to provide the client with an address of a DNS server then can resolved the next part of the address, in this case ITFreeTraining. 4) This DNS server holds the records for the ITFreeTraining zone. Thus, when a DNS server communicates with this server, it will be able to obtain DNS records for that zone. Once the resolve process is complete, the address of each server resolved will remain in the DNS server's cache so the address of the .com DNS server does not need to be resolved each time. In the real world, the root hint server will often have top level domain names on them as well. Configuring Root Hints The DNS server will have the root hint servers configured by default. There will be multiple entries configured in case one or more of the root hint servers is not contactable. Normally there is no need to change them. In some rare cases, a company may choose to disable the root hints servers or use their own. This however is very rare. In a lot of cases, a company will forward DNS requests to the DNS server run by their ISP. When this occurs, this effectively disables root hints from working since DNS requests are sent direct to the ISP DNS server rather than have the DNS server resolve the request itself. See http://YouTube.com/ITFreeTraining or http://itfreetraining.com for our always free training videos. This is only one video from the many free courses available on YouTube. References "MCTS 70-640 Configuring Windows Server 2008 Active Directory Second edition" pg 440-441 "Domain name" http://en.wikipedia.org/wiki/Domain_name "Domain Counts & Internet Statistics" http://www.whois.sc/internet-statistics
Views: 59645 itfreetraining
Certificates are used to prove identity and used for creating secure communication. Check out http://itfreetraining.com for more of our always free training videos. This video looks at how a certificate works, what is a certificate and how they are used for identification and secure communication. Download the PDF handout http://itfreetraining.com/Handouts/Certificates/WhatAreCertificates.pdf What is a certificate? A certificate is an electronic document that contains data fields. When compared to a traditional paper certificate there are some similarities between an electronic certificate and a physical certificate. Digital certificates like a physical certificate are issued by an authority. For example, a university may issue a certificate to a student to show that they have completed the necessary work in order to graduate. The next question is, would you trust a physically certificate? Digital certificates work the same way. They are issued from an authority and the question becomes would you trust the authority that issued the certificate? Electronic certificates also contain other fields like who or what the certificate was issued to, how long it is valid, the public key and the digital signature. If a digital certificate is presented to a user or computer, the user or computer is able to check the certificate to ensure the person using it should be using it. Also the certificate contains a digital signature which allows the certificate to be checked to make sure it has not been modified. Digital Signature A digital signature provides a method for a certificate to be checked to ensure it has not been modified. In order to do this, a hash value is created for the certificate. To generate a hash value the certificate is put through a function to create a single value. Hash functions are designed so different certificates will not produce the same value, however the hash value cannot be used to generate the original certificate. The same principal applies to a person's fingerprints. They can be used to identify a person, however using a finger print you could not work out the features of a person like what color hair they have. When a certificate is created, the hash value for that certificate is also created. Using a function involving the private key, a digital signature is created and added to the certificate. Digital Signature Example When a certificate is used, in order to check the certificate has not been changed, the following is done: The computer generates the hash value for the certificate. Next, the digital signature is put through a function using the public key which should result in the same hash value. If both values match, the certificate has not been modified. This prevents a 3rd party taking a certificate, changing the values in the certificate and using the certificate. Trust Model Certificates work off a trust model. An example of a trust model in computers is that a computer may have a sticker on it indicating which operating systems it will run. The consumer, seeing this sticker, must trust that the manufacture would not put this sticker on the laptop unless it will run that operating system. The customer must also trust the creator of that operating system would not allow a computer manufacturer to put a sticker on a computer that would not run that operating system. Certificate Trust Model Certificates are generally deployed in a hierarchy. At the top is the root certificate authority. This can be an internal Certificate Authority or an external authority like VeriSign. When an authority like VeriSign issues a certificate, they will perform a number of checks on the individual purchasing the certificate to ensure that they are a valid business. When a certificate is used it can be checked to see which authority issued that certificate. In order for the certificate to be used, the computer must trust the authority that it was issued from. Authorities like VeriSign are trusted by default on most operating systems. Certificate Error If a certificate is presented to the computer and it is not trusted, the computer will generate an error asking if the users want to trust the certificate. It is up to the user to decide if they believe the certificate is valid. Certificate Hierarchy Certificates use a hierarchy. At the top is the root CA, below these are subordinate CA's. Any level can issue certificates to subordinate CA's or direct to users, computers or devices. If the user, computer or device trusts the root CA, then any certificate that is issued by any CA in the hierarchy will automatically be trusted and thus used by the client. References "MCTS 70-640 Configuring Windows Server 2008 Active Directory Second edition" pg 771-775 "Public key certificate" http://en.wikipedia.org/wiki/Public_key_certificate
Views: 501107 itfreetraining
Install Active Directory Domain Services on Windows Server 2019 1. Prepare - DC31 : OS Windows Server 2019, IP 10.0.0.31 | WIN101 : Client, IP 10.0.0.101 2. Step by step : Install Active Directory Domain Services on DC31 - DC31 : Install ctive Directory Domain Services (Yi.vn) + Start - ncpa.cpl - Double-click icon network - Properties - Double-click "Internet Protocol Version 4 (TCP/IPv4)" - Use the following DNS Server addresses : - Preferred DNS Server : 10.0.0.31 - OK + Server Manager - Manage - Add Roles and Features - Next to Server Roles - Select "Active Directory Domain Services" - Add Features - Next and Install - Close + Click Notifications - Click "Promote this server to a domain controller" - Choose "Add a new forest" - Root domain name : Yi.vn - Type the Directory Services Restore Mode (DSRM) password : Enter Password and Confirm password - Next to Install - Restart + Logon using account Yi\administrator - OK + Start - Server Manager - Tools - Active Directory Users and Computers - Yi.vn - Create a new OU named IT and a new account named HiepIT belong IT - WIN101 : Join to domain Yi.vn + Start - ncpa.cpl - Double-click icon network - Properties - Double-click "Internet Protocol Version 4 (TCP/IPv4)" - Use the following DNS Server addresses : - Preferred DNS Server : 10.0.0.31 - OK + Click File Explorer - Right-Click This PC - Properties - Change settings - Computer Name tab - change... - Select member of - Domain : Yi.vn - OK - Enter the name and password of an account with permission to join the domain - Enter name and password - OK - ... - close - Restart + Logon using account Yi\HiepIT - OK --------------------------------------------******************** Youtube.com/c/MicrosoftLab ********************------------------------------------------
Views: 903 microsoft lab
The article which accompanies this video can be found here: http://www.telnetport25.com/2013/01/building-an-exchange-2013-lab-environment-using-windows-server-2012-from-scratch-part-3-active-directory-domain-controller-ca-installation/
Views: 20860 telnetport25
How to setup mail server ( MailEnable Standard Edition - Free Mail Server ) on Windows Server 2012 r2. Part 1: Setting up DNS Records for your Mail Server https://www.youtube.com/watch?v=xq-CkxQV-7o Part 3: How to access mailenable webmail https://www.youtube.com/watch?v=asnVYQARNIg Part 4: How to configure email client like Outlook https://www.youtube.com/watch?v=9nJj3EyhwFU
Views: 104395 Sachin Samy
Build Domain Controller Raise Domain Functional Level Window Server 2003 Raise Forest Functional Level Window Server 2003 Installation IIS Installation Enterprise Root CA Configure DNS cho pool Create A Record: ocs.tktelecom.com Create SRV Record
Views: 379 Tot Tran
Installation of Root certificate Authority Configuration of Root certificate Authority View the certficate
Views: 7450 Yaniv Totshvili
Author and talk show host Robert McMillen explains how to How to install certificate services on a Windows 2008 R2 domain controller server.
Views: 10592 Robert McMillen
Author and talk show host Robert McMillen explains how to How to create a Domain Certificate in a Windows 2008 R2 domain controller server.
Views: 26387 Robert McMillen
This video looks at how to add a child domain to an existing domain in Active Directory. Child domains can access resources from the parent and also from any other domain in the forest. This video will look at adding the east domain to the existing domain. Demonstration at 04:35 Things to consider before adding a child domain The more domains that you have in your forest, the harder it will be to administer your network. When possible, you should attempt to reduce the number of domains in your forest. Sometimes due to company needs or security reasons, extra domains may be created. It should be remembered that in Windows Server 2008 there have been a number of improvements and features which in previous versions of Windows would have required additional domains. These are: 1) Active Directory could previously only have one password policy per domain. If your domain functional level is Windows Server 2008 or higher, you can support multiple password policies for the same domain. 2) With Windows NT the database was limited to 40 MB, which was around 40,000 objects. Because of this multiple domains may have been required, whereas Active Directory now only requires one. New domains may also be created due to different business unit requirements. In a lot of cases you can separate departments and even companies using organization units inside Active Directory; however, dealing with things like different company budgets is not as simple. If the companies have different IT support staff, they will probably want different domains. Demonstration Creating a new domain or adding a domain controller to an existing domain is all done using DCPromo. 1) When asked, select the option at the top existing forest. Under this, select the option, "create a new domain in an existing forest." This will create the first domain controller in your new domain in the existing forest. 2) You will next be asked for the credentials for a user to add the domain to the existing forest. This needs to be a user in the enterprise administrators group; however, the user does not need to be in the root domain: they can be located in any domain in the forest. 3) Next you need to enter in the name of the parent domain of the child domain. If you are creating a new tree, enter in the new namespace. DCPromo will understand this is a new tree rather than a child domain. 4) Once the relevant details are entered, a Domain Naming Master will be contacted to see if this domain already exists. If the Doman Naming Master can't be contacted DCPromo will fail. 5) Once the Domain Naming Master has been contacted and it has been confirmed this domain does not already exist, you will be asked for the domain functional level. What is available will be determined by what the current forest functional level is. 6) Next you need to select the site where the domain controller will be. If no sites have been created, you can use "default first site name" for the site. 7) Next you can decide if the domain controller is a DNS server and/or a global catalog server. Even if you are creating a completely separate domain you can use a DNS server or even a 3rd party DNS system like UNIX. 8) The wizard will ask you where to put the database, log file and SysVol folder. In most cases leave this on the default. 9) The next screen will ask for an Active Directory recovery password. This is used in certain recovery situations including restoring deleted objects. See http://YouTube.com/ITFreeTraining or http://itfreetraining.com for our always free training videos. This is only one video from the many free courses available on YouTube.
Views: 65049 itfreetraining
This video details the process of installing an SSL Certificate in IIS 7 on Windows Server 2008.
Views: 71623 SSL Corp
Check out http://YouTube.com/ITFreeTraining or http://itfreetraining.com for more of our always free training videos. This video will perform a basic Active Directory Certificate Service (ADCS) install to provide a certificate for use with Active Directory Federation Services (ADFS). The video looks at how to create a template for use with ADCS. If you have an existing certificate service on your network, you can use the procedure in this video to add a template to your existing certificate server. Download the PDF Handout http://ITFreeTraining.com/handouts/federation/enterprise-ca-2008.pdf Demonstration installing the CA 1)To start the install, open Server Manager from the quick launch bar. 2)From Server Manager, select Roles from the left-hand side and then from the right-hand side select the option “Add Roles” to install the add roles wizard. 3)Once past the welcome screen select the role “Active Directory Certificate Services” and press next to start the Certificate Services part of the install. 4)The next screen is the information screen for the Certificates role. Press next to skip it. 5)The next screen displays all the different components that can be installed as part of the certificate role. In this case the only component that is required is “Certification Authority”. Tick this option and then press to move on to the next screen of the wizard. 6)On the next screen select the option of Enterprise CA. This is one of the two options to install. The Enterprise option requires the server to be a member of the domain. In later videos the standalone option is looked at to provide certificates for ADFS. 7)The next screen you need to decide is if the install is to be Root CA or Subordinate CA. In this case Root CA is selected because there are no other CA’s on the network. For better security a certificate hierarchy could be setup, but this video uses a simple install aimed at providing a working certificate for use with ADFS. 8)For the rest of the wizard all the defaults were accepted. In a production environment you may want to consider changing some of these options, for example changing the key size used for the certificate that is created for the Root CA. Demonstration configuring the CA 1)To configure the certificate authority, select “Certification Authority” under “Administrative Tools” under the start menu. 2)Once open, expand down to Certificate Templates, right click it and select the option “Manage”. This will bring up a list of all the certificate templates that are currently configured on this server. 3)There is no default template for ADFS so the best option is to find a template that is simpler to the one required and then make changes to it. In this case, select the template “Web Server”, right click it and select the option “Duplicate Template”. 4)When duplicating the template you will be asked which version of Windows you want to use the certificate with. In this case the option “Windows Server 2008 Enterprise” was selected. When creating templates you need to work out which is the lowest operating system that the template will be used with. In this case, no ADFS server lower than Windows Server 2008 R2 will be used so it is safe to use the option “Windows Server 2008 Enterprise”. 5)Once the template has been duplicated, the properties for the certificate template will automatically be opened. Description too long for YouTube. Please see following link for the rest of the description: http://itfreetraining.com/federation#/enterprise-ca References None
Views: 7547 itfreetraining
1.Implementing the following forest structure (Root , Additional win 2008 , Additional win 2003). 2.Implementing MS exchange server 2003 on #1 and connect client to test you Exchange in sending\receiving e-mails.
Views: 680 ipa_g16
In this video we will demostrate all the details of how to install a single Tier Windows Server 2008 R2 Enterprise Root CA. This video is loaded with hints and tips to watch for durning the install. The perfect video for someone with a small company that want to setup a super simple PKI infrastructure.
Views: 32199 William Grismore
Certificate Services: Introduction, Building a PKI, infrastructure and Certificate Authorities. Installing and configuring an Enterprise Certificate Authority.
Views: 28381 Carly Salali
In this tutorial you will learn How to configure dns in windows server 2012 for local internal website. DNS naming locates computers and services through user-friendly names. When a user enters a DNS ( Domain Name System ) name in an application, DNS services can resolve the name to other information that is associated with the name, such as an IP address.
Views: 133905 Sachin Samy
If you would like to obtain a digital certificate either from your own CA, or from a public certificate vendor, you need to submit a certificate signing request (CSR) first. In Windows Server 2012 it's pretty simple. Please support the video by giving it a "LIKE" rating, Thank you. Tech Blog: http://bjtechnews.org Google+: http://goo.gl/1peZ6U Windows 8 App (BJTechNews): http://goo.gl/54iBA Twitch.tv Channel: http://twitch.tv/bjtechnews Here's how I get free Amazon Gift Cards: http://goo.gl/NkiRh https://www.copy.com/home/ Tech Forum: http://bjtechnews.the-talk.net/ Facebook: http://facebook.com/BJTechNews Twitter: http://twitter.com/BJTechNews Instagram: http://instagram.com/bjtechnews# Google+: http://gplus.to/bjtechnews Chat Room: http://tinychat.com/bjtechnews MySpace: https://myspace.com/bjtechnews Royalty Free Music by http://audiomicro.com/royalty-free-music Sound Effects by http://audiomicro.com/sound-effects
Views: 85339 BTNHD
Installing Windows Server 2016 Active Directory Certificate Services. This video shows how to install the Root CA. Video created by Netanel Ben-Shushan.
Views: 4293 Netanel Ben-Shushan
SI TIENEN DUDAS O SUGERENCIAS COMENTEN!! Y SUSCRIBANSE
Views: 677 Ijh Roots
In this Video in Hindi Jagvinder Thind shows How to Seize FSMO Roles in active directory in Server 2008. The Video shows how to seize RID master, PDC master, Infrastructure master, Schema Master or domain naming master in hindi. fsmo roles in active directory 2008 in hindi
Views: 16648 JagvinderThind
This video provides an overview of dcpromo and how to install Active Directory. It covers the basic installation techniques that you'll need to know in order to effectively create a domain controller on a Windows Server. Visit us at http://www.helpdesksoftware.biz or to get more answers to your technical questions, visit our blog at http://www.helpdesk-blog.com DCPromo is the Active Directory Domain Services Installation Wizard, and it is an executable file which resides in the System32 folder in Windows. Lets install Active Directory on Microsoft Windows server 2008 R2, using the DcPromo executable. First, locate and run DcPromo. You can search for DcPromo in the Start Menu, or you can directly run DcPromo in the Windows "run" box. Here we use Windows "run" to open DcPromo.exe. Simply press the Windows key and R key together, type "dcpromo", and hit enter. DcPromo will begin to install Active Directory Domain Services and other required components. Then the Wizard will appear. Just click "Next" to proceed. You'll be informed about enhanced security features and operating system compatibility. Just click "Next". In our example, we're installing Active Directory services on the first domain controller in the environment. There is no existing forest in this network. We choose the "Create a new domain in a new forest" option. Next, you're asked to provide a name for this new root domain. This will be the fully qualified domain. Then you need to set the forest functional level. The Wizard will display a description for each functional level, and this will help you to determine the correct level for your requirement. The higher the forest functional level, the more features available - So set it according to your network environment requirements. For example, if you select Windows 2000 Native as the forest functional level, all your domains must be Windows 2000 or above. In this demonstration, we select the Windows Server 2008 R2 functional level, and go ahead. Click Next. It's a good idea to have the DNS on the same server where the domain controller will be installed. The Wizard does this for you while completing this Active Directory Installation. Click Next. If there is no Static IP already set up for the domain controller, you will be prompted to configure one. If necessary, you can ignore this request for now by selecting the option to gain an IP address from the DHCP server. Otherwise, go ahead with the recommended action and set an IP for the computer and click "Next". Delegation for the DNS server will be setup later while setting up DNS -- so don't worry about the following message. Just click Yes, and then click Next. The next Wizard screen will prompt you to select the locations in which to save your Active Directory Database and Log files. In order to increase performance and recoverability, Microsoft recommends storing log files in a volume separate from where the database is stored. You'll now be prompted for a password. This password is for Directory Service Restore - it is not the Domain Administrator password. This password will be required should you need to remove Active Directory from a server using DcPromo. Next you will be shown a summary of the Active Directory installation, and if needed you can export the settings to an answer file which can be used for command line Active Directory installation It will take some time to create a new Active Directory database and install the DNS server. Tick "Reboot on completion" to automatically reboot the PC after the Active Directory installation. When it's complete, you'll receive the Active Directory Installation confirmation message -- now click "Finish". If you didn't tick "Reboot on completion", you'll be prompted to restart to complete the Active Directory Installation. That completes the installation. Active Directory Domain services are installed on the new server and ready for use.
Views: 4463 Help Desk Premier
Video by Network NUTS, shows how to use the postfix to configure inbound and outbound email relay. at: http://www.networknuts.net
Views: 21497 networknutsdotnet
Microsoft Certificate Services - How to use a Group Policy to deploy the Root CA certificate - MCT - William Grismore, demonstrates how to issue the root CA certificate from your internal Microsoft PKI Hierarchy to all the computers in the domain. This way internal users won't get that nagging security alert about something being wrong with the Root CA's certificate.
Views: 18045 William Grismore
Cau hinh chung chi so Certificate - PKI ( Public key Infrastructure)-- An toan/bi mat thong tin - Ma hoa chung chi cho duong truyen Web : HTTP + SSL = HTTPS - Cac may che do Domain - DC : CA 192.168.1.1, + Cai dat dich vu ADCS + Cau hinh CA cho phep cap Certificate : + Tao ban ghi dns : www.ipmac.vn tro ve 192.168.1.2 - SVR request CA ; SVR : Web server 192.168.1.2. + MMC -- add certificate -- Export Certificate + Request certificate : personal + Cai dat dich vu IIS +Cau hinh IIS chay SSL voi Certificate request - Vao web bang IP 192.168.1.2 xuat hien canh bao do - Dung https:\\www.ipmac.vn khong bi canh bao
Views: 3143 microsoft lab
In Episode 44 of the Tech Smart Boss Podcast, I talked about 3 ways to set your website up with SSL encryption and the reasons you needed to do it as soon as possible (listen here - http://be.smartboss.co/LUoByFHT ) One of the ways discussed was Let's Encrypt, which provides you a free and easy way to set up SSL on your site. Since Let's Encrypt is an API based service, the biggest use case is for software developers to integrate with Let's Encrypt so that the custom domains you set up in their SaaS app are encrypted. But what about small businesses that run their own web servers, specifically, Microsoft Windows Servers (I'm raising my hand, that's me). Well in this video, I go through how to get a free SSL certificate from Let's Encrypt, on your self-hosted Windows Server and to do it I use Win Simple which takes that Let's Encrypt API and puts it in a nice command line GUI (you can download Win Simple here - https://github.com/Lone-Coder/letsencrypt-win-simple/releases ) I'm super excited for this as it's going to save me a lot of money in those SSL renewals from GoDaddy (sorry GoDaddy) and I hope it can save all my Tech Smart Bosses some money too. Hope you enjoy and if you like this, press the LIKE button on the video and subscribe to our YouTube Channel --- http://be.smartboss.co/uTt72Tai For more from us: Website: https://www.techsmartboss.com Podcast: http://be.smartboss.co/MuB2RBTp Facebook Private Group: http://be.smartboss.co/_ykBbQeT Follow us on Facebook as well: http://be.smartboss.co/FO8tecjh
Views: 21590 Tech Smart Boss