get-mailbox -resultsize:unlimited | group-object -property:database | select-object name,count | sort-object -property:count -descending

to alter or view the current authentication policies in ADFS, open the ADFS console and click the Authentication Policies folder. here the global authentication methods can be changed. under Intranet, windows authentication can be enabled.

for this to work properly on the client-side, the client system will need to be a member of the domain that contains the ADFS servers. internet explorer’s integrated windows authentication will also need to be enabled (internet options->advanced->security->enable integrated windows authentication). note: this should be enabled by default. the last required step is to add the ADFS URL to the local intranet sites in IE (under the security tab). in my case it was fs.mydomain.com.

source:
http://technet.microsoft.com/en-us/library/dn486781.aspx

on windows 2008 r2 and windows 2012 r2 VMs, drives other than c: are classified as removable data drives (bitlocker to go). the options for unlocking a removable data drive include: manual password unlock, smart card unlock, and auto-unlock. the smart card unlock in my case is irreverent. i tried the password unlock…which works, but share settings seem to be completely removed each time the drive is locked/unlocked with this method. i then tried the auto-unlock which maintains the share settings but still requires that a user logs into the system to unlock the drive. the user may logout after the initial drive unlocking.

getting bitlocker info:
manage-bde -status e: = display status of bitlocker encryption on specified drive
manage-bde -protectors -get e: = display IDs
manage-bde -protectors -adbackup e: -id <numerical password ID> = stores recovery data in AD
source: http://blogs.technet.com/b/askcore/archive/2010/04/06/how-to-backup-recovery-information-in-ad-after-bitlocker-is-turned-on-in-windows-7.aspx

further info here: http://technet.microsoft.com/en-us/library/dd875529(v=ws.10).aspx

once the recovery data is stored in AD, the recovery password will be visible from the “bitlocker recovery” tab on the particular computer account object that has bitlocker and the appropriate group policies enabled. also in ADUC, you can use “find bitlocker recovery password” by right-clicking the root of the domain. you can then search for a recovery password if you know the first 8 characters of the numerical password ID.

recovery testing…a bitlocker enabled drive can be attached to another windows system that has bitlocker capabilities. the drive will appear as locked. simply knowing the password to unlock the drive is sufficient. if the password is forgotten then the recovery password will have to be entered.

new papercut license required as well as the latest install of the papercut payment gateway module.

relevant documentation:
from papercut – paymentgatewaymodule-cybersource-secure-acceptance-quickstartguide.pdf
from cybersource – secure_acceptance_wm_quick_start_guide.pdf (https://www.cybersource.com/products/payment_security/secure_acceptance/installbase/)

for the payment form configuration i had to require residential address & email address under billing information.

useful howto (although for drupal): http://wearepropeople.com/blog/how-to-configure-cybersource-secure-acceptance-webmobile-in-drupal-7

update 9/22/2014:
cybersource SA IP address ranges: 198.241.162.1 – 198.241.162.254 & 198.241.168.1 – 198.241.168.254
source: https://support.cybersource.com/cybskb/index?page=content&id=C531&actp=LIST

windows server 2012 editions:
datacenter (only available through volume licensing and OEMs, unlimited VMs)
standard (2 VMs)
essentials (25 user max, does not include core, hyper-v, or ADFS)
foundation (15 users max, preinstalled on hardware; physical server only)

min. hardware requirements:
1.4GHz 64-bit CPU
512MB RAM
32GB HDD space

roles not available in core mode:
ADFS
application server
fax server
network policy and access
terminal services (remote desktop *)
volume activation services
WDS

gui modes:
graphical management tools and infrastructure (minimal) – mmc, server manager
server graphical shell – rest of gui experience

server manager:
server manager cannot deploy roles to multiple servers simultaneously
server manager can stop/start services, but it cannot disable them or set them to start automatically (must still be done from services.msc)
windows 2008/2008 r2 servers must have wmf 3.0 and .net framework 4.0 installed to be managed by server manager

active directory:
containers vs OUs = containers can’t have GPO’s applied

groups
domain local – visible in local domain only but can contain objects from anywhere
global – members from local domain only but can be used in any domain
universal – visible anywhere and objects from anywhere (stored in GC)

file servers/storage:
ABE is enabled from the share properties from within Server Manager
types of dynamic disks = simple, spanned, striped, mirrored, & RAID5
max shadow copies per volume = 64

commands:
redircmp.exe – changes the default OU for new computer accounts from “Computers” to specified OU
djoin.exe – allows for a computer to be offline joined to a domain

NIC teaming:
switch independent = NICs can be connected to different switches
switch dependent (static teaming) = NICs must all be connected to same switch, teaming relies on switch config

hyper-v:
xml files = vm config files
avhd files = snapshot/checkpoint files
vhdx files = virtual disks that can be greater than 2TB up to 64TB (also more resilient)
vsv = saved states

virtual switch types
external
internal
private

powershell cmdlets:
Enable-VMResourceMetering (hyper-v)
Measure-VM (hyper-v)
New-VMResourcePool (hyper-v)
New-NetSwitchTeam (hyper-v)
New-VMSwitch (hyper-v)
New-VM (hyper-v)
New-VHD (hyper-v)
Set-VMMemory (hyper-v)
New-NetIPAddress (networking)
Remove-NetLbfoTeam (networking)
New-NetFirewallRule (firewall)
Set-NetFirewallRule (firewall)
Get-NetFirewallRule (firewall)
Show-NetFirewallRule (firewall)
Enable-NetFirewallRule (firewall)
Add-Computer (AD)
Install-ADDSForest (AD)
Enable-ADOptionalFeature – used for enabling the AD recycle bin (AD)
Remove-ADObject (AD)
New-ADUser (AD)
Set-AppLockerPolicy (GP)
New-StoragePool (storage)
Get-StoragePool (storage)
New-VirtualDisk (storage)
Get-VirtualDisk (storage)
New-SyncShare (storage)
Get-StorageSubsystem (storage)
Add-PswaAuthorizationRule
Install-PswaWebApplication

ipv4:
class A = 1-126
class B = 128-191
class C = 192-223
class D = 224-239 (multicast)
class E = 240-255 (experimental)

ipv6:
128-bit addresses (XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX)
::1 = ipv6 loopback address
fc00::/7 (fc00::/8 and fd00::/8) = unique local unicast address
fe80::/10 = link-local address (auto-configure address)
ff00:://8 = multicast address

transition technologies: ISATAP, Teredo, 6to4

also these links:
http://resinblade.net/?p=1230
http://resinblade.net/?p=1120

it seems like just a few months ago that i found out about pipelight and today i stumbled upon this article: http://www.phoronix.com/scan.php?page=news_item&px=MTc1ODY

that’s really good news. of course i wish it would have happened like 7 years ago…but still good news. i most likely will not try it out until that particular chromium build comes out of beta.

update 12/21/2014:
correction, apparently native netflix support will not be coming to chromium. it is available in the official chrome build for linux though. i tested out chrome 39.x today (on ubuntu 14.10) and it works wonderfully even without the user agent switcher.

thus far i have always relied on MS web pages that describe the functionality of a particular cmdlet. recently i learned there’s built-in documentation for powershell…somewhat similar to unix’s man pages.

examples:
Get-Command -noun ADUser = lists ADUser cmdlets
Get-Help Set-ADUser = lists all the options of specified cmdlet
Get-Help Set-ADUser -detailed = same as above but more legible
Get-Module = lists modules currently loaded
Get-Module -list = displays all available modules
Import-Module ActiveDirectory = loads specified module

note: to install the AD module go to Windows Features->RSAT
details here: http://blogs.msdn.com/b/rkramesh/archive/2012/01/17/how-to-add-active-directory-module-in-powershell-in-windows-7.aspx

i’ve just begun to try to match my sheevaplug’s (RIP) configuration on a mirabox. the only thing i’m struggling with so far is the wireless configuration…

serial config from windows:
port: COM3 (this varies)
speed: 115200

could not get the serial connection from linux to work should be /dev/ttyUSB0

/etc/network/interfaces:
#eth0
allow-hotplug eth0
iface eth0 inet static
address 192.168.1.10
netmask 255.255.255.0

#eth1
allow-hotplug eth1
iface eth1 inet static
address 192.168.1.20
netmask 255.255.255.0
gateway 192.168.1.1
dns-nameservers 192.168.1.1

a DHCP config would resemble…
auto eth1
iface eth1 inet dhcp

#mlan0 (wireless)
auto mlan0
iface mlan0 inet dhcp
wpa-ssid <ssid>
wpa-psk <wpa key>

created a route by running:
route add default gw 192.168.1.1 eth1

wireless info (mostly from the mirabox user guide):
the mirabox will automatically boot up in an access point configuration by default, run wlan.sh to change to client mode.

scan for APs:
iwlist mlan0 scan
^i ran into my first issue here as the access point i wanted was set for 2.4GHz channel 13. which won’t show up in a US scan without tweaking.
scan tweak info here: http://penturalabs.wordpress.com/2013/05/16/is-your-wifi-ap-missing-channels-12-13/

related info:
root@mirabox-debian:/etc# iwlist mlan0 channel
mlan0 32 channels in total; available frequencies :
Channel 01 : 2.412 GHz
Channel 02 : 2.417 GHz
Channel 03 : 2.422 GHz
Channel 04 : 2.427 GHz
Channel 05 : 2.432 GHz
Channel 06 : 2.437 GHz
Channel 07 : 2.442 GHz
Channel 08 : 2.447 GHz
Channel 09 : 2.452 GHz
Channel 10 : 2.457 GHz
Channel 11 : 2.462 GHz

connect to AP:
iwconfig mlan0 essid “<SSID>”
dhclient mlan0
^2nd issue here as i’ve been unable to connect to any APs…

sources:
http://www.cyberciti.biz/faq/setting-up-an-network-interfaces-file/
http://www.cyberciti.biz/faq/linux-setup-default-gateway-with-route-command/
http://www.debian.org/doc/manuals/debian-reference/ch05.en.html#_the_basic_syntax_of_etc_network_interfaces

update 9/13/2014:
i was getting an “authentication failure” when using su as a non-root user. upon closer inspection, ls -l /bin/su revealed that the setuid bit was not set on the executable. i set it with chmod +s /bin/su.

Managed Default Folders are found under:
EMC->Organization Configuration->Mailbox->Managed Default Folders

a managed folder mailbox policy can be set up for the Deleted Items folder to permanently delete items after a specified retention period.

source:
http://rawtechnology.blogspot.com/2013/03/automatically-empty-deleted-items.html