Eduardo Castro Blog

Los SQL Server Data Services son servicios de almacenamiento bajo demanda y consulta, está basado en SQL Server y Windows Server technologies, proveen alta disponiblidad, seguridad y estándares basados en web, con facilidades de programación, pueden bajar el beta esta dirección.

http://www.microsoft.com/sql/dataservices/default.mspx

Saludos,

Eduardo Castro

Comunidad Windows Costa Rica – http://mswindowscr.rog

Comunidad Social de TI – http://citicr.org

Microsoft tiene a disposición del público, un conjunto de herramientas para administrar remotamente servidores Windows 2003 y 2008 tanto en 32 bits como en 64 bits.

Estas herramientas son gratuitas, y pueden ser sumamente útiles a la hora de realizar las labores diarias de administración de servidores.

Puede obtenerlas en la siguiente dirección: http://support.microsoft.com/kb/941314/es

Aporte de Hector Bejarano

Muchas veces, nos encontramos con que necesitamos el número de fila en el cual se devolvieron los registros, por ejemplo, si hiciera una consulta que me devuelve 10 filas, puede que yo necesite una columna que me indique el número de fila, es decir, que me enumere del 1 al 10 las filas devueltas.

Pues bien, SQL 2005 implementa una nueva función que me devuelve el número de fila a partir de cierto criterio que yo especifique. La sintaxis es esta:

ROW_NUMBER () OVER (ORDER BY <order by column name>)

o

ROW_NUMBER () OVER (PARTITION BY <partition by column name>)

Por ejemplo, si necesitamos devolver la lista de empleados enumerados por orden de primer apellido, nuestra sentencia podría verse así:

SELECT ROW_NUMBER() OVER (ORDER BY Primer_Apellido) AS ROW, EmpID FROM Empleados

Aporte de Hector Bejarano

Si su computadora tiene problemas porque el registro de Windows está corrupto, puede ver este artículo por la solución http://support.microsoft.com/kb/307545/es

Saludos,

Eduardo Castro – Comunidad Windows Costa Rica – http://mswindowscr.org

Comunidad CITICR – http://www.citicr.org

El SQL Server 2008 incluye una nueva característica llamada el gobernador de recursos, el cual ofrece varias maneras de manejar sus cargas de trabajo en SQL 2008.

Básicamente, usted puede definir o limitar los recursos que pueden utilizar sus instancias de SQL Server mediante reglas, de esta manera, usted podrá hacer cosas como:

- Especificar una cantidad máxima de solicitudes para grupos específicos
- Cantidad máxima de tiempo (segundos) que puede correr una solicitud para grupos específicos
- Asignar % de memoria a grupos específicos
- Mínimo y máximo de % de CPU y % de memoria para grupos específicos
- Grado de paralelismo (cantidad de operaciones simultáneas que pueden ser ejecutadas) para grupos específicos

Por ejemplo, digamos que tengo un servidor con SQL Server 2008 recién instalado, y quiero separar claramente grupos de trabajo según su función, es decir, yo quiero establecer claramente grupos para los siguientes tipos de solicitudes:

- Las que son hechas por mi aplicación (quiero darles un mínimo de 50% de procesador y se caracterizarán por provenir de una aplicación llamada “MiAplicación” o desde el Management Studio)
- Las que son hechas desde mi servidor de reportes (quiero darles un máximo de 50% de procesador y se caracterizarán por ser enviadas desde mi servidor de Report Server)
- Las que son hechas por los administradores (quiero darles un máximo de 10% de procesador y se caracterizarán por ser enviadas utilizando el usuario “sa”)

La sintaxis para crear los grupos (sin especificar prioridades en el procesador de momento) sería la siguiente:

BEGIN TRAN

CREATE WORKLOAD GROUP groupAdhoc

CREATE WORKLOAD GROUP groupReports

CREATE WORKLOAD GROUP groupAdmin

GO

CREATE FUNCTION rgclassifier_v1() RETURNS SYSNAME

WITH SCHEMABINDING

AS

BEGIN

DECLARE @grp_name AS SYSNAME

IF (SUSER_NAME() = ’sa’)

SET @grp_name = ‘groupAdmin’

IF (APP_NAME() LIKE ‘%MANAGEMENT STUDIO%’)

OR (APP_NAME() LIKE ‘%MiAplicacion%’)

SET @grp_name = ‘groupAdhoc’

IF (APP_NAME() LIKE ‘%REPORT SERVER%’)

SET @grp_name = ‘groupReports’

RETURN @grp_name

END

GO

ALTER RESOURCE GOVERNOR WITH (CLASSIFIER_FUNCTION= dbo.rgclassifier_v1)

COMMIT TRAN

GO

ALTER RESOURCE GOVERNOR RECONFIGURE

GO

En este punto, solo queda especificar las reglas de procesador para cada uno de los grupos. Para simplificar el ejemplo, solo crearemos la regla para las solicitudes de aplicación y queda a discreción del lector inferir las otras dos reglas:

BEGIN TRAN

ALTER RESOURCE POOL poolAdhoc

WITH (MIN_CPU_PERCENT = 50);

ALTER WORKLOAD GROUP groupAdhoc

USING poolAdhoc;

COMMIT TRAN

GO

ALTER RESOURCE GOVERNOR RECONFIGURE

GO

A partir de hoy 16 de Julio, está disponible el sitio del MSGLAD, Grupo LatinoAmericano de usuarios de Active Directory.

El Objetivo del GLAD es abrir una puerta al mundo de Active Directory y  tecnologías asociadas:

Implementación de Active Directory 2003 y 2008
Migración de Active Directory desde Windows NT y Windows 2000
Mantención de usuarios y Grupos
Uso de Group Policies para todo Administración de Active Directory 2003 con línea de comandos (no  powershell)
Administración de Active Directory 2008 con línea de comandos (PowerShell).
Respaldo y restauración de Active Directory 2003 y 2008 DNS

El sitio : http://www.msglad.org

Slds

Eduardo Castro – Comunidad Windows Costa Rica – http://mswindowscr.org

La semana del 21 de Julio al 26 de Julio estaré en Chicago en la Conferencia de Arquitectos del OpenGroup, en esta ocasión daré una charla sobre La Estrategia de Gobierno Digital en Costa Rica, más información en http://www.opengroup.org/chicago2008/index.htm y http://www.opengroup.org/chicago2008/program.htm

Slds,

Eduardo Castro – Comunidad Windows Costa Rica – http://mswindowscr.org

Idera ha liberado un software gratuito que permite generar un T-Script para mover los logines y permisos de un servidor a otro. Puede mover solo una cuenta, una base de datos o toda la seguridad de todas las bases de datos. Pueden bajarlo en la siguiente dirección: http://www.idera.com/products/sqlpermissions/default.aspx?s=TL_WUG

Slds,

Eduardo Castro

Comunidad Windows Costa Rica – http://mswindowscr.org

Microsoft ya lanzó Hyper-V en su versión de RTM, esta herramienta de Virtualización en Windows 2008 puede bajarse de la siguiente dirección download the update for Hyper-V RTM

Slds

Eduardo Castro – Comunidad Windows Costa Rica – http://mswindowscr.org

Este artículo da un guía de cómo configurar WSS con ADAM https://blogs.pointbridge.com/Blogs/morse_matt/Pages/Post.aspx?_ID=2

By: Matthew Morse

If you’re looking for options to authenticate against ADAM and you don’t have a MOSS license, see this post on that topic.

Introduction

Note: If all you care about is the technical detail of how to set it up, skip this section.

One of the powerful new features of Windows SharePoint Services v3 (and MOSS, as by extension) is its ability to use authentication providers other than Active Directory. Because it’s built on .NET 2.0, it can take advantage of the provider model for membership.

So who cares? Well, a common scenario for is that a company may want to give access to certain portions of their SharePoint site to their clients or business partners. It certainly makes sense to have their internal employees authenticate using their existing Active Directory structure, but it can be a management hassle (not to mention a procedural and regulatory one!) to create AD accounts for all of the external users.

WSS takes care of this situation by allowing for multiple authentication providers based on zone. It’s possible, then, to authenticate Intranet users against an existing Active Directory using NTLM, while using ASP.NET 2.0 forms-based authentication against a different membership database for the Extranet.

One possible membership database is Active Directory Application Mode (ADAM). ADAM allows for an application to take advantage of the user-management features of AD without all of its overhead (no DC required, etc.). It exposes its information via LDAP, and runs as a service on Windows Server 2003 or Windows XP.

This post describes the process of setting up an ADAM instance and configuring WSS to use it for Extranet user authentication.

Installing and Configuring ADAM

1. The first step is to install and configure ADAM. You can download it free from here.
2. Run the installation. At the end of the install, you’ll have an application group on your Start Menu called “ADAM.” Choose the “Create an ADAM Instance” option. (Note that ADAM allows you to run multiple instances on the same server, provided they’re listening on different ports.)
3. On the first step of the ADAM wizard, choose to create a unique instance. (Screenshot)
4. Next, give your ADAM instance a name. Tapping my creative juices, I used “ADAMTest.” (Screenshot)
5. Set up the ports that the ADAM instance will use. Note that these must be ports that are not currently in use on your computer. The standard LDAP port is 389, and the SSL-enabled one is 636. I ran my install on a machine that was also a domain controller, so the LDAP ports were already in use. In that case, the wizard defaults them to 50000 and 50001. (Screenshot)
6. The next step is setting up an application directory partition. You can do this after the wizard runs, but it’s easier to do it here. Give your partition a name in LDAP form. (Screenshot)
7. In the next step, choose where you you’d like the data files for the directory to reside. Personally, the default location is nearly always my favorite. (Screenshot)
8. Choose the account in whose context you’d like the ADAM service to run. In this example, I used a domain account, though the Network Service account is fine, too. If you choose to connect to ADAM via SSL (something I’ll deal with in a later post), the SSL certificate you use needs to be made a part of the personal certificate store of the account under whose identity the ADAM service is running. (Screenshot)
9. Select the account or group that will have administrative privileges within ADAM. In my case, you can see I’ve made this available to my computer’s administrators. (Screenshot)
10. On the next screen, you’ll have the opportunity to import LDIF files. These files contain the schema information for specific entities within the directory. For the purposes of user authentication within MOSS, I’ve only needed the “MS-User.LDF” file. (Screenshot)
11. That’s it for the install. The wizard will run, and assuming all goes well, it will complete and start up the new ADAM instance. The next step is to connect to the instance and do a little initial configuration.
    To connect to the instance, start the “ADAM ADSI Edit” utility from the ADAM folder on your Start Menu. Right-click on the top node of the tree view in the MMC console and select “Connect to.”
    Enter the connection information in the “Connection Settings” dialog. Choose to connect to a Distinguished name (DN), and enter the same value that you used for your application partition in step 6. (Screenshot)
    Your ADSI ADAM console should now look something like this.
12. The next step I took is optional. You can put your user entries directly into the application partition itself. However, since there are other containers already there (e.g. Roles), I like to create a new container to hold the user information. To do this, right-click on the partition folder in the tree view, select “New” and “object” from the context menu.
    In the “Create Object” wizard, select “container” from the list of classes. (Screenshot)
    The next step will prompt you for the container name. I chose “Users.” (Screenshot)

That’s it! Just 12 short steps (grin) and your ADAM directory is ready to provide authentication services for WSS.

Configuring Multiple Authentication Providers in SharePoint 2007
This post assumes that you have an existing intranet site within WSS and that it is authenticating against Active Directory.

The first step in allowing WSS to connect to the ADAM instance is to make the provider available for use.

Edit the web.config for your SharePoint Central Administration site. Add the following block inside the <system.web> tags.

Note that you will need to modify the sections highlighted in red to fit your installation.

<membership defaultProvider=”ADAMMembership”>
  <providers>
    <add name=”ADAMMembership”
type=”Microsoft.Office.Server.Security.LDAPMembershipProvider, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C”
    server=”myserver”
    port=”50000”
    useSSL=”false”
    userDNAttribute=”distinguishedName”
    userNameAttribute=”cn”
    userContainer=”CN=Users,OU=ADAMTest,O=ADAM,C=US“
    userObjectClass=”user”
    userFilter=”(ObjectClass=user)”
    scope=”Subtree”
    otherRequiredUserAttributes=”sn,givenname,cn” />
  </providers>
</membership>

Note that the “userContainer” attribute is the distinguished name of the container I created in step 12 above.

Next, you’re ready to configure WSS to use the ADAM directory. Within the SharePoint admin site under “Application Management,” choose to “Create or extend web application” and click the “Extend an existing Web Application” link. (Screenshot)

When specifying the settings for the new IIS web site, you can specify a host header if this is how you want to segregate traffic from the extranet. Most, importantly, set the zone at the bottom of the page to “Extranet.” This differentiates this web site from the default site in the application, and will allow us to choose a different authentication provider. (Screenshot)

The next step is to specify that we want to use ADAM to authenticate the users coming from the Extranet zone. This is done using the “Authentication providers” link within Application Management. When you click the link, you should see two zones, Default and Extranet, configured to use Windows authentication. (Screenshot)

Click on the “Extranet” zone to modify the authentication provider for this zone. To use the provider we’ve configured, change the “Authentication Type” to be “Forms,” and set the “Membership provider name” to be the same as we specified in the web.config above. In this case, I called it “ADAMMembership.” (Screenshot)

Save that information. Your Authentication Providers list should now look like this.

Still with me? Just a few more steps!

So far, we’ve told the SharePoint administration site about the ADAM membership provider and told it to use that for authentication on a new IIS site that extends an existing application. Now we have to configure the web application to make sure that it’s aware of the ADAM provider.

To do this, open the web.config for the new IIS web site that you just created. Mine was found in “C:\Inetpub\wwwroot\wss\VirtualDirectories\extranet.myserver.local3072″; yours will be different, depending on how you set up your site.

Paste EXACTLY the same XML as above into the site’s web.config within the <system.web> section and save the file. Once you’ve completed that, try hitting the site you’ve set up; you should see the forms authentication screen.

Paste the same XML into the web.config for the intranet site. This is needed so that the PeoplePicker running on the intranet can search the ADAM directory.

As usual, save yourself any lurking questions and do a preventative iisreset.

One final step: the account under which WSS is running needs to have “Read” permissions within the ADAM directory. To do this, go back to your “ADAM ADSI Edit” utility. Navigate to the “Roles” container within your application partition. The default install will place a group here called “Readers.” Right-click and select “Properties.” Scroll down to the “members” property and click the “Edit” button. On the member screen, click “Add Windows Account” and add the account under which your WSS instance is running. (Screenshot)

Next Steps
That’s all there is from a configuration standpoint. Your next steps will be to add users to the ADAM directory and configure permissions within WSS.

To add a user within ADAM, right-click on the “Users” container within “ADAM ADSI Edit” and select “New–>Object.” Choose “user” as the class, and enter the desired username as the “cn” of the new user.

Once you’ve created the new user, you can set the password by right-clicking the user in the right panel and selecting “Reset Password” from the context menu.

It’s also worth noting that when ADAM is installed, any existing password policy on a Windows Server 2003 instance is enforced (see this link for details). In my case, this causes any accounts that I create to be disabled until after I set a complex password. To enable the account, you need to set the “msDS-UserAccountDisabled” property of the user to false.

Now that you’ve created ADAM users, you must add them as users to SharePoint before they’ll be able to access the WSS site. You can do this using the standard user administration functions within SharePoint. You’ll notice from the intranet site that the PeoplePicker now validates and searches against both the Active Directory and against the ADAM directory.