Servers

Install Let’s Encrypt certificate on Microsoft Exchange

Posted on by Andy

Download the ACME client for windows here:

https://www.win-acme.com

then unzip it into a directory, e.g. C:\win-acme and change into that directory. then paste the following command (but make sure to change the needed parameters before executing):

.\wacs.exe --source manual --host "mail.example.com,autodiscover.example.com" --certificatestore My --acl-fullcontrol "network service,administrators" --installation "iis,script" --installationsiteid 1 --script "./Scripts/ImportExchange.v2.ps1" --scriptparameters "'{CertThumbprint}' 'IIS,SMTP,IMAP,POP' 1 '{CacheFile}' '{CachePassword}' '{CertFriendlyName}'"

In this example we want a certificate for mail.example.com and autodiscover.example.com for the services IIS, SMTP, IMAP and POP. Important note for Hybrid Exchange configurations (synced to Office 365): you should use 0 instead of 1 in the --scriptparameters, which translates to the LeaveOldExchangeCerts input of the sample script.

More infos about this: https://www.win-acme.com/manual/advanced-use/examples/exchange

Join macOS to Active Directory

Posted on by Andy

Simply execute following commands:

$ dsconfigad -domain <domain_name> -a <hostname> -u <domain_admin_user>
$ dsconfigad -groups "domain admins","enterprise admins","my custom admin group"
$ dsconfigad -mobile enable -mobileconfirm disable

The first command will join the computer to the domain. Please make sure you are using the hostname given by the hostname command, not the one defined in the sharing settings and the user which you are using for joining has the “domain admins” group by default.

The second command sets all the groups which are allowed to manage the computer

The third command is used to enable mobile logins (must be used in case the computer is not always connected to the domain, e.g. macbooks leaving the network).

More infos on apple’s page:

https://support.apple.com/en-gb/guide/directory-utility/diru11f4f748/6.3/mac/13.0