Mac Does Stuff

Month: January 2014

  • ISDN CrossOver Cable

    Here’s a little gotcha for you. Sometimes, you may want to connect your PBX to your Session Border Control (SBC) or Voice Gateway, via E1/T1…and for whatever reason you just can’t get the interface to come up.

    Sometimes you need a ISDN CrossOver cable in these scenarios – and guess what, this is not the same as a normal Cat5 Cross Over. They’re different pin configurations.

    A normal Cat5 cable is straight-forward connection, with a 1:1 Pin correlation. The colour scheme I normally use is (starting from the left, with the plug facing away from you):

    Striped-Orange
    Solid Orange
    Striped-Green
    Solid Blue
    Striped-Blue
    Solid Green
    Striped Brown
    Solid Brown

    ISDN CrossOver
    The ISDN Cross-Over swaps pairs 1/2 and 4/5, so the pin layouts you’re now interested in would be:

    1 to 4
    2 to 5
    4 to 1
    5 to 2

    If you’re making the cables then don’t try and cut down the cable to those cables only – it’s nearly impossible to make the cable! Just leave the other pins straight through. So using the above colour scheme the layout would be:

    ISDNCrossOver

  • Disabled AD User Account can still login to Lync

    There is a certain behaviour with Microsoft Lync 2013 (and 2010 I believe) and authentication that could mean that when you disable an account in Active Directory, the user can still login to the Lync client. This isn’t ideal as the user is able to continue using services on the Lync platform – including Enterprise Voice – for the whole time they are connected, regardless if their account is enabled or not within Active Directory.

    Doesn’t sound great does it! The reasoning behind it is to do with the way that authentication is handled by the Lync client. If a user logs in to their Lync account and selects ‘Save my Password’, Lync will generate a certificate and this certificate will be installed in the user’s certificate store – this certificate is then used to authenticate.

    SignIn

    If you look at the certificate that is generated for the user you can see that it’s often quite a large time period set for its validity:

    Certificate

    In my demo environment for example you can see validity is some 6 months! As long as this certificate is valid the client will still be able to login to Lync regardless of whether their Active Directory account is enabled or not….seems kinda crazy doesn’t it?

    In reality, as part of the administrative process for disabling a user account you should include the step of physically disabling the Lync user account too, either within the Lync Control Panel or with the PowerShell Management shell for Lync. Of course you can also add this option to your Active Directory Users & Computers plug-in and do it all at the same time! Why not – it makes admin far, far simpler.

    For examples on that bit see here:

    Automating Common Administrative Tasks

    The video below shows you the effects of this login process, and why you need to be aware of it. Click here for the hi-def version.