Todd's Blog

Todd's Tips for System Adminstrators

Connect

Publishing ADFS – Comparing ADFS Proxy vs TMG

by

If you have deployed Office 365 or are planning to and are looking to publish your ADFS to external users, for example, workers from a remote location like Starbucks or for mobile devices then you have a couple of choices.

You can chose to deploy an ADFS proxy. This is pretty simple and is really just a role service of ADFS.

Instructions on how to setup ADFS can be found on Kelsey Epp’s blog.

The one drawback of using ADFS Proxy is that you can’t logon to Office365 if the Active Directory (AD) account is expired or has been marked “User Must Change Password on Next Logon” If you have a lot of users who are using a web browser or mobile devices and they don’t come into the office much, this could be a problem.

The alternative is to use Microsoft Forefront Threat Management Gateway 2010. The drawback here is the product is being slated for retirement and it has a cost. But with it you can have users directed to a page where they can reset the password if it is expired.  The link to set up TMG for ADFS.

Following these instructions for TMG 2010 I did run into an issue where I was getting error 8004789A. The issue was I had to uncheck Link Translation. I found this on Risual Blogs.

TMG Link Translation

I am hoping over the next little bit that we will see Microsoft give us something that will allow us to change passwords remotely like TMG but make it free like ADFS Proxy.

 

Publishing Exchange Web Services for Lync

by

I’ve been involved in a 12,000 seat, 33,000 user Lync deployment at work over the past few weeks. One of the pain points we had, was publishing free/busy from Exchange for internet connected clients. We use an appliance to give access to our internal resources including OWA and Exchange ActiveSync. And because we are implementing an MDM solution, we are not wanting to make much available externally without having to go through the MDM solution.

Finding good articles covering publishing EWS without exposing everything is few and far between. Luckily I did find a link a couple of weeks back talking about how to do this. For our Lync deployment we are using Threat Management Gateway 2010 (TMG 2010 ) to publish our Lync services to external users. So tacking this feature on is relatively painless.  Here is the link here: http://www.confusedamused.com/notebook/publishing-exchange-web-services-remotely-only-for-lync/.

Enjoy