Swimming against the stream of all Azure Roles being available in the Roles and administrators pane of the Azure AD Portal, the Device administrator role is missing here. Now, let’s explore how to add additional administrators to Azure AD-joined devices. About Azure AD Join Organization-owned Windows-based devices used to be joined to Active Directory. … Continue reading "KnowledgeBase: The Device Administrator Role is not available on the Roles and Administrators pane in the Azure Portal"
Month: August 2020
Azure Multi-Factor Authentication Server 8.0.5.1 is here
Roughly 6 months ago, on February 26th, 2020, we saw the release of Microsoft Multi-factor Authentication Server (MFA Server) version 8.0.4. Now it’s time for an update to Microsoft’s product that allows organization to add multi-factor authentication to RADIUS-, AD FS-, IIS-based and other on-premises authentication scenarios. This week, Microsoft released version 8.0.5.1. What’s … Continue reading "Azure Multi-Factor Authentication Server 8.0.5.1 is here"
Windows Server vNext Preview build 20201 is now available
Microsoft is working on the next version of Windows Server, beyond Windows Server 2019. Now, we can all enjoy the first preview version of what’s to come. About Windows Server vNext build 20201.1000 Windows Server vNext is the successor to Windows Server 2019. It is a Long-Term Servicing Channel (LTSC) release that contains both … Continue reading "Windows Server vNext Preview build 20201 is now available"
The Trouble with abandoned WordPress Themes, Part 1: Incompatibility with PHP 7.4
As a blogger at the DirTeam.com / ActiveDir.org Weblogs, I love the way my blog The Things That Are Better Left Unspoken looks. However, the theme I use is an abandoned theme and hasn't been updated in the last ten years. In my defense: It was current when I started blogging fourteen years ago… WordPress is a dynamic … Continue reading "The Trouble with abandoned WordPress Themes, Part 1: Incompatibility with PHP 7.4"
Field notes: Make the actual source client IP visible for a load-balanced SMTP service
A typical headache for Microsoft Exchange Server administrators is to setup load-balancing with port 25. They face the issue that, typically in these setups, they no longer see the source client IPs of the actual clients; All traffic is translated and is presented to the SMTP service with the load balancer IP as source. This … Continue reading "Field notes: Make the actual source client IP visible for a load-balanced SMTP service"
Ten things you need to know about Assigning Groups to Azure AD Roles
Last week, Alex Simons announced on behalf of his team the Public Preview of assigning groups to Azure AD roles with a blogpost titled Assigning groups to Azure AD roles is now in public preview! on the Microsoft Tech Community. Ten things you need to know Assigning groups to Azure AD Roles sounds perfect, but … Continue reading "Ten things you need to know about Assigning Groups to Azure AD Roles"
KnowledgeBase: You receive “the mS-DS-ConsistencyGuid attribute is already in use” when you change the source anchor on a Staging Mode Azure AD Connect installation
In environments with multiple Azure AD Connect installations, sometimes, you experience unexpected behavior. For instance, when you want to change the source anchor from objectGUID to mS-DS-ConsistencyGuid for your Hybrid Identity implementation. The situation An organization leverages multiple Azure AD Connect installations. One installation is the actively synchronizing Azure AD Connect installation, the other installations … Continue reading "KnowledgeBase: You receive “the mS-DS-ConsistencyGuid attribute is already in use” when you change the source anchor on a Staging Mode Azure AD Connect installation"
Getting to know the devices that people in your organization use App Passwords on
On this blog, and in several other places, I’ve shared my experiences with Azure Multi-Factor Authentication. In the early days of Azure MFA, a lot of organizations, a lot of client applications and a lot of 3rd party services were not able to perform multi-factor authentication. For these situations, Microsoft provided the App Passwords functionality. … Continue reading "Getting to know the devices that people in your organization use App Passwords on"
vSphere 7’s vMotion interface notifies for time differences between vSphere hosts
In the series Virtualizing Domain Controllers on vSphere, I explained the importance of proper time synchronization for virtualized Active Directory Domain Controllers and how to keep these Domain Controllers on trusted vSphere hosts only. Recent versions of the VMware Tools have time synchronization disabled by default. This means the reliance on proper time on vSphere hosts … Continue reading "vSphere 7’s vMotion interface notifies for time differences between vSphere hosts"
Field Notes: DKIM and missing selector records
During a project with one of my customers, I was tasked to look at a non-delivery report (NDR) for a mail message. The bounce error was pretty confusing, but after reviewing the headers, we noticed that the DKIM check had failed. This was a bit of a surprise, because the message was sent from Microsoft … Continue reading "Field Notes: DKIM and missing selector records"