Microsoft has posted the 80-minute video of PCIT-B341 Upgrading Active Directory the Safe Way: Using Virtualization Technologies, the session Mike Resseler and I presented on Friday May 15, 2014 at Microsoft TechEd North America 2014. You can watch this session free of charge over on Channel 9, regardless of whether you’ve attended TechEd North America … Continue reading "The video of my presentation at TechEd North America 2014 is now available"
In a blogpost today, Tal Be'ery, Vice President Research at Aorato, an Israeli security company consisting of veterans of the Israeli Defense Forces specializing in Active Directory, published how weak encryption enables an attacker to change a victim’s password without being logged. Labeled as a vulnerability in Active Directory, this information sparked some controversy, so … Continue reading "Security Thoughts: Leveraging NTLM Hashes using Kerberos RC4-HMAC encryption (AKA Aorato’s Active Directory Vulnerability)"
Last month, Microsoft released a KnowledgeBase article regarding BitLocker Network Unlock. Basically, Windows 8-based and Windows Server 2012-based client computers sometimes may not receive or use the Network Unlock Protector feature, depending on whether the client receives unrelated BOOTP replies from a DHCP server or WDS server.
Microsoft has released a KnowledgeBase article, in which they describe an issue you might encounter in a multi-domain environment, resulting in a loss of the secure channel between the domains and a long time for the secure channel to become reestablished.
On December 18, 2013, I will be hosting two webinars on backing up and restoring virtualized Active Directory Domain Controllers with Veeam’s Backup & Replication (B&R) v7. The session at 10 AM CET will be delivered in Dutch. The session at 1 PM CET will be delivered in English.
Earlier this month, Microsoft released KnowledgeBase Article 2877460, describing an issue where Kerberos authentication to an Active Directory-integrated service may fail, despite proper implementation and time synchronization, with an error describing time differences between the Primary Domain Controller (PDC) and a Backup Domain Controller (BDC).
Last week, Microsoft published a new KnowledgeBase article detailing two issues with the way (virtual) Smart Card login is displayed on the Windows 8 and Windows Server 2012 logon screen. The article contains a hotfix to address the issues.
Earlier this month, Microsoft released KnowledgeBase article 2891966. In this article, Microsoft engineers describe an issue when you open the Group Policy Management Console (gpmc.msc) and check the status of Active Directory and SYSVOL (DFSR) replication for the domain as it relates to Group Policy.
I’ve written before on Active Directory-based Activation. This new activation method allows domain-joined Windows 8 clients, Windows 8.1 clients, Windows Server 2012 and Windows Server 2012 R2-based member servers to be activated and deactivated automatically based on their domain membership. I’m very fond of this feature. However, for many enterprise organizations, Active Directory-based Activation is … Continue reading "KnowledgeBase: Update adds support for Windows 8.1 and Windows Server 2012 R2 clients to Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 KMS hosts"
As you would probably know, as a regular reader of this blog, Active Directory Domain Services performs a storage trick to prevent corruption in the Active Directory database. It does this by disabling write-back caching on the physical spindle where the Active Directory database resides. This way, the Domain Controller asks the storage device to … Continue reading "Active Directory in Hyper-V environments, Part 10"