MS13-079 Vulnerability in Active Directory could allow denial of service (Important)

Earlier this week, during the September 2013 Patch Tuesday, Microsoft has released a new Active Directory-related security bulletin: MS13-079. With the third Active Directory-related Security bulletin this year, (after MS13-066 and MS13-032) Microsoft is sure having its hands full on patching the vulnerabilities found in these technologies.

MS13-066 Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (Important)

On Tuesday, August 13, 2013 Microsoft, in its monthly Patch Tuesday, released MS13-066, a Security Bulletin addressing an issue with Active Directory Federation Services. This security update resolves a privately reported vulnerability in Active Directory Federation Services (AD FS). reveal information pertaining to the service account used by AD FS. An attacker could then attempt … Continue reading "MS13-066 Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (Important)"

Common Challenges when Managing Active Directory Domain Services, Part 5: (Accidental) Misconfiguration

A lot of organizations run Active Directory Domain Services as their Identity and Access Management (IAM) solutions. Their Domain Controllers unlock access to the simplified view on the organization’s processes, structure and systems, so people can perform the jobs they were hired to do. Just when you thought your Active Directory environment couldn’t get any … Continue reading "Common Challenges when Managing Active Directory Domain Services, Part 5: (Accidental) Misconfiguration"

KnowledgeBase: Incorrect results when you run AD Windows PowerShell Cmdlets on a Windows Server 2012 or Windows Server 2008 R2-based Domain Controller

Windows Server 2008 R2 and Windows Server 2012-based Domain Controllers (as well as Windows 7 and Windows 8 management workstations with the Remote Server Administration Tools installed) offer the built-in ability to manage Active Directory through PowerShell. Windows 7 and Windows Server 2008 R2 offer 76 Active Directory Management PowerShell Cmdlets and 15 Active Directory … Continue reading "KnowledgeBase: Incorrect results when you run AD Windows PowerShell Cmdlets on a Windows Server 2012 or Windows Server 2008 R2-based Domain Controller"

Active Directory Services on Server Core installations

Windows Server 2012 is a major leap forward for Server Core installations of Windows Server. Not only are Full installations of Windows Server convertible back and forth to Server Core installations without reinstallation, a whole slew of new Server Roles have become available for installation on the mean, clean Server Core installations. Active Directory Domain … Continue reading "Active Directory Services on Server Core installations"

Applicability of Managed Service Accounts (MSAs) and group Managed Service Accounts (gMSAs)

Recently, one of my readers approached me with some questions on Managed Service Accounts (MSAs). From our discussion, I realized a lot of people may be unclear about the applicability of Managed Service Accounts (MSAs) and group Managed Service Accounts (gMSAs). So, this blogpost features a comprehensive table, showing the applicability of Managed Service Accounts … Continue reading "Applicability of Managed Service Accounts (MSAs) and group Managed Service Accounts (gMSAs)"

Top 5 myths on Offline Domain Join

A lot of people have an opinion on the Offline Domain Join (ODJ) functionality in Windows Server 2008 R2 and Windows Server 2012 Active Directory, Windows 7 and Windows 8. Of course, everyone is entitled to an opinion, but sometimes fact checking is useful for a discussion. To this point, I have captured the top … Continue reading "Top 5 myths on Offline Domain Join"

Blocking Internet Explorer 10 Automatic Delivery

Microsoft is getting ready to release Internet Explorer 10 for Windows 7 and Windows Server 2008 R2. Internet Explorer 10 is built into Windows 8 and Windows Server 2012 by default and Microsoft vowed to bring it to Windows 7 and Windows Server 2008 R2 too. The latest available version of Internet Explorer will be … Continue reading "Blocking Internet Explorer 10 Automatic Delivery"

PowerShell, LDIFDE, CSVDE and Protection from Accidental Deletion

When you build test environments regularly, at some point you’ll want to fill your Active Directory quickly. If, for instance, you have a data set with Organizational Units (OUs), user accounts and groups, you’ll want to quickly import this data. If, on the other hand, in your business you’re allowed to use the user information … Continue reading "PowerShell, LDIFDE, CSVDE and Protection from Accidental Deletion"

Active Directory in Hyper-V environments, Part 7

For a while, Microsoft’s KnowledgeBase article 976424, titled Error code when the kpasswd protocol fails after you perform an authoritative restore: "KDC_ERROR_S_PRINCIPAL_UNKNOWN", has been available to solve issues with unexpected behavior after authoritatively restoring  the krbtg account on Windows Server 2008 and Windows Server 2008 R2-based Domain Controllers.