Category: 1417

Earlier this week, during the September 2013 Patch Tuesday, Microsoft has released a new Active Directory-related security bulletin: MS13-079. With the third Active Directory-related Security bulletin this year, (after MS13-066 and MS13-032) Microsoft is sure having its hands full on patching the vulnerabilities found in these technologies.

In two weeks time, several UK and IE MVPs are presenting a one-day event called ‘Transform the Datacentre’, packed with presentations on the technology topics they know and care about the most. Just like I did with the 2013 Belgian Community Day, I’ll also attend this event to support the local MVP community.

On Tuesday, August 13, 2013 Microsoft, in its monthly Patch Tuesday, released MS13-066, a Security Bulletin addressing an issue with Active Directory Federation Services. This security update resolves a privately reported vulnerability in Active Directory Federation Services (AD FS). reveal information pertaining to the service account used by AD FS. An attacker could then attempt … Continue reading "MS13-066 Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (Important)"

A while ago, I wrote a blogpost on the requirements you’d need to meet to take advantage of Active Directory features in Windows Server 2003 through Windows Server 2008 R2. Since Windows Server 2012 was released almost a year ago, it’s time to look at the requirements for Active Directory features in Windows Server 2012.

As I’ve written before, Microsoft has made significant strides on making Active Directory Domain Controllers safe(r) to virtualize in Windows Server 2012. Sometimes, however, you encounter a situation that makes all that progress seem to disappear. Microsoft, last week, has released KnowledgeBase Article 2853952, describing such a situation.

One of the new features in Active Directory Domain Services in Windows Server 2012 is Virtualization-safe(r) Active Directory. This feature makes it easier and safer to deploy and manage virtual Domain Controllers through the VM-GenerationID capability of the hypervisor platform.

A lot of organizations run Active Directory Domain Services as their Identity and Access Management (IAM) solutions. Their Domain Controllers unlock access to the simplified view on the organization’s processes, structure and systems, so people can perform the jobs they were hired to do. Just when you thought your Active Directory environment couldn’t get any … Continue reading "Common Challenges when Managing Active Directory Domain Services, Part 5: (Accidental) Misconfiguration"

Microsoft introduced Dynamic Access Control (DAC) as its claims-based authorization solution. It’s revolutionary, because it enables admins to more granularly control access to file resources, based on attributes of objects in Active Directory, like department, manager and country, instead of through an elaborate and obscure group membership structure and static Access Control Lists (ACLs) on … Continue reading "10 Things you need to be aware of before deploying Dynamic Access Control"

Using Active Directory Domain Services as the solid foundation of your Identity and Access Management (IAM) strategy, results in common challenges for most organizations I meet. While the first three parts of this series have focused on objects and links between objects in the Active Directory database. Today, I want to talk about more ethereal … Continue reading "Common Challenges when Managing Active Directory Domain Services, Part 4: Attribute Integrity"

Windows Server 2008 R2 and Windows Server 2012-based Domain Controllers (as well as Windows 7 and Windows 8 management workstations with the Remote Server Administration Tools installed) offer the built-in ability to manage Active Directory through PowerShell. Windows 7 and Windows Server 2008 R2 offer 76 Active Directory Management PowerShell Cmdlets and 15 Active Directory … Continue reading "KnowledgeBase: Incorrect results when you run AD Windows PowerShell Cmdlets on a Windows Server 2012 or Windows Server 2008 R2-based Domain Controller"