KnowledgeBase: If one of the address families on a dual stack Domain Controller is not enabled, adding VMware ESXi hosts to the domain might randomly fail

There is an issue in VMware ESXi 7.0, where adding ESXi hosts to Active Directory Domain Services fails randomly in networks with both IPv4 and IPv6 enabled.               The situation In many environments, VMware vCenter environments or VMware ESXi hosts are added to Active Directory Domain Services to allow for single sign-on with domain accounts … Continue reading "KnowledgeBase: If one of the address families on a dual stack Domain Controller is not enabled, adding VMware ESXi hosts to the domain might randomly fail"

Keeping virtual Domain Controllers apart on trusted VMware vSphere hosts

Virtualizing Domain Controllers introduces risks that are not present when running non-virtualized Domain Controllers. Two of these problems –running Domain Controllers on hosts with the wrong time and running all Domain Controllers on the same host –can be addressed with one VMware vSphere feature: VM/Host Rules.   Additional challenges when running virtualized Domain Controllers We’ve … Continue reading "Keeping virtual Domain Controllers apart on trusted VMware vSphere hosts"

On-premises Microsoft Identity-related updates and fixes for June 2020

Even though Microsoft's Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the updates and fixes we saw for June 2020:   Windows Server 2016 We observed the following updates for Windows Server 2016: KB4561616 June 9, 2020 The … Continue reading "On-premises Microsoft Identity-related updates and fixes for June 2020"

TODO: Upgrade from ADAL to MSAL

Last week, Microsoft has announced the deprecation of the Azure Active Directory Authentication Library (ADAL). Going forward, the Microsoft Authentication Library (MSAL) is the supported way to provide authentication with Active Directory and Azure AD in applications.                                                                     What will happen? Let’s look at the timeline shared by Microsoft: For the next two years, applications … Continue reading "TODO: Upgrade from ADAL to MSAL"

Protecting virtual Domain Controllers on vSphere with VM Encryption

In the previous post in this series, we looked at Virtualization-based Security and how it may benefit virtualized Domain Controllers. However, VMware vSphere 6.5 and newer versions of vSphere, offer one more feature to virtualized Domain Controllers that you might want to look into from both an Active Directory as a Virtualization Platform management point … Continue reading "Protecting virtual Domain Controllers on vSphere with VM Encryption"

Group Policy Elevation of Privilege Vulnerability (CVE-2020-1317, Important)

This Tuesday, Microsoft released updates for all supported versions of Windows and Windows Server to address an elevation of privilege vulnerability in Group Policy, marked as important. Its official common vulnerabilities and exposures (CVE) id is CVE-2020-1317.   About the vulnerability An elevation of privilege vulnerability exists when Group Policy improperly checks access. An attacker … Continue reading "Group Policy Elevation of Privilege Vulnerability (CVE-2020-1317, Important)"

Protecting virtual Domain Controllers on vSphere with Virtualization-based Security

VMware vSphere 6.7 offers the ability to enable virtualization-based security (VBS) for virtual machines. Let’s find out what kind of protection this setting provides, what’s needed to get it going and how to configure a virtual Domain Controller to use it.   About Virtualization-based Security Virtualization-based Security (VBS) uses virtualization features to create and isolate … Continue reading "Protecting virtual Domain Controllers on vSphere with Virtualization-based Security"

Recordings of the webinars with Netwrix are now available

Last month, on April 22nd, 28th and 30th, I hosted three 60-minute webinars with Netwrix on my three favorite chapters in my Active Directory Administration Cookbook. Over 1800 people have registered for these webinars. Now, a mere week after the last webinar, the Netwrix team has done everyone a huge favor by already placing the … Continue reading "Recordings of the webinars with Netwrix are now available"

Choosing the right Passwordless sign-in method for your colleagues

Passwordless is Microsoft’s strategy to improve enterprise security and enable end-user convenience at the same time. The era of passwords is slowly coming to an end and Microsoft offers readily-available solutions for your colleagues to sign-in to their devices and services. However, with its many passwordless methods, Microsoft isn’t making it easy for identity admins … Continue reading "Choosing the right Passwordless sign-in method for your colleagues"

Azure AD Connect v1.5.29.0 fixes an issue with enabling Seamless Single Sign-on

After every fresh major release of Azure AD Connect by Microsoft, several smaller hotfix releases update the functionality to prevent issues where administrators are not able to perform certain configurations or gain access to functionality. This week, Azure AD Connect version 1.5.29.0 was released, fixing an issue that was introduced in a previous hotfix release. … Continue reading "Azure AD Connect v1.5.29.0 fixes an issue with enabling Seamless Single Sign-on"