KnowledgeBase: You receive error ‘The directory service was unable to allocate a relative identifier’ when installing Azure AD Connect

Sometimes, the installation of Azure AD Connect can mess up your project deadlines in mere seconds. In this blogpost, I want to share an error that kept the admins of an organization occupied for several days, while it was relatively (har har) easy to fix. The situation An organization wants to configure Azure AD Connect. … Continue reading "KnowledgeBase: You receive error ‘The directory service was unable to allocate a relative identifier’ when installing Azure AD Connect"

On-premises Identity-related updates and fixes for December 2020

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the Identity-related updates and fixes we saw for December 2020:   Windows Server 2016 We observed the following update for Windows Server 2016: KB4593226 December 8, 2020 … Continue reading "On-premises Identity-related updates and fixes for December 2020"

HOWTO: Check your LAPS Implementation for Proper Security

Recently, several projects, including Akijo’s and n00py’s work, have emerged that exploit misconfigurations of Microsoft’s Local Administrator Password Solution (LAPS) in Active Directory environments. This begs the question: how to make sure their LAPS implementation is secure? It’s a solution to manage passwords for privileged accounts. If this breaks, like cpassword values in Group Policy … Continue reading "HOWTO: Check your LAPS Implementation for Proper Security"

We’re organizing Six Hybrid Identity webinars in the First Half of 2021

Working for a leading Microsoft partner in the Netherlands means that we owe it to our people, our community fellows and (prospective) customers to enable every person and every organization to achieve more. That’s why we’re organizing six Hybrid Identity webinars in the first six months of 2021. We want to show you the different … Continue reading "We’re organizing Six Hybrid Identity webinars in the First Half of 2021"

HOWTO: Check if you can use the mS-DS-ConsistencyGUID attribute as source anchor for Azure AD Connect

In recent versions of Azure AD Connect, you can use the mS-DS-ConsistencyGUID attribute as the source anchor attribute. This provides flexibility in cross-forest migration scenarios. However, if another solution in the networking environment has already claimed the mS-DS-ConsistencyGUID attribute for its purposes, Azure AD Connect won’t allow you to use this attribute and instead default … Continue reading "HOWTO: Check if you can use the mS-DS-ConsistencyGUID attribute as source anchor for Azure AD Connect"

Spoofing Vulnerability in DNS Resolver (SAD DNS, Important, CVE-2020-25705, ADV200013)

On December 8th, 2020, Microsoft issued an advisory for a spoofing vulnerability in the DNS Resolver component. Microsoft refers to the advisory as ADV200013. BleepingComputer.com references CVE-2020-25705 in relationship to this vulnerability. In the advisory notice, Microsoft guides DNS admins to limit the DNS UDP packet size to stop DNS cache poisoning attacks leveraging this … Continue reading "Spoofing Vulnerability in DNS Resolver (SAD DNS, Important, CVE-2020-25705, ADV200013)"

Windows Lock Screen Security Feature Bypass Vulnerability (Important, CVE-2020-17099, CVSSv3 6.8/5.9)

Yesterday, for its December 2020 Patch Tuesday, Microsoft released an important security update addressing a Windows Lock Screen Security Feature Bypass Vulnerability .   About the vulnerability An authenticated user has signed into a device and locks his or her active session. An attacker with physical access could then perform actions that would allow them … Continue reading "Windows Lock Screen Security Feature Bypass Vulnerability (Important, CVE-2020-17099, CVSSv3 6.8/5.9)"

Kerberos Security Feature Bypass Vulnerability (Important, CVE-2020-16996, CVSSv3 6.5/5.7)

Today, for its December 2020 Patch Tuesday, Microsoft released an important security update for Active Directory Domain Services (AD DS).   About the vulnerability A Kerberos Security Feature Bypass vulnerability exists in Microsoft’s implementation of the Kerberos network authentication protocol. This vulnerability is described in detail in CVE-2020-16996. If you use Protected Users and Resource-Based … Continue reading "Kerberos Security Feature Bypass Vulnerability (Important, CVE-2020-16996, CVSSv3 6.5/5.7)"

VMware vSphere 7.0 Update 1 introduces an interface for advanced time synchronization configuration

Back in July 2019, I wrote a blogpost on managing Active Directory Time Synchronization on VMware vSphere. This blogpost details how to configure time settings for Domain Controllers running as virtual machines on top of VMware vSphere. This blogpost introduced the concept of advanced time synchronization configuration. Now it’s time for an update; both for … Continue reading "VMware vSphere 7.0 Update 1 introduces an interface for advanced time synchronization configuration"

The video of my presentation at the 2020 Hybrid Identity Protection Conference is now available

The Hybrid Identity Protection Conference is Semperis Inc.’s event in the spirit of The Expert Conference (TEC) to bring together the leading experts in the field of Identity and Access Management. The event offers a unique opportunity to spend time with peers, whose day-to-day job is to architect, manage, and protect identity management in the … Continue reading "The video of my presentation at the 2020 Hybrid Identity Protection Conference is now available"