Kerberos AppContainer Security Feature Bypass Vulnerability (CVE-2021-31962, CVSSv3 9.4/8.2)

This month’s Patch Tuesday, Microsoft addresses a vulnerability that exists in the Windows Kerberos implementation for AppContainers. With a CVS v3 score of 9.4/8.2 this is a critical update that should be remediated with the highest priority. About AppContainers Isolation is the primary goal of an AppContainer execution environment. By isolating an application from unneeded … Continue reading "Kerberos AppContainer Security Feature Bypass Vulnerability (CVE-2021-31962, CVSSv3 9.4/8.2)"

I’m presenting two more Active Directory and Azure AD Better Together webinars

After the huge success of my previously co-presented Active Directory and Azure AD Better Together webinars for their US audience, Netwrix and I have decided to organize these webinars again for people in Europe, Africa and the Middle-East. On June 23rd and June 25th, Netwrix’ Russel McDermott and I discuss how Active Directory and Azure … Continue reading "I’m presenting two more Active Directory and Azure AD Better Together webinars"

Preparing Active Directory for Windows 10 version 21H1

Microsoft has released a new version of Windows 10, dubbed version 21H1. This version brings new functionality that many organizations are eager to utilize. In many organizations, Windows-based devices are joined to Active Directory Domain Services (AD DS), so devices can be managed centrally and end-users can sign-in on any domain-joined device of their liking. … Continue reading "Preparing Active Directory for Windows 10 version 21H1"

Default checks to perform when implementing Hybrid Identity, Part 5: Groups with non-linked-value replication-enabled members

Microsoft has introduced an impressive array of technologies and an awesome vision on Hybrid Identity. Their vision entails seamless access to corporate resources, services and applications for people, no matter where these resources, services and apps are located (either on-premises or in the cloud) while in the mean time allowing for strong authentication and granular … Continue reading "Default checks to perform when implementing Hybrid Identity, Part 5: Groups with non-linked-value replication-enabled members"

On-premises Identity-related updates and fixes for April 2021

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the Identity-related updates and fixes we saw for April 2021: Windows Server 2016 We observed the following update for Windows Server 2016: KB5001347 April 13, 2021 The … Continue reading "On-premises Identity-related updates and fixes for April 2021"

I’m presenting two Active Directory and Azure AD Better Together webinars with Netwrix

On May 18th, 2021 and May 20th, 2021 I’ll present 1-hour webinar sessions with Netwrix. Together with Netwrix, I’ll discuss how Active Directory and Azure AD are better together. You’ll learn how you can benefit from integrating your on-premises Active Directory Domain Services environment with Azure AD, how to harden your hybrid environment, how to … Continue reading "I’m presenting two Active Directory and Azure AD Better Together webinars with Netwrix"

KnowledgeBase: VMware Tools Quiescence corrupts Active Directory backups

Sometimes, IT issues are not what they seem to be. A strange issue reared its ugly head last week regarding something I hold dearly: Active Directory backups. The situation An organization runs Active Directory Domain Controllers virtually on top of VMware vSphere. The VMware Tools are installed on the virtual machine. The organization creates backups … Continue reading "KnowledgeBase: VMware Tools Quiescence corrupts Active Directory backups"

From the field: A colleague encounters error “AADSTS50107 Requested federation realm object does not exist.”

Sometimes, you hit error messages that are just too vague to troubleshoot. I like these kinds of situations. I’ve hit this particular error before, but Microsoft fixed the issue with the 515 rID a long time ago… Let’s see what’s happening today causing the same error. The situation An organization has recently restructured. Today, all … Continue reading "From the field: A colleague encounters error “AADSTS50107 Requested federation realm object does not exist.”"

I was a guest on the 425Show talking Active Directory with Daniel Stefaniak

Yesterday, I spent some time talking with Daniel Stefaniak about Active Directory. Daniel is one of the hosts of the 425Show, so we decided to record  and publicly share an hour of our regular 'Old guys yelling at cloud' discussions for this show.   About the 425Show The 425Show is a Twitch live stream, run … Continue reading "I was a guest on the 425Show talking Active Directory with Daniel Stefaniak"

Your Active Directory Pre-production environment: Restore from Backup or Deploy as Code?

Active Directory Domain Services act as the cornerstone of every on-premises Microsoft-oriented networking infrastructure. It is important to get things right when it comes to your Domain Controllers, user objects and access controls. An obvious solution to getting things right the first time is offering one or more pre-production environments to develop and test scripts, … Continue reading "Your Active Directory Pre-production environment: Restore from Backup or Deploy as Code?"