Skip to Content

Category Archives: Active Directory

Active Directory

Active Directory Virtualization Safeguards with VM-GenerationID on VMware vSphere

Written on August 20, 2019 at 3:05 PM, by

Arriving at the fifth part of this series on Virtualizing Domain Controllers on vSphere, I managed to gather some feedback on these blogposts. One question that emerged after writing the last blogpost on Replication considerations for Domain Controllers running on VMware vSphere was: Isn’t Windows Server 2012 supposed to solve all these challenges with virtualizing […]

HOWTO: Enable Auditing and Logging for AD FS Servers and the AD FS Farm

Written on August 15, 2019 at 11:26 AM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at auditing and logging settings on AD FS Servers. Note: […]

Replication considerations for Domain Controllers running on VMware vSphere

Written on August 13, 2019 at 11:56 AM, by

Active Directory utilizes a multi-master replication model. It’s great that each Domain Controller provides read and write access to the Active Directory database, but it comes with a big drawback: Domain Controllers need to be in sync to provide consistent data to clients, independent of the Domain Controller communicated to. A big question to ask […]

HOWTO: Disable unnecessary AD FS endpoints

Written on August 6, 2019 at 8:07 PM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll harden the AD FS Server installations, by disabling unnecessary endpoints they […]

HOWTO: Disable weak protocols, cipher suites and hashing algorithms on Web Application Proxies, AD FS Servers and Windows Servers running Azure AD Connect

Written on July 30, 2019 at 10:05 AM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. Note: This blogpost assumes all Web Application Proxies, AD FS servers and Azure AD Connect installations run Windows […]

HOWTO: Enforce Azure AD Connect to use TLS 1.2 only

Written on July 30, 2019 at 10:00 AM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. Note: This blogpost assumes Azure AD Connect runs on a Windows Server 2016 with Desktop Experience (“Full installation”) […]

Managing Active Directory Time Synchronization on VMware vSphere

Written on July 18, 2019 at 2:20 PM, by

One of the hardest things to get right with virtual Domain Controllers is the time hierarchy in Active Directory. Recommended practices from Microsoft have been all over the place, but seem to have solidified in the last years, but the question remains: How do I manage Active Directory Time Synchronization on VMware vSphere? This is […]

HOWTO: Disable Unnecessary Services and Scheduled Tasks on Windows Servers running Azure AD Connect

Written on July 16, 2019 at 2:12 PM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. Note: This blogpost assumes you’re running Azure AD Connect as domain-joined Windows Server 2016 with Desktop Experience (“Full […]

Pictures of the KNVI "Active Directory, What’s Cooking?" Event

Written on July 15, 2019 at 5:27 PM, by

Last week, on Tuesday June 20 2019, the Royal Dutch Association of Information and IT Professionals (KNVI) organized the “Active Directory, What’s Cooking?” Event at Hit Eten en Drinken in Cappele aan den Ijssel in the Netherlands. As we were to gather at 18:30, I worked for a customer in Utrecht that Tuesday. I can […]

Sizing Domain Controllers correctly on VMware vSphere

Written on July 11, 2019 at 2:20 PM, by

In the first part of this series, we discussed why we want to virtualize Domain Controllers. The first question people ask is: How do I properly size Domain Controllers on my virtualization platform? Specifically, for VMware vSphere, this is a good question, because there are a couple of areas of attention, beyond the recommended practices […]