Skip to Content

Category Archives: Active Directory

Active Directory

Pictures of the KNVI "Active Directory, What’s Cooking?" Event

Written on July 15, 2019 at 5:27 PM, by

Last week, on Tuesday June 20 2019, the Royal Dutch Association of Information and IT Professionals (KNVI) organized the “Active Directory, What’s Cooking?” Event at Hit Eten en Drinken in Cappele aan den Ijssel in the Netherlands. As we were to gather at 18:30, I worked for a customer in Utrecht that Tuesday. I can […]

Sizing Domain Controllers correctly on VMware vSphere

Written on July 11, 2019 at 2:20 PM, by

In the first part of this series, we discussed why we want to virtualize Domain Controllers. The first question people ask is: How do I properly size Domain Controllers on my virtualization platform? Specifically, for VMware vSphere, this is a good question, because there are a couple of areas of attention, beyond the recommended practices […]

Why virtualize Domain Controllers?

Written on July 9, 2019 at 10:03 AM, by

One of the questions I get asked a lot is: Why virtualize Domain Controllers? So, in this blogpost, I’m showing you reasons why virtualization for Domain Controllers and Active Directory is a good idea. I also know there are a lot of caveats when virtualization Domain Controllers, so this blogpost serves as a small part […]

HOWTO: Disable Unnecessary Services and Scheduled Tasks on AD FS Servers

Written on July 4, 2019 at 10:02 PM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll harden the AD FS Server installations, by disabling unnecessary services running […]

HOWTO: Disable Unnecessary Services on Web Application Proxies

Written on July 2, 2019 at 10:04 PM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. Let’s harden the Web Application Proxy installations, by disabling unnecessary services running on it. This way, we lower […]

Knowledgebase: Azure AD Connect’s Seamless SSO breaks when you disable RC4_HMAC_MD5

Written on June 25, 2019 at 7:36 AM, by

It’s a recommended practice to disable weak ciphers and encryption algorithms. Some standards require this. As technology evolves, the list of available ciphers and their priority in encryption negotiations changes. This limits the risk of losing confidentiality on communications between systems, applications and (cloud) services. While you’ve probably heard of disabling 3DES and all versions […]

Join the Active Directory Administration Cookbook Launch Party at SCCT

Written on June 5, 2019 at 9:13 PM, by

Last month, my Active Directory Administration Cookbook was released by Packt.       To celebrate, my employer is hosting a Launch Party at our office in Leidschendam, near The Hague in the Netherlands. The Launch Party offers the opportunity to Dutch people to get their copy of the Active Directory Administration Cookbook and have it signed.          […]

Creating the ‘Microsoft Office 365 Identity Platform’ Relying Party Trust manually

Written on June 4, 2019 at 1:54 PM, by

There are several methods to create the Relying Party Trust (RPT) between Active Directory Federation Services (AD FS) and Azure Active Directory automatically: Using Azure AD Connect with the Use an existing AD FS farm option or the Configure a new AD FS farm option, when configuring Federation with AD FS as the authentication method. […]

KnowledgeBase: Azure AD Connect upgrade is not reflected in the Office 365 Portal

Written on May 28, 2019 at 2:43 PM, by

Microsoft’s Azure AD Connect version 1.3.20 was quickly superseded by version 1.3.21.0 to fix an elevation of privilege vulnerability, but it appears to exhibit unexpected behavior for some organization running it.        The situation You have an Active Directory Domain Services (AD DS) environment, and you synchronize objects to an Azure AD tenant, leveraging Azure […]

Azure AD Connect version 1.3.21.0 fixes an elevation of privilege vulnerability (CVE-2019-1000)

Written on May 16, 2019 at 11:53 AM, by

Hot on the heels of Azure AD Connect version 1.3.20.0, Microsoft released version 1.3.21.0 earlier this week to address an elevation of privilege vulnerability. Azure AD Connect is Microsoft’s free Hybrid Identity bridge product to synchronize objects and their attributes from on-premises Active Directory Domain Services (AD DS) environments and LDAP v3-compatible directories to Azure […]