I'm presenting a webinar with Randy Franklin Smith and Netwrix

This Tuesday at 6 PM CEST, I'm presenting a webinar with Randy Franklin Smith's Ultimate Windows Security and Netwrix on ten best practices to securing Active Directory and Azure AD. About Randy Franklin Smith Randy Franklin Smith is an internationally recognized expert on the security and control of Windows and Active Directory security who specializes … Continue reading "I'm presenting a webinar with Randy Franklin Smith and Netwrix"

Admins that have upgraded to Azure AD Connect v2 are at risk of running out of date and insecure installations

Admins that have bit the bullet on Azure AD Connect v2 are now eating the sour grapes of that decision, as Microsoft doesn't offer Automatic Upgrades on any of the v2 builds released to date. About Azure AD Connect v2 Azure AD Connect is Microsoft’s free Hybrid Identity bridge product to synchronize objects and their … Continue reading "Admins that have upgraded to Azure AD Connect v2 are at risk of running out of date and insecure installations"

Hardening SMB on Domain Controllers, Step 3: Disabling SMB Null sessions

Server Message Block (SMB) is a critical component for any Microsoft-oriented networking environment. That’s why hardening SMB is one of the critical steps in securing Active Directory Domain Controllers. In the first part of this series, I’ve shown you how to report on incoming SMB connections on your Active Directory Domain Controllers. Now, let’s put … Continue reading "Hardening SMB on Domain Controllers, Step 3: Disabling SMB Null sessions"

ProTip! Use USMT GUI to migrate HAADJ to AADJ profiles

Lately, Microsoft is advocating moving away from the Hybrid Azure AD Join model to the Azure AD Join model, leaving the traditional domain-join model behind. Microsoft feels it’s time to leave ye ol’ Active Directory behind, but a lot of settings, preferences, files and folders are still part of this legacy. They are part of … Continue reading "ProTip! Use USMT GUI to migrate HAADJ to AADJ profiles"

Hardening SMB on Domain Controllers, Step 2: Disabling SMBv1

Server Message Block (SMB) is a critical component for any Microsoft-oriented networking environment. That’s why hardening SMB is one of the critical steps in securing Active Directory Domain Controllers. In the first part of this series, I’ve shown you how to report on incoming SMB connections on your Active Directory Domain Controllers. Now, let’s put … Continue reading "Hardening SMB on Domain Controllers, Step 2: Disabling SMBv1"

KnowledgeBase: The Windows Server 2022 Active Directory DFL and FFL do not exist

Just as there are no Windows Server 2019 Forest Functional Level (FFL) or Windows Server 2019 Domain Functional Level (DFL), there are no Windows Server 2022 FFL or DFL either in Microsoft Windows Server’s Active Directory Domain Services (AD DS).   Impact The unavailability of the Windows Server 2022 Forest Functional Level (FFL) and Windows … Continue reading "KnowledgeBase: The Windows Server 2022 Active Directory DFL and FFL do not exist"

Hardening SMB on Domain Controllers, Step 1: Reporting on SMBv1 connections , SMBv2 connections and SMB null sessions

Server Message Block (SMB) is a critical component for any Microsoft-oriented networking environment. That’s why hardening SMB is one of the critical steps in securing Active Directory Domain Controllers. In this blog post series, I’ll share my approach on hardening SMB on Domain Controllers. Tip! I apply this approach to Active Directory Domain Controllers, but … Continue reading "Hardening SMB on Domain Controllers, Step 1: Reporting on SMBv1 connections , SMBv2 connections and SMB null sessions"

On-premises Identity-related updates and fixes for August 2021

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the Identity-related updates and fixes we saw for August 2021:   Windows Server 2016 We observed the following updates for Windows Server 2016: KB5005043 August 10, 2021 … Continue reading "On-premises Identity-related updates and fixes for August 2021"

Active Directory- and Azure AD-related sessions at The Experts Conference (TEC) 2021

The Experts Conference (TEC), sponsored by Quest is a yearly conference to get advanced practical Active Directory and Office 365 education. Sponsored by the leaders who have helped move, manage and secure over 336 million Active Directory users, TEC 2021 gives you the opportunity to expand your knowledge by connecting with Microsoft MVPs, industry and … Continue reading "Active Directory- and Azure AD-related sessions at The Experts Conference (TEC) 2021"

HOWTO: Manually delete unavailable print queues from Active Directory

Recently, I advised to disable the Print Spooler service on Domain Controllers. Concluding that blogpost, I mentioned that admins need to perform manual tasks at the end of the lifecycles of published printers if they have printers published. Today, let’s take a look at these manual tasks in the two scenarios you need to pay … Continue reading "HOWTO: Manually delete unavailable print queues from Active Directory"