Category Archives: Active Directory

Last week, on Tuesday June 20 2019, the Royal Dutch Association of Information and IT Professionals (KNVI) organized the “Active Directory, What’s Cooking?” Event at Hit Eten en Drinken in Cappele aan den Ijssel in the Netherlands. As we were to gather at 18:30, I worked for a customer in Utrecht that Tuesday. I can […]

In the first part of this series, we discussed why we want to virtualize Domain Controllers. The first question people ask is: How do I properly size Domain Controllers on my virtualization platform? Specifically, for VMware vSphere, this is a good question, because there are a couple of areas of attention, beyond the recommended practices […]

One of the questions I get asked a lot is: Why virtualize Domain Controllers? So, in this blogpost, I’m showing you reasons why virtualization for Domain Controllers and Active Directory is a good idea. I also know there are a lot of caveats when virtualization Domain Controllers, so this blogpost serves as a small part […]

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll harden the AD FS Server installations, by disabling unnecessary services running […]

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. Let’s harden the Web Application Proxy installations, by disabling unnecessary services running on it. This way, we lower […]

It’s a recommended practice to disable weak ciphers and encryption algorithms. Some standards require this. As technology evolves, the list of available ciphers and their priority in encryption negotiations changes. This limits the risk of losing confidentiality on communications between systems, applications and (cloud) services. While you’ve probably heard of disabling 3DES and all versions […]

Last month, my Active Directory Administration Cookbook was released by Packt.       To celebrate, my employer is hosting a Launch Party at our office in Leidschendam, near The Hague in the Netherlands. The Launch Party offers the opportunity to Dutch people to get their copy of the Active Directory Administration Cookbook and have it signed.          […]

There are several methods to create the Relying Party Trust (RPT) between Active Directory Federation Services (AD FS) and Azure Active Directory automatically: Using Azure AD Connect with the Use an existing AD FS farm option or the Configure a new AD FS farm option, when configuring Federation with AD FS as the authentication method. […]

Microsoft’s Azure AD Connect version 1.3.20 was quickly superseded by version 1.3.21.0 to fix an elevation of privilege vulnerability, but it appears to exhibit unexpected behavior for some organization running it.        The situation You have an Active Directory Domain Services (AD DS) environment, and you synchronize objects to an Azure AD tenant, leveraging Azure […]

Hot on the heels of Azure AD Connect version 1.3.20.0, Microsoft released version 1.3.21.0 earlier this week to address an elevation of privilege vulnerability. Azure AD Connect is Microsoft’s free Hybrid Identity bridge product to synchronize objects and their attributes from on-premises Active Directory Domain Services (AD DS) environments and LDAP v3-compatible directories to Azure […]