Skip to Content

Category Archives: Active Directory

Active Directory

HOWTO: Change the AD FS token-signing hash algorithm for AD FS relying party trusts to SHA256

Written on October 8, 2019 at 3:15 PM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at properly securing relying party trusts on AD FS servers […]

The videos of my Netwrix webinars are now available

Written on September 30, 2019 at 9:30 PM, by

Last week, on September 24, 25 and 26, I hosted three 60-minute webinars with Netwrix on my three favorite chapters in my Active Directory Administration Cookbook. Over 1800 people have registered for these webinars. Now, a mere two working days after the last webinars, the Netwrix team has done everyone a huge favor by already […]

KnowledgeBase: Azure AD Connect v1.4 deletes incorrectly synchronized objects for non-Windows 10 devices

Written on September 23, 2019 at 10:38 AM, by

On September 10, 2019, Microsoft signed off on the first build of Azure AD Connect in the 1.4 version branch. Currently, this version is only available for organizations that have the Automatic Upgrade feature enabled. In the What’s Fixed section of the release notes for this version, Microsoft stated that: Fixed a bug where non-Windows […]

HOWTO: Handle Windows Update on non-domain-joined Web Application Proxies

Written on September 17, 2019 at 9:27 PM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at best practices to handle Windows activation on non-domain-joined Web […]

Azure AD Connect version 1.4 introduces refined AD FS Management Capabilities

Written on September 16, 2019 at 1:17 PM, by

It’s time for a new version of Azure AD Connect to incorporate Microsoft’s lessons learned and distribute the fixes Microsoft made to the larger public. Last Friday, Microsoft released the first version in the 1.4 branch of Azure AD Connect: v1.4.18.0 Azure AD Connect is Microsoft’s free Hybrid Identity bridge product to synchronize objects and […]

Domain Controller Cloning on VMware vSphere

Written on September 12, 2019 at 8:24 PM, by

After detailing Active Directory Virtualization Safeguards with VM-GenerationID in part 5 of this series on Virtualizing Domain Controllers on vSphere, it’s time to talk about the second Active Directory Domain Services feature that is enabled through the VM-GenerationID technology: Domain Controller cloning.   About Domain Controller cloning Microsoft recommends not re-using Domain Controllers for other […]

HOWTO: Handle Windows Activation on non-domain-joined Web Application Proxies

Written on September 10, 2019 at 8:53 AM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at best practices to handle Windows activation on non-domain-joined Web […]

I’m presenting three Webinars with Netwrix focusing on the best recipes from the AD Administration Cookbook

Written on September 4, 2019 at 12:47 PM, by

On September 24th, 25th and 26th, I’ll present three 1-hour webinars with Netwrix. Tune in to get the best in Active Directory security, Hybrid Identity and Azure AD Hardening demo’ed! Tip! These courses may be of specific interest to CISSPs, as these courses allow you to earn Continuing Professional Education (CPE) credits.   About the […]

HOWTO: Handle Time synchronization on non-domain-joined Web Application Proxies

Written on September 3, 2019 at 4:04 PM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at best practices to handle time synchronization on non-domain-joined Web […]

KnowledgeBase: Azure AD Connect version 1.3.20.0 and up enables Auto Upgrades in AD FS Scenarios

Written on August 28, 2019 at 3:22 PM, by

Organizations, leveraging Azure AD Connect Staging Mode for release management, might find themselves with automatically upgrading Azure AD Connect installations after the initial upgrade to Azure AD Connect version 1.3.20.0, and up.   Azure AD Connect Release Management As described in the blogpost Leveraging Azure AD Connect Staging Mode for Release Management, Staging Mode can […]