Skip to Content

Category Archives: Active Directory

Active Directory

HOWTO: Enable Extended Protection for Authentication on the AD FS Farm

Written on November 26, 2019 at 12:15 PM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at the extended protection for authentication feature with AD FS. […]

Azure AD Connect v1.4.32.0 fixes Azure AD Join challenges

Written on November 13, 2019 at 8:09 AM, by

It’s time for a new version of Azure AD Connect to incorporate Microsoft’s lessons learned and distribute the fixes Microsoft made to the larger public. Last Friday, Microsoft released the first version in the 1.4 branch of Azure AD Connect: v1.4.32.0. Azure AD Connect is Microsoft’s free Hybrid Identity bridge product to synchronize objects and […]

HOWTO: Properly delegate Directory permissions to Azure AD Connect service accounts

Written on November 12, 2019 at 12:19 PM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at properly delegating directory access to Azure AD Connect service […]

On-premises Identity updates & fixes for October 2019

Written on November 8, 2019 at 3:21 PM, by

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the updates and fixes we saw for October 2019:   Windows Server 2016 We observed the following updates for Windows Server 2016: KB4524152 October 3, 2019 The […]

HOWTO: Use Azure AD App Filtering to limit attributes for the objects in scope for Azure AD Connect

Written on November 5, 2019 at 9:07 AM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices.   Why look at Attribute Filtering When installing Azure AD Connect with Express Settings, all objects in the […]

HOWTO: Use Domain and OU Filtering to limit the objects in scope for Azure AD Connect

Written on October 29, 2019 at 3:30 PM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices.   Why look at Domain and OU Filtering When installing Azure AD Connect with Express Settings, all objects […]

HOWTO: Properly set and manage Azure AD Connect’s Export Deletion Threshold

Written on October 22, 2019 at 7:20 PM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we start looking at Azure AD Connect in-depth.   Why look at […]

From the Field: The case of the unreachable forest on a domain-joined Azure AD Connect installation

Written on October 18, 2019 at 9:30 PM, by

Troubleshooting stories from the field are the best. That’s why I like writing them down. Although, sometimes they might appear as straight cases of schadenfreude, I feel there are lessons to be learned for anyone, if you’re willing to look closely and listen carefully. Last week I experienced an issue with Azure AD Connect at […]

HOWTO: Add the required Hybrid Identity URLs to the Trusted Sites list of Internet Explorer and Edge

Written on October 17, 2019 at 12:01 PM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at the required Hybrid Identity URLs that you want to […]

On-premises Identity updates & fixes for September 2019

Written on October 16, 2019 at 1:45 PM, by

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the updates and fixes we saw for September 2019:   Windows Server 2016 We observed the following updates for Windows Server 2016: KB4516044 September 10, 2019 The […]