Active Directory Domain Services act as the cornerstone of every on-premises Microsoft-oriented networking infrastructure. It is important to get things right when it comes to your Domain Controllers, user objects and access controls. An obvious solution to getting things right the first time is offering one or more pre-production environments to develop and test scripts, … Continue reading "Your Active Directory Pre-production environment: Restore from Backup or Deploy as Code?"
Joe Richards has published new versions of his independent ADFind and ADMod tools. Long before Windows Server came with Windows PowerShell, Joe published the first versions of these tools. Now, the latest versions are here for you to enjoy. About Joe Richards Joe Richards currently works as Enterprise Technical Expert CyberSecurity InfoSec Identity and Directory … Continue reading "New versions of ADFind and ADMod are now available"
At Microsoft Ignite 2021 Spring Edition, Microsoft introduces the Public Preview of Hot Patching for Windows Server Azure Edition. About hot patching for Windows Server Azure Edition Microsoft announced new capabilities at Microsoft Ignite 2021 Spring edition for Azure Automanage to simplify operations for Windows Server-based virtual machines (VMs). Azure Automanage helps organizations to reduce … Continue reading "How Hot Patch for Windows Server Azure Edition helps secure Domain Controllers"
Today, for its March 2021 Patch Tuesday, Microsoft released a security update that addresses seven vulnerabilities in DNS Servers running Windows Server: About the vulnerabilities The vulnerabilities are described as followed: CVE-2021-26877 Windows DNS Server Remote Code Execution Vulnerability Critical A remote code execution vulnerability, identified as CVE-2021-26877, exists in Windows Domain Name System … Continue reading "The March 2021 Cumulative Update addresses seven Windows Server DNS vulnerabilities"
Azure AD Connect Sync’s uses three separate accounts. Its AD Connector account is an account that has several permissions that warrant a closer look at how the account can be abused. Of course, we’ll need command lines to hunt for any misuse. About the AD Connector account Since Azure AD Connect version 188.8.131.52, the use … Continue reading "HOWTO: Hunt for abuse of Azure AD Connect’s AD Connector account"
One of the hard nuts to crack in Active Directory is meeting the requirements for the infrastructure features your organization’s business needs to operate reliably, securely and smooth. About Active Directory requirements Throughout Microsoft’s recent history, features have been introduced in all sorts of products that have certain Active Directory requirements. The perfect example is … Continue reading "HOWTO: Find out the capabilities Domain Controllers may offer your device"
One of the issues you might encounter, when you misconfigure the delegated permissions for Azure AD Connect’s Active Directory connector account is events in your Domain Controllers’ event viewers every hour with event ID 1699. The situation You are using Azure AD Connect with Password Hash Synchronization as either the sign-in method to Azure AD … Continue reading "KnowledgeBase: You experience EventID 1699 on Domain Controllers targeted by Azure AD Connect"
Yesterday, for its February 2021 Patch Tuesday, Microsoft released a critical security update for PKU2U. This vulnerability is known as CVE-2021-25195 and rated with CVSSv3.0 scores of 7.8/6.8. About PKU2U Authentication PKU2U is a peer-to-peer authentication protocol. This setting prevents online identities from authenticating to domain-joined systems. Authentication will be centrally managed with Windows … Continue reading "Windows PKU2U Elevation of Privilege Vulnerability (CVE-2021-25195, Critical)"
Today, for its February 2021 Patch Tuesday, Microsoft released a critical security update for DNS Servers running Windows Server. This vulnerability is known as CVE-2021-24078 and rated with CVSSv3.0 scores of 9.8/8.5. A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers. An attacker who successfully exploited the vulnerability could run arbitrary … Continue reading "Windows DNS Server Remote Code Execution Vulnerability (CVE-2021-24078, Critical CVSSv3 9.8/8.5)"
Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the Identity-related updates and fixes we saw for January 2021: Windows Server 2016 We observed the following update for Windows Server 2016: KB4598243 January 12, 2021 … Continue reading "On-premises Identity-related updates and fixes for January 2021"