Fun with Veeam’s Active Directory Explorer’s LDAP Filter

Being serious about Disaster Recovery means taking into account events like 9/11. Being serious about Active Directory means being serious about Backup and Restore. But… All work and no play makes Jack a dull boy. That’s why sometimes you need to have a little fun. For fun times’ sake, let’s look at the LDAP Filter … Continue reading "Fun with Veeam’s Active Directory Explorer’s LDAP Filter"

The September 2020 Patch Tuesday addresses five important vulnerabilities for Domain Controllers running as DNS Servers

When looking at the September 2020 Patch Tuesday today, I noticed five updates that specifically address vulnerabilities in DNS. Two of these vulnerabilities are specific to Domain Controllers running DNS Server, so this sparked my interest in these updates. DNS Server-related updates For Active Directory Domain Controllers acting as DNS Servers, the following vulnerabilities are … Continue reading "The September 2020 Patch Tuesday addresses five important vulnerabilities for Domain Controllers running as DNS Servers"

On-premises Identity updates & fixes for August 2020

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the updates and fixes we saw for August 2020:   Windows Server 2016 We observed the following updates for Windows Server 2016: KB4571694 August 11, 2020 The … Continue reading "On-premises Identity updates & fixes for August 2020"

vSphere 7’s vMotion interface notifies for time differences between vSphere hosts

In the series Virtualizing Domain Controllers on vSphere, I explained the importance of proper time synchronization for virtualized Active Directory Domain Controllers and how to keep these Domain Controllers on trusted vSphere hosts only. Recent versions of the VMware Tools have time synchronization disabled by default. This means the reliance on proper time on vSphere hosts … Continue reading "vSphere 7’s vMotion interface notifies for time differences between vSphere hosts"

I’ve joined the Semperis Hybrid Identity Protection Podcast

The 2020 Hybrid Identity Protection Conference (HIPConf) was originally planned for April 2020. As New York and other cities around the globe helped us combat the COVID-19 pandemic, this was not a good time to gather and discuss our topics in person. However, organizations worldwide need our guidance more than ever. Cyber crime evolves through … Continue reading "I’ve joined the Semperis Hybrid Identity Protection Podcast"

Building a straight-forward vSphere delegation model for running virtual Domain Controllers safely

When Active Directory Domain Controllers run as virtual machines on top of VMware vSphere, virtualization, storage and backups admins may be considered equal to enterprise admins in Active Directory, because they have the equivalent of physical access to Domain Controllers. Admittingly, you don’t want everyone to use root or administrator@vsphere.local to manage the virtualization platform, … Continue reading "Building a straight-forward vSphere delegation model for running virtual Domain Controllers safely"

Knowledgebase: You experience Warnings with EventID 5829 on Domain Controllers

In Microsoft-oriented networking infrastructures, your Active Directory Domain Controllers may suddenly experience high number of Warning events in the System log in Event Viewer (eventvwr.exe) with EventID 5829.   The cause Microsoft has added this event by design to warn Active Directory administrators of vulnerable Netlogon connections, in terms of CVE-2020-1472. The eventID was added … Continue reading "Knowledgebase: You experience Warnings with EventID 5829 on Domain Controllers"

HOWTO: Harden Remote Desktop connections to Domain Controllers

Workstations that are allowed to communicate to Domain Controllers pose a risk of lateral movement. To mitigate some of these risks, we can harden the Remote Desktop connections to Domain Controllers. Note: For organizations that have implemented the Active Directory administrative tier model, or are striving to embrace, their Privileged Access Workstations (PAWs) pose a … Continue reading "HOWTO: Harden Remote Desktop connections to Domain Controllers"

The video of my Netwrix webinar on migrating to the Cloud is now available

Yesterday, I presented a 75-minute session on the three approaches to migrating to the cloud, together with Netwrix’ Russel McDermott. Now, a mere working day after the webinar, the Netwrix team has done everyone a huge favor by already placing the video recording online for everyone to watch: https://try.netwrix.com/3_approaches_to_cloud_migration_emea   Enjoy! Simply press the red … Continue reading "The video of my Netwrix webinar on migrating to the Cloud is now available"

HOWTO: Enable Extended Protection for Authentication on the SQL Servers hosting the AD FS and Azure AD Connect databases

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In the pervious post of this series, we discussed encrypting traffic between AD FS Servers, servers running Azure … Continue reading "HOWTO: Enable Extended Protection for Authentication on the SQL Servers hosting the AD FS and Azure AD Connect databases"