HOWTO: Encrypt traffic between AD FS Servers, servers running Azure AD Connect and SQL Servers hosting their databases

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. Implementing AD FS with SQL Server provides access to Artifact Resolution and Replay Detection. Implementing Azure AD Connect … Continue reading "HOWTO: Encrypt traffic between AD FS Servers, servers running Azure AD Connect and SQL Servers hosting their databases"

Azure AD Connect fixes an issue when you’ve cloned the ‘In from AD–Group Join’ sync rule before Azure AD Connect v1.5.20.0

Azure AD Connect version 1.5.18.0 introduced a new feature: mS-DS-ConsistencyGUID as the source anchor for groups. Now, as organizations are upgrading to the new version, some overlooked scenarios rear their heads. Azure AD Connect version 1.5.22.0 is here to fix an issue when you’ve cloned a synchronization rule.   What’s Fixed Version 1.5.22.0 addresses an … Continue reading "Azure AD Connect fixes an issue when you’ve cloned the ‘In from AD–Group Join’ sync rule before Azure AD Connect v1.5.20.0"

I’m presenting three webinars with Netwrix focusing again on the best recipes from the AD Administration Cookbook

On April 22nd, 28th and 30th, 2020, I’ll present three 1-hour webinars with Netwrix. Tune in to get the best in Active Directory security, Hybrid Identity and Azure AD Hardening demonstrated from me and Netwrix’ Jeff Melnick!   About the webinars I feel webinars are a great way to show people the potential of technology. … Continue reading "I’m presenting three webinars with Netwrix focusing again on the best recipes from the AD Administration Cookbook"

Azure AD Connect version 1.5.20.0 fixes an issue with Group Filtering

Hot on the heels of Azure AD Connect version 1.5.18.0, Microsoft is releasing a new version of Azure AD Connect to fix an issue introduced in that first version of this 1.5.x.x branch of Azure AD Connect versions. This is an important version if your organization has deployed Group Filtering.    About Azure AD Connect … Continue reading "Azure AD Connect version 1.5.20.0 fixes an issue with Group Filtering"

On-premises Microsoft Identity-related updates and fixes for March 2020

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the updates and fixes we saw for March 2020:    Windows Server 2016 We observed the following updates for Windows Server 2016: KB4540670 March 10, 2020 The … Continue reading "On-premises Microsoft Identity-related updates and fixes for March 2020"

Azure AD Connect v1.5.18.0 brings mS-DS-ConsistencyGUID as source anchor for Groups

Yesterday, a new version of Azure AD Connect was released: version 1.5.18.0. This is the first release in the 1.5.x branch of Azure AD Connect. Azure AD Connect is Microsoft’s free Hybrid Identity bridge product to synchronize objects and their attributes from on-premises Active Directory Domain Services (AD DS) environments and LDAP v3-compatible directories to … Continue reading "Azure AD Connect v1.5.18.0 brings mS-DS-ConsistencyGUID as source anchor for Groups"

Explained: User Hard Matching and Soft Matching in Azure AD Connect

In Hybrid Identity implementations, where objects and their attributes are synchronized between on-premises Active Directory environments and Azure AD tenants, integrity is key; When user objects on both sides have different attributes, or exist multiple times at one side, information security drops to critical levels fast. To avoid this situation, Azure AD Connect matches user … Continue reading "Explained: User Hard Matching and Soft Matching in Azure AD Connect"

SaveTheQueen Ransomware leverages Active Directory’s SYSVOL to propagate

In recent days, a new strain of ransomware was detected. It encrypts files and appends their file names with the extension, “.SaveTheQueen”. The most interesting part of this malware is it propagates using the SYSVOL share on Active Directory Domain Controllers. About the Active Directory System Volume The Active Directory System Volume (SYSVOL) is a … Continue reading "SaveTheQueen Ransomware leverages Active Directory’s SYSVOL to propagate"

A closer look at Azure AD Connect’s Service Connection Point

Recent versions of Azure AD Connect deploy a Service Connection Point (SCP) into your Active Directory Domain Services (AD DS) environment(s). Let’s look a bit closer to what this SCP looks like, what it does by default and how you can use and tweak it to your advantage.   About Service Connection Points Active Directory … Continue reading "A closer look at Azure AD Connect’s Service Connection Point"

The recording and slides of the Active Directory Best Practices webinar is now available

Last week, I presented two webinars with Veeam’s Andrey Zhelezko, technical product analyst at Veeam Software, on Active Directory Best Practices in terms of administration and disaster recovery. With 1849 and 2217 registered attendees for the European and North American webinar, respectively, these GoToWebinar sessions were solid Active Directory knowledge transfer successes. The recording and … Continue reading "The recording and slides of the Active Directory Best Practices webinar is now available"