Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. Implementing AD FS with SQL Server provides access to Artifact Resolution and Replay Detection. Implementing Azure AD Connect … Continue reading "HOWTO: Encrypt traffic between AD FS Servers, servers running Azure AD Connect and SQL Servers hosting their databases"
Azure AD Connect version 126.96.36.199 introduced a new feature: mS-DS-ConsistencyGUID as the source anchor for groups. Now, as organizations are upgrading to the new version, some overlooked scenarios rear their heads. Azure AD Connect version 188.8.131.52 is here to fix an issue when you’ve cloned a synchronization rule. What’s Fixed Version 184.108.40.206 addresses an … Continue reading "Azure AD Connect fixes an issue when you’ve cloned the ‘In from AD–Group Join’ sync rule before Azure AD Connect v220.127.116.11"
On April 22nd, 28th and 30th, 2020, I’ll present three 1-hour webinars with Netwrix. Tune in to get the best in Active Directory security, Hybrid Identity and Azure AD Hardening demonstrated from me and Netwrix’ Jeff Melnick! About the webinars I feel webinars are a great way to show people the potential of technology. … Continue reading "I’m presenting three webinars with Netwrix focusing again on the best recipes from the AD Administration Cookbook"
Hot on the heels of Azure AD Connect version 18.104.22.168, Microsoft is releasing a new version of Azure AD Connect to fix an issue introduced in that first version of this 1.5.x.x branch of Azure AD Connect versions. This is an important version if your organization has deployed Group Filtering. About Azure AD Connect … Continue reading "Azure AD Connect version 22.214.171.124 fixes an issue with Group Filtering"
Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the updates and fixes we saw for March 2020: Windows Server 2016 We observed the following updates for Windows Server 2016: KB4540670 March 10, 2020 The … Continue reading "On-premises Microsoft Identity-related updates and fixes for March 2020"
Yesterday, a new version of Azure AD Connect was released: version 126.96.36.199. This is the first release in the 1.5.x branch of Azure AD Connect. Azure AD Connect is Microsoft’s free Hybrid Identity bridge product to synchronize objects and their attributes from on-premises Active Directory Domain Services (AD DS) environments and LDAP v3-compatible directories to … Continue reading "Azure AD Connect v188.8.131.52 brings mS-DS-ConsistencyGUID as source anchor for Groups"
In Hybrid Identity implementations, where objects and their attributes are synchronized between on-premises Active Directory environments and Azure AD tenants, integrity is key; When user objects on both sides have different attributes, or exist multiple times at one side, information security drops to critical levels fast. To avoid this situation, Azure AD Connect matches user … Continue reading "Explained: User Hard Matching and Soft Matching in Azure AD Connect"
In recent days, a new strain of ransomware was detected. It encrypts files and appends their file names with the extension, “.SaveTheQueen”. The most interesting part of this malware is it propagates using the SYSVOL share on Active Directory Domain Controllers. About the Active Directory System Volume The Active Directory System Volume (SYSVOL) is a … Continue reading "SaveTheQueen Ransomware leverages Active Directory’s SYSVOL to propagate"
Recent versions of Azure AD Connect deploy a Service Connection Point (SCP) into your Active Directory Domain Services (AD DS) environment(s). Let’s look a bit closer to what this SCP looks like, what it does by default and how you can use and tweak it to your advantage. About Service Connection Points Active Directory … Continue reading "A closer look at Azure AD Connect’s Service Connection Point"
Last week, I presented two webinars with Veeam’s Andrey Zhelezko, technical product analyst at Veeam Software, on Active Directory Best Practices in terms of administration and disaster recovery. With 1849 and 2217 registered attendees for the European and North American webinar, respectively, these GoToWebinar sessions were solid Active Directory knowledge transfer successes. The recording and … Continue reading "The recording and slides of the Active Directory Best Practices webinar is now available"