In six months time, on July 14 2015, Microsoft ends the extended support for Windows Server 2003. After 11 years and 6 months (Windows Server 2003 became generally available on May 28th, 2003) the plug is pulled on updates to the product and the support information on TechNet, MSDN and its KnowledgeBase. Running Active Directory on Operating … Continue reading "Advances in Active Directory since Windows Server 2003"
Category: Active Directory
Active Directory
Granularly permitting or denying the right to WorkPlace Join devices based on group membership
Previously, we’ve looked at the WorkPlace Join functionality in Active Directory Federation Services (AD FS) in Windows Server 2012 R2 (and up) and the accompanying Registered Device objects in Active Directory Domain Services (AD DS). When WorkPlace Join is enabled for a networking environment, by default anyone has the right to WorkPlace Join devices, by … Continue reading "Granularly permitting or denying the right to WorkPlace Join devices based on group membership"
WorkPlace Join vs. Domain Join
Yesterday, we discussed WorkPlace Join and the msDS-Device object. Over the past months, these technologies sparked conversations with several people, some of which have very strong opinions on the exclusivity of domain join and a passion for loosely-coupling devices to Active Directory. This conversation could best be titled WorkPlace Join versus Domain Join. I’ll use … Continue reading "WorkPlace Join vs. Domain Join"
New features in Active Directory Domain Services in Windows Server 2012 R2, Part 5: WorkPlace Join and Registered Device objects
Active Directory is a family of products. Besides the commonly known Active Directory Domain Services and Certificate Services siblings, the family consists of the Active Directory Lightweight Directory Services, Rights Management Services and Federation Services. The latter received a major overhaul in Windows Server 2012 R2. One of the new features offered by Active Directory … Continue reading "New features in Active Directory Domain Services in Windows Server 2012 R2, Part 5: WorkPlace Join and Registered Device objects"
Knowledgebase: Known Issue with Windows and Windows Server Technical Preview in a pre-Windows Server 2012 Active Directory environment
While going through the Release Notes for the Windows Server Technical Preview and the Release Notes for Windows 10, I noticed something quite interesting: If you join a computer with Trusted Platform Management (TPM) enabled to a domain in which there are no domain controllers running at least Windows Server 2012, computer authentication and those … Continue reading "Knowledgebase: Known Issue with Windows and Windows Server Technical Preview in a pre-Windows Server 2012 Active Directory environment"
Using the new Active Directory PowerShell Cmdlets on down-level and module-less systems
Last week, we discussed the new Active Directory Domain Services-related PowerShell Cmdlets in Windows Server 2012 R2. In the requirements I mentioned that you needed at least one system with the Windows Server 2012 R2 or Windows 8.1 version of the Active Directory Module for Windows PowerShell feature installed. However, as Aleksandar Nikolic (PowerShell MVP) … Continue reading "Using the new Active Directory PowerShell Cmdlets on down-level and module-less systems"
New features in Active Directory Domain Services in Windows Server 2012 R2, Part 4: PowerShell Cmdlets
Managing an on-premises Active Directory Domain Services infrastructure through the Graphical User Interface (GUI) can get daunting. And boring. Luckily, for most repetitive tasks you can resort to the command line, or in more recent versions of Windows Server to PowerShell. Windows Server 2012 already comes equipped with PowerShell Cmdlets to manage your Active Directory … Continue reading "New features in Active Directory Domain Services in Windows Server 2012 R2, Part 4: PowerShell Cmdlets"
New features in Active Directory Domain Services in Windows Server 2012 R2, Part 3: Authentication Policies and Authentication Policy Silos
As we’ve dived into the Protected Users security group, we’ll dive into Authentication Policies and Authentication Policy Silos today, as these latter two features are greatly intertwined with the functionality of the Protected Users group and have much in common. But, as we’ll find out, Authentication policies and authentication policy silos also differ greatly from … Continue reading "New features in Active Directory Domain Services in Windows Server 2012 R2, Part 3: Authentication Policies and Authentication Policy Silos"
Ten things you need to be aware of before using the Protected Users Group
With Windows Server 2012 R2 and Windows 8.1, Microsoft introduced a feature in Active Directory Domain Services called the Protected Users group. You can use it to limit the availability of outdated authentication protocols, weak encryption algorithms and delegation to sensitive user accounts. Interesting stuff, but I feel there’s some things you should know about … Continue reading "Ten things you need to be aware of before using the Protected Users Group"
New features in Active Directory Domain Services in Windows Server 2012 R2, Part 2: Protected Users
In Active Directory, all Domain Controllers are equal, but some are more equal than others. As you gain experience in managing networking environments, you’ll find the same principle is true for user accounts: all user accounts are equal, but some are more equal than others… For instance, some colleagues to whom these accounts belong, require … Continue reading "New features in Active Directory Domain Services in Windows Server 2012 R2, Part 2: Protected Users"