Skip to Content

Category Archives: Active Directory Federation Services

Active Directory Federation Services

On-premises Identity updates & fixes for October 2019

Written on November 8, 2019 at 3:21 PM, by

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the updates and fixes we saw for October 2019:   Windows Server 2016 We observed the following updates for Windows Server 2016: KB4524152 October 3, 2019 The […]

From the Field: The case of the unreachable forest on a domain-joined Azure AD Connect installation

Written on October 18, 2019 at 9:30 PM, by

Troubleshooting stories from the field are the best. That’s why I like writing them down. Although, sometimes they might appear as straight cases of schadenfreude, I feel there are lessons to be learned for anyone, if you’re willing to look closely and listen carefully. Last week I experienced an issue with Azure AD Connect at […]

On-premises Identity updates & fixes for September 2019

Written on October 16, 2019 at 1:45 PM, by

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the updates and fixes we saw for September 2019:   Windows Server 2016 We observed the following updates for Windows Server 2016: KB4516044 September 10, 2019 The […]

HOWTO: Enable Extranet Smart Account Lockout on the AD FS Farm

Written on October 1, 2019 at 8:57 AM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we look at a new feature of Active Directory Federation Services (AD […]

HOWTO: Install VASCO’s DIGIPASS Authentication for AD FS

Written on August 27, 2019 at 3:29 PM, by

Today, I had the pleasure of installing and configuring OneSpan’s (formerly Vasco’s) DIGIPASS Authentication for Microsoft Active Directory Federation Services (AD FS). Microsoft Docs offers links to documentation for 3rd-party providers with MFA offerings currently available for AD FS, but just like CensorNet’s SMS PASSCODE AD FS Agent, OneSpan’s installation and configuration manual is not […]

HOWTO: Enable Auditing and Logging for AD FS Servers and the AD FS Farm

Written on August 15, 2019 at 11:26 AM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at auditing and logging settings on AD FS Servers. Note: […]

HOWTO: Disable unnecessary AD FS endpoints

Written on August 6, 2019 at 8:07 PM, by

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll harden the AD FS Server installations, by disabling unnecessary endpoints they […]

Creating the ‘Microsoft Office 365 Identity Platform’ Relying Party Trust manually

Written on June 4, 2019 at 1:54 PM, by

There are several methods to create the Relying Party Trust (RPT) between Active Directory Federation Services (AD FS) and Azure Active Directory automatically: Using Azure AD Connect with the Use an existing AD FS farm option or the Configure a new AD FS farm option, when configuring Federation with AD FS as the authentication method. […]

Windows Server 2016’s February 2019 Quality Update fixes two Hybrid Identity issues

Written on February 21, 2019 at 3:54 PM, by

Windows Server 2016’s February 2019 Cumulative Quality Update, bringing the OS version to 14393.2828 , offers a fix for two authentication issues.        About Windows Server 2016 Updates Microsoft issues two major updates each month for Windows Server 2016, as outlined in the Patching with Windows Server 2016 blogpost. On the second Tuesday of each […]

HOWTO: Install CensorNet’s SMS PASSCODE AD FS Agent

Written on January 9, 2019 at 5:18 PM, by

Today, I had the pleasure of installing and configuring the AD FS Agent that is part of CensorNet’s SMS PASSCODE product., version 2018 (version 10). Here’s how to perform this task yourself.   About the Extensible Authentication Framework Active Directory Federation Services (AD FS) offers the Extensible Authentication Framework (EAF). Leveraging this functionality, multi-factor authentication […]