Configuring the inactivity time-out for WorkPlace-joined Devices

When we discussed the WorkPlace Join functionality in Active Directory Federation Services in Windows Server 2012 R2 (and up) and the accompanying Registered Device objects in Active Directory Domain Services, you might have gotten the feeling that the directory might get cluttered with Registered Devices. Microsoft has built in a feature in the Device Registration … Continue reading "Configuring the inactivity time-out for WorkPlace-joined Devices"

Granularly permitting or denying the right to WorkPlace Join devices based on group membership

Previously, we’ve looked at the WorkPlace Join functionality in Active Directory Federation Services (AD FS) in Windows Server 2012 R2 (and up) and the accompanying Registered Device objects in Active Directory Domain Services (AD DS). When WorkPlace Join is enabled for a networking environment, by default anyone has the right to WorkPlace Join devices, by … Continue reading "Granularly permitting or denying the right to WorkPlace Join devices based on group membership"

WorkPlace Join vs. Domain Join

Yesterday, we discussed WorkPlace Join and the msDS-Device object. Over the past months, these technologies sparked conversations with several people, some of which have very strong opinions on the exclusivity of domain join and a passion for loosely-coupling devices to Active Directory. This conversation could best be titled WorkPlace Join versus Domain Join. I’ll use … Continue reading "WorkPlace Join vs. Domain Join"

Speaking at ITPRO | DEV Connections Greece again

Last year, I was invited to speak at ITPro | DEV Connections Greece. That was great fun, so we were delighted to see this years organization asking Adnan and me to send in some session proposals for this years event. Even better was seeing our proposals accepted. As a bonus: Our buddy Peter also got … Continue reading "Speaking at ITPRO | DEV Connections Greece again"

KnowledgeBase: ADFS authentication issue for Active Directory users when extranet lockout is enabled

Active Directory Federation Services (AD FS) in Windows Server 2012 R2 is a vastly improved version of Active Directory Federation Services found in previous versions of Windows Server. One of its features, however, might prove extremely counter-productive and counter-intuitive to its feature name and normal behavior in a certain scenario.    The situation Active Directory … Continue reading "KnowledgeBase: ADFS authentication issue for Active Directory users when extranet lockout is enabled"

KnowledgeBase: Windows Server 2012 R2-based AD FS Proxy consumes 100% CPU

As part of the May 2014 Update Rollup, Microsoft has released an update for Windows Server 2012 R2-based Active Directory Federation Services (AD FS) Proxies, consuming 100% CPU. This leads to rejected logons and slow performance for colleagues trying to authenticate to the Active Directory Federation Services (AD FS) infrastructure.     The situation The Active … Continue reading "KnowledgeBase: Windows Server 2012 R2-based AD FS Proxy consumes 100% CPU"

KnowledgeBase: Colleagues with IE get Windows prompts when authenticating to AD FS behind TMG, forms-based authentication when using Chrome or FireFox

Today, a colleague came up to me to ask me a question on a weird situation he encountered while troubleshooting an Active Directory Federation Services (AD FS) implementation at a customer site. Note: We didn’t implement this situation, but after solving this challenge, we gave some great pointers to get the environment sorted.   The … Continue reading "KnowledgeBase: Colleagues with IE get Windows prompts when authenticating to AD FS behind TMG, forms-based authentication when using Chrome or FireFox"