Domain Controller Monitoring: Why, What, How?

There are many great Active Directory Monitoring solutions, however, there are not many great Domain Controller Monitoring solutions. What’s the difference? Not every Active Directory Monitoring solution is capable of monitoring what’s going on on the Domain Controllers. Active Directory Monitoring solutions that are part of bigger monitoring solutions even go as far as treating … Continue reading "Domain Controller Monitoring: Why, What, How?"

HOWTO Extend the availability of Azure AD Password Protection Reporting Information

When working with the Azure AD Password Protection feature, you might want to take advantage of the event log management features on your Domain Controllers to make sure you get the right amount of events for password set and password failure audit events. About Azure AD Password Protection Azure AD Password Protection is an Azure … Continue reading "HOWTO Extend the availability of Azure AD Password Protection Reporting Information"

Eight Tips and Tricks for Backing up and Restoring virtual Domain Controllers with Altaro VM Backup v8

As Active Directory, its Domain Controllers and their inner workings were originally designed in the late 90s, some of the technologies and processes can be somewhat incompatible with technologies and ways of work that were introduced since. I haven’t stumbled upon physical Domain Controllers in a while, so I guess I can conclude that Virtual … Continue reading "Eight Tips and Tricks for Backing up and Restoring virtual Domain Controllers with Altaro VM Backup v8"

KnowledgeBase: You can’t use the AzureADKerberos PowerShell Module on Azure AD Connect installations in a custom installation location

During the installation of Azure AD Connect, you can select the option to use an alternative location. In this case, the Microsoft Azure AD Sync folder is stored in the alternative location, but the Microsoft Azure AD Connect folder isn’t. The situation When you work with Hybrid Cloud Trust, you need the AzureAdKerberos PowerShell module. … Continue reading "KnowledgeBase: You can’t use the AzureADKerberos PowerShell Module on Azure AD Connect installations in a custom installation location"

TODO: Periodically reset the password for the KRBTGT_AzureAD account when using Hybrid Cloud Trust

Microsoft offers Hybrid Cloud Trust as a way to offer people with synchronized Work or School accounts on Azure AD-joined device seamless single sign-on access to Active Directory-integrated resources. When they sign in with Windows Hello for Business (WHfB), the Active Directory-integrated functionality doesn’t prompt for username and password. How Hybrid Cloud Trust works Under … Continue reading "TODO: Periodically reset the password for the KRBTGT_AzureAD account when using Hybrid Cloud Trust"

ENow Software provides the ideal basis for your Active Directory Zero Trust Journey

The world is different from five years ago. After the successful SolarWinds attack in 2020, where attackers gained access to Microsoft’s systems, Microsoft aligned itself with NIST’s approach towards a zero-trust architecture. This changes everything. In contrast to previous security models, in Microsoft’s defense in depth approach Identity and Access is the first layer of … Continue reading "ENow Software provides the ideal basis for your Active Directory Zero Trust Journey"

TODO: Configure Azure AD Connect Health email notifications to continue to receive notifications when synchronization errors occur

Admins who are using Azure AD Connect are currently receiving email notifications when there are synchronization errors in the Azure AD Connect synchronization process. However, after mid-June 2022, admins who have not enabled Azure AD Connect Health email notifications will no longer receive synchronization error notification emails for their tenants. Microsoft has migrated this functionality … Continue reading "TODO: Configure Azure AD Connect Health email notifications to continue to receive notifications when synchronization errors occur"

HOWTO: Detect NTLMv1 Authentication

Active Directory Domain Services (AD DS) offers many ways to integrate applications and services. Before Windows 2000 Server and Active Directory, in the Windows NT era when servers were beige and server racks from wood, authentication on networks was NTLM-based. Windows 2000 Server introduced Microsoft’s Kerberos implementation, but even today NTLM continues to be used. … Continue reading "HOWTO: Detect NTLMv1 Authentication"

HOWTO: Identify Azure AD-integrated apps and services that still rely on ADAL

While initially communicated for June 30th, 2022, the deprecation of the Azure Active Directory Authentication Library (ADAL) has been postponed to December 2022. No doubt, this has to do with the continued use of the Azure Active Directory Authentication library (ADAL) in many apps and services. Since this month, Microsoft has made an Azure AD … Continue reading "HOWTO: Identify Azure AD-integrated apps and services that still rely on ADAL"

You may encounter authentication issues after installing the November 2021 Cumulative updates

While installing updates is one of the basic information security measures, many organizations hold off on installing updates for Windows Server within 48 hours. This month, we saw another reason why it’s a smart idea to test updates in pre-production environments before deploying them to production domain controllers. After installing the November 2021 cumulative and/or … Continue reading "You may encounter authentication issues after installing the November 2021 Cumulative updates"