In the first part of this series, I’ve explained how Azure AD Connect version 1.1.553.0 and beyond allows you to switch from objectGUID to mS-DS-ConsistencyGuid as the source anchor attribute , the benefits of doing so and what you may and may not expect when you make the switch. Now that I’ve shown you the … Continue reading "Azure AD Connect: objectGUID vs. mS-DS-ConsistencyGuid, Part 3"
The Dutch Windows Management User Group (WMUG) is one of the more active IT Pro user groups in the Netherlands. I was honored when they invited me to speak at their next meetup on September 13, 2017. Of course, I’d present at this meetup; their fourth meetup this year! About the Dutch Windows Management … Continue reading "I’m presenting at the Dutch Windows Management User Group 2017-4 Meetup"
In the first part of this series, I’ve explained how Azure AD Connect version 1.1.553.0 and beyond allows you to switch from objectGUID to mS-DS-ConsistencyGuid as the source anchor attribute, the benefits of doing so and what you may and may not expect when you make the switch. In this second part, I’ll share the … Continue reading "Azure AD Connect: objectGUID vs. mS-DS-ConsistencyGuid, Part 2"
Veeam released its free Agent for Microsoft Windows (version 22.214.171.1240). I’ve been using the Beta of the agent for a couple of months and the more I used it and the more I read on why Veeam introduced this tool, and how it fits into Veeam’s current technology and strategy, the more I want to … Continue reading "The Veeam Agent for Microsoft Windows Free is amazing. Let me tell you why."
The Azure AD Connect Team has decided to move Azure AD Connect’s default source anchor attribute in on-premises Active Directory Domain Services (AD DS) environments from objectGUID to mS-DS-ConsistencyGuid for user objects in Azure AD Connect version 1.1.553.0, and up. When you’ve been using Azure AD Connect to synchronize objects between your on-premises Active Directory … Continue reading "Azure AD Connect: objectGUID vs. mS-DS-ConsistencyGuid, Part 1"
Once you’ve branded the Active Directory Federation Services (AD FS) and Azure Active Directory pages, you might want to apply your corporate branding to the Active Directory Federation Services Adapter pertaining to your on-premises Azure Multi-Factor Authentication (MFA) Server. For AD FS running on Windows Server 2012 R2, this means that the Azure Multi-Factor Authentication … Continue reading "Branding your Hybrid Identity Solution, Part 5: Azure Multi-Factor Authentication Server’s AD FS Adapter implementation"
Today, for its March 2017 Patch Tuesday, Microsoft released a security update for supported versions of Windows Server offering File Sharing services using the Server Message Block (SMB) version 1.0 protocol. The security update addresses the vulnerabilities by correcting how SMBv1 handles specially crafted requests. About the vulnerabilities The vulnerabilities that are fixed with … Continue reading "Critical Flaw in SMB1 could allow remote code execution on Active Directory Domain Controllers (MS17-010, KB4013389)"
Active Directory Federation Services (AD FS) plays a huge part in your Hybrid Identity implementation. For colleagues using their domain credentials on domain-joined devices located on-premises , through Kerberos, they gain Single Sign-On (SSO) access to web apps your organization uses. For roaming colleagues, AD FS offers Single Sign-On on a per browser session basis, … Continue reading "Branding your Hybrid Identity Solution, Part 4: Active Directory Federation Services"
Many organizations embrace the new reality of Hybrid Identity. For many of them, the increased level of security towards both on-premises resources and cloud services is the main reason to do so: Single sign-on (SSO) and multi-factor authentication (MFA) are two main drivers to onboard on Microsofts vision. When looking at People, Process and Technology, … Continue reading "Branding your Hybrid Identity Solution, Part 1: Introduction"
Sometimes, you hit error messages that are just too vague to troubleshoot. I like these kinds of situations. This particular one is especially fun, because it requires some intermediate knowledge of Active Directory Federation Services in Hybrid Identity environments. My favorite subject. The situation Single Sign-On (SSO) for organizations comes in many shapes and … Continue reading "From the field: Colleagues in specific group encounter error “AADSTS50107 Requested federation realm object does not exist.”"