KnowledgeBase: Users receive an error when registering MFA when Security Defaults are enabled and the mobile app verification options are disabled

Organizations are still using settings in the old PhoneFactor Multi-factor Authentication portal. However, with the new Security Defaults functionality, they may hurt themselves by locking out users, after the 14-day grace period for registering multi-factor authentication expires.   About the PhoneFactor verification options The old PhoneFactor Multi-factor Authentication portal experience is a remnant of Microsoft … Continue reading "KnowledgeBase: Users receive an error when registering MFA when Security Defaults are enabled and the mobile app verification options are disabled"

KnowledgeBase: To manage non-domain-joined Web Application Proxies with Azure AD Connect you need additional configuration on both sides

Azure AD Connect is Microsoft's free Hybrid Identity bridge product to synchronize objects and their attributes from on-premises Active Directory Domain Services (AD DS) environments and LDAP v3-compatible directories to Azure Active Directory. However, you can also use it to set up and manage your organization’s Active Directory Federation Services (AD FS) implementation. This works … Continue reading "KnowledgeBase: To manage non-domain-joined Web Application Proxies with Azure AD Connect you need additional configuration on both sides"

KnowledgeBase: App Passwords are only available to users with a non-Conditional Access MFA requirement

Multi-factor authentication is the current solution to the problem of inadequate information security in today’s world of user names and passwords. When you have enabled multi-factor authentication in Microsoft Azure and Office 365, you might need app passwords to allow for certain access to not disrupt the business.   The situation As an organization, you … Continue reading "KnowledgeBase: App Passwords are only available to users with a non-Conditional Access MFA requirement"

KnowledgeBase: You receive error AADSTS50052 when you sign into Azure AD and Azure AD-integrated applications and services

Azure Active Directory is the identity platform to many of today’s organizational applications and services. When you can’t sign in, then this poses a big challenge to achieve productivity, either as an administrator or an end-user. This blogpost provides the instructions to solve the situation, when you receive error AADSTS50052, when signing into Azure AD … Continue reading "KnowledgeBase: You receive error AADSTS50052 when you sign into Azure AD and Azure AD-integrated applications and services"

KnowledgeBase: You receive error ‘AADSTS5000812: The SAML 1.1 credential must contain exactly one or zero claims of type ImmutableID’ when signing into Azure AD-integrated resources

In Hybrid Identity implementations, Active Directory Domain Services (AD DS), Active Directory Federation Services (AD FS) and Azure AD work together to authenticate people in your organization, so that they can work with Azure AD-integrated resources like Office 365. Sometimes, the constellation fails and you get an error page, instead of reaching the desired application, … Continue reading "KnowledgeBase: You receive error ‘AADSTS5000812: The SAML 1.1 credential must contain exactly one or zero claims of type ImmutableID’ when signing into Azure AD-integrated resources"

KnowledgeBase: You receive “The ADSync service failed to start with an unexpected error for AutoGeneratedAccount:” when installing Azure AD Connect

Troubleshooting issues with Azure AD Connect can be a lot of fun, until you realize that new functionality throws an error that is incredibly vague. This blogpost provides the instructions to get Azure AD Connect working for your Hybrid Identity implementation when you receive “The ADSync service failed to start with an unexpected error for … Continue reading "KnowledgeBase: You receive “The ADSync service failed to start with an unexpected error for AutoGeneratedAccount:” when installing Azure AD Connect"

Knowledgebase: When you enable DNS debug logging to removable media, the DNS Service no longer starts

Sometimes, Microsoft products have a way of their own. The Domain Naming System (DNS) service since Windows Server 2003, too, has a nice little quirk that I ran into the other day, that I’d like to share with you.   About DNS debug logging When you suspect problems with the Domain Naming System (DNS) Service, … Continue reading "Knowledgebase: When you enable DNS debug logging to removable media, the DNS Service no longer starts"

KnowledgeBase: Azure AD Connect v1.4 deletes incorrectly synchronized objects for non-Windows 10 devices

On September 10, 2019, Microsoft signed off on the first build of Azure AD Connect in the 1.4 version branch. Currently, this version is only available for organizations that have the Automatic Upgrade feature enabled. In the What’s Fixed section of the release notes for this version, Microsoft stated that: Fixed a bug where non-Windows … Continue reading "KnowledgeBase: Azure AD Connect v1.4 deletes incorrectly synchronized objects for non-Windows 10 devices"

Knowledgebase: In-place Upgrading Domain Controllers to Windows Server 2019 while still using NTFRS breaks SYSVOL Replication and DSLocator

In a domain that is configured to use the File Replication Service, the SYSVOL folder is not shared after you in-place upgrade a Windows Server 2019-based Domain Controller from an earlier version of Windows. Until this directory is shared, Domain Controllers do not respond to DCLOCATOR requests for LDAP, Kerberos, and other Domain Controller workloads. … Continue reading "Knowledgebase: In-place Upgrading Domain Controllers to Windows Server 2019 while still using NTFRS breaks SYSVOL Replication and DSLocator"

KnowledgeBase: KB4462917 breaks Domain Controller Promotions for new Active Directory domains in existing forests

Microsoft’s October 9th, 2018 Security update KB4462917, raising Windows Server 2016 to build 14393.2551, feature a security update for the JET Database engine. However, this update seems to cause an issue with Windows Server installations intended to become Active Directory Domain Controllers. One of my team members at SCCT experienced this issue at a customer … Continue reading "KnowledgeBase: KB4462917 breaks Domain Controller Promotions for new Active Directory domains in existing forests"