Windows Server 2016’s February 2018’s Cumulative Quality Update, bringing the OS version to 14393.2097, offers a fix you might be experiencing with empty values for Attribute in EventID 5136 for Directory Services Changes on Windows Server 2016-based Active Directory Domain Controllers. About Windows Server 2016 Updates Microsoft issues two major updates each month for … Continue reading "Windows Server 2016’s February 2018 Quality Update fixes empty Attribute value in EventID 5136 for Directory Services Changes"
Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. These components have requirements of Active Directory Domain Services (AD DS) in terms of the schema, the Windows Server versions on the Domain Controllers an organization runs, the Domain Functional Level (DFL) and the … Continue reading "Hybrid Identity features per Active Directory Domain Services Domain Controller Operating System, Domain Functional Level, Forest Functional Level and Schema version"
Last week, I showed you how to perform a simple Hybrid Identity implementation with AD FS on-premises. While this scenario is easy and fast to deploy, it also has a couple of downsides. One of them is the risk of ‘AD FS Unavailability’ and the inability to authenticate to cloud resources when the on-premises environment … Continue reading "Configuring Geo-Redundancy for AD FS on-premises with Azure Traffic Manager"
In this blogpost, I’ll explain how to install and configure Active Directory Federation Services (AD FS) and Azure AD Connect to achieve Hybrid Identity with Azure Active Directory, based on Windows Server 2016. The implementation outlined in this blogpost is relevant for one on-premises datacenter and an Active Directory Domain Services environment, consisting of one … Continue reading "Performing a simple Hybrid Identity implementation with AD FS on-premises"
With the release of version 13.1 of its BIG-IP software, F5 Networks enables you to make your F5 BIG-IP series appliances and F5 Virtual Edition (VE) appliances to act as ful-fledged Web Application Proxies in combination with Windows Server 2012 R2 and/or Windows Server 2016-based Active Directory Federation Services (AD FS) Servers using MS-ADFSPIP. About … Continue reading "Use your F5 BIG-IP Appliance as Full-Fledged AD FS Web Application Proxy"
Microsoft Ignite 2017 North America in Orlando is only a few weeks away and many of us have begun filling their session builder with interesting sessions, corresponding to their interests and knowledge. I decided to compile a list of the Active Directory, Azure Active Directory, Graph, Group Policy and Enterprise Mobility + Security (EM+S) related … Continue reading "Identity-related sessions at Microsoft Ignite 2017 in Orlando"
Today, for its March 2017 Patch Tuesday, Microsoft released an important security update for Active Directory Federation Services (AD FS). The security update addresses a vulnerability that could allow information disclosure if an attacker sends a specially crafted request to an ADFS server, allowing the attacker to read sensitive information about the target system.. … Continue reading "Important Update for Active Directory Federation Services (MS17-019, KB4010320, CVE-2017-0043)"
Yesterday, I blogged on the entirely new Management Pack for Active Directory Domain Services on Windows Server 2016. What I didn’t notice, until now, is that a management pack for Active Directory Federation Services is also available, About the AD FS MP The Active Directory Federation Services (AD FS) Management Pack provides both proactive … Continue reading "Would you like to manage AD FS on Windows Server 2016, too? No problem!"
When organizations embrace new versions of software in a structured way, they end up with checklists, much like the ones I wrote for Windows 7 and Windows 8. Migrating end-user device Operating Systems (OSs), however, is different to embracing a new version of the Windows Server Operating System (OS). From an information security point of … Continue reading "An entirely new Management Pack for Active Directory on Windows Server 2016 is now available"
Regular readers know I’ve been associated with the Dutch Networking User Group (Ngi-NGN) for almost seven years now. I’ve been speaking at their events, been a regular at their planning meetings and have helped others achieve the same goal as their Speaker Coach in the past. About Ngi-NGN Ngi-NGN is the organization that was … Continue reading "I'm an organizer of Ngi-NGN's Windows 10 and Windows Server 2016 event"