Azure AD Connect can configure a lot of the requirements it needs automatically. One of the things it can configure for you is the AD Connector account, the account that is used to read and write into Active Directory. However, Azure AD Connect also provides PowerShell cmdlets to configure and secure AD Connector accounts of … Continue reading "KnowledgeBase: You experience Errors with EventID 33007 and 33008 when people try to use Azure AD Self-service Password Reset"
Microsoft provides guidance for Managing action accounts for Microsoft Defender for Identity, but this documentation is severely lacking from my point of view: It actually lacks the information on creating the actual group Managed Service Account (gMSA) for the action account, itself. It provides guidance to delegating permissions in Active Directory to an individual account, … Continue reading "HOWTO: Programmatically add a Microsoft Defender for Identity Action Account to Active Directory"
Today, January 12th 2022, the Mainstream Support on Windows Server 2016 ended. This Windows Server Operating System (OS) has been with us for the past five years and will remain with us for the next five years, just not as it used to. Therefore, today is a time to make an important decision. The most … Continue reading "The End of Mainstream Support is a Time to make an important Decision about Windows Server 2016"
On October 20th, 2020, Microsoft released Windows 10, version 20H2 build 19042 to Visual Studio Subscribers and organizations with access to the Software Download Center and the Volume Licensing Service Center. This version is also known as Windows 10 ‘October 2020 Update’. On this page you can view the critical issues, that have currently been … Continue reading "Knowledgebase: Important Issues for Windows 10, version 20H2 build 19042"
Many organizations are adopting Azure AD Join as the mechanism to create a trust relationship between their Windows 10-based devices and their Identity solution. In the obligatory joiners/workers/leavers processes, however, it might make sense to repurpose an Azure AD-joined devices to another person in the organization. In this blogpost I’ll explain how to achieve this … Continue reading "HOWTO: Repurpose an Azure AD-joined device in an organization without Intune"
One of the recommended practices for configuring Domain Controllers is to use an answer file to promote the server from a domain-joined server to a Domain Controller. Benefits of using an answer file The benefit is using an answer file is that the file can be reused for multiple promotions. This way, Domain Controllers … Continue reading "Why DCPromo removes the passwords from your answer files after usage"
The official Microsoft documentation teaches us that Microsoft Intune is an optional requirement to configure Windows Hello for Business to show the option to display the FIDO security key sign-in method as part of the Sign-in options on the Windows Logon Screen for Azure AD accounts. However, a method to achieve the same goal without … Continue reading "HOWTO: Enable Windows Hello for Business FIDO2 Key sign-in without Microsoft Intune"
Last week, Microsoft announced the latest Windows Server Insider Preview build, nicknamed Build 17093, referencing its 10.0.17093.1000 version number. This Windows Server version was released to Windows Server Insiders on February 13, 2018. About Windows Server Preview Build 17093 This build is a preview build of the next Semi-Annual Channel (SAC) release of Windows … Continue reading "In-place upgrading an Active Directory Domain Controller to Windows Server build 17093 might fail"
Most people who have attended one of my sessions, know I love to show off the power of claims using the ClaimsApp. This web app is not very fancy, but it does a heck of a job, just by displaying all the claimtypes possible, or configured for the Relying Party Trust (RPT) in Active Directory … Continue reading "Configuring the ClaimsApp Demo for Azure Active Directory Authentication"
Just like Microsoft is able to differentiate between different sizes and maturity levels of customers in its licensing, so is Microsoft’s on-premises Azure Multi-Factor Authentication (MFA) Server product. Azure MFA Server allows for four Microsoft-supported deployment scenarios: Simple Deployment One All-in-one Multi-Factor Authentication Server implementation Redundant Deployment Two All-in-one Multi-Factor Authentication Servers with replication Stretched … Continue reading "Supported Azure MFA Server Deployment Scenarios and their pros and cons"