Building a straight-forward vSphere delegation model for running virtual Domain Controllers safely

When Active Directory Domain Controllers run as virtual machines on top of VMware vSphere, virtualization, storage and backups admins may be considered equal to enterprise admins in Active Directory, because they have the equivalent of physical access to Domain Controllers. Admittingly, you don’t want everyone to use root or administrator@vsphere.local to manage the virtualization platform, … Continue reading "Building a straight-forward vSphere delegation model for running virtual Domain Controllers safely"

Domain Controller Cloning on VMware vSphere

After detailing Active Directory Virtualization Safeguards with VM-GenerationID in part 5 of this series on Virtualizing Domain Controllers on vSphere, it’s time to talk about the second Active Directory Domain Services feature that is enabled through the VM-GenerationID technology: Domain Controller cloning.   About Domain Controller cloning Microsoft recommends not re-using Domain Controllers for other … Continue reading "Domain Controller Cloning on VMware vSphere"

HOWTO: Handle Windows Activation on non-domain-joined Web Application Proxies

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at best practices to handle Windows activation on non-domain-joined Web … Continue reading "HOWTO: Handle Windows Activation on non-domain-joined Web Application Proxies"

HOWTO: Handle Time synchronization on non-domain-joined Web Application Proxies

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at best practices to handle time synchronization on non-domain-joined Web … Continue reading "HOWTO: Handle Time synchronization on non-domain-joined Web Application Proxies"

Active Directory Virtualization Safeguards with VM-GenerationID on VMware vSphere

Arriving at the fifth part of this series on Virtualizing Domain Controllers on vSphere, I managed to gather some feedback on these blogposts. One question that emerged after writing the last blogpost on Replication considerations for Domain Controllers running on VMware vSphere was: Isn’t Windows Server 2012 supposed to solve all these challenges with virtualizing … Continue reading "Active Directory Virtualization Safeguards with VM-GenerationID on VMware vSphere"

Replication considerations for Domain Controllers running on VMware vSphere

Active Directory utilizes a multi-master replication model. It’s great that each Domain Controller provides read and write access to the Active Directory database, but it comes with a big drawback: Domain Controllers need to be in sync to provide consistent data to clients, independent of the Domain Controller communicated to. A big question to ask … Continue reading "Replication considerations for Domain Controllers running on VMware vSphere"

Managing Active Directory Time Synchronization on VMware vSphere

One of the hardest things to get right with virtual Domain Controllers is the time hierarchy in Active Directory. Recommended practices from Microsoft have been all over the place, but seem to have solidified in the last years, but the question remains: How do I manage Active Directory Time Synchronization on VMware vSphere? This is … Continue reading "Managing Active Directory Time Synchronization on VMware vSphere"

Sizing Domain Controllers correctly on VMware vSphere

In the first part of this series, we discussed why we want to virtualize Domain Controllers. The first question people ask is: How do I properly size Domain Controllers on my virtualization platform? Specifically, for VMware vSphere, this is a good question, because there are a couple of areas of attention, beyond the recommended practices … Continue reading "Sizing Domain Controllers correctly on VMware vSphere"

Why virtualize Domain Controllers?

One of the questions I get asked a lot is: Why virtualize Domain Controllers? So, in this blogpost, I’m showing you reasons why virtualization for Domain Controllers and Active Directory is a good idea. I also know there are a lot of caveats when virtualization Domain Controllers, so this blogpost serves as a small part … Continue reading "Why virtualize Domain Controllers?"

The video for 'Virtualizing Active Directory the Right Way' from VMware's VMworld 2018 US event is now available

In August, Matt Liebowitz and I presented a 60-minute breakout session during VMware’s VMworld US 2018 event at the Mandalay Bay Convention Center in Las Vegas, Nevada. Our presentation and demos were recorded. Both the stage, the slides and the screen of the demo machine were captured by the VMworld organization. If you were unable … Continue reading "The video for 'Virtualizing Active Directory the Right Way' from VMware's VMworld 2018 US event is now available"