Default checks to perform when implementing Hybrid Identity, Part 5: Groups with non-linked-value replication-enabled members

Microsoft has introduced an impressive array of technologies and an awesome vision on Hybrid Identity. Their vision entails seamless access to corporate resources, services and applications for people, no matter where these resources, services and apps are located (either on-premises or in the cloud) while in the mean time allowing for strong authentication and granular … Continue reading "Default checks to perform when implementing Hybrid Identity, Part 5: Groups with non-linked-value replication-enabled members"

Knowledgebase: When you enable DNS debug logging to removable media, the DNS Service no longer starts

Sometimes, Microsoft products have a way of their own. The Domain Naming System (DNS) service since Windows Server 2003, too, has a nice little quirk that I ran into the other day, that I’d like to share with you.   About DNS debug logging When you suspect problems with the Domain Naming System (DNS) Service, … Continue reading "Knowledgebase: When you enable DNS debug logging to removable media, the DNS Service no longer starts"

Hybrid Identity features per Active Directory Domain Services Domain Controller Operating System, Domain Functional Level, Forest Functional Level and Schema version

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. These components have requirements of Active Directory Domain Services (AD DS) in terms of the schema, the Windows Server versions on the Domain Controllers an organization runs, the Domain Functional Level (DFL) and the … Continue reading "Hybrid Identity features per Active Directory Domain Services Domain Controller Operating System, Domain Functional Level, Forest Functional Level and Schema version"

Critical Flaw in SMB1 could allow remote code execution on Active Directory Domain Controllers (MS17-010, KB4013389)

Today, for its March 2017 Patch Tuesday, Microsoft released a security update for supported versions of Windows Server offering File Sharing services using the Server Message Block (SMB) version 1.0 protocol. The security update addresses the vulnerabilities by correcting how SMBv1 handles specially crafted requests.   About the vulnerabilities The vulnerabilities that are fixed with … Continue reading "Critical Flaw in SMB1 could allow remote code execution on Active Directory Domain Controllers (MS17-010, KB4013389)"

Advances in Active Directory since Windows Server 2003

In six months time, on July 14 2015, Microsoft ends the extended support for Windows Server 2003. After 11 years and 6 months (Windows Server 2003 became generally available on May 28th, 2003) the plug is pulled on updates to the product and the support information on TechNet, MSDN and its KnowledgeBase. Running Active Directory on Operating … Continue reading "Advances in Active Directory since Windows Server 2003"

Transitioning your Windows Server 2003 Domain Controllers to Windows Server 2012

Your organization might still be running their Active Directory Domain Services on top of Windows Server 2003-based Domain Controllers. You might be looking to replace these servers with Windows Server 2012-based Domain Controllers, either to utilize the new features, make the most out of your virtualization project or to simply do away with the aging … Continue reading "Transitioning your Windows Server 2003 Domain Controllers to Windows Server 2012"