Virtualization-safe(r) Active Directory in VMware environments, Part 1

When you check my list with virtualization platforms that support Virtualization-safe(r) Active Directory through the Microsoft backed VM-GenerationID capability, you’ll notice that VMware has been supporting it in their products for a while now: Both VMware Workstation and VMware ESXi support it towards Windows Server 2012 and Windows Server 2012 R2-based Virtual Machines (VMs). Unfortunately, … Continue reading "Virtualization-safe(r) Active Directory in VMware environments, Part 1"

I will be speaking at the 2014 NL VMUG Event

There are many organizations with the ‘VMUG’ initials. I’ve presented sessions to the UK VMUG, which stands for Virtual Machine User Group. In the Netherlands, VMUG stands for VMware User Group. This organization hosts their annual meeting on March 6th, 2014 in Den Bosch and I will be there too, to present a session.      … Continue reading "I will be speaking at the 2014 NL VMUG Event"

I’m still an ADPrep kinda guy

In Windows Server 2012, Microsoft introduced the new streamlined Active Directory Domain Services Configuration Wizard, that in most Microsoft documentation is labeled the successor to dcpromo.exe. I’m a big fan of the new wizard, but there’s one feature I don’t use: the automatic Active Directory preparation steps it can perform for you to update the … Continue reading "I’m still an ADPrep kinda guy"

Transitioning your Windows Server 2003 Domain Controllers to Windows Server 2012

Your organization might still be running their Active Directory Domain Services on top of Windows Server 2003-based Domain Controllers. You might be looking to replace these servers with Windows Server 2012-based Domain Controllers, either to utilize the new features, make the most out of your virtualization project or to simply do away with the aging … Continue reading "Transitioning your Windows Server 2003 Domain Controllers to Windows Server 2012"

Cross-forest Migrating Dynamic Access Control

Six months ago, I wrote on 10 Things you need to be aware of before deploying Dynamic Access Control. As point 8, I told that the Active Directory Migration Tool (ADMT) does not support cross-forest migrating Dynamic Access Control (DAC). As an Active Directory admin, ADMT, obviously, would be the first tool to look you … Continue reading "Cross-forest Migrating Dynamic Access Control"

Cases where VM-GenerationID doesn’t help make Active Directory virtualization-safe, Part 2

Yesterday, I talked about the new Active Directory virtualization safeguards in Windows Server 2012 (and beyond) and how Joe Richards triggered me to think about cases where the Active Directory virtualization safeguards (powered by the new VM-GenerationID) don’t help make Active Directory virtualization-safe(r). In the first post, I talked about how the Active Directory virtualization … Continue reading "Cases where VM-GenerationID doesn’t help make Active Directory virtualization-safe, Part 2"

Cases where VM-GenerationID doesn’t help make Active Directory virtualization-safe, Part 1

Joe Richards posted an interesting blogpost a while ago on why Active Directory VM-GenerationID functionality is not an alias for Active Directory anti-USN Rollback functionality. In it, he makes some valid claims: You are only protected in very limited set of very certain very specific circumstances. The VM-GenerationID "triggers" are dependent upon the virtualization platform.  … Continue reading "Cases where VM-GenerationID doesn’t help make Active Directory virtualization-safe, Part 1"

Active Directory Services and their System Center Management Packs

As you might be aware, every Microsoft technology has the requirement to be manageable through PowerShell and System Center. Manageability through System Center is done through Management Packs. (MPs). While I discussed the PowerShell manageability stories for the five Active Directory services last Saturday, below is the overview of the availability and functionality of the … Continue reading "Active Directory Services and their System Center Management Packs"

MS13-032 Vulnerability in Active Directory Could Allow Remote Code Execution (Important)

It’s not often, that Active Directory Domain Controllers get security updates. The Active Directory Domain Services Server Role is one of the most robustly written code, as I pointed out in an earlier blogpost on Statistics on Active Directory-related Security Bulletins. Since 2001, Microsoft has issued 18 Security Bulletins with patches to address issues in … Continue reading "MS13-032 Vulnerability in Active Directory Could Allow Remote Code Execution (Important)"