Skip to Content

I’m presenting at the Dutch Windows Management User Group 2017-4 Meetup

Written on August 25, 2017 at 3:00 PM, by

The Dutch Windows Management User Group (WMUG) is one of the more active IT Pro user groups in the Netherlands. I was honored when they invited me to speak at their next meetup on September 13, 2017. Of course, I’d present at this meetup; their fourth meetup this year!   About the Dutch Windows Management […]

Azure AD Connect: objectGUID vs. mS-DS-ConsistencyGuid, Part 2

Written on August 24, 2017 at 6:13 PM, by

In the first part of this series, I’ve explained how Azure AD Connect version 1.1.553.0 and beyond allows you to switch from objectGUID to mS-DS-ConsistencyGuid as the source anchor attribute, the benefits of doing so and what you may and may not expect when you make the switch. In this second part, I’ll share the […]

Identity-related sessions at Microsoft Ignite 2017 in Orlando

Written on August 21, 2017 at 3:04 PM, by

Microsoft Ignite 2017 North America in Orlando is only a few weeks away and many of us have begun filling their session builder with interesting sessions, corresponding to their interests and knowledge. I decided to compile a list of the Active Directory, Azure Active Directory, Graph, Group Policy  and Enterprise Mobility + Security (EM+S) related […]

Azure AD Connect 1.1.561.0 finalizes Automatic Upgrade scenario changes and the move to mS-DS-ConsistencyGuid

Written on July 24, 2017 at 2:30 PM, by

Yesterday, Microsoft released version 1,1.561.0 of Azure AD Connect, its free Hybrid Identity bridge product to synchronize objects and their attributes from on-premises Active Directory Domain Services (AD DS) environments to Azure Active Directory. This version is hot on the heels of version 1.1.557.0, because it features some fixes for organization who recently made the […]

Top Five reasons why Identity Admins should look at Windows Server Insider Preview Build 16237

Written on July 14, 2017 at 3:24 PM, by

Yesterday, Microsoft made Windows Server Insider Preview Build 16237 available to the Windows Insiders and Windows Insiders for Business programs. This is the first preview build of the Redstone 3 (RS3) release of Windows Server vNext. I’ve looked at this release, and as an Identity Admin, I feel this build has a lot to offer. […]

Security Thoughts: Vulnerability in NTLM Credentials Forwarding with LDAPS could allow Elevation of Privilege (CVE-2017-8563, Important)

Written on July 13, 2017 at 11:07 AM, by

Last Tuesday, during Microsoft’s July 2017 Patch Tuesday, Microsoft released a security update for all supported Operating Systems to address an elevation of privilege vulnerability that exists when Kerberos falls back to NT LAN Manager (NTLM) Authentication Protocol as the default authentication protocol.   About the vulnerability In a remote attack scenario, an attacker could […]

Azure AD Connect: objectGUID vs. mS-DS-ConsistencyGuid, Part 1

Written on July 12, 2017 at 4:36 PM, by

The Azure AD Connect Team has decided to move Azure AD Connect’s default source anchor attribute in on-premises Active Directory Domain Services (AD DS) environments from objectGUID to mS-DS-ConsistencyGuid for user objects in Azure AD Connect version 1.1.553.0, and up. When you’ve been using Azure AD Connect to synchronize objects between your on-premises Active Directory […]

Azure AD Connect 1.1.557.0 is good news for highly-regulated and highly-secure organizations

Written on July 6, 2017 at 5:56 PM, by

Microsoft released version 1.1.557.0 yesterday, hot on the heels of last week’s important 1.1.553.0 release that for the first time fixed a critical security issue in Azure AD Connect. With new features for Azure Government cloud and Azure Germany available in this release, and PTA not automatically enabling PHS, this release is particularly appealing to […]

Creating an MFA Provider when you have CSP or DreamSpark

Written on July 3, 2017 at 12:24 PM, by

Microsoft is working hard to migrate all management activities from the ‘classic’ Windows Azure Management website ( to the ‘new’ Azure Portal ( Some of Microsoft’s new subscriptions, like its DreamSpark and CSP-style subscriptions, don’t offer access to the ‘classic’ Windows Azure Management website. But alas, some of the management tasks for implementing Multi-factor Authentication […]

Azure AD Connect v1.1.553.0 addresses a critical security vulnerability … and offers new functionality, too

Written on June 28, 2017 at 9:47 AM, by

Yesterday, Microsoft released a new version of Azure AD Connect, its free tool to synchronize objects from your on-premises Active Directory Domain Services environment to Azure Active Directory. It addresses a critical security vulnerability, but also offers new functionality, like delegate write-back from Exchange Online to Exchange Server on-premises.,   Vulnerability could allow Elevation of […]