Category Archives: Active Directory

Why installing Azure AD Connect on an Active Directory Domain Controller might not be the most brilliant of ideas

When you read through Azure AD Connect’s prerequisites page, you’ll notice that Microsoft supports installing Azure AD Connect on Active Directory Domain Controllers. While this would certainly be a helpful scenario for organizations with up to 50 user accounts, I would not recommend doing so. Note: Installing Azure AD Connect on a Read-only Domain Controller […]

0  

Knowledgebase: Exchange Server 2016 CU7 and up requires the Windows Server 2008 R2 Forest Functional Level

Straight projects or even tasks, that completely derail because of small print for updates. Don’t you just hate that? Microsoft isn’t the only vendor, that sometimes makes little changes with big impacts. But today, let’s focus on Exchange 2016 and its 7th Cumulative Update (CU) released last week, as it relates to Active Directory Domain […]

0  

My Cybersecurity Talk interview with CQURE Academy is now available

Raymond Comvalius and I presented at the Nordic Infrastructure Conference (NICConf) in February of this year. Before our Azure AD B2C and Azure AD B2B session, we were interviewed by Paula Januszkiewicz for her CQURE Academy. Raymond’s interview for this series of CyberSecurity Talk has been available for some time. Yesterday CQURE Academy published my […]

0  

Azure AD Connect 1.1.614.0 offers a load of fixes and enhanced functionality

Yesterday, Microsoft released version 1.1.614.0 of Azure AD Connect, its free Hybrid Identity bridge product to synchronize objects and their attributes from on-premises Active Directory Domain Services (AD DS) environments to Azure Active Directory.   What’s New Azure AD Connect Sync Azure AD Connect now features a Troubleshoot task in the Azure AD Connect wizard […]

0  

Azure AD Connect: objectGUID vs. mS-DS-ConsistencyGuid, Part 3

This entry is part 3 of 3 in the series Azure AD Connect: objectGUID vs. mS-DS-ConsistencyGuid

In the first part of this series, I’ve explained how Azure AD Connect version 1.1.553.0 and beyond allows you to switch from objectGUID to mS-DS-ConsistencyGuid as the source anchor attribute , the benefits of doing so and what you may and may not expect when you make the switch. Now that I’ve shown you the […]

0  

Azure AD Connect: objectGUID vs. mS-DS-ConsistencyGuid, Part 2

This entry is part 2 of 3 in the series Azure AD Connect: objectGUID vs. mS-DS-ConsistencyGuid

In the first part of this series, I’ve explained how Azure AD Connect version 1.1.553.0 and beyond allows you to switch from objectGUID to mS-DS-ConsistencyGuid as the source anchor attribute, the benefits of doing so and what you may and may not expect when you make the switch. In this second part, I’ll share the […]

4  

Identity-related sessions at Microsoft Ignite 2017 in Orlando

Microsoft Ignite 2017 North America in Orlando is only a few weeks away and many of us have begun filling their session builder with interesting sessions, corresponding to their interests and knowledge. I decided to compile a list of the Active Directory, Azure Active Directory, Graph, Group Policy  and Enterprise Mobility + Security (EM+S) related […]

0  

Azure AD Connect 1.1.561.0 finalizes Automatic Upgrade scenario changes and the move to mS-DS-ConsistencyGuid

Yesterday, Microsoft released version 1,1.561.0 of Azure AD Connect, its free Hybrid Identity bridge product to synchronize objects and their attributes from on-premises Active Directory Domain Services (AD DS) environments to Azure Active Directory. This version is hot on the heels of version 1.1.557.0, because it features some fixes for organization who recently made the […]

4  

Top Five reasons why Identity Admins should look at Windows Server Insider Preview Build 16237

Yesterday, Microsoft made Windows Server Insider Preview Build 16237 available to the Windows Insiders and Windows Insiders for Business programs. This is the first preview build of the Redstone 3 (RS3) release of Windows Server vNext. I’ve looked at this release, and as an Identity Admin, I feel this build has a lot to offer. […]

0  

Security Thoughts: Vulnerability in NTLM Credentials Forwarding with LDAPS could allow Elevation of Privilege (CVE-2017-8563, Important)

Last Tuesday, during Microsoft’s July 2017 Patch Tuesday, Microsoft released a security update for all supported Operating Systems to address an elevation of privilege vulnerability that exists when Kerberos falls back to NT LAN Manager (NTLM) Authentication Protocol as the default authentication protocol.   About the vulnerability In a remote attack scenario, an attacker could […]

2