Category Archives: Active Directory

Active Directory-related sessions at VMware VMworld 2020

VMware’s VMworld 2020 event kicks off in one week. For 2020, VMworld is organized differently to align with the new reality. Instead of multiple VMworld events, one virtual VMworld event is organized. This VMworld 2020  ‘Online Around the Globe’ event is held from September 29th to October 1st, 2020. The big advantage for you, is […]


HOWTO: Attach a previously sync’ed Azure AD Tenant to a new AD Forest

This week, I was contacted by an organization who were in the process of starting anew with Active Directory Domain Services (AD DS). The old Active Directory forest was too … old, basically. It showed signs of problems around attribute integrity, schema extension bloat and delegation defaults from the 00’s. The challenge I assisted with, […]


Fun with Veeam’s Active Directory Explorer’s LDAP Filter

Being serious about Disaster Recovery means taking into account events like 9/11. Being serious about Active Directory means being serious about Backup and Restore. But… All work and no play makes Jack a dull boy. That’s why sometimes you need to have a little fun. For fun times’ sake, let’s look at the LDAP Filter […]


The September 2020 Patch Tuesday addresses five important vulnerabilities for Domain Controllers running as DNS Servers

When looking at the September 2020 Patch Tuesday today, I noticed five updates that specifically address vulnerabilities in DNS. Two of these vulnerabilities are specific to Domain Controllers running DNS Server, so this sparked my interest in these updates. DNS Server-related updates For Active Directory Domain Controllers acting as DNS Servers, the following vulnerabilities are […]


On-premises Identity updates & fixes for August 2020

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the updates and fixes we saw for August 2020:   Windows Server 2016 We observed the following updates for Windows Server 2016: KB4571694 August 11, 2020 The […]


vSphere 7’s vMotion interface notifies for time differences between vSphere hosts

In the series Virtualizing Domain Controllers on vSphere, I explained the importance of proper time synchronization for virtualized Active Directory Domain Controllers and how to keep these Domain Controllers on trusted vSphere hosts only. Recent versions of the VMware Tools have time synchronization disabled by default. This means the reliance on proper time on vSphere hosts […]


I’ve joined the Semperis Hybrid Identity Protection Podcast

The 2020 Hybrid Identity Protection Conference (HIPConf) was originally planned for April 2020. As New York and other cities around the globe helped us combat the COVID-19 pandemic, this was not a good time to gather and discuss our topics in person. However, organizations worldwide need our guidance more than ever. Cyber crime evolves through […]


Knowledgebase: You experience Warnings with EventID 5829 on Domain Controllers

In Microsoft-oriented networking infrastructures, your Active Directory Domain Controllers may suddenly experience high number of Warning events in the System log in Event Viewer (eventvwr.exe) with EventID 5829.   The cause Microsoft has added this event by design to warn Active Directory administrators of vulnerable Netlogon connections, in terms of CVE-2020-1472. The eventID was added […]


The video of my Netwrix webinar on migrating to the Cloud is now available

Yesterday, I presented a 75-minute session on the three approaches to migrating to the cloud, together with Netwrix’ Russel McDermott. Now, a mere working day after the webinar, the Netwrix team has done everyone a huge favor by already placing the video recording online for everyone to watch:   Enjoy! Simply press the red […]


HOWTO: Enable Extended Protection for Authentication on the SQL Servers hosting the AD FS and Azure AD Connect databases

This entry is part 27 of 27 in the series Hardening Hybrid Identity

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In the pervious post of this series, we discussed encrypting traffic between AD FS Servers, servers running Azure […]