Category Archives: Active Directory

On-premises Identity updates & fixes for September 2019

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the updates and fixes we saw for September 2019:   Windows Server 2016 We observed the following updates for Windows Server 2016: KB4516044 September 10, 2019 The […]

0  

HOWTO: Add the required Hybrid Identity URLs to the Local Intranet list of Internet Explorer and Edge

This entry is part 11 of 12 in the series Hardening Hybrid Identity

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at the required Hybrid Identity URLs that you want to […]

2  

HOWTO: Change the AD FS token-signing hash algorithm for AD FS relying party trusts to SHA256

This entry is part 12 of 12 in the series Hardening Hybrid Identity

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at properly securing relying party trusts on AD FS servers […]

0  

The videos of my Netwrix webinars are now available

Last week, on September 24, 25 and 26, I hosted three 60-minute webinars with Netwrix on my three favorite chapters in my Active Directory Administration Cookbook. Over 1800 people have registered for these webinars. Now, a mere two working days after the last webinars, the Netwrix team has done everyone a huge favor by already […]

0  

KnowledgeBase: Azure AD Connect v1.4 deletes incorrectly synchronized objects for non-Windows 10 devices

On September 10, 2019, Microsoft signed off on the first build of Azure AD Connect in the 1.4 version branch. Currently, this version is only available for organizations that have the Automatic Upgrade feature enabled. In the What’s Fixed section of the release notes for this version, Microsoft stated that: Fixed a bug where non-Windows […]

0  

HOWTO: Handle Windows Update on non-domain-joined Web Application Proxies

This entry is part 10 of 12 in the series Hardening Hybrid Identity

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at best practices to handle Windows activation on non-domain-joined Web […]

0  

Azure AD Connect version 1.4 introduces refined AD FS Management Capabilities

It’s time for a new version of Azure AD Connect to incorporate Microsoft’s lessons learned and distribute the fixes Microsoft made to the larger public. Last Friday, Microsoft released the first version in the 1.4 branch of Azure AD Connect: v1.4.18.0 Azure AD Connect is Microsoft’s free Hybrid Identity bridge product to synchronize objects and […]

7  

Domain Controller Cloning on VMware vSphere

This entry is part 6 of 6 in the series Virtualizing Domain Controllers on vSphere

After detailing Active Directory Virtualization Safeguards with VM-GenerationID in part 5 of this series on Virtualizing Domain Controllers on vSphere, it’s time to talk about the second Active Directory Domain Services feature that is enabled through the VM-GenerationID technology: Domain Controller cloning.   About Domain Controller cloning Microsoft recommends not re-using Domain Controllers for other […]

0  

HOWTO: Handle Windows Activation on non-domain-joined Web Application Proxies

This entry is part 9 of 12 in the series Hardening Hybrid Identity

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at best practices to handle Windows activation on non-domain-joined Web […]

0  

I’m presenting three Webinars with Netwrix focusing on the best recipes from the AD Administration Cookbook

On September 24th, 25th and 26th, I’ll present three 1-hour webinars with Netwrix. Tune in to get the best in Active Directory security, Hybrid Identity and Azure AD Hardening demo’ed! Tip! These courses may be of specific interest to CISSPs, as these courses allow you to earn Continuing Professional Education (CPE) credits.   About the […]

0