Category Archives: Active Directory

Happy 20th Birthday, Active Directory!

Today, The DirTeam.com / ActiveDir.org Weblogs are celebrating the 20-year anniversary of Active Directory Domain Services as a released product.   Windows 2000 Server The introduction of Active Directory to the world was part of the release of Windows 2000 Server on February 17, 2000. At the launch event, Bill Gates ushered in the Next […]

0  

TODO: Test your exposure to Microsoft’s 2020 LDAP Channel Binding and Signing changes

In many Active Directory Domain Services environments, LDAP is a common protocol to provide access to objects and their attributes in the directory. The Lightweight Directory Access Protocol (LDAP) is an open protocol for use with various directory services, including Active Directory. Over the years, Microsoft has been made aware about vulnerabilities in the way […]

1  

On-premises Identity updates & fixes for January 2020

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the updates and fixes we saw for January 2020:   Windows Server 2016 We observed the following updates for Windows Server 2016: KB4534271 January 14, 2020 The […]

0  

Deprecation of older Azure AD Connect versions announced for November 1, 2020

This, week, the Azure AD Connect team made the following announcement on the Azure AD Connect: Version release history page: Starting on November 1st, 2020, we will begin implementing a deprecation process whereby versions of Azure AD Connect that were released more than 18 months ago will be deprecated. At that time we will begin […]

0  

Active Directory, AD FS and Azure AD in terms of Data Privacy

Today is data privacy day. Today, I’d like to talk about Active Directory and data privacy, because it is an issue that is looming on the horizon for many organizations. I won’t be talking about Domain Controllers getting popped all around the globe, not about the various attacks against Active Directory and how to detect, […]

0  

Requirements per Windows Hello for Business Deployment Type

Windows Hello for Business is awesome technology, that allows for multi-factor authenticated sign-in on Windows 10 devices.   About Windows Hello for Business In Windows 10, Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to […]

0  

HOWTO: Deploy AD FS with SQL Server to gain Artifact Resolution and Replay Detection

This entry is part 23 of 23 in the series Hardening Hybrid Identity

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at the benefits of implementing AD FS with a back-end […]

0  

TODO: Install the January 2020 Cumulative Update in your networking infrastructure

This Tuesday, Microsoft released an update that fixes a critical vulnerability in Windows and Windows Server. I urge you to install this update as soon as possible.   About the vulnerability The vulnerability, labeled CVE-2020-0601 was responsibly disclosed by the NSA to Microsoft. It is dubbed ‘NSACrypt’. A spoofing vulnerability exists in the way Windows […]

2  

HOWTO: Design a networking infrastructure for Hybrid Identity components

This entry is part 22 of 23 in the series Hardening Hybrid Identity

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. For many organizations the Active Directory administrative tier model is a reality, or at least something they strive […]

0  

HOWTO: Design a networking infrastructure for Hybrid Identity components

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. For many organizations the Active Directory administrative tier model is a reality, or at least something they strive […]

0