Category Archives: Active Directory
HOWTO: Find out the capabilities Domain Controllers may offer your device
One of the hard nuts to crack in Active Directory is meeting the requirements for the infrastructure features your organization’s business needs to operate reliably, securely and smooth. About Active Directory requirements Throughout Microsoft’s recent history, features have been introduced in all sorts of products that have certain Active Directory requirements. The perfect example is […]
KnowledgeBase: You experience EventID 1699 on Domain Controllers targeted by Azure AD Connect
One of the issues you might encounter, when you misconfigure the delegated permissions for Azure AD Connect’s Active Directory connector account is events in your Domain Controllers’ event viewers every hour with event ID 1699. The situation You are using Azure AD Connect with Password Hash Synchronization as either the sign-in method to Azure AD […]
Windows PKU2U Elevation of Privilege Vulnerability (CVE-2021-25195, Critical)
Yesterday, for its February 2021 Patch Tuesday, Microsoft released a critical security update for PKU2U. This vulnerability is known as CVE-2021-25195 and rated with CVSSv3.0 scores of 7.8/6.8. About PKU2U Authentication PKU2U is a peer-to-peer authentication protocol. This setting prevents online identities from authenticating to domain-joined systems. Authentication will be centrally managed with Windows […]
Windows DNS Server Remote Code Execution Vulnerability (CVE-2021-24078, Critical CVSSv3 9.8/8.5)
Today, for its February 2021 Patch Tuesday, Microsoft released a critical security update for DNS Servers running Windows Server. This vulnerability is known as CVE-2021-24078 and rated with CVSSv3.0 scores of 9.8/8.5. A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers. An attacker who successfully exploited the vulnerability could run arbitrary […]
On-premises Identity-related updates and fixes for January 2021
Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the Identity-related updates and fixes we saw for January 2021: Windows Server 2016 We observed the following update for Windows Server 2016: KB4598243 January 12, 2021 […]
Active Directory’s ESE database code now available on GitHub
Active Directory Domain Services (AD DS) and Active Directory Certificate Services (AD CS) use the Extensible Storage Engine (ESE) as its database. Now Microsoft has open sourced the code for its database engine available to all on GitHub. About the Extensible Storage Engine The Extensible Storage Engine (ESE) is an embedded / Indexed Sequential […]
HOWTO: Configure Accurate Time in Active Directory
Windows Server 2016 introduced the Accurate Time feature. Microsoft introduced increased polling and clock update frequency in Windows Server 2016 Active Directory, when compared to Windows Server 2008/2012. While this introduces a small additional CPU load on Domain Controllers, it does provide for more Accurate Time for Windows Server 2016 because of more frequent polling, […]
HOWTO: Install Azure AD Connect behind an Internet Proxy
Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In many environments, tier 0 systems like Azure AD Connect installations are only allowed Internet access through one […]
KnowledgeBase: You receive error ‘The directory service was unable to allocate a relative identifier’ when installing Azure AD Connect
Sometimes, the installation of Azure AD Connect can mess up your project deadlines in mere seconds. In this blogpost, I want to share an error that kept the admins of an organization occupied for several days, while it was relatively (har har) easy to fix. The situation An organization wants to configure Azure AD Connect. […]
On-premises Identity-related updates and fixes for December 2020
Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the Identity-related updates and fixes we saw for December 2020: Windows Server 2016 We observed the following update for Windows Server 2016: KB4593226 December 8, 2020 […]
Login