Category Archives: Active Directory

In-place upgrading an Active Directory Domain Controller to Windows Server build 17093 might fail

Last week, Microsoft announced the latest Windows Server Insider Preview build, nicknamed Build 17093, referencing its 10.0.17093.1000 version number. This Windows Server version was released to Windows Server Insiders on February 13, 2018.   About Windows Server Preview Build 17093 This build is a preview build of the next Semi-Annual Channel (SAC) release of Windows […]

0  

Hybrid Identity features per Active Directory Domain Services Domain Controller Operating System, Domain Functional Level, Forest Functional Level and Schema version

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. These components have requirements of Active Directory Domain Services (AD DS) in terms of the schema, the Windows Server versions on the Domain Controllers an organization runs, the Domain Functional Level (DFL) and the […]

1  

Configuring Geo-Redundancy for AD FS on-premises with Azure Traffic Manager

Last week, I showed you how to perform a simple Hybrid Identity implementation with AD FS on-premises. While this scenario is easy and fast to deploy, it also has a couple of downsides. One of them is the risk of ‘AD FS Unavailability’ and the inability to authenticate to cloud resources when the on-premises environment […]

0  

Performing a simple Hybrid Identity implementation with AD FS on-premises

In this blogpost, I’ll explain how to install and configure Active Directory Federation Services (AD FS) and Azure AD Connect to achieve Hybrid Identity with Azure Active Directory, based on Windows Server 2016. The implementation outlined in this blogpost is relevant for one on-premises datacenter and an Active Directory Domain Services environment, consisting of one […]

4  

I’m co-presenting a second webinar on tracking changes in Hybrid Identity

On Wednesday January 24, 2018 I’m co-presenting a webinar on tracking changes in Hybrid Identity environments, based on Active Directory Domain Services (AD DS) and Azure AD. The session is sponsored by Netwrix, who I think have a stellar solution for tackling this challenge. This expert webinar is scheduled for a convenient time for my […]

0  

Using Azure AD Connect with a gMSA

Since version 1.1.443.0, you can use Azure AD Connect with a group Managed Service Account (gMSA) as its service account. I thought it was time to show you how to configure Azure AD Connect with a gMSA.   The problem with service accounts We all use service accounts in our environments. These accounts allow us […]

0  

Azure AD Connect version 1.1.654.0 addresses a critical security vulnerability

It feels like only a couple of months ago, but actually only half a year ago, Microsoft released a version of Azure AD Connect that fixed a critical security vulnerability related to password resets. Yesterday, Microsoft released a new version of Azure AD Connect that does the same thing, but actually in a different feature. […]

0  

I’m co-presenting a webinar on tracking changes in Hybrid Identity environments

Next week, on Wednesday November 29, 2017 I’m co-presenting a webinar on tracking changes in Hybrid Identity environments, based on Active Directory Domain Services (AD DS) and Azure AD. The session is sponsored by Netwrix, who I think have a stellar solution for tackling this challenge. This expert webinar is scheduled for a convenient time […]

0  

Azure AD Connect v1.1.647.0 fixes Common Issues with Sign-In Methods

Last Thursday, Microsoft released version 1.1.647.0 of Azure AD Connect, its free Hybrid Identity bridge product to synchronize objects and their attributes from on-premises Active Directory Domain Services (AD DS) environments to Azure Active Directory. At Microsoft Ignite, Microsoft declared Seamless Single Sign-On and Pass-through Authentication features as Generally Available, so the team doubled down […]

0  

Why installing Azure AD Connect on an Active Directory Domain Controller might not be the most brilliant of ideas

When you read through Azure AD Connect’s prerequisites page, you’ll notice that Microsoft supports installing Azure AD Connect on Active Directory Domain Controllers. While this would certainly be a helpful scenario for organizations with up to 50 user accounts, I would not recommend doing so. Note: Installing Azure AD Connect on a Read-only Domain Controller […]

0