Category Archives: Active Directory

Protecting virtual Domain Controllers on vSphere with VM Encryption

This entry is part 8 of 8 in the series Virtualizing Domain Controllers on vSphere

In the previous post in this series, we looked at Virtualization-based Security and how it may benefit virtualized Domain Controllers. However, VMware vSphere 6.5 and newer versions of vSphere, offer one more feature to virtualized Domain Controllers that you might want to look into from both an Active Directory as a Virtualization Platform management point […]


Group Policy Elevation of Privilege Vulnerability (CVE-2020-1317, Important)

This Tuesday, Microsoft released updates for all supported versions of Windows and Windows Server to address an elevation of privilege vulnerability in Group Policy, marked as important. Its official common vulnerabilities and exposures (CVE) id is CVE-2020-1317.   About the vulnerability An elevation of privilege vulnerability exists when Group Policy improperly checks access. An attacker […]


Protecting virtual Domain Controllers on vSphere with Virtualization-based Security

This entry is part 7 of 8 in the series Virtualizing Domain Controllers on vSphere

VMware vSphere 6.7 offers the ability to enable virtualization-based security (VBS) for virtual machines. Let’s find out what kind of protection this setting provides, what’s needed to get it going and how to configure a virtual Domain Controller to use it.   About Virtualization-based Security Virtualization-based Security (VBS) uses virtualization features to create and isolate […]


Recordings of the webinars with Netwrix are now available

Last month, on April 22nd, 28th and 30th, I hosted three 60-minute webinars with Netwrix on my three favorite chapters in my Active Directory Administration Cookbook. Over 1800 people have registered for these webinars. Now, a mere week after the last webinar, the Netwrix team has done everyone a huge favor by already placing the […]


Choosing the right Passwordless sign-in method for your colleagues

Passwordless is Microsoft’s strategy to improve enterprise security and enable end-user convenience at the same time. The era of passwords is slowly coming to an end and Microsoft offers readily-available solutions for your colleagues to sign-in to their devices and services. However, with its many passwordless methods, Microsoft isn’t making it easy for identity admins […]


Azure AD Connect v1.5.29.0 fixes an issue with enabling Seamless Single Sign-on

After every fresh major release of Azure AD Connect by Microsoft, several smaller hotfix releases update the functionality to prevent issues where administrators are not able to perform certain configurations or gain access to functionality. This week, Azure AD Connect version was released, fixing an issue that was introduced in a previous hotfix release. […]


HOWTO: Encrypt traffic between AD FS Servers, servers running Azure AD Connect and SQL Servers hosting their databases

This entry is part 26 of 27 in the series Hardening Hybrid Identity

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. Implementing AD FS with SQL Server provides access to Artifact Resolution and Replay Detection. Implementing Azure AD Connect […]


Azure AD Connect fixes an issue when you’ve cloned the ‘In from AD–Group Join’ sync rule before Azure AD Connect v1.5.20.0

Azure AD Connect version introduced a new feature: mS-DS-ConsistencyGUID as the source anchor for groups. Now, as organizations are upgrading to the new version, some overlooked scenarios rear their heads. Azure AD Connect version is here to fix an issue when you’ve cloned a synchronization rule. What’s Fixed Version addresses an issue […]


I’m presenting three webinars with Netwrix focusing again on the best recipes from the AD Administration Cookbook

On April 22nd, 28th and 30th, 2020, I’ll present three 1-hour webinars with Netwrix. Tune in to get the best in Active Directory security, Hybrid Identity and Azure AD Hardening demonstrated from me and Netwrix’ Jeff Melnick!   About the webinars I feel webinars are a great way to show people the potential of technology. […]


Azure AD Connect version fixes an issue with Group Filtering

Hot on the heels of Azure AD Connect version, Microsoft is releasing a new version of Azure AD Connect to fix an issue introduced in that first version of this 1.5.x.x branch of Azure AD Connect versions. This is an important version if your organization has deployed Group Filtering.    About Azure AD Connect […]