Category Archives: Active Directory Federation Services

KnowledgeBase: The WID Service consumes 100% CPU after transitioning AD FS Servers

This week, I encountered unexpected behavior with Active Directory Federation Services (AD FS) on a Windows Server installation that an organization had recently transitioned to from an AD FS server running a previous version of Windows Server. I’m sharing my experiences, so others may benefit from our troubleshooting and solution.   The situation Your organization […]

0  

Ten Things You should know about vCenter Identity Provider Federation

vCenter in VMware vSphere 7 introduces support for role-based access control (RBAC), based on standards-based federation. While this sounds fantastic, there are a couple of things you should know about this vCenter Identity Provider Federation feature, before you blindly implement it.   vCenter 7.0 or later The vCenter Identity Provider Federation feature is only available […]

0  

Azure AD Connect version 1.3.20.0 and older versions are no longer supported

As announced as part of the Azure AD Connect Version Release History page and shared here earlier, yesterday marked the end of Azure AD Connect version 1.3.20.0 and older versions of Azure AD Connect. This way, Microsoft starts enforcing its 18-month support policy for Azure AD Connect versions. For Azure AD Connect admins, running an […]

0  

vSphere 7’s vCenter Server Identity Provider Federation feature allows for MFA

In this series on virtualizing Active Directory on VMware vSphere, we’ve discussed earlier how to set up a straight-forward vCenter delegation model for running virtual Domain Controllers safely. Today, I want to discuss a new feature in VMware vSphere 7 that improves the lives of Identity and Access Management (IAM) professionals working with both technologies: […]

0  

An important update addresses a Spoofing Vulnerability in AD FS

Yesterday, for its September 2020 Patch Tuesday, Microsoft released an important security update for Active Directory Federation Services (AD FS). About the vulnerability A spoofing vulnerability exists when Active Directory Federation Services (AD FS) on Windows Server 2016 and Windows Server 2019 improperly handles multi-factor authentication requests. This vulnerability is described in detail in CVE-2020-0837. […]

0  

On-premises Identity updates & fixes for August 2020

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the updates and fixes we saw for August 2020:   Windows Server 2016 We observed the following updates for Windows Server 2016: KB4571694 August 11, 2020 The […]

0  

KnowledgeBase: You can’t manage AD FS with non-domain-joined Azure AD Connect installations

Azure AD Connect is Microsoft's free Hybrid Identity bridge product to synchronize objects and their attributes from on-premises Active Directory Domain Services (AD DS) environments and LDAP v3-compatible directories to Azure Active Directory. One of the neat tricks Azure AD Connect has up its sleeve is the ability to implement Active Directory Federation Services (AD […]

0  

On-premises Microsoft Identity-related updates and fixes for May 2020

Even though Microsoft's Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the updates and fixes we saw for May 2020: Windows Server 2016 We observed the following updates for Windows Server 2016: KB4556813 May 12, 2020 The May […]

0  

KnowledgeBase: To manage non-domain-joined Web Application Proxies with Azure AD Connect you need additional configuration on both sides

Azure AD Connect is Microsoft's free Hybrid Identity bridge product to synchronize objects and their attributes from on-premises Active Directory Domain Services (AD DS) environments and LDAP v3-compatible directories to Azure Active Directory. However, you can also use it to set up and manage your organization’s Active Directory Federation Services (AD FS) implementation. This works […]

0  

A Real-world tested Approach for Transitioning Web Application Proxy Servers

This entry is part 2 of 2 in the series Transitioning AD FS and Web Application Proxy Servers

We’ve migrated many AD FS implementations from Windows Server 2012 R2 to Windows Server 2016 and beyond. This blogpost intends to share our experiences during these migrations, so you can take advantage of them during your migrations.   How we migrate In general, we migrate Web Application Proxy servers by adding additional Web Application Proxies […]

0