Category Archives: Active Directory Federation Services

Azure AD Connect version 1.3.20.0 and older versions are no longer supported

As announced as part of the Azure AD Connect Version Release History page and shared here earlier, yesterday marked the end of Azure AD Connect version 1.3.20.0 and older versions of Azure AD Connect. This way, Microsoft starts enforcing its 18-month support policy for Azure AD Connect versions. For Azure AD Connect admins, running an […]

0  

vSphere 7’s vCenter Server Identity Provider Federation feature allows for MFA

In this series on virtualizing Active Directory on VMware vSphere, we’ve discussed earlier how to set up a straight-forward vCenter delegation model for running virtual Domain Controllers safely. Today, I want to discuss a new feature in VMware vSphere 7 that improves the lives of Identity and Access Management (IAM) professionals working with both technologies: […]

0  

An important update addresses a Spoofing Vulnerability in AD FS

Yesterday, for its September 2020 Patch Tuesday, Microsoft released an important security update for Active Directory Federation Services (AD FS). About the vulnerability A spoofing vulnerability exists when Active Directory Federation Services (AD FS) on Windows Server 2016 and Windows Server 2019 improperly handles multi-factor authentication requests. This vulnerability is described in detail in CVE-2020-0837. […]

0  

On-premises Identity updates & fixes for August 2020

Even though Microsoft’s Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the updates and fixes we saw for August 2020:   Windows Server 2016 We observed the following updates for Windows Server 2016: KB4571694 August 11, 2020 The […]

0  

KnowledgeBase: You can’t manage AD FS with non-domain-joined Azure AD Connect installations

Azure AD Connect is Microsoft's free Hybrid Identity bridge product to synchronize objects and their attributes from on-premises Active Directory Domain Services (AD DS) environments and LDAP v3-compatible directories to Azure Active Directory. One of the neat tricks Azure AD Connect has up its sleeve is the ability to implement Active Directory Federation Services (AD […]

0  

On-premises Microsoft Identity-related updates and fixes for May 2020

Even though Microsoft's Identity focus moves towards the cloud, they are not forgetting their on-premises roots. Windows Server 2016 and Windows Server 2019 still receive updates. These are the updates and fixes we saw for May 2020: Windows Server 2016 We observed the following updates for Windows Server 2016: KB4556813 May 12, 2020 The May […]

0  

KnowledgeBase: To manage non-domain-joined Web Application Proxies with Azure AD Connect you need additional configuration on both sides

Azure AD Connect is Microsoft's free Hybrid Identity bridge product to synchronize objects and their attributes from on-premises Active Directory Domain Services (AD DS) environments and LDAP v3-compatible directories to Azure Active Directory. However, you can also use it to set up and manage your organization’s Active Directory Federation Services (AD FS) implementation. This works […]

0  

A Real-world tested Approach for Transitioning Web Application Proxy Servers

This entry is part 2 of 2 in the series Transitioning AD FS and Web Application Proxy Servers

We’ve migrated many AD FS implementations from Windows Server 2012 R2 to Windows Server 2016 and beyond. This blogpost intends to share our experiences during these migrations, so you can take advantage of them during your migrations.   How we migrate In general, we migrate Web Application Proxy servers by adding additional Web Application Proxies […]

0  

A Real-world tested Approach for Transitioning AD FS Servers

This entry is part 1 of 2 in the series Transitioning AD FS and Web Application Proxy Servers

We’ve migrated many Active Directory Federation Services (AD FS) implementations from Windows Server 2012 R2 to Windows Server 2016 and beyond. This blogpost intends to share our experiences during these migrations, so you can take advantage of them during your migrations.   How we migrate In general, we migrate AD FS servers by adding additional […]

4  

KnowledgeBase: You receive error ‘AADSTS5000812: The SAML 1.1 credential must contain exactly one or zero claims of type ImmutableID’ when signing into Azure AD-integrated resources

In Hybrid Identity implementations, Active Directory Domain Services (AD DS), Active Directory Federation Services (AD FS) and Azure AD work together to authenticate people in your organization, so that they can work with Azure AD-integrated resources like Office 365. Sometimes, the constellation fails and you get an error page, instead of reaching the desired application, […]

0