Category Archives: Systems Administration

Some Domain Controllers may restart unexpectedly after applying the March 12, 2024 Updates

When installing updates, there is always the risk of rogue updates; updates that break functionality, unannounced, unexpected and unsettling. Microsoft is currently researching such a possible side-effect with the March 12, 2024 updates on Active Directory Domain Controllers.   About the issue Domain Controllers may reboot unexpectedly and keep rebooting. Admins are reporting ballooning memory […]


The Azure ATP Portal is being decommissioned in February 2023

Microsoft Defender for Identity helps Active Directory admins defend against advanced persistent threats (APTs) targeting their Active Directory Domain Services infrastructures. Microsoft Defender for Identity was formerly known as Azure Advanced Threat Protection (Azure ATP). Admins at many organizations that onboarded to the Defender for Identity functionality still manage it through the Azure ATP Portal. […]


Domain Controller Monitoring: Why, What, How?

There are many great Active Directory Monitoring solutions, however, there are not many great Domain Controller Monitoring solutions. What’s the difference? Not every Active Directory Monitoring solution is capable of monitoring what’s going on on the Domain Controllers. Active Directory Monitoring solutions that are part of bigger monitoring solutions even go as far as treating […]


HOWTO Extend the availability of Azure AD Password Protection Reporting Information

When working with the Azure AD Password Protection feature, you might want to take advantage of the event log management features on your Domain Controllers to make sure you get the right amount of events for password set and password failure audit events. About Azure AD Password Protection Azure AD Password Protection is an Azure […]


Eight Tips and Tricks for Backing up and Restoring virtual Domain Controllers with Altaro VM Backup v8

As Active Directory, its Domain Controllers and their inner workings were originally designed in the late 90s, some of the technologies and processes can be somewhat incompatible with technologies and ways of work that were introduced since. I haven’t stumbled upon physical Domain Controllers in a while, so I guess I can conclude that Virtual […]


KnowledgeBase: You can’t use the AzureADKerberos PowerShell Module on Azure AD Connect installations in a custom installation location

During the installation of Azure AD Connect, you can select the option to use an alternative location. In this case, the Microsoft Azure AD Sync folder is stored in the alternative location, but the Microsoft Azure AD Connect folder isn’t. The situation When you work with Hybrid Cloud Trust, you need the AzureAdKerberos PowerShell module. […]


TODO: Periodically reset the password for the KRBTGT_AzureAD account when using Hybrid Cloud Trust

Microsoft offers Hybrid Cloud Trust as a way to offer people with synchronized Work or School accounts on Azure AD-joined device seamless single sign-on access to Active Directory-integrated resources. When they sign in with Windows Hello for Business (WHfB), the Active Directory-integrated functionality doesn’t prompt for username and password.   How Hybrid Cloud Trust works […]


ENow Software provides the ideal basis for your Active Directory Zero Trust Journey

The world is different from five years ago. After the successful SolarWinds attack in 2020, where attackers gained access to Microsoft’s systems, Microsoft aligned itself with NIST’s approach towards a zero-trust architecture. This changes everything. In contrast to previous security models, in Microsoft’s defense in depth approach Identity and Access is the first layer of […]


TODO: Configure Azure AD Connect Health email notifications to continue to receive notifications when synchronization errors occur

Admins who are using Azure AD Connect are currently receiving email notifications when there are synchronization errors in the Azure AD Connect synchronization process. However, after mid-June 2022, admins who have not enabled Azure AD Connect Health email notifications will no longer receive synchronization error notification emails for their tenants. Microsoft has migrated this functionality […]


HOWTO: Detect NTLMv1 Authentication

Active Directory Domain Services (AD DS) offers many ways to integrate applications and services. Before Windows 2000 Server and Active Directory, in the Windows NT era when servers were beige and server racks from wood, authentication on networks was NTLM-based. Windows 2000 Server introduced Microsoft’s Kerberos implementation, but even today NTLM continues to be used. […]