Category Archives: Best Practices
Azure AD Connect: objectGUID vs. mS-DS-ConsistencyGuid, Part 1
The Azure AD Connect Team has decided to move Azure AD Connect’s default source anchor attribute in on-premises Active Directory Domain Services (AD DS) environments from objectGUID to mS-DS-ConsistencyGuid for user objects in Azure AD Connect version 1.1.553.0, and up. When you’ve been using Azure AD Connect to synchronize objects between your on-premises Active Directory […]
Branding your Hybrid Identity Solution, Part 5: Azure Multi-Factor Authentication Server’s AD FS Adapter implementation
This entry is part 5 of 6 in the series Branding your Hybrid Identity SolutionOnce you’ve branded the Active Directory Federation Services (AD FS) and Azure Active Directory pages, you might want to apply your corporate branding to the Active Directory Federation Services Adapter pertaining to your on-premises Azure Multi-Factor Authentication (MFA) Server. For AD […]
Critical Flaw in SMB1 could allow remote code execution on Active Directory Domain Controllers (MS17-010, KB4013389)
Today, for its March 2017 Patch Tuesday, Microsoft released a security update for supported versions of Windows Server offering File Sharing services using the Server Message Block (SMB) version 1.0 protocol. The security update addresses the vulnerabilities by correcting how SMBv1 handles specially crafted requests. About the vulnerabilities The vulnerabilities that are fixed with […]
Branding your Hybrid Identity Solution, Part 4: Active Directory Federation Services
This entry is part 4 of 6 in the series Branding your Hybrid Identity SolutionActive Directory Federation Services (AD FS) plays a huge part in your Hybrid Identity implementation. For colleagues using their domain credentials on domain-joined devices located on-premises , through Kerberos, they gain Single Sign-On (SSO) access to web apps your organization uses. […]
Branding your Hybrid Identity Solution, Part 1: Introduction
This entry is part 1 of 6 in the series Branding your Hybrid Identity SolutionMany organizations embrace the new reality of Hybrid Identity. For many of them, the increased level of security towards both on-premises resources and cloud services is the main reason to do so: Single sign-on (SSO) and multi-factor authentication (MFA) are two […]
From the field: Colleagues in specific group encounter error “AADSTS50107 Requested federation realm object does not exist.”
Sometimes, you hit error messages that are just too vague to troubleshoot. I like these kinds of situations. This particular one is especially fun, because it requires some intermediate knowledge of Active Directory Federation Services in Hybrid Identity environments. My favorite subject. The situation Single Sign-On (SSO) for organizations comes in many shapes and […]
Azure AD Cloud App Discovery as a Service, not as a Project
Azure Active Directory is quickly becoming the Identity Management-as-a-Service solution of choice for many organizations. One of the nicest features, but unfortunately less common features of Azure AD is its Cloud App Discovery tool and the way it integrates with Azure AD Identity Protection. About Azure AD Cloud App Discovery Azure AD Cloud App […]
I will be delivering 9 Identity webinars for Microsofts Partner University this May
A while ago, I was contacted to to present online webinars to explain the Enterprise Mobility Suite (EMS) for Microsofts Partner University. For this series of fifteen webinars, I was selected as the speaker for the first three sessions in three different timeslots, accommodating the Asia Pacific, Europe and Americas regions using the EventBuilder platform: […]
Installing Azure AD Connect on Windows Server 2008, 2008 R2 and 2012
In most projects, we set up a brand new Windows Server 2012 R2-installation, purely for Azure AD Connect and its underlying Azure AD Connect. For some reasons, however, you might install Azure AD Connect on Windows Server 2008, Windows Server 2008 R2 or Windows Server 2012. Note: Installing Azure AD Connect is not supported on […]
Knowledgebase: You receive Event-ID 1539 and ‘This device does not allow its write-caching setting to be changed’ warnings on virtualized Generation 2 Domain Controllers
When I was in training as an Active Directory admin, I was taught that the disk(s) where the Active Directory database and Active Directory transaction logs reside are automatically configured with write-back caching disabled. Today, roughly 15 years later, I found out that although my teacher was right, things have changed and might be counter-intuitive […]
Login