Category Archives: Best Practices
HOWTO: Create a Group Policy Central Store
The Group Policy Central Store in Active Directory’s System Volume (SYSVOL) share optimizes Group Policy authoring and replication. The group policy central store is a central location to store all the Group Policy template (*.admx) and Group Policy Language (*.adml) files. The Central Store eliminates the loading and opening of Group Policy template files on systems […]
HOWTO: Check if you can use the mS-DS-ConsistencyGUID attribute as source anchor for Azure AD Connect
In recent versions of Azure AD Connect, you can use the mS-DS-ConsistencyGUID attribute as the source anchor attribute. This provides flexibility in cross-forest migration scenarios. However, if another solution in the networking environment has already claimed the mS-DS-ConsistencyGUID attribute for its purposes, Azure AD Connect won’t allow you to use this attribute and instead default […]
The video of my presentation at the 2020 Hybrid Identity Protection Conference is now available
The Hybrid Identity Protection Conference is Semperis Inc.’s event in the spirit of The Expert Conference (TEC) to bring together the leading experts in the field of Identity and Access Management. The event offers a unique opportunity to spend time with peers, whose day-to-day job is to architect, manage, and protect identity management in the […]
The video of our presentation at Veeam Live is now available
Veeam organized its Veeam Live event on October 20th, 2020. Veeam is defining the future of cloud data solutions and helping today’s businesses securely and reliably protect and easily recover their data. At Veeam Live, they offered data protection management guidance, showed how to up your data protection game and allowed to connect with like-minded […]
HOWTO: Harden Remote Desktop connections to Domain Controllers
Workstations that are allowed to communicate to Domain Controllers pose a risk of lateral movement. To mitigate some of these risks, we can harden the Remote Desktop connections to Domain Controllers. Note: For organizations that have implemented the Active Directory administrative tier model, or are striving to embrace, their Privileged Access Workstations (PAWs) pose a […]
Why DCPromo removes the passwords from your answer files after usage
One of the recommended practices for configuring Domain Controllers is to use an answer file to promote the server from a domain-joined server to a Domain Controller. Benefits of using an answer file The benefit is using an answer file is that the file can be reused for multiple promotions. This way, Domain Controllers […]
TODO: Enable the new My Apps and My Profile Experiences
Microsoft will be updating the current Azure AD Apps and Profile experiences on July 20th 2020. This means that from that data onward your colleagues will be automatically switched over to the updated My Apps and My Account experiences. Note: The updated My Apps and My Account offer the same functionality as the current experiences, […]
I’m presenting three webinars with Netwrix focusing again on the best recipes from the AD Administration Cookbook
On April 22nd, 28th and 30th, 2020, I’ll present three 1-hour webinars with Netwrix. Tune in to get the best in Active Directory security, Hybrid Identity and Azure AD Hardening demonstrated from me and Netwrix’ Jeff Melnick! About the webinars I feel webinars are a great way to show people the potential of technology. […]
I’m presenting two live Active Directory webinars with Veeam’s Andrey Zhelezko
On March 5th 2020, I’m presenting two webinars with Andrey Zhelezko, technical product analyst at Veeam Software, on Active Directory Best Practices in terms of administration and disaster recovery. Active Directory has been around for two decades. This decade, a secure and resilient Active Directory is needed more than ever. AD has been a part […]
From the field: The case of the overloaded Primary Domain Controller Emulator
Troubleshooting Active Directory Domain Services is fun. Today, I cover a more esoteric Active Directory troubleshooting case about an overloaded Domain Controller holding the Primary Domain Controller Emulator role. The cause has nothing to do with Active Directory, of course, but I was called in because the machine affected was a Domain Controller. About […]
Login