Category Archives: Best Practices

Hybrid Identity features per Active Directory Domain Services Domain Controller Operating System, Domain Functional Level, Forest Functional Level and Schema version

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. These components have requirements of Active Directory Domain Services (AD DS) in terms of the schema, the Windows Server versions on the Domain Controllers an organization runs, the Domain Functional Level (DFL) and the […]

1  

Using Azure AD Connect with a gMSA

Since version 1.1.443.0, you can use Azure AD Connect with a group Managed Service Account (gMSA) as its service account. I thought it was time to show you how to configure Azure AD Connect with a gMSA.   The problem with service accounts We all use service accounts in our environments. These accounts allow us […]

0  

Why installing Azure AD Connect on an Active Directory Domain Controller might not be the most brilliant of ideas

When you read through Azure AD Connect’s prerequisites page, you’ll notice that Microsoft supports installing Azure AD Connect on Active Directory Domain Controllers. While this would certainly be a helpful scenario for organizations with up to 50 user accounts, I would not recommend doing so. Note: Installing Azure AD Connect on a Read-only Domain Controller […]

0  

Azure AD Connect 1.1.614.0 offers a load of fixes and enhanced functionality

Yesterday, Microsoft released version 1.1.614.0 of Azure AD Connect, its free Hybrid Identity bridge product to synchronize objects and their attributes from on-premises Active Directory Domain Services (AD DS) environments to Azure Active Directory.   What’s New Azure AD Connect Sync Azure AD Connect now features a Troubleshoot task in the Azure AD Connect wizard […]

2  

Azure AD Connect: objectGUID vs. mS-DS-ConsistencyGuid, Part 3

This entry is part 3 of 3 in the series Azure AD Connect: objectGUID vs. mS-DS-ConsistencyGuid

In the first part of this series, I’ve explained how Azure AD Connect version 1.1.553.0 and beyond allows you to switch from objectGUID to mS-DS-ConsistencyGuid as the source anchor attribute , the benefits of doing so and what you may and may not expect when you make the switch. Now that I’ve shown you the […]

4  

I’m presenting at the Dutch Windows Management User Group 2017-4 Meetup

The Dutch Windows Management User Group (WMUG) is one of the more active IT Pro user groups in the Netherlands. I was honored when they invited me to speak at their next meetup on September 13, 2017. Of course, I’d present at this meetup; their fourth meetup this year!   About the Dutch Windows Management […]

0  

Azure AD Connect: objectGUID vs. mS-DS-ConsistencyGuid, Part 2

This entry is part 2 of 3 in the series Azure AD Connect: objectGUID vs. mS-DS-ConsistencyGuid

In the first part of this series, I’ve explained how Azure AD Connect version 1.1.553.0 and beyond allows you to switch from objectGUID to mS-DS-ConsistencyGuid as the source anchor attribute, the benefits of doing so and what you may and may not expect when you make the switch. In this second part, I’ll share the […]

8  

The Veeam Agent for Microsoft Windows Free is amazing. Let me tell you why.

Veeam released its free Agent for Microsoft Windows (version 2.0.0.700). I’ve been using the Beta of the  agent for a couple of months and the more I used it and the more I read on why Veeam introduced this tool, and how it fits into Veeam’s current technology and strategy, the more I want to […]

0  

Azure AD Connect: objectGUID vs. mS-DS-ConsistencyGuid, Part 1

This entry is part 1 of 3 in the series Azure AD Connect: objectGUID vs. mS-DS-ConsistencyGuid

The Azure AD Connect Team has decided to move Azure AD Connect’s default source anchor attribute in on-premises Active Directory Domain Services (AD DS) environments from objectGUID to mS-DS-ConsistencyGuid for user objects in Azure AD Connect version 1.1.553.0, and up. When you’ve been using Azure AD Connect to synchronize objects between your on-premises Active Directory […]

3  

Branding your Hybrid Identity Solution, Part 5: Azure Multi-Factor Authentication Server’s AD FS Adapter implementation

This entry is part 5 of 6 in the series Branding your Hybrid Identity Solution

Once you’ve branded the Active Directory Federation Services (AD FS) and Azure Active Directory pages, you might want to apply your corporate branding to the Active Directory Federation Services Adapter pertaining to your on-premises Azure Multi-Factor Authentication (MFA) Server. For AD FS running on Windows Server 2012 R2, this means that the Azure Multi-Factor Authentication […]

0