Category Archives: Microsoft Windows Server 2012 R2

Video: Running highly-sensitive Domain Controllers on Hyper-V and Azure

Active Directory Domain Controllers hold the keys to your kingdom. So how do you virtualize these castles of identity, without compromising on the requirements of your organization? In this session, Raymond Comvalius (Windows Expert – IT Pro MVP) and Sander Berkouwer (Directory Services MVP) give best practices for hardening, backing up, restoring and managing virtualized […]


WorkPlace Join vs. DirectAccess

Previously, I discussed the differences and commonalities for WorkPlace Join and Domain Join. Today, I would like to discuss the differences and commonalities between two very similar and yet widely different remote access technologies: WorkPlace Join and DirectAccess.   Let’s start with the characteristics these two technologies have in common: WorkPlace Join and DirectAccess are […]


KnowledgeBase: Domain Controller promotion stops responding when NetBIOS over TCPIP is disabled in Windows Server 2012 R2

Sometimes, an easy task becomes daunting. Especially when you’re working with technology like Active Directory Domain Services and you can’t even get a server promoted to a Domain Controller because the promotion process hangs and you’re left without clues.   The situation You can promote a Windows Server to an Active Directory in the following […]


Advances in Active Directory since Windows Server 2003

In six months time, on July 14 2015, Microsoft ends the extended support for Windows Server 2003. After 11 years and 6 months (Windows Server 2003 became generally available on May 28th, 2003) the plug is pulled on updates to the product and the support information on TechNet, MSDN and its KnowledgeBase. Running Active Directory on Operating […]


Granularly permitting or denying the right to WorkPlace Join devices based on group membership

Previously, we’ve looked at the WorkPlace Join functionality in Active Directory Federation Services (AD FS) in Windows Server 2012 R2 (and up) and the accompanying Registered Device objects in Active Directory Domain Services (AD DS). When WorkPlace Join is enabled for a networking environment, by default anyone has the right to WorkPlace Join devices, by […]


New features in Active Directory Domain Services in Windows Server 2012 R2, Part 5: WorkPlace Join and Registered Device objects

Active Directory is a family of products. Besides the commonly known Active Directory Domain Services and Certificate Services siblings, the family consists of the Active Directory Lightweight Directory Services, Rights Management Services and Federation Services. The latter received a major overhaul in Windows Server 2012 R2. One of the new features offered by Active Directory […]


Using the new Active Directory PowerShell Cmdlets on down-level and module-less systems

Last week, we discussed the new Active Directory Domain Services-related PowerShell Cmdlets in Windows Server 2012 R2. In the requirements I mentioned that you needed at least one system with the Windows Server 2012 R2 or Windows 8.1 version of the Active Directory Module for Windows PowerShell feature installed. However, as Aleksandar Nikolic (PowerShell MVP) […]


New features in Active Directory Domain Services in Windows Server 2012 R2, Part 4: PowerShell Cmdlets

Managing an on-premises Active Directory Domain Services infrastructure through the Graphical User Interface (GUI) can get daunting. And boring. Luckily, for most repetitive tasks you can resort to the command line, or in more recent versions of Windows Server to PowerShell. Windows Server 2012 already comes equipped with PowerShell Cmdlets to manage your Active Directory […]


New features in Active Directory Domain Services in Windows Server 2012 R2, Part 3: Authentication Policies and Authentication Policy Silos

As we’ve dived into the Protected Users security group, we’ll dive into Authentication Policies and Authentication Policy Silos today, as these latter two features are greatly intertwined with the functionality of the Protected Users group and have much in common. But, as we’ll find out, Authentication policies and authentication policy silos also differ greatly from […]


Ten things you need to be aware of before using the Protected Users Group

With Windows Server 2012 R2 and Windows 8.1, Microsoft introduced a feature in Active Directory Domain Services called the Protected Users group. You can use it to limit the availability of outdated authentication protocols, weak encryption algorithms and delegation to sensitive user accounts. Interesting stuff, but I feel there’s some things you should know about […]