Field Notes: Active Directory tombstone lifetime

The days of updating the default tombstone lifetime for Active Directory may be long forgotten, but if your Active Directory Forest has been running since Windows Server 2000/2003 and you have never verified the tombstone lifetime, it may be worthwhile to do so. As I have found first-hand with my customer, there are some deployments out there that may still be using a tombstone lifetime of 60 days. Expecting a value of 180 days and realizing too late that this is not the case may cause unnecessary complications in the future.

Internet Explorer | End of Life

We have been using Internet Explorer since Windows 95, perhaps not so much in recent years since we started using modern browsers. Microsoft recently announced the retirement of the Internet Explorer desktop application. There are some organizations however that still rely on Internet Explorer for legacy sites who may be impacted by this announcement. These legacy sites can still be supported using the Microsoft Edge browser.

Integrate Microsoft Defender for Identity with Syslog (SIEM)

Microsoft Defender for Identity (MDI) can be easily integrated with your Syslog server. You can be notified of new suspicious activities by sending security and health alerts to your Syslog server.

Updates to Microsoft role-based certifications

Microsoft recently made some changes to the role-based certification program. In general it should be good news for everyone. In this post I'll do a quick review of the changes that were announced.

New Microsoft Security Certifications released

Exams such as AZ-500 and MS-500 measures your overall knowledge of Azure and Microsoft 365 security solutions and features. Microsoft has now released four new exams measuring skills on specific security solutions instead. You can obtain a new Fundamentals certification and three new Associate certifications. The new exams/certifications are as follows: Exam SC-900 | Microsoft … Continue reading New Microsoft Security Certifications released →

End of support for Microsoft Edge Legacy browser

Microsoft announced in August last year that support for the Microsoft Edge Legacy application will end on March 9 2021. The new Microsoft Edge browser based on Chromium will be made available as part of the Windows 10 cumulative monthly security update that will be released on April 13 2021.

Use Azure Backup for Active Directory forest recovery requirements | Part 2

In part one of this series, we used Azure Backup to enable a daily backup schedule on two Domain Controllers, one from each domain in the Active Directory forest. A few days have passed since Azure Backup was configured. Multiple backups (restore points) should be available for each of the Domain Controllers. In this post, one of these recovery points will be used to restore the forest root Domain Controller in an Azure isolated virtual network (VNET), while having no impact on the production environment. We should be able to successfully logon to this Domain Controller after the restore, to perform the remaining Active Directory recovery steps.

Use Azure Backup for Active Directory forest recovery requirements | Part 1

In this series I will demonstrate how to configure Azure Backup to protect a Domain Controller deployed in Azure. An initial backup will be performed which will then be used to restore the Azure Virtual Machine (VM) to an isolated Virtual Network. The VM restore will be tested by signing into the Domain Controller with the built-in Administrator account. This validates the successful backup and restore of the Domain Controller VM. Part 1 covers the configuration of Azure Backup and creation of backups for two Domain Controllers in Azure. I will configure backup for a Domain Controller in the forest root domain and a Domain Controller in the child domain.

Field Notes: Zerologon | CVE-2020-1472 | Manage Netlogon secure channel changes

The Netlogon vulnerability (CVE-2020-1472) is well documented and includes all the required remediation and preparation steps for the next update coming February 2021. We are less than a month away from the enforcement phase, and I have found that some customers are still unsure of what they need to do in regards to this vulnerability and the security updates. I've decided to publish this post to clarify the required actions, and tools available after deploying the August 2020 security update.

Field notes: The case of the missing Organizational Unit (OU)

I recently assisted a customer with missing OU's in Active Directory. We found that the OU's were not deleted (thanks to the AD Recycle Bin), but were actually moved to another OU instead. These occurrences can easily be prevented by using a feature that was introduced with Active Directory on Windows Server 2008. Now this is nothing new, but since we are still finding occurrences of this at our customers, I decided to publish this post as a reminder to review all OU's in your Active Directory forest, and ensure they are protected from accidental deletion.