This is a continuation of a series on Azure AD Connect. I recently covered using domain/OU and group filtering options that are available in Azure AD Connect to help control which objects are synchronized to Azure AD. I also took a closer look in group filtering, which is not recommended for use in production. Another … Continue reading Field Notes: Azure AD Connect – Attribute-based Filtering
Category: Active Directory
Field Notes: Azure AD Connect – Group Filtering Gotchas
This is a continuation of a series on Azure AD Connect. In the previous blog post, we looked at filtering options that can be used to control which objects are synchronized from on-premises directories to Azure AD - domain, OU and group filtering. I would like take a closer look at group filtering here, and … Continue reading Field Notes: Azure AD Connect – Group Filtering Gotchas
AD: Nitty Gritty of Fine-Grained Password Policies
Hey everyone, Theron (aka T-) here, Senior Consultant with Microsoft Consulting Services (MCS) specializing in Active Directory. Fine-Grained Password Policies (FGPP) have been around for a while, but in my experience with various customers, they aren't used often, if at all. This post is an attempt to simplify them, provide some details and list some … Continue reading AD: Nitty Gritty of Fine-Grained Password Policies
AD: Domain controllers – discover what you’ve got
Hey everyone, Theron (aka T-) here, Senior Consultant with Microsoft Consulting Services (MCS) specializing in Active Directory. During an engagement with a customer a couple of years ago, I needed to identify some info regarding their domain controllers. They were in the process of deploying System Center Operations Manager (SCOM) at the time, but it … Continue reading AD: Domain controllers – discover what you’ve got
AD: Discover what you’ve got
Hey everyone, Theron (aka T-) here, Senior Consultant with Microsoft Consulting Services (MCS) specializing in Active Directory. I wrote a really basic script that will scour your domain and return some valuable information regarding its configuration. There are probably several things in the script that could be done differently and if I was to go … Continue reading AD: Discover what you’ve got
AGPM: The case of the missing GPT.ini file – a possible workaround
Hey everyone, Theron (aka T-) here, Senior Consultant with Microsoft Consulting Services (MCS) specializing in Active Directory, amongst other technologies, including Advanced Group Policy Manager (AGPM). Have you ever deployed a GPO via AGPM only to experience either of the two situations? EventID 1058 (GroupPolicy) in a client’s System log or The follow message when … Continue reading AGPM: The case of the missing GPT.ini file – a possible workaround
Field Notes: Azure Active Directory Connect – Verifying Federated Login
I started off this Azure AD Connect series by going through the express installation path, where the password hash synchronization sign-in option is selected by default. This was followed by the custom installation path using pass-through authentication and a remote SQL installation. The latest post in the series covers federation with Active Directory Federation Services … Continue reading Field Notes: Azure Active Directory Connect – Verifying Federated Login
Step by Step: Enforce Require LDAP Signing on domain controllers. Part 2
Introduction On Part 2 of this post, I will show how to request a certificate for a domain controller to use LDAPS, we will see also why we should never use simple bind on clear text. This post is intended to give you an action plan on how you can Enforce Require LDAP Signing on … Continue reading Step by Step: Enforce Require LDAP Signing on domain controllers. Part 2
Step by Step: Enforce Require LDAP Signing on domain controllers. Part 1
Introduction: One of the security settings that Microsoft recommend applying on domain controllers is to Require LDAP Signing. Requiring LDAP signing is one policy setting that can be applied on a few seconds using group policy, but what is the impact of applying this setting in your production environment? In most customer environments I visited, … Continue reading Step by Step: Enforce Require LDAP Signing on domain controllers. Part 1
Field Notes: Azure Active Directory Connect – Federation with AD FS
I started off this Azure AD Connect series by going through the express installation path, where the password hash synchronization sign-in option is selected by default. This was followed by the custom installation path using pass-through authentication and a remote SQL installation. See: Field Notes: Azure Active Directory Connect – Express InstallationField Notes: Azure Active Directory … Continue reading Field Notes: Azure Active Directory Connect – Federation with AD FS
You must be logged in to post a comment.