Updating the Kerberos decryption key for the Azure AD SSO computer account is a fairly simple process. In this blog post I walk through the steps to perform an update of the Kerberos decryption key.
Category: Identity
How to reset the Directory Service Restore Mode (DSRM) password
The Directory Services Restore Mode (DSRM) password is first set when promoting a new Domain Controller. I have encountered many Active Directory environments where the DSRM password for the Domain Controllers is not known or safely stored for retrieval when needed. In this article I revisit the options to reset the DSRM password.
Azure AD Alternate Login ID – Use your e-mail address (preview).
Introduction For logging into office 365 services, and you are syncing your users from on premises AD via Azure AD Connect, Microsoft has always recommended changing your users UPNs to match their e-mail address. 2 of the main reasons for this are: You can not use non routable domains in Azure AD. So domain.local will … Continue reading Azure AD Alternate Login ID – Use your e-mail address (preview).
Understanding Microsoft Security Baselines and Applying Them – Part 2
Importing the Security Baselines into AD easily The easiest method of importing all the settings into AD is a script that is included with the baselines, its stored beneath the Scripts folder named "Baseline-ADImport.ps1". Baseline-ADImport.ps1 Imported GPO's in AD In the image above you can see everything that is imported with the Security Baseline for … Continue reading Understanding Microsoft Security Baselines and Applying Them – Part 2
Enable Remote Work for Organizations – Interview with Microsoft Services Expertise
This is 16 Minutes interview with Microsoft Services Expertise discussing How Microsoft Enable Remote Work for Organization using Windows Virtual Desktop.
Field Notes: Azure MFA and SSPR combined registration now Generally Available
As organizations are asking employees to work from home to slow the spread of COVID-19, it’s even more important that users are registered for MFA and SSPR. We want to make it easier for remote workers to keep their accounts secure.
Field Notes: Azure AD – Configuring Self-Service Password Reset in Hybrid Deployments
This is a continuation of a series on Azure AD Connect. The second blog post of the series covered a custom installation. One of the optional features I promised to cover then was password writeback, which I discuss in this blog post as part of enabling the self-service password reset (SSPR) feature in a hybrid … Continue reading Field Notes: Azure AD – Configuring Self-Service Password Reset in Hybrid Deployments
Active Directory Based Activation (ADBA) Fails with Error: 0x8007202B
Introduction I was working with a customer recently who could not get clients or servers at a new remote site to activate using Active Directory Based Activation (ADBA). They were getting event ID 8214 as in the image below. Notice in the above where I bold the computer name Client1.Child1.Contoso.local. This means that Client1 is … Continue reading Active Directory Based Activation (ADBA) Fails with Error: 0x8007202B
Setup Hybrid Azure AD Join – Part 2
Welcome back to the second and last post to setup hybrid Azure ad join. Hopefully all went well with configuring Pass-Through Authentication. Below you will find a link back to part 1. Configure Pass-Through AuthenticationSetup Hybrid Azure AD Join Setup Hybrid Azure AD Join Consider the following prerequisites before moving forward. Prerequisites Domain controller should … Continue reading Setup Hybrid Azure AD Join – Part 2
Setup Hybrid Azure AD Join – Part 1
In addition to users, device identities can be managed by Azure Active Directory as well, event if they are already managed by your on-premise network. This two part series will walk you throught the step to allow your devices to be both on-premise and Azure active directory joined, otherwise known as hybrid Azure ad join