Field Notes: Azure AD Connect – Group Filtering Gotchas

This is a continuation of a series on Azure AD Connect. In the previous blog post, we looked at filtering options that can be used to control which objects are synchronized from on-premises directories to Azure AD - domain, OU and group filtering. I would like take a closer look at group filtering here, and … Continue reading Field Notes: Azure AD Connect – Group Filtering Gotchas

AD: Nitty Gritty of Fine-Grained Password Policies

Hey everyone, Theron (aka T-) here, Senior Consultant with Microsoft Consulting Services (MCS) specializing in Active Directory. Fine-Grained Password Policies (FGPP) have been around for a while, but in my experience with various customers, they aren't used often, if at all. This post is an attempt to simplify them, provide some details and list some … Continue reading AD: Nitty Gritty of Fine-Grained Password Policies

AD: Domain controllers – discover what you’ve got

Hey everyone, Theron (aka T-) here, Senior Consultant with Microsoft Consulting Services (MCS) specializing in Active Directory. During an engagement with a customer a couple of years ago, I needed to identify some info regarding their domain controllers. They were in the process of deploying System Center Operations Manager (SCOM) at the time, but it … Continue reading AD: Domain controllers – discover what you’ve got

AD: Discover what you’ve got

Hey everyone, Theron (aka T-) here, Senior Consultant with Microsoft Consulting Services (MCS) specializing in Active Directory. I wrote a really basic script that will scour your domain and return some valuable information regarding its configuration. There are probably several things in the script that could be done differently and if I was to go … Continue reading AD: Discover what you’ve got

AGPM: The case of the missing GPT.ini file – a possible workaround

Hey everyone, Theron (aka T-) here, Senior Consultant with Microsoft Consulting Services (MCS) specializing in Active Directory, amongst other technologies, including Advanced Group Policy Manager (AGPM). Have you ever deployed a GPO via AGPM only to experience either of the two situations? EventID 1058 (GroupPolicy) in a client’s System log or The follow message when … Continue reading AGPM: The case of the missing GPT.ini file – a possible workaround

Field Notes: Azure Active Directory Connect – Verifying Federated Login

I started off this Azure AD Connect series by going through the express installation path, where the password hash synchronization sign-in option is selected by default. This was followed by the custom installation path using pass-through authentication and a remote SQL installation. The latest post in the series covers federation with Active Directory Federation Services … Continue reading Field Notes: Azure Active Directory Connect – Verifying Federated Login

Step by Step: Enforce Require LDAP Signing on domain controllers. Part 2

Introduction On Part 2 of this post, I will show how to request a certificate for a domain controller to use LDAPS, we will see also why we should never use simple bind on clear text. This post is intended to give you an action plan on how you can Enforce Require LDAP Signing on … Continue reading Step by Step: Enforce Require LDAP Signing on domain controllers. Part 2

Step by Step: Enforce Require LDAP Signing on domain controllers. Part 1

Introduction: One of the security settings that Microsoft recommend applying on domain controllers is to Require LDAP Signing. Requiring LDAP signing is one policy setting that can be applied on a few seconds using group policy, but what is the impact of applying this setting in your production environment? In most customer environments I visited, … Continue reading Step by Step: Enforce Require LDAP Signing on domain controllers. Part 1

Field Notes: Azure Active Directory Connect – Federation with AD FS

I started off this Azure AD Connect series by going through the express installation path, where the password hash synchronization sign-in option is selected by default. This was followed by the custom installation path using pass-through authentication and a remote SQL installation. See: Field Notes: Azure Active Directory Connect – Express InstallationField Notes: Azure Active Directory … Continue reading Field Notes: Azure Active Directory Connect – Federation with AD FS

Field Notes: Azure Active Directory Connect – Custom Installation with Pass-Through Authentication & a remote SQL Server

Integrating your on-premises directories with Azure Active Directory makes your users more productive by providing a common identity for accessing both cloud and on-premises resources.  Azure Active Directory Connect is the Microsoft tool designed to meet and accomplish your hybrid identity goals.  It provides features such as password hash synchronization, pass-through authentication, federation integration, and … Continue reading Field Notes: Azure Active Directory Connect – Custom Installation with Pass-Through Authentication & a remote SQL Server