Kerberos at Company Party

Kerberos at the Company Party

Back in 1999, I wrote a book on Windows 2000 Server in general, and Active Directory in particular. I try not to look back at what I wrote about AD back then compared to what I know now, but I remain fond of a passage that explained how the Kerberos ... Read More

The HIP Conference: DEC Updated for the Hybrid Identity Era

| | Disaster Recovery
If you ask any identity professional that’s been involved with Microsoft identity for more than 10 years, you can pretty much assume they’ve heard of DEC: The Directory Experts Conference. Known in its later years as TEC (The Expert’s Conference) when it expanded to include a few other Microsoft products ... Read More
Protecting Your Active Directory Permissions

Protecting Your Active Directory Permissions

| | Disaster Recovery
When we think of protecting Active Directory, we typically think of a few aspects of the directory service that need to be monitored and protected from disasters. If you’re responsible for the care and feeding of your corporate AD, I’m sure you can rattle off the main ones right now ... Read More
Figure 1: Legacy Azure AD authentication choices (Microsoft)

Two New Microsoft Hybrid Services Dramatically Simplify Connecting your Active Directory to Azure

Microsoft recently announced the public preview of two major new capabilities that will make integrating your on-premises Active Directory to Azure AD much, much easier. Passthrough authentication (PTA) and Seamless Single Sign-On (I’m choosing to call it 3SO) will allow your users to easily access Azure AD applications such as ... Read More
updated password

Using AD FS To Change Your AD Password Anywhere, Anytime

One of the really annoying things about passwords is that you have to remember them. If you can’t remember your password at a SaaS provider, it’s pretty straightforward: you click on the “forgot password” link and go through the password recovery process. As is often the case, however, the corporate ... Read More
NIST joins Microsoft in Changing How We Should Think About Passwords

NIST joins Microsoft in Changing How We Should Think About Passwords

On the heels of Microsoft’s updated password recommendations, the National Institute for Standards and Technology (NIST) has come out with its own updated password guidelines. These recommendations parallel many of Microsoft’s recommendations and thus give them extra credibility; in some areas they go further. When two major security industry influencers ... Read More

Understanding Azure AD Password (Hash) Sync

Now that businesses are adopting cloud computing as part of their business model, a large percentage are choosing to connect their on-premises Active Directory environment to its counterpart in the cloud, Microsoft’s Azure Active Directory. When you extend your on-premises AD to Azure AD, you have two choices for how ... Read More

Active Directory Corruption Comes In Two Flavors

Active Directory is a very robust application, as it should be for such a fundamental building block of a company’s IT infrastructure. But the architecture that makes it robust also makes it hard to understand. This lack of understanding often leads to assumptions in your recovery strategy that can leave ... Read More

Active Directory Replication Status Tool (ADREPLSTATUS) Rises Again

Back in 2012, I wrote about a nifty tool known as the Active Directory Replication Status Monitor (inevitably shortened to ADREPLSTATUS for efficiency’s sake) and how it was the first Microsoft tool produced in years to make monitoring Active Directory easier. Then recently Microsoft sort of took it away. Then, ... Read More
MFA Server administration console

When you should use Azure MFA and when you should use MFA Server

One of the most common security-related trends I’m seeing with customers is an interest in adding multifactor authentication (MFA) to both their new and existing solutions. This trend is usually driven by a need to increase overall security, or to satisfy regulatory requirements. As a hybrid service, Microsoft’s Azure Multifactor ... Read More