Updating the Kerberos decryption key for the Azure AD SSO computer account is a fairly simple process. In this blog post I walk through the steps to perform an update of the Kerberos decryption key.
IE Mode on Microsoft Edge provides compatibility for legacy sites that require Internet Explorer 11. IE Mode enables users to access modern and legacy sites using a single browser. Users no longer need to switch between browsers to access legacy intranet sites. IE mode supports ActiveX controls such as Java and Silverlight, and it also supports Internet Explorer settings and group policies that affect Protected Mode and security zone settings. In part one of this two-part series, I will configure IE Mode using Group Policy and Microsoft Intune.
The Directory Services Restore Mode (DSRM) password is first set when promoting a new Domain Controller. I have encountered many Active Directory environments where the DSRM password for the Domain Controllers is not known or safely stored for retrieval when needed. In this article I revisit the options to reset the DSRM password.
COVID-19 has in many ways changed the way we work and how IT departments manage users and devices. With remote work continuing for the unforeseeable future, I decided to write this article to demonstrate how easy it is to deploy the new Microsoft Edge browser on Windows 10 and macOS using Microsoft Intune.
Due to the COVID-19 outbreak, most employees are now working from home. Many of these employees are not making use of any VPN solutions to connect to the corporate network. Some of the most frequent questions we receive since the shift to remote work are related to secure channel / machine account password changes.
In this post I will take you through the steps to deploy Azure ATP in your on-premise Active Directory to detect and investigate threats in your environment.
I have been using Group Managed Service Accounts (gMSA) more frequently and decided to post a refresher on the creation of gMSA accounts. I still find that customers are not making use of these service accounts and use standard accounts with fixed passwords instead. In this blog I will highlight the benefits of using a gMSA account and show the steps to create and update a gMSA account
The new Microsoft Edge browser based on Chromium was released in January 2020. Unlike the original Edge browser, which is only available for Windows 10, the new Microsoft Edge Chromium based browser can be installed on Windows 7/8/8.1/10 and is also available for MacOS. Microsoft Edge is ready for business and has dedicated deployment resources … Continue reading Microsoft Edge: Viewing applied policies
In part 2 of the series we've successfully lowered the Forest Functional Level (FFL) and Domain Functional Level (DFL) to Windows Server 2008. The demonstration was completed in a forest where the Active Directory Recycle Bin was not enabled. In this final part of the series, I will first raise the functional levels back to … Continue reading Downgrade Active Directory Domain and Forest Functional Levels (Part 3)
I recently assisted a customer with Name Server (NS) records in DNS, disappearing from their DNS zones. All of the Domain Controllers are configured as DNS servers, yet when viewing the NS records for the Active Directory-integrated DNS zones, only a few of these servers had NS records. The administrators manually re-added the NS records … Continue reading Field Notes: The case of the disappearing Name Server (NS) records