AD: Nitty Gritty of Fine-Grained Password Policies

Hey everyone, Theron (aka T-) here, Senior Consultant with Microsoft Consulting Services (MCS) specializing in Active Directory. Fine-Grained Password Policies (FGPP) have been around for a while, but in my experience with various customers, they aren't used often, if at all. This post is an attempt to simplify them, provide some details and list some … Continue reading AD: Nitty Gritty of Fine-Grained Password Policies

AD: Domain controllers – discover what you’ve got

Hey everyone, Theron (aka T-) here, Senior Consultant with Microsoft Consulting Services (MCS) specializing in Active Directory. During an engagement with a customer a couple of years ago, I needed to identify some info regarding their domain controllers. They were in the process of deploying System Center Operations Manager (SCOM) at the time, but it … Continue reading AD: Domain controllers – discover what you’ve got

AD: Discover what you’ve got

Hey everyone, Theron (aka T-) here, Senior Consultant with Microsoft Consulting Services (MCS) specializing in Active Directory. I wrote a really basic script that will scour your domain and return some valuable information regarding its configuration. There are probably several things in the script that could be done differently and if I was to go … Continue reading AD: Discover what you’ve got

AGPM: The case of the missing GPT.ini file – a possible workaround

Hey everyone, Theron (aka T-) here, Senior Consultant with Microsoft Consulting Services (MCS) specializing in Active Directory, amongst other technologies, including Advanced Group Policy Manager (AGPM). Have you ever deployed a GPO via AGPM only to experience either of the two situations? EventID 1058 (GroupPolicy) in a client’s System log or The follow message when … Continue reading AGPM: The case of the missing GPT.ini file – a possible workaround

Field Notes: Azure Active Directory Connect – Verifying Federated Login

I started off this Azure AD Connect series by going through the express installation path, where the password hash synchronization sign-in option is selected by default. This was followed by the custom installation path using pass-through authentication and a remote SQL installation. The latest post in the series covers federation with Active Directory Federation Services … Continue reading Field Notes: Azure Active Directory Connect – Verifying Federated Login

Step by Step: Enforce Require LDAP Signing on domain controllers. Part 2

Introduction On Part 2 of this post, I will show how to request a certificate for a domain controller to use LDAPS, we will see also why we should never use simple bind on clear text. This post is intended to give you an action plan on how you can Enforce Require LDAP Signing on … Continue reading Step by Step: Enforce Require LDAP Signing on domain controllers. Part 2

Step by Step: Enforce Require LDAP Signing on domain controllers. Part 1

Introduction: One of the security settings that Microsoft recommend applying on domain controllers is to Require LDAP Signing. Requiring LDAP signing is one policy setting that can be applied on a few seconds using group policy, but what is the impact of applying this setting in your production environment? In most customer environments I visited, … Continue reading Step by Step: Enforce Require LDAP Signing on domain controllers. Part 1