Archive for the ‘AD DS’ Category
This guide has now been updated to include using virtualized domain controller cloning in Windows Server 2012 to expedite forest recovery.
A (300+ page) guide from Microsoft IT:
Contains recommendations to enhance the security of Active Directory installations, discusses common attacks against Active Directory and countermeasures to reduce the attack surface, and offers recommendations for recovery.
and a high level (6 page) overview.
I have updated my post on Dynamic Access Control in Windows Server 2012 learning resources to include a link to the recently released update of the outstandingly good
guide by Mike Stephens of Microsoft. The doc was part of the Understand and Troubleshoot guides for the Windows Server 2012 beta program, a very fine example of a technical guide.
Videos of talks covering topics in:
Virtualization & Cloud
given at the Nordic Infrastructure Conference held in January are now available. There’s broad coverage by many well-known speakers, see the Agenda for links to the videos.
Written by adamsync
February 13, 2013 at 22:59
Posted in Active Directory, AD DS, Cloud, Data Center, Domain Controller, Dynamic Access Control, Enterprise Architecture, Exchange, Exchange 2013, Hyper-V, Identity Management, IdMAAS, Infrastructure, learning resources, Microsoft, Office 365, powershell, single sign-on, SSO, Storage, Technology Architecture, Windows Azure, Windows Azure Active Directory, Windows Server 2012, Windows2012
There are two new posts on ADAMsync over at AskDS.
The second (ADAMSync + (AD Recycle Bin OR searchFlags) = “FUN”) covers interaction between ADAMsync and the AD Recycle Bin functionality; I saw a related issue a long time ago with a customer who had chosen to preserve most every attribute on deletion as a way of trying to avoid doing database restores after accidental deletions. Another issue in this area was in very early versions where the ADAMsync did not have sufficient privilege to see deleted objects; this was fixed by introducing “obscured tombstone” logic that supports DirSync (which underlies ADAMsync) by just returning objectGUID and isDeleted for callers that would not usually have rights to see tombstones.
It’s great to see Microsoft still actively supporting ADAMsync.
In an earlier post I explained that AD DS on Windows Azure Virtual Machines is not Windows Azure Active Directory and later last year Microsoft announced that two key features of Windows Azure Active Directory are available at no charge.
There is now a whitepaper available that covers Active Directory from on premises to the cloud; here’s a snip of the content.
UPDATE: Microsoft have added an additional paper at the same link:
‘The technical article “Leveraging Windows Azure AD from Windows 8 based Line Of Business (LOB) applications” that comes along with the whitepaper further illustrates how a mobile LOB application built on top of the Windows Store app model can be “connected” to the organization’s Windows Azure AD directory tenant, and how to federate a cloud REST API built with .NET with that directory tenant and consume this API from a Windows Store app. Step-by-step instructions are provided to easily reproduce the configuration.’
“This document is intended for system architects and IT professionals who are interested in understanding the basics of the single sign-on feature of Windows Azure Active Directory/Office 365 with Shibboleth 2 along with planning and deploying such a system in their environment.” Has an example of using AD LDS as the user account and attribute store.