Notes on IT (mainly Microsoft)

Archive for the ‘AD DS’ Category

Windows Server 2012: Planning for Active Directory Forest Recovery

leave a comment »

This guide has now been updated to include using virtualized domain controller cloning in Windows Server 2012 to expedite forest recovery.


Written by adamsync

May 2, 2013 at 22:30

Best Practices for Securing Active Directory

leave a comment »

A (300+ page) guide from Microsoft IT:

Contains recommendations to enhance the security of Active Directory installations, discusses common attacks against Active Directory and countermeasures to reduce the attack surface, and offers recommendations for recovery.

and a high level (6 page) overview.


Written by adamsync

May 2, 2013 at 22:24

Understand and Troubleshoot Dynamic Access Control in Windows Server 2012

leave a comment »

I have updated my post on Dynamic Access Control in Windows Server 2012 learning resources to include a link to the recently released update of the outstandingly good

Understand and Troubleshoot Dynamic Access Control in Windows Server 2012

guide by Mike Stephens of Microsoft. The doc was part of the Understand and Troubleshoot guides for the Windows Server 2012 beta program,  a very fine example of a technical guide.

Written by adamsync

March 1, 2013 at 21:47

Nordic Infrastructure Conference 2013 – session videos available

leave a comment »

Videos of talks covering topics in:

Windows server
Virtualization & Cloud
System Management
Unified Communication
Windows Client
Partner talks

given at the Nordic Infrastructure Conference held in January are now available. There’s broad coverage by many well-known speakers, see the Agenda for links to the videos.

Two new posts on ADAMsync over at AskDS

leave a comment »

There are two new posts on ADAMsync over at AskDS.

The first is an ADAMsync 101, covering basic ADAMsync configuration; see also my AdamSync Common problems

The second (ADAMSync + (AD Recycle Bin OR searchFlags) = “FUN”) covers interaction between ADAMsync and the AD Recycle Bin functionality; I saw a related issue a long time ago with a customer who had chosen to preserve most every attribute on deletion as a way of trying to avoid doing database restores after accidental deletions. Another issue in this area was in very early versions where the ADAMsync did not have sufficient privilege to see deleted objects; this was fixed by introducing “obscured tombstone” logic that supports DirSync (which underlies ADAMsync) by just returning objectGUID and isDeleted for callers that would not usually have rights to see tombstones.

It’s great to see Microsoft still actively supporting ADAMsync.

Written by adamsync

February 8, 2013 at 00:13

Windows Azure Active Directory update

leave a comment »

In an earlier post I explained that AD DS on Windows Azure Virtual Machines is not Windows Azure Active Directory and later last year Microsoft announced that two key features of Windows Azure Active Directory are available at no charge.

There is now a whitepaper available that covers Active Directory from on premises to the cloud; here’s a snip of the content.


UPDATE: Microsoft have added an additional paper at the same link:

‘The technical article “Leveraging Windows Azure AD from Windows 8 based Line Of Business (LOB) applications” that comes along with the whitepaper further illustrates how a mobile LOB application built on top of the Windows Store app model can be “connected” to the organization’s Windows Azure AD directory tenant, and how to federate a cloud REST API built with .NET with that directory tenant and consume this API from a Windows Store app. Step-by-step instructions are provided to easily reproduce the configuration.’

Written by adamsync

January 26, 2013 at 00:04

Office 365 Single Sign-On with Shibboleth 2 whitepaper

leave a comment »

“This document is intended for system architects and IT professionals who are interested in understanding the basics of the single sign-on feature of Windows Azure Active Directory/Office 365 with Shibboleth 2 along with planning and deploying such a system in their environment.” Has an example of using AD LDS as the user account and attribute store.

Written by adamsync

November 4, 2012 at 23:08