You would expect that a service that is responsible for the naming of objects within a namespace should prohibit the creation of objects with the same leaf name and fully qualified name. Put simply you should not be able to have two files in the same directory with the exact same name in your file …
Category Archives: Active Directory
How to configure SAML SSO with the Cisco Meraki Dashboard and Azure Active Directory
Introduction The fine people at Cisco Meraki have recently enabled SAML SSO support to their Meraki Dashboard service. For those of you who don’t know Meraki is Cisco’s cloud managed networking solution. Basically you manage all your networking equipment from a web portal. For more information about Meraki, go here. Whenever I start using a …
Connecting to an Azure AD joined machine with an Azure AD user account over Remote Desktop
Introduction Windows 10 introduces the ability to join a computer to the cloud directory service Azure AD. This is very similar to the traditional domain join, where you join a computer to an Active Directory domain, run on-premises by one or more Domain Controllers. Both operations lets the computer operate within a common security context …
Some thoughts on Group Policy design
Group Policy has been with us for well over 12 years now and has turned out to be a good tool for deploying configurations to your users, servers and clients. A summary of Group Policy in general is beyond what I want to say here so for anyone looking for that before reading on have …
Customized claims in ADFS
Introduction The claims pipeline in ADFS is an interesting piece of software. I recently had a chance to re-familiarize myself with it. A third party SaaS application used an organizations internal employee numbers together with their own customer number for that organization to uniquely identify users. This called for issuing a claim to the SaaS …
Get-ADUser quirkiness
So I was trying to find all the users in an Active Directory domain that had a manager. Naturally I turned to PowerShell and the Get-ADUser cmdlet. First I tried this: Get-ADUser -Properties Manager -Filter { manager -like “*” } That threw this error: Get-ADUser : Operator(s): The following: ”Eq’, ‘Ne” are the only operator(s) …
Delegating computer object management tasks
Introduction The subject of delegating permissions in Active Directory for management of computer objects has been covered many times in many forums. I wanted to try to collect all that information as well as add some refinements of my own. Rights vs. permissions In the olden days, back when I was just a wee lad …
Continue reading “Delegating computer object management tasks”
Recommendations for LDAP lookup accounts and connections in Active Directory
Introduction From time to time someone may want to access your Active Directory Directory Service with LDAP. Usually from a system or location that you view as unsecure or untrustworthy. Examples are printers that do directory lookups to send scanned documents by e-mail and external systems where a provider needs information about your users to …
Continue reading “Recommendations for LDAP lookup accounts and connections in Active Directory”
Active Directory Domain Controllers and certificate auto-enrollment
Introduction to auto-enrollment Auto-enrollment is a useful feature of Active Directory Certificate Services (AD CS). It allows the administrator to configure subjects to automatically enroll for certificates, retrieve issued certificates, and renew expiring certificates without requiring subject interaction. The subject does not need to be aware of any certificate operations, unless you configure the certificate …
Continue reading “Active Directory Domain Controllers and certificate auto-enrollment”
How not to improve the security of your ADFS deployment
Introduction I was involved in an ADFS deployment recently where the customer wanted to restrict access from the Internet to their ADFS proxy servers, located on their DMZ. They used ADFS to federate with Windows Azure Active Directory so they only wanted to allow traffic from the Microsoft Online Security Token Service (STS) servers into …
Continue reading “How not to improve the security of your ADFS deployment”