Category: Uncategorized

  • DataWiza – Secure Hybrid Access done right

    As you might have noticed, the last few posts are all about identity and the so called Secure Hybrid Access solutions. This one fall under that same category and is not sponsored by, but I did get a test account from them…. Active Directory or any identity store is usually used as the primary source…

  • Surface Hub at home

    The Microsoft Surface Hub is a gigantic whiteboard on steroids. It allows you to .. (dhu) Whiteboard, but also allows you to join meetings through Skype or Teams, load PowerPoint/Word documents, connect you to your Office 365 services and much much more. Now the device in itself is special already, with many Mic’s and Camera’s…

  • Selective password synchronization with AAD-Connect

    In my previous post, I talked about the possibility of using Kerberos Constraint Delegation to avoid having passwords in AAD. However, sometime you want to have a few passwords in AAD-Domain Services to ensure that administrators can still login to the VM’s interactively (RDP) or users are able to use certain services that are not…

  • ADFS behind Azure Traffic Manager

    When you have ADFS hosted on Azure (as per my previous post), you might want to look at using Traffic Manager and then especially the probes and the endpoints.. Euhm.. oops.. this is embarrassing… we’ve found a bug. Well one of my readers did and I investigated further. When you follow the directions as below,…

  • AAD-DS + KCD-PT + Federation (or how to avoid passwords on the cloud)

    New (and only available within Azure) are the Azure Active Directory Domain Services. This service is based on Azure Active Directory and the data replicated into it. It provides Domain Services as a service to subscription administrators and can be very useful for many scenario’s where domain services are required, but security or management of…

  • Redundant SRX Junos to Azure VPN with VNET Peering

    Ever since playing with BGP I was looking for a way to make redundant tunnels. As the local internet provider here would only allow me a single IP address, I looked at the other side. What if we have two Azure regions that have a VPN tunnel to my SRX and between each other. Routing…

  • ADFS on Azure

    Azure Active Directory and thus any relying party on that service (such as Office 365) has two different modes for (your) custom domains that are added to it. Managed and Federated. Managed means that the authentication happens against the Azure Active Directory. The password (-hashes) of the user accounts are in Azure AD and no…

  • ImmutableID – mS-DS-ConsistencyGuid – AADSync

    Paul Williams talked in his blog about using another attribute from on-premises Ad’s to act as the ImmutableID for Azure Active Directory (http://blog.msresource.net/2014/03/10/windows-azure-active-directory-connector-part-3-immutable-id/) While making a very detailed blog entry on why and which attribute to choose, there wasn’t a guide on how to make this work in AADSync. [update 21-Aug-2017: The latest version of…

  • Pass the Hash

    When you create a new forest or new domain, you use the Domain Admin credentials. Through the use of the “Administrator” account you can control each and every workstation and server. You can install Exchange, System Center products and much much more. But Microsoft is probably thinking twice now about the framework they have chosen…

  • Azure Networking S2S + P2S

    In a previous post we looked at the ability of creating a Site-2-Site connection from Checkpoint to Azure using a Dynamic Gateway. In this post, we look at client-dialup (VPN) into the Azure network and establish routing between all the sites involved.

  • RDS Gateway through WAP

    I’ve been trying to get RDS Gateway to work behind my WAP proxy server which is included in Windows Server 2012 R2 and v.Next version. While it is possible to implement ADFS based authentication based on the URL: http://technet.microsoft.com/en-us/library/dn765486.aspx But what if we wanted to publish the simple RDS Gateway on our backend server for…

  • Geo-Clustering

    Geo Clustering exists in many options, and dependent highly on the requirements and technical capability. This post is to discuss some options and things to consider before deploying any geo-cluster. Data GEO- Redundancy The first dependency in clustering is storage capability. Data from the workload in the cluster will be written to disk and that…