Tag: ACTIVEDIRECTORY

LDAP Proxy for old stuff

Doing Active Directory Migrations is always tricky, certainly on applications. I’ve recently came across an application that performs an (uche 200x) based simple-LDAP bind to validate credentials. Now, we could rewrite the entire application to use SAML, OpenIDConect, Kerberos, Headers or whatever. But that’s not always possible. But how do we manage applications that do […]

Read more

ImmutableID – mS-DS-ConsistencyGuid – AADConnect – ADMT – Part 4 – Groups

In earlier posts I talked about ADMT and user accounts. Now a migration is never a full migration if groups are not migrated too. But how Azure AD Connect deals with users and groups is a bit different, certainly when custom anchors are being used. In this post we will be looking at how we […]

Read more

Look up… DNS Anycast on ADDS

When deploying Active Directory, it has been a tradition to set the DNS IP addresses on clients to match the nearest Domain Controller to the clients. This means that every DHCP scope in the organization has to have different IP addresses for the name servers and administrators have to manually ensure everything is configured correctly. […]

Read more

Offline AD Domain Join for Azure Files

The URL: Windows Virtual Desktop for the enterprise – Azure Example Scenarios | Microsoft Docs explains a bit on how the integration with Azure Files and Active Directory can be accomplished. However, it does not highlight the creation of the AD object to represent the storage in your Active Directory. So a short post on […]

Read more

F5 – LDAP – Active Directory Lightweight Services

Some people have had some trouble with the F5 demo I posted about where we can inject additional HEADERS based on an external LDAP store. While this post specifically goes into setting up the LDAP store for that, it can also be used for any Active Directory LDAP deployment. First let’s start with a standard […]

Read more

Azure AD – Domain services preview features

There are 3 (relatively) new functions in Azure AD Domain Services. Both in preview at the time of writing but combining all can unlock new functionality. This post will go over the following items with regards to Azure AD – Domain Services What’s new in Azure AD – Domain Services Force trust creation with AAD-DS/ADDS […]

Read more

F5 – Allowing AAD Guests Kerberos Access

F5 – KCD – AAD – B2B In my last post I gave you a script that allows the automatic creation of B2B users in your local AD to enable you to publish (on-premises) Kerberos applications using Constraint Delegation. In this post, we will enable an F5 to use this setup to actually publish the […]

Read more

F5 BIG-IP & AAD & KCD Simplified

With the release of an Application in Azure AD, the configuration of F5 publishing Kerberos backend applications have just been made a whole lot easier. This we cover in this post, but as an added bonus, the previous post adds the possibility of authenticating (Forest) trusted users on the same backend server using KCD (although […]

Read more

F5 Big-IP & AAD & BASIC / NTLM

In our previous post we looked at using Azure AD to perform the authentication for our F5 published web apps that used Kerberos. Now the strength of the F5 APM module is the SSO capabilities that allow it to authenticate users once and then they could reach any web app published by it, regardless of […]

Read more

F5 Big-IP & AAD & KCD

The title being full of acronyms, this topic is about publishing Kerberos based websites behind an F5 load balancer, while using Azure AD as the authenticating service. Or in more technical terms, F5 will rely on an external SAML based token to perform Kerberos Constraint Delegation towards a backend server. Get settled in, this is […]

Read more