Not so much of a blog post but more of an FYI to let you know that these reference architecture for Azure Identity Management (and other parts of Azure) exist. Identity Management - Reference Architecture Microsoft Azure - Reference Architecture
Category: Active Directory
Performance Tuning Guidelines for Windows Server 2016
Microsoft's performance tuning guide for Windows Server 2016 organises performance and tuning guidance across three tuning categories:
Azure AD Connect: User Realm Discovery Failed.
Recently I faced an issue with Azure AD Connect. The scenario: A Windows Server 2012 R2 box with direct access to the internet with Azure AD Connect installed and running under the context of a service account. As Azure AD Connect was running in the context of a service account, it wanted to utilise a … Continue reading Azure AD Connect: User Realm Discovery Failed.
Azure AD Connect: Initialize-ADSyncDomainJoinedComputerSync
Azure Active Directory Connect (AADConnect) is the tool that connects your on-premises Active Directory to Azure Active Directory. At the end of the setup there is a rather unhelpful message asking you to run "AdSyncPrep:Initialize-ADSyncDomainJoinedComputerSync" Translated to English this means. (also see Update 20/07/2016) Open PowerShell and set your execution policy to unrestricted. set-executionpolicy unrestricted … Continue reading Azure AD Connect: Initialize-ADSyncDomainJoinedComputerSync
The hidden benefit of hacking your own Active Directory?
This summary stems from a brief conversation within a peer circle. A parallax perspective on the issue of passwords. Most IT organisations have an IT Security policy, which defines the required password parameters for an organisation. Active Directory provides a method to enforce the password parameters, from their complexity and length to the frequency that they must … Continue reading The hidden benefit of hacking your own Active Directory?
Active Directory: What to learn next?
The Microsoft MVP summit was held last week (3rd - 7th November) in Redmond, where I had the good fortune to spend the week with members of various Microsoft product teams that are responsible for what we commonly know as Active Directory. I can genuinely say that in technology terms I have not been this interested in the … Continue reading Active Directory: What to learn next?
Active Directory: A user cannot be in more than 1015 groups.
In any Microsoft Active Directory forest, a user can only a member of 1024 groups but after allowing for up to 9 well known SIDS this number is actually 1015. See KB http://support.microsoft.com/kb/328889If a user exceeds the hard limit of 1015 group memberships they probably will not be able to logon.What do you do to rectify … Continue reading Active Directory: A user cannot be in more than 1015 groups.
