Your company's ad could live here and reach over 50,000 people a month!

Author: Forefront Security

Direct Access back in Windows Server 8 – What’s new ?– a quick overview

If you have seen this Windows Server 8 BUILD session “Enabling the hybrid cloud using remote access appliances”, you know that all new feature of DirectAccess are back in Windows Server. I just want to have an overview of what DirectAccess looks like in Windows Server 8. First, DirectAccess is a Role : “Remote Access” You wan deploy both VPN or DirectAccess. You can choose to deploy Remote Access ...

ADFS 2.0 Cross Forest and Cross Domain Requirements

One of the recurrent question about ADFS 2.0 is how many Federation Server is needed in a cross domain or cross forest scenario. The Active Directory Identity Provider is able to authenticate through Trust RelationShip. Cool ! But what kind of trust ? Forest Scope and Trust Relationship Requirements Based on my own test, here is an answer : In a forest, because all child domains are automatically ...

ADFS 2.0 Client Certificate Authentication with a “standalone” CA

In a previous post, we have seen how we can provide client certificate authentication. That was pretty simple, because we used an enterprise CA, an adfs server and a user account, all in the same domain. An other challenge is to use Client Certificate provided by a Standalone Certification Authority (in an other forest or in a workgroup, and of course not integrated in the Active Directory). The g...

ADFS 2.0 : The first release of my Custom LDAP Attribute Store is on CodePlex

As you know, there are three “out of the box” Attribute Store in ADFS 2.0 : Active Directory SQL LDAP But there is a limitation with the LDAP Attribute Store. As this Technet Article says (http://technet.microsoft.com/en-us/library/ff678034(v=ws.10).aspx) : When you work with other Lightweight Directory Access Protocol (LDAP)-based attribute stores, you must connect to an LDAP server that supports...

myTools : SIDTranslator v1.0.0.0

When you work with Active Directory, did you never had to translate an objectSID from a string to hexadecimal format or vice versa ? Now, there is a tool to do that : SIDTranslator. With this tool, you can : Translate a SID from String to Hex or Hex to String (any kind of Hex : 01050000 … , 0x01 0x05 0x00 0x00 … , 01 05 00 00 …) Compare two SID, no matter the format. You can download this tool her...

ADFS 2.0 Client Certificate Authentication

Hi all, Here is how you can enable Client Certificate Authentication for Passive Authentication. In my case, I have a Microsoft AD Certification Service deployed. User have a Personal Certificate (User Authentication) with a private in the user certificate personal store. On the ADFS Server, open the web.config file in inetpub\adfs\ls and looks for the microsoft.identityserver.web section. Put the...

Lync Server Control Panel : Insufficient access rights to perform the operation; A strange Active Directory PropertySet issue

Hi All, Today, a colleague of me asked me to help on a strange Lync Server issue. The symptoms was : From the Lync Server Control Panel, he was unable to view the Lync Enabled Users He was unable to “lync enable” user The error message was “Insufficient access rights to perform the operation” There are many articles and forum where you can find some help : Check the membership of the lync server c...

Limiting Access to Office 365 Services Based on the Location of the Client

Found on the Access Onion Blog, AD FS 2.0 Update Rollup 1 is available here : http://support.microsoft.com/kb/2607496/en-us There are some new great features for Office 365 : Multiple Issuer Support Client Access Policy Support In the Client Access Policy Support section, there is a link to a very interesting TechNet Article : Limiting Access to Office 365 Services Based on the Location of the Cli...

DirectAccess back in Windows Server – What’s new ?– a quick overview

If you have seen this Windows Server 8 BUILD session “Enabling the hybrid cloud using remote access appliances”, you know that all new feature of DirectAccess are back in Windows Server. I just want to have an overview of what DirectAccess looks like in Windows Server 8. First, DirectAccess is a Role : “Remote Access” You wan deploy both VPN or DirectAccess. You can choose to deploy Remote Access ...

What’s new in Active Directory Roles in Windows Server 8 ?

As you know, the Developer Preview of Windows Server 8 was presented during the Build Conference last week. MSDN Subscribers can download this release. I want to show you if there are some new things in Active Directory (DS, RMS and FS) in this amazing release. Role installation is quiet similar as it was in Windows Server 2008 R2, except of course the amazing feature that allow you to deploy mult...