It is always recommended to utilize Active Directory monitoring to help you maintain a healthy authentication and authorization infrastructure. The Windows Time service is a critical component in being able to authenticate users that are using the Kerberos V5 services used by Active Directory. However, some questions usually come up as to how the Windows Time service works and what information should you be looking for when your AD monitoring system finds issues.
Azure & Active Directory Center
ENow Software's Azure & Active Directory blog built by Microsoft MVPs for IT/Sys Admins.
Microsoft 365 tenant-to-tenant migrations happen very often. There are merger and acquisitions, such as when a company buys another company. And there are divestitures, such as when a company gets partially outsourced to another company. This three-part blog series covers everything you should be aware of when you, as an admin, get involved in tenant to tenant migrations.
Is time, or more precisely an accurate time, necessary to operate an IT infrastructure? Well, it all depends.
In order to operate a secure IT infrastructure, all computer systems must have precise time information. Computer systems can query time information via the NTP (Network Time Protocol) from other systems, so-called NTP servers or NTP sources, and adjust their local system time in the event of a deviation.
In the previous blog article “The Active Directory Time Service – Part 1: AD Monitoring basics of W32time”, we discussed how Network Time Protocol (NTP) and the Windows Time Service work within Active Directory and why they are critical components of Active Directory Monitoring. In this next part, we will learn about how to configure NTP time sync both manually and by using Group Policy. Before we go and make any changes, we need to check the current settings.
Kerberos may be considered the old-timer of authentication protocols, but Active Directory still relies heavily on it. That’s why Microsoft is now using a new strategy to address vulnerabilities. IT Pro's may operate the same way they did before but might not get the same results as they once did.
Introduction to Identity
With organizations moving workloads to the cloud, they no longer have the traditional network security boundaries to manage access to applications and data. Therefore, identity is now the primary control plane in the cloud. This means that organizations control capabilities based on either the user identity or the device identity or a combination of both, using controls such as conditional access policies, compliance policies, self-service, single sign-on and automatic account provisioning and deprovisioning to cloud software as a services (SaaS).
Lightweight Directory Access Protocol (LDAP) is a directory service protocol that is used to search for information within your Active Directory and a useful tool that can better assist you with Active Directory Monitoring. LDAP is used to search your active directory for information about users, computers, and groups within your Active Directory database. LDAP queries can be run from multiple different tools including PowerShell, ldapsearch, VB Scripts, and the saved queries feature in Active Directory Users and Computers.
Preparing Active Directory for the Cloud
IT departments in organizations of all sizes can expect to be moving resources to one cloud or another in the very near future. This is becoming a fact that all IT professionals are going to need to deal with in the coming years.
There is no doubt that Microsoft has fully embraced The Cloud. While “Mobile first, cloud first” might be a silly statement, there is no doubt that Microsoft means it. There are very few on-premises products that Microsoft has much interest in selling at all. If there is a cloud-based option for any solution, Microsoft is going to push that cloud version at the expense of the on-premises version.
AAD Roles for EXO Administrators
In one of my other articles “Accessing Exchange Online Objects” I outlined how you can interact with these objects. When you need to scope apps with application permissions to a subset of mailboxes, we can use ApplicationAccessPolicies as outlined here by Microsoft.
Want to learn more about Active Directory?
Active Directory Administration Cookbook, 2nd Edition
In this book, Microsoft MVP & Technical Editor of ENow's Azure & Active Directory Center, Sander Berkouwer will share the intricacies of managing Azure AD, Azure AD Connect as well as Active Directory for administration in the cloud and on Windows Server 2022.