Active Directory

Windows Hello for Business Cloud Trust

We have a lot of customers who use Windows Hello for Business Azure AD joined Key trust. But now that Windows Hello for Business cloud trust is available (preview), we expect to see a move towards Cloud Trust, maybe this could also be interesting for your setup? Key trust is

Continue to read »

Group writeback in Azure AD

This time we will take a closer look at the new group writeback functionality in Azure AD. I really think this will open a lot of possibilities also on-premises. Prerequisites Azure AD Premium license Azure AD Connect version 2021 December release or later. Enable Azure AD Connect group writeback But

Continue to read »

Windows and Office deployment lab kit

Introduction Microsoft just introduced an updated kit for IT pros to plan, test and validate deployment and management of desktops running Windows 10 Enterprise and Microsoft 365 Apps for enterprise. This was earlier known as “Windows insider lab for Enterprise” or “Olympia”.   The lab will cover technologies:   So

Continue to read »

Step by step Autopilot scenarios

Last updated 14.08.2020   Introduction I have written the following blog to share some of the valuable sources of information I have discovered while developing my knowledge related to the rollout of Modern Workplace clients using Microsoft365 Intune and Autopilot. Instead of a standard how to guide I have decided

Continue to read »

Windows Virtual Desktop and Azure File Shares

In our original series on Windows Virtual Desktop we used a standard file server to host the FSLogix Profiles, this was the only option at the time – if used together with our on-premises Active Directory. Now it’s possible to use Azure file shares and on-premises Active Directory together (Preview

Continue to read »

Azure AD support for FIDO2 in hybrid environments

Last year we wrote about Azure AD and password-less sign-in http://blog.mindcore.dk/2019/07/azure-ad-and-password-less-sign-in.html Now we also have support (Public preview) for this in hybrid environments, so let’s try it out. We will use the same Yubico security NFC as last time. First thing we need to be aware of is that we

Continue to read »

Windows Virtual Desktop – Part 5

This is part 5 of our posts regarding Windows Virtual Desktop, until now we have covered: Part 1 – Created a Windows Virtual Desktop tenant – Part 1 Part 2 – Created a service principal and some customization of our on-premises AD – Part 2 Part 3 – Provisioning a

Continue to read »

Windows Virtual Desktop – Part 4

This is part 4 of our posts regarding Windows Virtual Desktop, until now we have covered: Part 1 – Created a Windows Virtual Desktop tenant – Part 1 Part 2 – Created a service principal and some customization of our on-premises AD – Part 2 Part 3 – Provisioning a

Continue to read »

Windows Virtual Desktop – Part 3

This is part 3 of our posts regarding Windows Virtual Desktop, until now we have covered: Part 1 – Created a Windows Virtual Desktop tenant – Part 1 Part 2 – Created a service principal and some customization of our on-premises AD – Part 2 In this part we will

Continue to read »

Windows Virtual Desktop – Part 2

This is part 2 of our posts regarding Windows Virtual Desktop, until now we have covered: Part 1 – Created a Windows Virtual Desktop tenant – http://blog.mindcore.dk/2019/11/windows-virtual-desktop-part-1.html Now let’s continue and create a service principal. We will create the service principal with PowerShell, in order to do that you will

Continue to read »

Windows Virtual Desktop – Part 1

This time we will take a look at Windows Virtual Desktop in Azure. We will connect this cloud solution to our own infrastructure so that we can use on-premises services as well. In order to make this work we already have a Site-to-Site VPN gateway connection setup to connect our

Continue to read »

Enterprise State Roaming

This time I will have a quick test-drive of the Enterprise State Roaming Feature (ESR) with a hybrid Azure AD joined device, for those of us still using our own AD. Enterprise State Roaming will offer a secure synchronization of user settings from Windows and applications to the cloud. You

Continue to read »

Exchange 2013, 2016 and 2019 Schema versions

After an Exchange 2019/2016/2013 installation and Active Directory schema change, several properties are updated to show that everything are as expected. You can use the information in the following to make sure these properties have the right values. Exchange Version msExchProductId rangeUpper objectVersion (Microsoft Exchange System Objects) objectVersion (Organization container)

Continue to read »

ADMT with support for Windows 2012 R2

Looks like we now have a updated version of ADMT with support for Windows 2012 R2, the version number has not changed. At the same time there is a new version of the Password Export Server. At this point in time I have only been able to find the updated

Continue to read »

Active Directory Schema Versions

In order to check your current Active Directory schema version we can use the attribute objectVersion. The attribute objectVersion on the schema container object stores the schema version of the forest. This attribute is set during the creation of the first domain in a forest and is changed during schema

Continue to read »

The trust relationship between this workstation and the primary domain failed

You might not be able to logon to your computer and Windows will sat that The trust relationship between this workstation and the primary domain failed. Typical this will mean that the secure channel with the domain is broken, as explained in this post: http://blogs.technet.com/b/asiasupp/archive/2007/01/18/typical-symptoms-when-secure-channel-is-broken.aspx Nowadays we are able to

Continue to read »

Access is denied

You might se the error Access is denied when some users start a published application or desktop from XenApp. This issue can be seen on users who are member of an extended number of groups, there is not a specific number because it depends on the current number of users

Continue to read »

Default Domain Controllers Policy and Default Domain Policy

This is one of the old ones, I have never had the time to blog. I some situations you might find you self in so big trouble that you would like to recreate the original Domain and Domain Controllers policies. This is possible with the command DCGPOFIX http://technet.microsoft.com/en-us/library/hh875588(v=ws.10).aspx As an

Continue to read »

Default Computer OU in Active Directory

If you do not like that newly created computers in Active Directory goes into the folder Computers, you can change this with the command redircmp http://technet.microsoft.com/en-us/library/cc770619(v=ws.10).aspx First create the desired OU in Active Directory where you want your computers to go, here MyComputers: Then change the default location to this

Continue to read »
Search blog posts
Search
Authors
Modern Workplace consultant and a Microsoft MVP in Enterprise Mobility.

Modern Workplace consultant and a Microsoft MVP in Windows and Devices.

Infrastructure architect with focus on Modern Workplace and Microsoft 365 security.

Cloud & security specialist with focus on Microsoft backend products and cloud technologies.

Cloud & security specialist with focus on Microsoft 365.

Cloud & Security Specialist, with a passion for all things Cybersecurity

Cloud and infrastructure security specialist with background in networking.

Infrastructure architect with focus on design, implementation, migration and consolidation.

Infrastructure consultant with focus on cloud solutions in Office365 and Azure.

Modern workplace and infrastructure architect with a focus on Microsoft 365 and security.

follow us in feedly
Categories

Follow on SoMe