Domain Names to use with Azure Active Directory

Posted June 29, 2014

I surfed across to the TechNet Forums again to see what they are up to these days and found the Azure AD forum. I haven’t been active in the Forums for quite some time, but finally found some time to post there again.

One of the questions caught me by surprise. I know that all sorts of organizations look into Azure Active Directory now and incorporate it into their cloud strategies. Usually, these organizations have an Windows AD backend that they use to federate with Azure AD – but apparently not all of them.

The question that I’ve found reads similar to this: “Hi, we have created an Azure AD tenant and are actively using it. Now that we’ve purchased some servers that we want to run locally – on-premises – we need an on-premises Active Directory, too.”

Funny enough, they are doing things the other way around than I’d say 98% of organizations out there leveraging the Microsoft cloud. Ultimately, they’re trying to achieve the same thing: manage identities and leverage on-premises infrastructure as well as cloud resources integrated into Azure AD – which likely leads to federation and directory synchronization.

Read more »

Posted in - Active Directory, Azure AD - Comments(0)

Now there is support for Windows Server 2012 and WMWare VSphere 5.1

Posted July 5, 2013

It’ll only say it was about time. Took them 12 months to file the Submission to SVVP:

http://www.windowsservercatalog.com/item.aspx?idItem=18c9ca52-dc8d-b817-c833-b096b65c67de&bCatID=1521

Posted in - Active Directory, Don't be THAT guy, Windows Server 2012 (R2) - Comments(0)

Dynamic Access Control – ACL evaluation

Posted June 29, 2013

So – here’s another rambing about Dynamic Access Control. It looks like this is becoming one of my favorite topics these days. Or it’s just that  I think it needs the attention. You decide yourself.

Today, I’d like to introduce the process of ACL evaluation on files and folders when DAC is used with them. Things change a little and I thought it’s worth writing about it so you know what to expect when designing your access control with DAC.

So how are ACLs evaluated when DAC is enabled? Essentially, an Access Control List comprises of a number of Access Control Entries (ACEs). An ACE describes the kind of access a security principal gets on a particular object, in our case on File Resources, like in these two examples:

ALLOW READ ACCESS for members of security group CONTOSO\finance [for this folder and all subfolders]

ALLOW READ, WRITE ACCESS for members of security group CONTOSO\finance-admins [for subfolders only]

Read more »

Posted in - Active Directory - Comments(0)

Next Page »