Category: Active Directory

ADFS Claims depending on multiple conditions such as group membership and password expiry

In this post I will quickly demonstrate how to achieve a ADFS Claims depending on two different conditions. This specific case is about the password expiry claims that we only want to show for users that are member in a specific Active Directory group. First we need to add an Issuance Transform Rule where we…



Netscaler – Configure Kerberos Authentication + LDAP Group/Attribute Extraction to achieve SSO for internal users

SSO to Netscaler hosted web services for internal users: A request we receive from time to time from our Netscaler customers is that they would prefer internal users (users connected to the company’s LAN/Wifi or through VPN) to automatically get SSO when they browse to a load balanced web system (https://sharepoint.mycompany.com). One way of doing…




Duplicate SRV records are cousing domain join workflows to fail

Have you ever had problems with duplicate SRV records in your environment? This is a quite common phenomenon when you google it without any real solution to it (not at least what I could find). Some environments would not be affected by this, but I got into a specific situation recently where some workflows in…



Azure AD Connect and .NET Framework 4.7.2

Introduction Last week a discussion erupted on Microsoft forums regarding Azure AD Connect due to it’s Monitoring Agent using all free resources of CPU on the servers. These issues were caused by a .NET Framework update and a lot of administrators spent time uninstalling and blocking these patches to resolve the CPU usage issues on…



Specific computer model not joining the domain.

I recently had an issue with a specific computer model not joining the domain. The Task Sequence had not been updated for a while, and we had not done any significant changes to the environment. With other computers working flawlessly, we had issues with a HP EliteDesk 800 G3 DM 35W not joining the domain…



How to join a Windows 10 computer to your Azure Active Directory

Introduction Some of the benefits of having your Windows 10 devices in your Azure AD is that your users can join the computer to your Azure AD without any extra administrator privileges, assuming you have configured this in your Azure AD. They can also login to the computer without the need of being connected to…



Windows 10 Subscription Activation for Hybrid Azure AD Joined devices

In a migration phase to Windows 10 we wanted to be able to benefit from the fairly new Windows 10 Subscription Activation method for the existing environment. One of the requirements for us was that we could do this with Hybrid Azure AD Joined devices. With this post I will try to guide you through…



Backup av Active Directory

Många använder sig utav 3:e partsprodukter som Veeam B&R, Unitreds/PHD Virtual, Backup Exec m.m för att ta backup av sin infrastruktur där flera av dessa har stöd för Application-Aware  / VSS vilket möjliggör backup av domänkontrollanter och Active Directory. Detta är klockrent när man ska återställa en hel miljö och för att Active Directory ska starta upp…