AD Connect

Azure AD Connect – How to connect your Active Directory Domain to Azure AD ? – Part 2 | Pass-through Authentication

Leave a Comment

Azure Active Directory (Azure AD) Pass-through Authentication allows your users to sign in to both on-premises and cloud-based applications using the same passwords. This feature provides your users a better experience – one less password to remember, and reduces IT help desk costs because your users are less likely to forget how to sign in. When users sign in using Azure AD, this feature validates users passwords directly against your on-premises Active Directory. The user tries to access an application, for example, Outlook Web App. If the user is not […]

Read More →

AD Connect

Azure AD Connect – How to extend your Active Directory Domain to Azure AD ? Part 1 | Password Hash Synchronization

Leave a Comment

The simplest way to enable authentication for on-premises directory objects in Azure AD. Users can use the same username and password that they use on-premises without having to deploy any additional infrastructure. With PHS, hashes of user passwords are synchronized from on-premises Active Directory to Azure AD, allowing Azure AD to authenticate users with no interaction with the on-premises Active Directory. When passwords are changed or reset on-premises, the new password hashes are synchronized to Azure AD in near real-time so that your users can always use the same password […]

Read More →

Azure

AAD – Azure Cloud-based SSO Authentification

Leave a Comment

Cloud-based users Authentication or Azure AD Single Sign-on with Password Hash Sync   This means enable the user to signed in with an Azure Active Directory account to a 3rd party SaaS application in Azure only. Azure AD collects and securely stores the user account information and the related password. Azure AD can support any cloud-based app that has an HTML-based sign-in page. By using a custom browser plugin, AAD automates the sign-in process via securely retrieving application credentials such as the username and the password from the directory, and […]

Read More →

Active Directory Federation Services

ADFS – How-to federate with a customer

Leave a Comment

What is ADFS ? It’s a web service that authenticates your users to Active Directory while also simultaneously providing them access to some claims-aware application (i.e. Office 365). Many times, these applications are typically used through the client’s web browser. The applications can be on-premises, off-premises, or even hosted by other companies. It doesn’t really matter where these applications live, who owns them, as long as they can accept a token with claims. ADFS is an identity access solution that provides client computers (internal or external to your network) with […]

Read More →

Azure

SQL/SSAS – Failover Cluster on Windows 2012 – Installation & Configuration

Leave a Comment

Confirm compatibility of your environnement before deploying a SQL failover cluster. https://docs.microsoft.com/en-us/windows-server/failover-clustering/clustering-requirements Disks configurations Disk 1 – Quorum: Is the quorum of the cluster. A cluster quorum disk is the storage medium on which the configuration database is stored for a cluster computing network. The cluster configuration database, also called the quorum, tells the cluster which physical server(s) should be active at any given time. Disk 2 – Data: This drive must be formatted using 64K. This is the one hosting the databases of the SQL instances Disk 3 – […]

Read More →

Active Directory Federation Services

ADFS – OpenID Connect Configuration

Leave a Comment

Create a new application group in ADFS with the following configuration : Standalone application > Server application Set a name that will define your application Hit next and copy the client identifier to a notepad, you will need it later. The redirect URI is the server local URI you will use to test your application using Visual Studio. You can use https://localhost:44320 or any local port for the tests. The redirect uri is where the client will be send to after the account authorization is successful. Hit next and select […]

Read More →

Active Directory Federation Services

ADFS – Web Application Proxy 2016 Installation & Configuration

Leave a Comment

Prepare two Windows 2016 servers with Windows Updates. Dont join them to the domain. Installing Web Application Proxy Let’s fire up the Add Roles Wizard from Server Manager As noted in the previous post, there is no longer a separate AD FS proxy role in Windows 2016.  The Remote Access feature provides VPN, Direct Access and Web Application Proxy (WAP) functionality.  It is the latter that we need to install. Select Remote Access Unless you want to add any features, like telnet * for troubleshooting purposes later, click next. The […]

Read More →

Active Directory Federation Services

ADFS – Active Directory Federation Services 2016 Installation & Configuration

Leave a Comment

Install and prepare two servers (adfs01/02.domain.com) 2016 with windows updates and join them to your domain. Determine the namespace that you will use for your ADFS (adfs.domain.com) Follow up the next step for completion. Service accounts As recommended by Microsoft,  a Group Managed Service Account (gMSA) has been created for managing the ADFS service. Specify which server will be permitted to use the service account. $server1 = Get-ADComputer “adfs01” $server2 = Get-ADComputer “adfs02” get-ADServiceAccount -identity SRVC_ADFS | set-adserviceAccount -DNSHostName SRVC_ADFS.domain.com -PrincipalsAllowedToRetrieveManagedPassword $server1, $server2   Certificate preparation Before the installation, you […]

Read More →