Goodbye Azure AD, Hello Entra ID

The Entra Suite

Today Microsoft made big announcements about its Microsoft Entra suite of identity and security products and capabilities. The Microsoft Entra suite is expanding into Security Service Edge and Azure Active Directory (Azure AD) is becoming Microsoft Entra ID. Azure Active Directory as a name is now earmarked for the history books and Entra ID is born.… keep reading

Lithnet Password Protection for Active Directory

Lithnet Password Protection for Active Directory

Today Ryan Newington released the latest Open Source project from Lithnet; Lithnet Password Protection for Active Directory.

I’ve posted extensively about leveraging Lithnet services in conjunction with Microsoft Identity Manager. In fact many of the solutions I’ve built for customers just wouldn’t be as functional without Ryan’s extensive contributions to the Microsoft Identity Management community under the Lithnet brand.… keep reading

Identifying Active Directory Users with Pwned Passwords using Microsoft/Forefront Identity Manager v2, k-Anonymity and Have I Been Pwned

Microsoft Identity Manager - Have I Been Pwned

Background

In August 2017 Troy Hunt released a sizeable list of Pwned Passwords. 320 Million in fact.

I subsequently wrote this post on Identifying Active Directory Users with Pwned Passwords using Microsoft/Forefront Identity Manager which called the API and sets a boolean attribute in the MIM Service that could be used with business logic to force users with accounts that have compromised passwords to change their password on next logon.… keep reading

Diagnosing FIM/MIM ‘kerberos-no-logon-server’ error on an Active Directory Management Agent

Kerberos No Logon Server - MIM Sync AD MA between Forests

Overview

I have a complex customer environment where Microsoft Identity Manager is managing identities across three Active Directory Forests. The Forests all serve different purposes and are contained in different network zones. Accordingly there are firewalls between the zone where the MIM Sync Server is located and two of the other AD Forests as shown in the graphic below.… keep reading