Category: Active Directory

AD – DCShadow attack

Description of the attack:


Detection of the attack:


ATA Azure ATP detection:

Other articles:






ADFS – export RP and its claims

If you choose not to use the AD FS Rapid Restore Tool, then at a minimum, you should export the “Microsoft Office 365 Identity Platform” relying party trust and any associated custom claim rules you may have added. You can do this via the following PowerShell example

(Get-AdfsRelyingPartyTrust -Name “Microsoft Office 365 Identity Platform”) | Export-CliXML “C:\temp\O365-RelyingPartyTrust.xml”

Implement password hash synchronization:


Migrating from federated authentication (ADFS) to password hash synchronization:


AAD Connect configuration documenter is a tool to generate documentation of an Azure AD Connect installation. Currently, the documentation is only limited to the Azure AD Connect sync configuration.

The current capabilities of the tool include:

  • Documentation of the complete configuration of Azure AD Connect sync.
  • Documentation of any changes in the configuration of two Azure AD Connect sync servers or changes from a given configuration baseline.
  • Generation of the PowerShell deployment script to migrate the sync rule differences or customisations from one server to another.

There are four main options on how you can configure SSO:


ProxyAddress attribute is used by different applications and it can store different type of user addresses (sip, smtp, x500).

If you sync accounts with non-verified domain to O365, those addresses can be replaced with the default domain.

Some interesting reading regarding this topic:

ADConnect not Syncing ProxyAccount for email Alias from on Premise AD to Azure AD

List of attributes that are synced by the Azure Active Directory Sync Tool

A mail user who has proxy addresses that use non-verified domains isn’t synced in an Exchange hybrid deployment

Wrong domain address when synchronizing from on premise AD

Azure AD Connect sync: Attributes synchronized to Azure Active Directory

Disabling SSL/TLS Protocols and Cipher Suites for ADFS:

Note: dont forget to reboot the WAP and ADFS servers to take effect

To test SSL/TLS and much more you can use the free online tool from Qualys:


How to register IP+hostname on DNS with AD-domain joined Linux with SSSD:



MCAS and AIP:–AIP-Integrations?term=AIP&lang-en=true


Security Community:

To test SSL/TLS and much more you can use the free online tool from Qualys:

Links related to TLS which I have consulted: Solving the TLS problem ==>

How to restrict the use of certain cryptographic algorithms and protocols in Schannel.dll ==>

TLS/SSL Settings ==>

Managing SSL/TLS Protocols and Cipher Suites for ADFS: