ADFS – Troubleshooting claims

Azure and Office365 resources

Here are resources about Azure and Office365, let me summarize: Office365 : is an offer of MS services and hosted applications – Saas ; in clear you pay for a service (sharepoint,exchange,office…) and you don’t manage the infra behind (like CPU,RAM,Storage,Security) Azure: is a cloud (private/public) offer – paas/Iaas ; compared to Office365, MS provideContinue reading “Azure and Office365 resources”


Integrating an on-premise Active Directory and Exchange organization with Microsoft Cloud Services will require attention to new elements and details. As an example the list of object attributes in the on-premises Active Directory schema differs from the attributes in the Azure and Office 365 services directory platforms. An example is three critical values that areContinue reading “msExchRecipientTypeDetails”

How to deploy latest Windows GPO ?

The Central Store. To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on a Windows domain controller. The Central Store is a file location that is checked by the Group Policy tools by default. The Group Policy tools use all .admx files that are inContinue reading “How to deploy latest Windows GPO ?”

Azure AD Resources

Azure AD availability: Azure AD blog: Domains FAQ: Domain take over: Azure tips and tricks: Azure subscription and naming convention: Azure RBAC: Manage VM: Main: Azure cost calculator: White papers: Azure health status: Choose the right authentication method: AzureAD connect: OtherContinue reading “Azure AD Resources”

Security baseline for Windows Operating system

Security baseline reference article: Download the latest version: Introduction: Download the content. As usual, the content includes GPO backups, GPO reports, scripts to apply settings to local GPO, Policy Analyzer rules files for each baseline and for the full set, and spreadsheets documenting all available GPOs and our recommended settings, settings that are new toContinue reading “Security baseline for Windows Operating system”

Hacking and Securing Active Directory

Hacking techniques for AD: “state of the art” (but scary!) with possible mitigation (when possible) + a few new methods… For GPO Audit : Spraykatz: ReverseTCP shell: Securing AD: AD Explorer: AD Authentication silos and more: MS white-paper bestContinue reading “Hacking and Securing Active Directory”

PowerShell – DNS – Create conditional forwarder zone

Best practices for DNS forwarding: To export conditional forwarder zones: Conditional forwarders are in the same registry key as the zones. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DNS Server\Zones Export the key then you can import it to the other server. To export global forwarders settings: Global forwarders are setup in the following key. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters Forwarders key ExportContinue reading “PowerShell – DNS – Create conditional forwarder zone”

Azure AD – Securing Identity platform

Reference article: Doc to disable the user consent: Best practices: There are many aspects to a secure Identity infrastructure, but this five-step checklist will help you quickly accomplish a safer and secure identity infrastructure: Strengthen your credentials. Reduce your attack surface area. Automate threat response. Increase your awareness of auditing and monitoring. EnableContinue reading “Azure AD – Securing Identity platform”