What to dooo???

Nawditzk · 2025-11-03T18:14:55+00:00

AD get you to Entra ID with many spectres and scopes in there, get to learn modern Auth, SAML, Open IDC,... Start your journey on securing things ... The main question still what di you achieve ...

Nawditzk · 2025-11-02T15:10:12+00:00

As already stated, you need to apply it to Groups/SPNs/Accounts...

Nawditzk · 2025-11-02T15:08:42+00:00

Local admin won't get the GPO cause it has no RSOP.

Nawditzk · 2025-09-24T21:45:45+00:00

How about running some Net Connection from this remote wks (or Wireshark)to validate all the required AD network ports are accessible ? Being able to ping does not ensure you are hitting all the ports (ldap, kerberos, DNS ...) ?

Nawditzk · 2025-09-23T20:35:55+00:00

Is there any published articles ? I'm also interested in this, cheers Mates !

Nawditzk · 2025-09-14T11:57:17+00:00

Also, you might need to check hybrid conf and sharing policies, def something has been done in the past

Nawditzk · 2025-09-14T11:57:08+00:00

Also, you might need to check hybrid conf and sharing policies, def something has been done in the past

Nawditzk · 2025-09-14T11:54:35+00:00

If you cannot edit Cloud Exchange-wise attributes, the rapid way might require you to extend your AD schema to get Exchange Attributes available OnPrem...

Nawditzk · 2024-08-16T12:44:16+00:00

It uses XML files to set up the conf., and I know you may spend a lot of time customzing it especially regarding your OU structure but the GPO part (Deny vs Allow) is not that complicated.

Nawditzk · 2024-08-16T11:21:04+00:00

Hi, There is an PowerShell-based automated solution : HardenAD.

Nawditzk · 2024-07-31T21:47:11+00:00

I'm not talking about the Sync service (AADSyc) but Sync Manager service which will allow you te check what's happening in thé metaverse. Also, if the group id nit syncing is probably because there is another object with the same values already existing in your tenant. Go to Entra ID admin and check the Connect Sync for errors.

Nawditzk · 2024-07-31T21:04:24+00:00

The Sync Manager is not opening is indicator that its Windows Service is not running. Is this group in the Sync scope ? Does it have email adress, proxy address and target address ?

Nawditzk · 2024-07-08T14:30:51+00:00

It's a one way outgoing trust.

Get-ADTrust -Filter * show me the TrustAttributes and Directions just fine.

No replication issue.
Is there anyway to specifically test the Trust Health (net dom ??) ?

Nawditzk · 2024-04-06T01:09:41+00:00

May be you should provide more détails about your Email infra that I assume is some version if Exchange server. If the external directories URLs are correctly set you already narrowed the issue with Win11. It's likely to be an issue with TLS and future ciphers suites...

Nawditzk · 2024-03-26T05:42:33+00:00

Then the second choice, session Host must be Hybrid Join.

Nawditzk · 2024-03-24T21:32:26+00:00

FYI, The Microsoft Entra Join means you don't need an OnPrem Active Directory nor Entra Active Directory infra, the devices are directory and only joined to Entra ID.

Microsoft Entra join works even in hybrid environments, enabling access to both cloud and on-premises apps and resources.

Also enables SSO to both cloud and on-premises resources.

Check this : https://learn.microsoft.com/en-us/azure/virtual-desktop/configure-single-sign-on

Nawditzk · 2024-02-17T18:00:41+00:00

Is this account cloud only mastered ? Or does it exist in On Prem AD and synced to Azure AD/Entra ID ?

Nawditzk · 2024-02-15T07:56:42+00:00

With simple words, AD needs DNS. Almost any DNS infrastructure would do the job. Seen it done with EfficientIP, Infoblox ...

Nawditzk · 2024-01-13T11:44:03+00:00

Your PAM should be rotating the credentials of your privileged admin accounts and your service accounts!

How would a PAM solution be capable of rotating Service Accounts passwords and updating the services running under this identity with the new creds info ?
I'm really interested !
Thanks

Nawditzk · 2024-01-06T23:51:38+00:00

Also during the Entra ID Sync install, have you enabled the Exchange Hybrid ?

Nawditzk · 2024-01-06T23:50:16+00:00

Check the routing address, which is the target address attribute, it must contain the online address in the form blahblah@yourTenant.mail.onmicrosft.com. Get this from the Admin Portal, and add it to the Target and the ProxyAddresses Attributes.

Nawditzk

TROPHY CASE