Tag: Active Directory (Page 2 of 2)

Building High-Available LDAPS Architectures

January 31, 2026 / Michael Waterman / 5 Comments

If you’re running Active Directory, like I said in a previous blog, that’s the majority of readers, you’re almost certainly using LDAPS, the secure version of LDAP. Not just because it’s “best practice,” but because plaintext LDAP over port 389 is a really bad idea, furthermore Microsoft has blocked access when you’re trying to connect to just LDAP on port 389 without any form of security.

While Microsoft has not removed the ability to use LDAP on port 389, recent security hardening features (such as LDAP channel binding and LDAP signing) can be configured to reject simple bind operations that are not signed or encrypted. In practice, many organizations today do not support clear-text LDAP unless it is secured (for example, via LDAPS). That’s why enabling LDAPS and proper security policies is highly recommended.

Unfortunately most environments treat LDAPS like a checkbox: “Yeah, we enabled LDAPS, installed a certificate, moved on.”

And that’s fine… until it isn’t. If your LDAP clients, VPN gateways, firewalls, RADIUS/NPS servers, Linux services, identity proxies, SaaS connectors, security appliances (the list goes on) depend on LDAPS, then what happens when the one Domain Controller you pointed them at suddenly goes offline?

PKI – Part 5: Creating Unique Object Identifiers (OIDs)

May 10, 2025 / Michael Waterman / 2 Comments

Introduction: Why OIDs matter in PKI

When building or managing a Public Key Infrastructure (PKI), precision and uniqueness are not optional, they’re very essential. Don’t be one of many, be your unique self! One key element that reflects this is the Object Identifier (OID). OIDs are globally unique values used to identify everything from certificate policies and application purposes to custom certificate extensions and cryptographic algorithms.

Mastering Active Directory Dynamic DNS maintenance

April 28, 2024 / Michael Waterman / 5 Comments

A long long time ago, in a galaxy far far……. wait, that’s a different universe! But today I do want to talk about something very ancient, R FC2136 that was released in April 1997. This specific RFC describes the process of “Dynamic Updates in the Domain Name System (DNS UPDATE)“.

Unmasking the Legacy: How the Pre-Windows 2000 Compatible Access Group Haunts PowerBI Users Today

February 27, 2024 / Michael Waterman / 0 Comments

Today I’ve learned,

That even software and designs from quarter of a century ago still influence the modern Cloud enabled world. In this specific case I’m talking about the PowerBI gateway and how it operates in an on-prem Active Directory environment. Allow me to explain…

Exploring Persistent Access in Active Directory: The AdminSDHolder Backdoor

January 29, 2024 / Michael Waterman / 0 Comments

Hey there, tech enthusiasts and Active Directory adventurers! Today, let’s talk about something really cool yet often overlooked in the world of Microsoft Active Directory: the AdminSDHolder. Now, you might be thinking, “What’s so special about this AdminSDHolder?” Well, let me tell you, it’s a game-changer in how security permissions are managed in your organization’s digital realm.

Secure Identity Integration: The Roadmap with Entra Connect

December 28, 2023 / Michael Waterman / 1 Comment

Have you ever wondered how to seamlessly connect your on-premises Active Directory with Entra ID? Well, you’re in the right place because today, I’m diving into Entra Connect, formerly known as Azure AD Connect. But hold on tight, because we’re not just talking about the basics; we’re here to make sure you install and configure it like a security pro!

PKI – Part 1: Introduction to Public Key Infrastructure

August 30, 2023 / Michael Waterman / 0 Comments

In the intricate realm of modern digital communication, trust and security form the bedrock upon which data integrity, confidentiality, and authentication rest. Public Key Infrastructure, commonly referred to as PKI, stands as an elegant solution to the complex challenge of establishing and maintaining this foundation of trust in a digital age.

Navigating PowerShell Remoting Challenges with PowerShell 7

August 27, 2023 / Michael Waterman / 0 Comments

In the world of system administration and automation, PowerShell has been a trusted companion for managing tasks efficiently across a variety of environments. With the introduction of PowerShell Core 7, the capabilities of PowerShell expanded further by becoming cross-platform, allowing administrators to manage systems regardless of their operating system. Recently, I embarked on a journey to explore the capabilities of PowerShell Core 7’s remoting features, but as often happens in the world of technology, I encountered an unexpected challenge.

Managing SUDO from Active Directory

October 21, 2022 / Michael Waterman / 0 Comments

Welcome to the last of a three part series about Ubuntu and Active Directory. In my previous posts I explained how you could, in just a few steps, join an Ubuntu machine to an Active Directory domain and manage it accordingly. This time I’m addressing centralized management of sudo users. Meaning who can execute commands as sudo on managed Linux desktops (in my case Ubuntu).

Advanced Ubuntu Configuration with Active Directory

October 7, 2022 / Michael Waterman / 0 Comments

In the previous blog post I wrote about how to join a Ubuntu 22.04 machine to a Microsoft Active Directory domain. In this follow up post I want to dive a little deeper into the configuration files, a bug I ran into during testing and setting some advanced security settings for access management. The latter is crazy easy actually, keep on reading.