Change Entra Connect OU Filter Without Reinstalling: Sync Service Manager Path
You set up an OU filter at install time per Part 7. Months later, you need to change it — new OUs were added that should sync, old OUs got…
Tag: Active Directory
Entra Connect Install Walk-Through: Custom Mode + Pass-Hash Sync
Six posts of preparation; one post of actual install. With the prereqs validated (Part 1), installer staged (Part 2), TLS 1.2 enforced (Part 3), UPN suffixes fixed (Part 4), AD…
Run IdFix to Clean Active Directory Before Entra Connect Sync
The TLS configuration from Part 3 got the server ready. The UPN suffix work in Part 4 got the user identities ready. There’s one more gate before the Entra Connect…
Prep a Non-Routable AD Domain for Entra Connect: UPN Suffix Bulk Update
Your internal AD domain is something like infotechninja.local or corp.internal. Microsoft can’t verify those domains in the cloud because they’re not real internet domains. If you sync as-is, every user…
Microsoft Entra Connect Prerequisites: The Nine-Bucket Pre-Install Checklist
Microsoft Entra Connect is the bridge between your on-prem Active Directory and your Entra ID (formerly Azure AD) tenant. It runs on a Windows server in your environment and handles…
Disable the Print Spooler on Domain Controllers (PrintNightmare Hardening via GPO)
The Print Spooler service (spoolsv.exe) runs by default on every Windows host. It manages print jobs, talks to printers, and historically has been one of the most fertile sources of…
Stop Browsers Saving Passwords: ADMX Deployment for Chrome, Edge, and Firefox
Browsers love to save passwords. Users love when browsers save passwords. Security teams less so — saved-in-browser credentials are sitting ducks for malware that knows where to look (Chrome stores…
Hyper-V Replica in a Domain: Kerberos Setup, Walked End-to-End
Hyper-V Replica is the built-in DR layer in every Hyper-V install. Configure it once and Hyper-V asynchronously copies a VM’s disks to a second standalone host every few minutes; if…
Hyper-V Shared Nothing Live Migration: Move a Running VM Between Hosts Without a SAN
Two standalone Hyper-V hosts. No SAN, no Cluster Shared Volume, no shared anything — each host has its own local storage. A VM on the source host needs to end…
Microsoft Entra Password Protection for On-Prem AD: The Clean Teardown
The previous two posts in this series stood up Microsoft Entra Password Protection on an on-prem AD forest — Part 1 walked the architecture and prerequisites, Part 2 walked the…
Microsoft Entra Password Protection for On-Prem AD: The Deployment Walk
Part 1 of this series covered the architecture and prerequisites — the cloud-versus-on-prem split, the proxy-as-egress design, the network ports, the licensing matrix, the FRS-versus-DFSR Sysvol gotcha. With those out…
Microsoft Entra Password Protection for On-Prem AD: Architecture and Prerequisites
Standard Active Directory password policy enforces shape — minimum length, complexity, history, age. Shape doesn’t catch P@ssw.rd or Admin@123: both pass complexity; both are in every credential-stuffing wordlist on the…