Author Archive

#AADSync Beta2 available on Connect #FIM2010

Wed 16 Jul 2014 Leave a comment

Source: MS Connect announcement by the AADSync product group


Microsoft announced the the availability of AADSync Beta2 on Connect.

You can download it here : AAD Sync Beta2 (


With Beta 2 there are some new features frequently requested:

-       Select only required services/attributes to synchronize to AAD

-       Exchange hybrid deployments

-       Password write-back for multiple-forests (AAD Premium preview feature)


Good news: the AADSync product group is looking for customers who are interested in using Beta2 in production. If you are interested, then do the following:

-       Download the updated build from Connect and read the documentation on for the latest information.

-       Install and verify the scenarios you plan for production use. You do not need permissions from Microsoft to start evaluating AADSync.

-       If you find any issues or need help, submit feedback through Connect. This is also the fastest way to get access to our beta support team.

-       When you have completed the verification and all issues have been resolved, send an email to “Azure AD Sync Service Feedback” with information which scenarios you plan to use and have verified are working. Also provide contact information. The team will respond back with information on how to get call-in support during the preview phase.

Thank you for helping us make AADSync a better product,


Find more information on AADSync on TechNet Wiki:

Note-to-self: Update – New Strategies and Features to Help Organizations Better Protect Against Pass-the-Hash Attacks

Wed 9 Jul 2014 Leave a comment


New blog post at :

Posted by Matt Thomlinson, Vice President, Microsoft Security

Microsoft released new guidance to help our customers address credential theft, called Mitigating Pass-the-Hash and Other Credential Theft, version 2.

“The paper encourages IT professionals to “assume breach” to highlight the need for the use of holistic planning strategies and features in Microsoft Windows to become more resilient against credential theft attacks. This paper builds on our previously released guidance and mitigations for Pass-the-Hash (PtH) attacks. 

Given that organizations must continue to operate after a breach, it is critical for them to have a plan to minimize the impact of successful attacks on their ongoing operations. Adopting an approach that assumes a breach will occur, ensures that organizations have a holistic plan in place before an attack occurs. A planned approach enables defenders to close the seams that attackers are aiming to exploit.

The guidance also underscores another important point – that technical features alone may not prevent lateral movement and privilege escalation. In order to substantially reduce credential theft attacks, organizations should consider the attacker mindset and use strategies such as identifying key assets, implementing detection mechanisms, and having a breach recovery plan. These strategies can be implemented in combination with Windows features to provide a more effective defensive approach, and are aligned to the well-known National Institute of Standards and Technology (NIST) Cybersecurity Framework.

Note-to-self: GPO Search tool

Thu 19 Jun 2014 Leave a comment

You need quickly some info on a specific GPO… Check this out, an online GPO search tool:


It also has a Windows Phone application you can find here:[/embed].


Of course it’s an excellent companion when you’re securing your AD (Security Mitigation Guidance for Active Directory), with Security Compliance manager. (both FREE to download!)



Categories: Security

A hotfix rollup (build 4.1.3559.0) is available for #FIM2010 R2

Thu 19 Jun 2014 Leave a comment


A hotfix rollup (build 4.1.3559.0) is available for Forefront Identity Manager 2010 R2

Issues that are fixed or features that are added in this update

This update fixes the following issues or adds the following features that were not previously documented in the Microsoft Knowledge Base.

FIM add-ins and extensions

Issue 1

After the FIM Password Reset add-in is installed in Windows 7, the “Create a Password Reset Disk” feature is available when you press Ctrl+Alt+Del and then you click Change a Password.

FIM Certificate Management

Issue 1

When you try to remove a certification authority (CA) that is bound to Certificate Management (CM) by using the CLMutil -removeca command, you experience the following symptoms:

  • Actions such as enroll, renew or revoke that are performed on certificates that are bound to the removed CA cause an exception to be returned.
  • When you try to edit or remove a certificate template that was related to the removed CA, an exception is displayed on the CM portal.

Note These same symptoms occur when the CA is stopped or unavailable.

Changes to the symptoms after you apply this update

  • Actions such as enroll, renew or revoke that are performed on certificates that are bound to the removed CA cause a well-defined error message to be displayed.
  • Removing a certificate template is possible. Removing the template for any removed CA is also possible.
  • Changing a certificate template that is related to the removed CA causes a well-defined error message to be displayed.

Changes to the clmutil.exe tool after you apply this update

The following commands are added:


      • Syntax: [-force] -decomissionca CA_ID
      • Example 1: clmutil -force -decommissionca 1
      • Example 2: clmutil -decommissionca 1Note You may receive the following warning message when you run the clmutil command:
        There are outstanding certificates for CA 1, cannot decommission. Please use -force flag if you still want to decommission CA


      • Syntax: -recommissionca CA_ID
      • Example: clmutil -recommissionca 1Note CA_ID can be obtained by using the following command:
        clmutil -listca


Changes in the Web Portal user interface after you apply this update

When you change a profile template that references a certificate template that was originally hosted by a CA and that is marked as decommissioned, the following conditions are true:

  • The CA is unavailable in the Add Certificate Template dialog box.
  • Users who enroll in the profile template receive the following warning message that is displayed at the top of the enrollment screen:
    The Certification Authority\FIM CM CA cannot be contacted as it is marked as decommissioned.

    Note If the profile template includes certificate templates from a disabled or re-enabled CA, users will be unable to enroll in that profile template. This causes this same warning message to be displayed.

  • In the profile template properties, clicking a certificate template that was originally associated with a now-decommissioned CA displays all registered CAs that expose this certificate template. This lets the administrator select the appropriate CA.Note If no registered CAs expose the certificate template, the list of CAs on the screen is blank.

FIM Synchronization Service

Feature 1

This update includes ECMA 2.3. In this version, it is now possible to add custom schema pages that will be listed in the Synchronization Service Manager user interface. An example of how this feature is used can be seen in the Generic SQL connector.

Please be aware that the Microsoft.MetadirectoryServicesEx.dll is updated in this update. See the “Known issues in this update” section for information about how to update the configuration files to reflect this change.


Categories: Security

Note-to-self: New Guidance for Securing Public Key Infrastructure

Fri 13 Jun 2014 Leave a comment

Source: TechNet Blogs » Microsoft Security Blog » New Guidance for Securing Public Key Infrastructure

“Public Key Infrastructure (PKI) is used as a building block to provide key security controls, such as data protection and authentication for organizations. Many organizations operate their own PKI to support things like remote access, network authentication and securing communications.

The threat of compromise to IT infrastructures from attacks is evolving. The motivations behind these attacks are varied, and compromising an organization’s PKI can significantly help an attacker gain access to the sensitive data and systems they are after.

 To help enterprises design PKI and protect it from emerging threats, Microsoft IT has released a detailed technical reference document – “Securing Public Key Infrastructure.”

Note-to-self: The Microsoft Security Newsletter

Thu 12 Jun 2014 Leave a comment

As a security IT pro, it’s always interesting to keep up to date with the latest security news.
And it’s even more easier if it gets delivered to you…

Check out the The Microsoft Security Newsletter, over here:

It provides a link to add the free newsletter subscription to your LiveID/MicrosoftID communication profile.

The latest (edition may 2014) new is here :



Note-to-self: Tools collection for troubleshooting mail delivery issues to

Mon 2 Jun 2014 Leave a comment

Microsoft Premier Luxemburg: Open Chalk & Talk – Solving Mass Mailing Delivery Issues

Mon 2 Jun 2014 Leave a comment

Microsoft Premier Luxembourg | June 5th, 2014

Microsoft Premier Open Chalk & Talk – Solving Mass Mailing Delivery Issues

We are happy to inform you about the first edition of Microsoft Premier Open Chalk & Talk sessions in Luxembourg, a Microsoft-Premier-customer-only technical workshop and networking session.

This session will take place on June, 5th from 12.00 to 14.00 at Microsoft Luxembourg and is delivered by our Senior Security Premier Field Engineer, Peter Geelen.


For companies that use e-mail to communicate with their customers, deliverability rates of less than 100% have a measurable impact on the business, making it very important to monitor and stay on top of the issue. This Open Chalk & Talk session discusses how such companies can ensure better deliverability into including:

  • Understanding Deliverability Issues: The factors that influence e-mail deliverability.
  • Deliverability troubleshooting options.

You can also profit from our Security expert’s presence as of 11.00 and until 15.00 to talk about security in general or focused on a special security topic (FIM, Windows Server security features, data, mobility, cloud, identity …).

To register, or if you have any questions, speak to your Microsoft Premier contacts about it.

On behalf of the Premier Luxembourg team

First beta release of #AADSync

Mon 26 May 2014 Leave a comment

The pre-release program of Azure AD Sync on Connect has been updated with the first beta release of AADSync.

The beta release is available on Connect from this link:

Make sure to read the updated installation guide and release notes available on TechNet:

As requested by the PG, please continue to provide feedback through Connect. This allows MS to deliver a high-quality product which is solving your scenarios.

Note-to-self: Sharepoint maintenance for FIMsters (#FIM2010 running out of disk space?)

Mon 26 May 2014 1 comment

When you’re taking care of your FIM Server, more specific the FIM Portal server running Sharepoint, you might encounter some events in the event viewer, where Sharepoint is complaining about the lack of disk space.

But it’s very likely that you have plenty of disk space …

If you don’t have plenty of disk space, (*) then stop reading and fix it, bookmark this page and come back.


So, you have plenty of diskspace…
Then it’s very likely you have enough memory in your system to run your FIM Server smoothly… (if not go back 2 lines, and execute *)

Now, plenty of memory and plenty of disk is the problem.

By default Sharepoint runs the health analyser and has gotten 2 rules that compare the amount of memory against the amount of free space.

See here for more explanation: Drives are running out of free space (SharePoint Foundation 2010)
“This rule checks disk space as a proportion of the RAM on the computer. When disk space is less than twice the RAM on the computer, the health rule triggers an error. When disk space is less than five times the RAM on the computer, the health rule triggers a warning. Accordingly, server computers with lots of RAM are more likely to experience a failure of this rule.”

So if you have a huge amount of memory, this rule can easily fill up your application event error log in your event viewer.

What can you do about it?

First of all, there are more and other rules, tools and checks that will warn you if you REALLY have a disk issue:

  • the operating system will warn you if your hard drive is going below the usual free space thresholds
  • Better make sure you’ve got a system monitoring active (like System Center Operations Manager)
  • There are additional health rules in SharePoint that monitor the disk for % of free space

Secondly, you can disable the redundant error messages by the SharePoint Health Analyser.
Check out this post:
“SBS2011: The SharePoint Health Analyzer detected an error. Drives are running out of free space. Available drive space is less than twice the value of physical memory. [Solved]

Although the post is focusing on SBS2011, it does also apply to SharePoint Server 2010 (Foundation).

The post provides a step by step guide to disable the 2 disk analysis jobs:

  • Disks are at risk of running out of free space. (free disk space < 5x your server’s RAM)
  • Disk are running out of free space (free space < 2x your server RAM)


For WSS and SharePoint 2007, it’s slightly different, check this out:

And also: SharePoint Timer job reference (Office SharePoint Server) at


Get every new post delivered to your Inbox.

Join 48 other followers