Unable to Connect to the Synchronisation Service
Feb04

Unable to Connect to the Synchronisation Service

KB ID 0001649 Problem I’m doing some work for a client that has Azure AD Sync running, and we keep kicking each other off the server, so I thought I’d login with another account. However, when I tried to open the Synchronisation Service Manager; Unable to connect to the Synchronisation Service Some possible reasons are: 1) The service is not started. 2) Your account is not a member of the requires security group. See the...

Read More
Duo: ADSync and Enroll Users via SMS
Feb03

Duo: ADSync and Enroll Users via SMS

KB ID 0001648 Problem Before you can use Duo 2FA/MFA you need to have your users enrolled. Theres a number of ways to enrol them, you can bulk email them, or manually add them. Below I’m going to Sync Duo with my Active Directory, so that if users are members of a specific AD group, they will ‘appear’ in the Duo Admin Portal. Then I’m going to enter a users mobile phone number and send them an SMS to enrol....

Read More
Duo: Migrate from LDAP to LDAPS
Feb02

Duo: Migrate from LDAP to LDAPS

KB ID 0001647 Problem With the impending ‘turning off’ of cleartext LDAP queries to Windows Server, I wanted to make sure my new Duo deployments were already using LDAPS. I got LDAP deployed very quickly and easily, but making the ‘swap’ to LDAPS proved to be massively problematic. Normally I find Duo a pleasure to deploy, but their technical documentation just confused me for this and I went running up some...

Read More
Get Ready for LDAPS Channel Binding
Jan28

Get Ready for LDAPS Channel Binding

KB ID 0001645 Problem I have written about Enabling LDAPS a long time ago, but it’s a subject that’s about to become important again, so I’ll revisit the subject. Microsoft are about to ‘enforce’ LDAPS authentication against their domain controllers, in the March 2020 round of updates. Now delayed until second half of 2020. What does that mean? Well lookups against LDAP will now need to be secure, (i.e....

Read More
Azure AD Connector: Disable ADFS Authentication
Jan24

Azure AD Connector: Disable ADFS Authentication

KB ID 0001643 Problem Why would you want to disable ADFS authentication? Well what if ADFS is down, or you want to revert to some other authentication method? I was in a position a few weeks ago where I needed to disable ADFS on a clients Azure AD Sync. At that time the Microsoft Tech on the phone steered us towards doing what I can only describe as a ‘forced de-federation’. This involved using Powershell and it resets the...

Read More
Azure Pass-through Authentication
Jan23

Azure Pass-through Authentication

KB ID 0001642 Problem I’ve never really taken the time to look at pass-through authentication, I set up Azure AAD sync, then I either use ADFS or I don’t. It was only when looking at removing ADFS, that I even looked at it as an option.  How does Pass-through Authentication Work? Remote client attempts to authenticate to Office 365 (Azure Active Directory). Azure queues the request and sends it to an Azure Authentication...

Read More