Adding Duo 2FA to Microsoft ADFS
KB ID 0001656 Problem I did a Duo run through a few weeks ago, and to be honest their documentation is usually pretty good. I was spinning this up as a PoC for a client so I thought I’d put my take on the procedure here. ADFS Duo Pre-Requisites I already have a Duo Authentication Proxy server setup and my users are enrolled, you will need to set this up first. See the following article; Duo: ADSync and Enroll Users via SMS Log...
PowerShell: Bulk Add/Remove Users From Groups
KB ID 0001475 Problem I had to do this a few weeks ago, so I documented it. I had a list of usernames in a CSV file and I needed to bulk-add them to a security group. Bulk Add Group Users Solution Firstly you will need the usernames (sAMAccountNames) in .csv format like so, (Note: As a header Im using User-Name.) I’ve saved the file to C:\Temp on my server. Execute the following commands; Import-Module ActiveDirectory ...
Cisco AnyConnect With Server 2016 NPAS (RADIUS) Different Groups
KB ID 0001474 Problem A few years ago I replaced a firewall that was setup like this, and while it took me a while to work out what was going on, I remember thinking it was an elegant solution. Fast forward to today, and I’m now working with the guy who set it up! (Kudos to Paul White). So when I had a client with a similar requirement, I sat down fired up the lab, and documented it. What was used; Windows 10 Remote Client...
SQL Install Error “SQL Server Browser Service Group Does Not Exist”
KB ID 0000689 Problem Seen when reinstalling SQL 2008 R2 on a domain controller. Note: as a background the SQL Server was installed previously and then the server was promoted to a domain controller. Then when the attempt to reinstall SQL was carried out this happened: Microsoft SQL Server 2008 R2 Setup The following error has occurred. SQL Server Browser service group does not exists. Check for earlier failures in the setup Note:...
Windows Server – Fine Grained Password Policies
KB ID 0000765 Problem Before server 2008 if you wanted more than one password policy, you had to create a sub domain just to do that! with Server 2008 we were given fine grained password policies, which were fine (if a little clunky), and involved you creating ‘Password Settings Objects’. They were a pain if you were not used to them e.g. five minutes is entered as 00:00:05:00. But now Microsoft have made things a LOT...