PKI Blog

Migrating Relying Party Trusts

Posted by Sarah Duncan on Jul 9, 2013 5:29:48 AM

There are times when you might find yourself needing to migrate a relying party (RP) from one AD FS implementation to another. Unfortunately, at the moment there do not seem to be existing tools to do this. So, we offer the following rather quick and dirty approach. There might be better ways, but this gets the job done.

Read More

Topics: Federation, Microsoft Active Directory AD, Active Directory Federation Services, AD FS, Migration, Blog, PowerShell script, Active Directory, Relying Party trusts, PowerShell

Authorization Error Enabling AD RMS for Exchange

Posted by Sarah Duncan on May 2, 2013 9:06:08 AM

Recently I encountered an odd authorization error while trying to enable Active Directory Rights Management Services (AD RMS) for an on premise Exchange 2010 server and thought the world might benefit from my experience in resolving the issue.

Read More

Topics: Active Directory Rights Management Services, Microsoft Active Directory AD, IT Security, Microsoft Security Partner, Microsoft Active Directory, Microsoft Exchange, Microsoft, Exchange server, Blog, Active Directory, AD RMS, IT management

AD FS 2.0 Rollup 2 and Customized Pages

Posted by Sarah Duncan on Mar 27, 2013 10:46:56 AM

Update Rollup 2 for Active Directory Federation Services (AD FS) 2.0, which was released last year, addresses five issues:

Read More

Topics: SAML, Federation, Microsoft Active Directory AD, Active Directory Federation Services, IT Security, Microsoft Security Partner, Microsoft Active Directory Federated Services, AD FS, Microsoft Active Directory, SAML 2.0, Blog

FIM: Set Membership Based on Group Membership

Posted by Sami Van Vliet on Jan 8, 2013 5:23:21 AM

Sets and groups are different object types in FIM, but often people would like to have sets based on group membership. We figured out a way to do that with some custom attributes.

Read More

Topics: Microsoft Active Directory AD, IT Security, Microsoft Security Partner, FIM, FIM Sets, FIM Groups, Identity Management, Microsoft AD, Microsoft Forefront Identity Manager, Microsoft FIM, FIM Group Set, Blog, Active Directory, AD

ADFS with Non-Standard HTTPS Port

Posted by Jake Chang on Jun 6, 2012 6:46:35 AM

Recently, CSS was requested by a client to implement an AD FS 2.0 (ADFS) federation solution to meet a very unique security requirement associated with scenarios of external access to internally hosted services.

Read More

Topics: Microsoft Active Directory AD, IT Security, Microsoft Security Partner, HTTPS Port, AD FS 2.0 Federation Server Proxy, ADFS, AD FS 2.0, Blog, Active Directory, AD

Shocked by an Android

Posted by Sarah Duncan on May 23, 2012 8:08:50 AM

Stunned is the word for it. There I was getting to know my new Samsung Galaxy Tab 2, a tablet running Android 4.0 (Ice Cream Sandwich). I configured the built-in Exchange ActiveSync client (using certificate-based authentication, but that's a discussion for another day) and was browsing around the interface when I spotted an oddly familiar-looking icon. "Hmmm," I said, "I wonder what that button does."

Read More

Topics: Active Directory Rights Management Services, Microsoft Active Directory AD, Android Ice Cream Sandwich, IT Security, Industry Trends, Microsoft Active Directory, Samsung Galaxy Tab 2, Data Protection, Ice Cream Sandwich, RMS, Rights Management System, Android 4.0, Android, Blog, AD, AD RMS

Apple Products Becoming (Business) Mainstream

Posted by CSS Marketing on Feb 9, 2012 4:00:13 AM

The popularity of Apple’s iPads and iPhones among consumers are well documented, but recent findings from Forrester Research shows that these devices are gaining steam in the corporate world.

The “Consumerization of IT” or BYOD (Bring Your Own Device) has become a common occurrence among all departments, and not surprisingly, Apple is leading the way among what Forrester calls “information” workers — workers that use a computer for work an hour or more per day. And the more senior the individual, the more they are using Apple devices:

  • More than 1 out of 5 (21%) of 10,000 surveyed Information workers use one or more Apple device at work
  • The number of Apple BYOD-ers doubles to 2 out of 5 professionals (41%) for those with the title “Director of IT” or higher
Read More

Topics: digital certificate, Microsoft Active Directory AD, certificates, apple, iOS 5, iPhone, IT Security, Microsoft Security Partner, digital pki, Certificate Reporting Tool, Public Key Infrastructure, Certificate Management System (CMS), Industry Trends, mCMS, Microsoft Public Key Infrastructure, Active Directory Certificate Services, iPad, PKI, Microsoft PKI, iOS management certificates, Microsoft and Apple, iOS, Blog, Active Directory, mobile certificates, BYOD, AD, Got PKI?

A PowerShell script to find AD FS 2.0 errors

Posted by CSS Technical Team on Nov 2, 2011 10:18:58 AM

So one of your users has received an error from AD FS 2.0, and you need to determine what the problem is. Unfortunately, sometimes the error message doesn't give much of a clue—for example the web page shown below.

Read More

Topics: Federation, Microsoft Active Directory AD, IT Security, Microsoft Security Partner, FS, AD FS, Microsoft AD, AD FS server, AD FS 2.0, Blog, PowerShell script, Active Directory, PowerShell, AD

Determining Access in a Microsoft Network

Posted by CSS Technical Team on Apr 28, 2011 10:26:09 AM

Determining a comprehensive view of access rights in a Microsoft network can be a difficult task – as anyone that has undergone a recent audit can attest. The collection and organization of security data into detailed reports can take significant time and effort. There are multiple reasons that the process of gathering the data is difficult and time consuming, but the common factor is that security information is dispersed throughout multiple security stores.

In a Windows environment, security store information is dispersed in the following methods:

  • Security principals (users and groups) are dispersed across Active Directory and member server security databases (SAM)
  • Groups can be deeply nested (e.g. group A is in group B is in group C is in ....)
  • Group membership can span security databases (e.g. domain\domain admins is in server\Administrators)
  • A Windows domain can trust other Windows domains and external Kerberos realms
  • Access Control Lists (ACLs) exist on an object being secured
Read More

Topics: Microsoft Active Directory AD, Microsoft Security Partner, Security Audit, Auditors, Audit tool, Group Membership, Windows security, Distributed Authorization Reporting Tool, Group Nesting, Regulatory Compliance, Audit, Blog, DART, ACE, ACL, Security Tool

Keeping Track of Attribute History in the Forefront Identity Manager (FIM) Sync Engine

Posted by CSS Technical Team on Apr 25, 2011 11:06:00 AM

Recently, one of our clients had a scenario that required them to keep track of the proxyAddresses attribute history between two Microsoft Active Directory (AD) domains. Since FIM Sync Service doesn’t retain any history of attribute values (as simply a state-based synchronization engine), this required a bit of thought and planning.

Read More

Topics: Microsoft Active Directory AD, Microsoft Security Partner, Microsoft Exchange, Identity Management, Synchronization, Microsoft FIM, Exchange Provisioning, Blog

Posts by Topic

see all

Want to Learn more about CSS?