Once upon a case...

Use this free tool to kill lateral movement! And no, this is not about LAPS!

I, too, can do click-bait title BS! Alright, this has been in my draft folder for almost two years....

Author: Pierre Audonnet [MSFT] Date: 04/01/2018

All you need to know about Keytab files

Whether you are currently using them or planning to issue one, here is (I hope) all you need to know...

Author: Pierre Audonnet [MSFT] Date: 01/03/2018

Extract pictures from a Steps Recorder file

For those who don't know, there is a pretty cool feature built-in in Windows since Windows...

Author: Pierre Audonnet [MSFT] Date: 11/03/2017

Why did I rename my Administrator account?

The question of whether you should rename the built-in administrator account in Active Directory...

Author: Pierre Audonnet [MSFT] Date: 10/17/2017

Good news everyone! We are under brute force attack!

The title is a tribute to Professor Farnsworth... I mentioned it because my jokes usually never...

Author: Pierre Audonnet [MSFT] Date: 07/19/2017

🐢🐢🐢 Credential theft made easy with Kerberos delegation

Yes it takes just 2 lines of PowerShell to impersonate whoever you want... A small preamble: things...

Author: Pierre Audonnet [MSFT] Date: 06/30/2017

Do I really need ADFS?

Update 2018-01-06: Lots of new things came up so I updated this article. Update 2018-04-10: Few...

Author: Pierre Audonnet [MSFT] Date: 02/06/2017

ADFS 2016 - Change the Active Directory claim provider display name in the Home Realm Discovery page

In Windows Server 2012 R2 ADFS (well that everybody calls ADFS 3), the display name of the ADFS farm...

Author: Pierre Audonnet [MSFT] Date: 12/02/2016

List all possible security events and their descriptions in PowerShell

If you'd like to know all the possible security event in your system, the best way to do it is to...

Author: Pierre Audonnet [MSFT] Date: 11/05/2016

ADFS 2016 - Cannot add/update Relying Parties from the GUI from metadata files "Method not found"

UPDATE: The following update is fixing this issue: Cumulative Update for Windows 10 Version 1607 and...

Author: Pierre Audonnet [MSFT] Date: 10/23/2016

Metadata #3 - Spot who is cheating on the password policy

Yes there are some ways to workaround the password policy... Mainly for operators and administrators...

Author: Pierre Audonnet [MSFT] Date: 10/20/2016

The source of my account lockout is my domain controller

When it comes to track down account lockouts, there are plenty of tools and techniques. Looking at...

Author: Pierre Audonnet [MSFT] Date: 10/02/2016

AD Fun Services – List all the members of an ADFS farm

In Windows Server 2012 R2, the ADFS database actually does not keep track of the servers member of...

Author: Pierre Audonnet [MSFT] Date: 09/13/2016

Q&D - Backup/Restore your ADFS claim rules for Office 365

When it comes to try and fail fast, nothing better than to be able to restore things the way it used...

Author: Pierre Audonnet [MSFT] Date: 08/23/2016

AD Fun Services - Playing with claim rules and attribute store to trigger MFA when the user is connected from a different country

The following post is provided as-is with no warranty nor support of any sort. This is to illustrate...

Author: Pierre Audonnet [MSFT] Date: 03/02/2016

AD Fun Services - Track down the source of ADFS lockouts

Tracking down the devices locking out accounts on an ADFS deployment is quite challenging. From an...

Author: Pierre Audonnet [MSFT] Date: 02/02/2016

Script to update the Service-Communications SSL certificate

Changing the Service-Communications certificate for the Windows Server 2012 R2 ADFS servers and...

Author: Pierre Audonnet [MSFT] Date: 11/25/2015

Customize the Home Realm Discovery page to ask for UPN right away

DISCLAIMER: This post is a POC written for ADFS on Windows Server 2012 R2 When you have more than...

Author: Pierre Audonnet [MSFT] Date: 10/18/2015

ADFS extranet lockout and PDC requirement

IMPORTANT: This article applies to Windows Server 2012 R2 ADFS (aka ADFS 3). In Windows Server 2016...

Author: Pierre Audonnet [MSFT] Date: 10/11/2015

ADFS refuses to start, error 1297

Here is the scenario, your ADFS farm is happy, up and running. Because of update management...

Author: Pierre Audonnet [MSFT] Date: 09/04/2015

How to export an ADFS custom webtheme and import it to another server

As it is recommended on the following TechNet article: Advanced Customization of AD FS Sign-in Pages...

Author: Pierre Audonnet [MSFT] Date: 09/04/2015

Accept SAM-account name as a login format on the ADFS form-based password update page

If you want your users to use only their sAMAccountName to login to the ADFS form-based sign-in...

Author: Pierre Audonnet [MSFT] Date: 09/02/2015

Customizing the AD FS sign-in pages per relying party trust

UPDATE: Windows Server 2016 allows this out of the box. See here: Customizing user signin for AD FS...

Author: Pierre Audonnet [MSFT] Date: 08/29/2015

Customizing the IDP images in the Home Realm Discovery page

One of the great benefits of the latest version of ADFS is that you do not need to know HTML or...

Author: Pierre Audonnet [MSFT] Date: 02/15/2015

Secure LDAP does not work using the FQDN of the domain for GCs?

I have been running into this issue a couple of times. You have a forest with multiple domains and...

Author: Pierre Audonnet [MSFT] Date: 11/16/2014

Raising the functional level to Windows 2012 or Windows 2012 R2... Will I break anything?

2/26/2016 Update, cf the I disagree with the PowerShell output section. In short, yes... Meaning...

Author: Pierre Audonnet [MSFT] Date: 10/29/2014

Raising the functional level - Are you getting cold feet because of KB2260240?

Raising the functional level of your domain is a pretty straight forward operation. It is a...

Author: Pierre Audonnet [MSFT] Date: 09/07/2014

fixfsmo.vbs in PowerShell

I wrote the equivalent of fixfsmo.vbs in PowerShell: Fix-InvalidFsmo.ps1. For those who don't...

Author: Pierre Audonnet [MSFT] Date: 08/26/2014

Metadata #1 - When did the delegation change? How to track security descriptor modifications

This post is a part of the Metadata series. Have a look at the intro to have more information about...

Author: Pierre Audonnet [MSFT] Date: 08/25/2014

Metadata #2 - The ephemeral admin, or how to track the group membership

This post is a part of the Metadata series. Have a look at the intro to have more information about...

Author: Pierre Audonnet [MSFT] Date: 08/25/2014

Metadata #0 - Metadata, what is it and why do we care?

You are on site, audit wasn't properly configured and yet you need to understand what has changed....

Author: Pierre Audonnet [MSFT] Date: 08/25/2014

How to detect applications using "hardcoded" DC name or IP?

You look at Windows Server 2012 R2 and you tell yourself: "that would be nice if I could leverage...

Author: Pierre Audonnet [MSFT] Date: 07/13/2014

Track down LDAPs clients on a domain controller

You probably wonder why that could be a big deal. Usually clients not doing LDAPs are the ones we...

Author: Pierre Audonnet [MSFT] Date: 03/09/2014