The post describes Azure AD claim mapping policy feature and how to manage it via PowerShell.
Below is slightly modified script from here to collect the sequence of the EventIDs 1203 and 1210 on single AD FS server that might help you understanding and troubleshooting the AD FS Extranet Smart Lockout (ESL) behavior. You can read more about AD FS ESL behavior here and here.
Continuing my journey of learning the great AD FS Extranet Smart Lockout (ESL) feature. As mentioned in my other post, the enhancement were made in AD FS 2016 auditing and there will be Event ID 1203 logged in the ADFS Security log by ADFS Auditing in case there was a failure to validate user credentials … Continue reading AD FS 2016 Extranet Smart Lockout eventIDs 1203 and 1210 clarification
Recently had experienced issue when trying to execute AD FS Extranet Smart Lockout user management cmdlet via remote PowerShell. Error in PowerShell: Exception of type 'Microsoft.IdentityServer.User.UserActivityRestServiceException' was thrown. + CategoryInfo : NotSpecified: (:) [Get-AdfsAccountActivity], User ActivityRestServiceException + FullyQualifiedErrorId : Microsoft.IdentityServer.User.UserActivityRestSer viceException,Microsoft.IdentityServer.Management.Commands.GetAdfsAccountAc tivity + PSComputerName : Win2016-ADFS01 In AD FS Admin logs on Win2016-ADFS01 server saw … Continue reading AD FS Extranet Smart Lockout user management via remote PowerShell
I’m sure you are familiar with the following articles discussing the Federated account lockouts and AD FS Extranet Smart Lockout (ESL) feature and set up recommendations. https://blogs.technet.microsoft.com/tspring/2017/01/20/federated-to-microsoft-cloud-and-account-lockouts/ https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-ad-fs-extranet-smart-lockout-protection https://samilamppu.com/2018/07/09/w2016-adfs-smart-lockout/ Recently was helping the customer whose environment was experiencing high volume of on-premises AD accounts lockouts due to the external bad passwords attempts via AD FS … Continue reading AD FS 2016 Extranet Smart Lockout behavior
There is an excellent blogpost about federated to Microsoft Cloud accounts lockouts data collection, analysis and mitigation. The article above provides links to the scripts collecting event logs data for Windows Server 2008 R2, 2012 and 2012 R2. But in Windows Server 2016 there were audit enhancements made in AD FS 2016 auditing to make … Continue reading PowerShell script to collect AD FS 2016 bad password sign in attempts data
In a raise of popularity of crypto mining there is a shift in the threat landscape. Attackers “are beginning to recognize that they can realize all the financial upside of previous attacks, like ransomware, without needing to actually engage the victim and without the extraneous law enforcement attention that comes with ransomware attacks,” Talos researchers … Continue reading Discover and protect from crypto miners in your network using pfSense firewall
Symptom: when accessing the federated application from inside of the corporate network using Internet Explorer, the users are presented with AD FS Forms Based authentication (FBA) page instead of Windows Integrated Authentication taking place. At the same time Edge and Chrome WIA are working as expected from intranet. Since there was no Windows security pop … Continue reading AD FS Single Sign on is not working with Internet Explorer 11
This is pretty simple example how to query Clash Of Clans API with PowerShell. First you need to create your account at https://developer.clashofclans.com/#/ Second you need to generate new key ($APIKey) for your IP address. You can use the Documentation section to get the URL variable depending on what exact info you want to pull. … Continue reading Query Supercell Clash of Clans API with PowerShell
You might experience issues if you are migrating from AD FS 3.0 farm level to AD FS 2016 by gradually introducing AD FS 2016 servers in the farm (running farm in the mixed mode) and if you are using IdP initiated RelayState. NOTE: the mixed mode is not recommended for production, it was designed to … Continue reading RelayState support for AD FS 2016 in the mixed mode ADFS farm