Tag: AD FS 2016

AD FS 2016 Access Control Policies troubleshooting

The Access Control (AC) policies were introduced in AD FS 2016. See this official documentation to get familiar with AD FS Access Control policies concept and settings. Recently had to troubleshoot the following scenario. Customer has Hybrid Exchange environment with email boxes located in on premises Exchange 2010 and archives located in Exchange Online. Exchange … Continue reading AD FS 2016 Access Control Policies troubleshooting

AD FS 2016 Extranet Smart Lockout eventIDs 1203 and 1210 clarification

Continuing my journey of learning the great AD FS Extranet Smart Lockout (ESL) feature. As mentioned in my other post, the enhancement were made in AD FS 2016 auditing and there will be Event ID 1203 logged in the ADFS Security log by ADFS Auditing in case there was a failure to validate user credentials … Continue reading AD FS 2016 Extranet Smart Lockout eventIDs 1203 and 1210 clarification

AD FS Extranet Smart Lockout user management via remote PowerShell

Recently had experienced issue when trying to execute AD FS Extranet Smart Lockout user management cmdlet via remote PowerShell. Error in PowerShell: Exception of type 'Microsoft.IdentityServer.User.UserActivityRestServiceException' was thrown. + CategoryInfo         : NotSpecified: (:) [Get-AdfsAccountActivity], User ActivityRestServiceException + FullyQualifiedErrorId : Microsoft.IdentityServer.User.UserActivityRestSer viceException,Microsoft.IdentityServer.Management.Commands.GetAdfsAccountAc tivity + PSComputerName       : Win2016-ADFS01 In AD FS Admin logs on Win2016-ADFS01 server saw … Continue reading AD FS Extranet Smart Lockout user management via remote PowerShell

AD FS 2016 Extranet Smart Lockout behavior

I’m sure you are familiar with the following articles discussing the Federated account lockouts and AD FS Extranet Smart Lockout (ESL) feature and set up recommendations. https://blogs.technet.microsoft.com/tspring/2017/01/20/federated-to-microsoft-cloud-and-account-lockouts/ https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-ad-fs-extranet-smart-lockout-protection https://samilamppu.com/2018/07/09/w2016-adfs-smart-lockout/ Recently was helping the customer whose environment was experiencing high volume of on-premises AD accounts lockouts due to the external bad passwords attempts via AD FS … Continue reading AD FS 2016 Extranet Smart Lockout behavior