The Access Control (AC) policies were introduced in AD FS 2016. See this official documentation to get familiar with AD FS Access Control policies concept and settings. Recently had to troubleshoot the following scenario. Customer has Hybrid Exchange environment with email boxes located in on premises Exchange 2010 and archives located in Exchange Online. Exchange … Continue reading AD FS 2016 Access Control Policies troubleshooting
Tag: ADFS 2016
Below is slightly modified script from here to collect the sequence of the EventIDs 1203 and 1210 on single AD FS server that might help you understanding and troubleshooting the AD FS Extranet Smart Lockout (ESL) behavior. You can read more about AD FS ESL behavior here and here.
Recently had experienced issue when trying to execute AD FS Extranet Smart Lockout user management cmdlet via remote PowerShell. Error in PowerShell: Exception of type 'Microsoft.IdentityServer.User.UserActivityRestServiceException' was thrown. + CategoryInfo : NotSpecified: (:) [Get-AdfsAccountActivity], User ActivityRestServiceException + FullyQualifiedErrorId : Microsoft.IdentityServer.User.UserActivityRestSer viceException,Microsoft.IdentityServer.Management.Commands.GetAdfsAccountAc tivity + PSComputerName : Win2016-ADFS01 In AD FS Admin logs on Win2016-ADFS01 server saw … Continue reading AD FS Extranet Smart Lockout user management via remote PowerShell
I’m sure you are familiar with the following articles discussing the Federated account lockouts and AD FS Extranet Smart Lockout (ESL) feature and set up recommendations. https://blogs.technet.microsoft.com/tspring/2017/01/20/federated-to-microsoft-cloud-and-account-lockouts/ https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-ad-fs-extranet-smart-lockout-protection https://samilamppu.com/2018/07/09/w2016-adfs-smart-lockout/ Recently was helping the customer whose environment was experiencing high volume of on-premises AD accounts lockouts due to the external bad passwords attempts via AD FS … Continue reading AD FS 2016 Extranet Smart Lockout behavior