#StackBounty: #sql-server #migration #active-directory SQL Server 20002005 compatibility with Active Directory 2016

Bounty: 50

We are currently using Active Directory 2008R2 and will be upgrading to AD 2016. I’m trying to determine if there is any known compatibility issues when running older versions of SQL Server (2000 and 2005) when upgrading to AD 2016. Has anyone been through this process? Most of our db servers are using SQL 2008 > 2016, but a few still runs with 2000/2005. Thanks


Get this bounty!!!

#StackBounty: #sql-server #migration #active-directory SQL Server 20002005 compatibility with Active Directory 2016

Bounty: 50

We are currently using Active Directory 2008R2 and will be upgrading to AD 2016. I’m trying to determine if there is any known compatibility issues when running older versions of SQL Server (2000 and 2005) when upgrading to AD 2016. Has anyone been through this process? Most of our db servers are using SQL 2008 > 2016, but a few still runs with 2000/2005. Thanks


Get this bounty!!!

#StackBounty: #sql-server #migration #active-directory SQL Server 20002005 compatibility with Active Directory 2016

Bounty: 50

We are currently using Active Directory 2008R2 and will be upgrading to AD 2016. I’m trying to determine if there is any known compatibility issues when running older versions of SQL Server (2000 and 2005) when upgrading to AD 2016. Has anyone been through this process? Most of our db servers are using SQL 2008 > 2016, but a few still runs with 2000/2005. Thanks


Get this bounty!!!

#StackBounty: #sql-server #migration #active-directory SQL Server 20002005 compatibility with Active Directory 2016

Bounty: 50

We are currently using Active Directory 2008R2 and will be upgrading to AD 2016. I’m trying to determine if there is any known compatibility issues when running older versions of SQL Server (2000 and 2005) when upgrading to AD 2016. Has anyone been through this process? Most of our db servers are using SQL 2008 > 2016, but a few still runs with 2000/2005. Thanks


Get this bounty!!!

#StackBounty: #sql-server #migration #active-directory SQL Server 20002005 compatibility with Active Directory 2016

Bounty: 50

We are currently using Active Directory 2008R2 and will be upgrading to AD 2016. I’m trying to determine if there is any known compatibility issues when running older versions of SQL Server (2000 and 2005) when upgrading to AD 2016. Has anyone been through this process? Most of our db servers are using SQL 2008 > 2016, but a few still runs with 2000/2005. Thanks


Get this bounty!!!

#StackBounty: #spring #spring-security #active-directory #spring-ldap #spring-security-ldap Spring Ldap Impact of Microsoft Security Ad…

Bounty: 200

We are using Spring Security Ldap Library (v4.0.4) to fetch a list of users from our client’s Active Directory (ldap://domain:389) and to authenticate them to sign in to our web application.

Microsoft recently published an advisory to enable LDAP channel binding and LDAP signing:
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023

“LDAP channel binding and LDAP signing provide ways to increase the security for communications between LDAP clients and Active Directory domain controllers. A set of unsafe default configurations for LDAP channel binding and LDAP signing exist on Active Directory Domain Controllers that let LDAP clients communicate with them without enforcing LDAP channel binding and LDAP signing. This can open Active directory domain controllers to elevation of privilege vulnerabilities.”

We were asked if enabling LDAP channel binding and LDAP signing on their servers would affect our processes. I couldn’t find information regarding these in the documentation:
https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#ldap

Are these supported by Spring Security Ldap Library (v4.0.4)?
If so, is there any configuration we should change to make sure things are not affacted?


Get this bounty!!!

#StackBounty: #active-directory #windows-server-2012-r2 #amazon-vpc #vpc-peering #aws-directory-service Connect to active directory ove…

Bounty: 50

I have a VPC(VPC1) where my main instances are running, and I have another one (VPC2)specifically for directory service (AD Connector) and a MS AD server running. I have created a VPC peering (which is Active) and all the route tables of these VPC’s are updated to talk to the other VPC instances. But here are the issues now:

  1. An instance created in VPC 1, configured with domain join option gets launched successfully, but not joined to the domain. I am not sure any logs I can find, IAM role for this instance is also integrated while launching.
  2. From the AD server (located in VPC2), I tried pinging this VPC1 server by its private IP address, which fails.

Is there anything else I need to configure.? As per my understanding, VPC peering in active state with route tables should properly route the requests. Any help would be appreciated


Get this bounty!!!

#StackBounty: #c# #wpf #mvvm #active-directory Async Check for Domain Fullname With WPF and Caliburn.Micro

Bounty: 50

I have a small WPF program built using Caliburn.Micro which checks Active Directory for a user with the current username of the logged-on user. I have a Bootstrapper method:

protected async override void OnStartup(object sender, StartupEventArgs e)
{
    await ShellViewModel.CollectFullnameAsync();
    DisplayRootViewFor<ShellViewModel>();
}

This starts the ShellViewModel and kicks off an async method to start looking for the currently logged on user on the domain

My ShellViewModel looks like this:

public ShellViewModel()
{
    Computername = EnvironmentHelpers.ComputerName;
    Fullname = _fullnameplaceholder;
}

public static async Task CollectFullnameAsync()
{
    _fullnameplaceholder = ADHelpers.GetFullADName();

    while(_fullnameplaceholder == "Failed" && _attemptsToCollectFullName < 5)
    {
        _attemptsToCollectFullName++;
        await Task.Delay(2000);
        _fullnameplaceholder = ADHelpers.GetFullADName();
    }
}

So my code is meant to:

  1. Look for the user on the domain
  2. Check 5 times for the user, waiting 2 seconds between each attempt.
  3. Display the ShellView with either “Failed” or the Fullname returned from the domain

Can I please get some insight into how I am performing this task? Is this the correct way to do this or am I barking up the wrong tree?


Get this bounty!!!

#StackBounty: #active-directory #ldap Secure LDAP Auth with SSL Cert

Bounty: 50

I’m wanting to setup secure LDAP authentication with an external service provider. The end user currently uses unsecured LDAP to the service provider. The service provider admits they way it had been originally implemented exposes credentials via packet capture.

I’ve reviewed:
https://support.microsoft.com/en-us/help/321051/how-to-enable-ldap-over-ssl-with-a-third-party-certification-authority

Their local domain is a *.local. The product manufacturer requires an SSL certificate that is signed by a valid certificate authority. This is good. I can create an SSL cert for the domain, but it won’t match that the Directory Service has.

I’m not sure exactly how the external auth is presented to the LDAP server, if it’s just passing the user name with domain name appended or if it verifies the LDAP server first.

Questions – Do I need to rename the domain to match? Would adding a UPN suffix allow for a work-around?

Edit:
External access through the Internet is required, thus the desire to secure LDAP.

Update text for clarity


Get this bounty!!!