AD Fun Services – Track down the source of ADFS lockouts

Tracking down the devices locking out accounts on an ADFS deployment is quite challenging. From an ADDS perspective, lockouts coming from a WAP server will look like they’re come from an ADFS server: Lockouts coming from internal client using Form Based authentication also look like they are coming from the ADFS server itself and not…


How to detect applications using "hardcoded" DC name or IP?

You look at Windows Server 2012 R2 and you tell yourself: "that would be nice if I could leverage all those new features". Then you remember… Adding new domain controllers is usually not a problem. Besides, if you want to add your new DCs in a smooth way, without impacting the existing environment, you can…


Do I really need ADFS?

I often hear and read misconceptions on whether or not you should or must deploy an ADFS farm when Office 365 is in the picture. So I will try to give you my version (well it is a collection of feedback from my peers as well), hoping that might help you to sort out your…


Customizing the AD FS sign-in pages per relying party trust

UPDATE: Windows Server 2016 allows this out of the box. See here: Customizing user signin for AD FS relying parties The way the Windows Server 2012 R2 ADFS customization works currently does not enable you to modify the graphical end user experience based on the relying party trust (RP) the user is trying to access….


ADFS refuses to start, error 1297

Here is the scenario, your ADFS farm is happy, up and running. Because of update management sometimes you server has to restart. And when the server is restarting all hosted services will also restart with it. Then, maybe you’ll be running into this error message when you start your ADFS Server service: It is weird especially that you…


Raising the functional level – Are you getting cold feet because of KB2260240?

Raising the functional level of your domain is a pretty straight forward operation. It is a mandatory step if you want to start using the Recycle Bin with Windows Server 2008 R2 or other new great security features with the newest versions of Windows. It is super well documented, and among the great resources we…


How to export an ADFS custom webtheme and import it to another server

As it is recommended on the following TechNet article: Advanced Customization of AD FS Sign-in Pages "It is strongly recommended to validate your customizations in an alternate environment and test them prior to rolling it out onto production AD FS servers. This reduces the chances of end users being exposed to these customizations prior to…