Microsoft - Technet

Here goes to add an OU for AAD Connect sync. 1. Open AAD Connect Synchronization Service Manager 2. Select on-prem AD connector and click Properties 3. Configure Directory Partitions -> Containers 4. Enter Password and click OK 5. Select an OU to be added, "AAD Connect" in this example 6. Create an user for test 7. A new user, "new_aad" created 8. "new_aad" not listed in O365 portal 9. Start AAD sync "Delta" 10. "new_aad" is synced/listed in O365 portal  

Importing PowerShell Module Import-Module ADSync Check current sync schedule Get-ADSyncScheduler To set sync interval to every 3 hours Set-AdSyncScheduler -customizedsycncecleinterval 03:00:00 Start by telling the scheduler to stop its current cycle with the PowerShell cmdlet  Stop-ADSyncSyncCycle To initiate a full sync cycle, run Start-ADSyncSyncCycle -PolicyType Initial Force Synchronisation It could be that you have an urgent change which must be synchronized immediately which is why you need to manually run a cycle. Start-ADSyncSyncCycle -PolicyType Delta To check current sync status Get-ADSyncConnectorRunStatus Example , PS C:\Users\Administrator> Start-ADSyncSyncCycle -PolicyType Delta PS C:\Users\Administrator> Get-ADSyncConnectorRunStatus  RunState ConnectorName  -------- -------------  Busy mfa01.onmicrosoft.com - AAD Manual sync for password $adConnector  = "mfalab3.com" $aadConnector = "mfa01.onmicrosoft.com -

1. Check federation status, PS C:\Users\administrator> Get-MsolDomain | fl name,status,auth* Name           : mfalab3.com Status         : Verified Authentication : Federated 2. From ADFS server, run following Powershell commands. Set-MsolADFSContext -Computer th-adfs2012 Set-MsolDomainAuthentication -Authentication Managed -DomainName mfalab3.com Get-MsolDomain | fl name,status,auth* (Note : th-adfs2012 : adfs server, mfalab3.com : test domain name) 3. Check federation status again, PS C:\Users\administrator> Get-MsolDomain | fl name,status,auth* Name           : mfalab3.com Status         : Verified Authentication : Managed 4. Login to O365 to check if it is not redirected to ADFS server

From your Sharepoint and MFA installed server, Step 1: Check the URL of Sharepoint site to secure with Azure Multi-Factor Authentication Step 2: Add Multi-Factor Authentication for HTTP websites with following base URL of Sharepoint site Step 3: Check users added in "Multi-Factor Authentication server" From an external system, Step 1:  Browse URL of Sharepoint Site  Enter a user credential to login - must be a user in MFA Step 2:  Enter a user credential to login - must be a user in MFA === Authentication phone rings === Logged in

This is a simple snapshots for implementation. 1. Azure Multi-Factor Authentication setting  2. ADFS 2.0(with integrating AWS) sign-in page  3. Login to AWS 

This guide will show how to secure Citrix XepApp server using Azure Multi-Factor Authentication 1. Configuration on XenApp server 2. Configuration on IIS server 3. Configuration on Azure Multi-Factor Authentication server 4. Test authentication 5. Test result - cont. 6. Authenticated

From Azure MFA server, Enable RADIUS authentication -> Add IP address for SSH server(ex, Linux server IP) Target tab -> Windows domain radio button : Windows Domain Authentication is configured(For testing) Now click the Users icon in the left side menu in the Agent Server A user “user1” has been imported from Active Directory Go to the Linux box you will be connecting to via SSH NOTE: In this example we are running Ubuntu,  Refer to the link below “SSH Authentication Using Hosted RADIUS http://www.ironwifi.com/ssh-authentication-ironwifi-radius/ In this example,  root@th-ubuntu:/# cat /etc/raddb/server 10.0.0.5 radius 60 Testing Authentication, phone rings upon entering password. % To enable or disable MFA authentication, open /etc/pam.d/sshd and comment or uncomment “auth required pam_radius_auth.so” % Authentication log, root@th-ubuntu:/etc/pam.d/pam_radius-1.3.17# cat /var/log/auth.log

1. Change RDWeb authentication mode from "Forms" to "Windows" Edit C:\Windows\Web\RDWeb\Pages\web.config     <authentication mode="Windows"/> <!--     <authentication mode="Forms">         <forms loginUrl="default.aspx" name="TSWAAuthHttpOnlyCookie" protection="All" requireSSL="true" />     </authentication> --> . . . <system.webServer> <!--     <modules runAllManagedModulesForAllRequests="true">       <remove name="FormsAuthentication" />       <add name="RDWAFormsAuthenticationModule" type="Microsoft.TerminalServices.Publishing.Portal.FormAuthentication.TSDomainFormsAuthentication" />     </modules>     <security>         <authentication>             <windowsAuthentication enabled="false" />             <anonymousAuthentication enabled="true&q

1.  System Deploy ADFS : th-adfs2012.mfalab3.com ADFS WAP : th-adfs2012wap.mfalab3.com RDWeb : th-rds.mfalab3.com A public IP for ADFS WAP points to ADFS/RDS as well 2.  Setting on ADFS Create a Relying Parth Trust 3.  Setting on ADFS WAP Create WAP Application, Add-WebApplicationProxyApplication -Name 'rdweb' -ExternalUrl 'https://th-rds.mfalab3.com/rdweb/' -BackendServerURL 'https://th-rds.mfalab3.com/rdweb/' -ExternalPreAuthentication ADFS -ADFSRelyingPartyName rdweb1 -ExternalCertificateThumbprint '67D438BDDBB455E53CA83D6F5DEC34CC546F711A' 4.  Setting on RDS Important : Change authentication method to “Windows” https://social.technet.microsoft.com/Forums/office/en-US/999f56fa-a218-41b0-86ee-2845269d93ef/rdweb-authentication?forum=winserverTS 5.  Setting on the Client Computers 6. See how it works

The following resources are used for setting up Azure Linux VM for FTP server. - Linux OS : ubuntu - vsftpd 1. Create a Linux VM with Ubuntu : th-ubuntu.cloudapp.net 2. Setup end point : port 60001, 60002 are added in the example 3. Install vsftpd sudo apt-get install vsftpd 4. Configure /etc/vsftpd.conf : an example attached listen=YES #anonymous_enable=YES local_enable=YES write_enable=YES ls_recurse_enable=NO dirmessage_enable=YES use_localtime=YES xferlog_enable=YES xferlog_std_format=NO log_ftp_protocol=YES connect_from_port_20=YES chown_uploads=NO xferlog_file=/var/log/vsftpd.log ascii_upload_enable=NO ascii_download_enable=NO ftpd_banner=Welcome to Taehee's FTP service. local_root=/home/ftp pam_service_name=vsftpd rsa_cert_file=/etc/ssl/private/vsftpd.pem pasv_enable=YES pasv_min_port=60001 pasv_max_port=60002 port_enable=YES pasv_addr_resolve=NO file_open_mode=0666 local_umask=0022 5. Restart vsftpd, root@th-ubuntu:~# service  vsftpd

Here are a simple step by step guide and instruction how to import/synchronize users from forest/domain trust System deployment example -            AD netbios 1 : th–ad02, Domain 1 : mfalab4.com -            AD netbios 2 : th–ad03, Domain 2 : mfalab5.com Configuration of Forest/Domain trust Check if both domain trust are listed from Multi-Factor Authentication Directory Sync

When Azure subscription is changed,due to a provider change, Azure Multi-Factor Authentication(AKA, MFA) must be unregistered and registered again by following method. 1. Un-register MFA provider, on ADFS Global Authentication Policy, uncheck WindowsAzureMultiFactorAuthentication checkbox. Go to PowerShell prompt, then run PS C:\Program Files\Multi-Factor Authentication Server> Unregister-AdfsAuthenticationProvider –Name "WindowsAzureMultiFactorAuthentication" WARNING: PS0103: The authentication provider was successfully unregistered from the policy store.  Restart the A D FS Windows Service on each server in the farm. Restart ADFS services PS C:\Program Files\Multi-Factor Authentication Server> net stop adfssrv The Active Directory Federation Services service is stopping..... The Active Directory Federation Services service was stopped successfully. PS C:\Program Files\Multi-Factor Authentication Server> net start adfssrv The Active Directo