IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [active-directory]

Active Directory (AD) is a directory service created by Microsoft for Windows domain networks. It provides a central location for network administration and security.

An advanced, hierarchical directory service that comes with Windows servers and used for managing permissions and user access to network resources. Introduced in Windows 2000, Active Directory is a domain-based network that is structured like the Internet's Domain Naming System (DNS). Using the LDAP directory access protocol, a company's workgroups (departments, sections, offices, etc.) are assigned domain names similar to Web addresses, and any LDAP-compliant Windows, Mac, Unix or Linux client can access them.

239 questions
0
votes
1 answer

Digital signatures in a corporate network

I'm going to implement digital signatures for corporate use. For that, I would develop an application for signatures, generate public/private keys for all employees and store private keys in the Active Directory database. To sign the document in…
Leeloo
  • 113
  • 3
0
votes
2 answers

Windows Active Directory: How do endpoints authenticate the Domain Controller?

Windows Active Directory is based on Kerberos and LDAP. When authenticating via the Domain Controller, how does my endpoint know that it's really speaking to the DC? Likewise, AD can be used to authenticate for services hosted on other machines…
SRobertJames
  • 245
  • 1
  • 7
0
votes
1 answer

Implications of joining the active directory domain with the domain administrator

I always used the domain administrator to join the active directory domain, but I've never set up more than a few machines. Is that considered a security risk, is the end-user somehow able to obtain the domain administrators password? Are there any…
boolean.is.null
  • 255
  • 1
  • 7
0
votes
1 answer

What do I need to ask 3rd party to add trust

We have ADFS and want to add a 3rd party application as trusted to it. I have certificate and metadata (xml) URI to give them but want to have a checklist what they need to give me. So far HTTP location of their federation server which active…
Rott
  • 15
  • 3
0
votes
1 answer

Active directory based permissions SID, username or email?

My application has a table with the permissions to the screen it has. Which of the following should I use to store the permissions against: sid username email other It's in an internal enterprise
j. doe
  • 55
  • 5
0
votes
1 answer

ADFS Self-signed Certificate

I can't find an answer to this, so I'm hoping you good people will know. I'm about to install ADFS into Production including a Web Application Proxy in the DMZ. When WAP is joined to a farm or a single ADFS server, it generates a self-signed…
Paul G
  • 3
  • 5
0
votes
1 answer

Client app auto-updating passwords, no SSO

My customer has an ActiveDirectory server and a work server, both without SSO. Employees use their ActiveDirectory account to connect to the work server. They change passwords every month. My app connects to the work server. My app can use SSO, or…
Nicolas Raoul
  • 1,276
  • 2
  • 12
  • 17
0
votes
2 answers

Compromised server name and port number of a SQL Server DB Server

I would like to get an expert opinion on how dangerous is it to have the database server name and SQL server instance and port number compromised by accidentally exposing it in source code snippet posted on the internet. A connection string was…
Paceman
  • 101
  • 2
0
votes
1 answer

Active Directory password complexity based onto entropy

I am evaluating the possibility to enable password complexity rules into my Active Directory, but the rules it offers are for me not good. So I would like to have a complexity rule based onto only two factors: password length: at least 12/14/16…
robob
  • 243
  • 2
  • 8
0
votes
2 answers

password strength audits and mitigations

Reading this article about detecting bad passwords in the enterprise, made me want to ask if anyone here has attempted any audit like this. It would be an effective attack: There may be a good password complexity policy and a good account lockout…
mcgyver5
  • 6,807
  • 2
  • 24
  • 45
-1
votes
1 answer

Routable Domain for DC?

What is the impact of having a routable domain name in windows network infrastucture ? Having example.com in place of exemple.local as domain name have an critical impact ? if yes what should I keep in mind during the installation of the…
Sébastien Degrève
  • 1
  • 1
  • 1
-1
votes
3 answers

How to limit Administrators by day of the week

I have 69 Administrators in AD and I have noticed they are doing all kinds of whacky (and untrustworthy) things. This is an audit nightmare, and I was wondering if there is a way to disable an Admin on, say, every Monday and Wednesday?
J J test
  • 13
  • 1
-1
votes
1 answer

windows authentication vs ADFS

I have an ASP.NET website hosted on premises and only accessible by my company. I discovered that if I connect it to a server in the DMZ (open to the internet) even though the IIS folder is set to Windows authentication it still works in all…
j. doe
  • 55
  • 5
-1
votes
1 answer

Is my AD password sent in plain text then encrypted?

how does an application authenticate with AD credentials? Are the credentials sent in plain text? or are they encrypted before it checks with AD to validate the user?
user6934502
  • 1
  • 2
1 2 3
15
16