You searched for gMSA - Page 2 of 3 - Windows Active Directory

Automating inactive user account cleanup: beyond “run a script every 90 days”

September 19, 2025

A production-grade playbook for hybrid Active Directory and Microsoft Entra ID (Azure AD) inactive user account cleanup: signals, staged actions, reversibility, and governance—backed by copy‑paste runbooks. On this page Quick definition Why the usual approach breaks First principles Production-ready technical core Implications & trade-offs Expert mental models Misunderstandings &amp…

Active Directory Fundamentals

Removing 'password never expires' accounts

September 17, 2025

Removing “Password Never Expires” Accounts in Active Directory The “Password never expires” setting (the DONT_EXPIRE_PASSWORD userAccountControl flag) is one of those legacy conveniences that quietly turns into a long-term security and compliance problem. This article shows how to find these accounts, decide what “good” looks like per account type, and remove the…

Active Directory Fundamentals

Ensuring compliance for dormant/shared accounts

September 17, 2025

Ensuring Compliance for Dormant and Shared Accounts Dormant accounts and shared accounts are two of the most common identity-control gaps in Active Directory and hybrid environments. They create audit findings because they weaken accountability (who did what?) and increase attack surface (stale credentials, over-permissioning, and silent…

Active Directory Fundamentals

Alerting on 'password never expires' violations

September 17, 2025

Alerting on “Password Never Expires” Violations (Active Directory) This article explains what the “Password never expires” setting actually means in Active Directory, why it is risky, and how to build reliable detection and alerting with minimal noise. Why this matters? A password is a shared secret. Over time, shared secrets…

Active Directory Fundamentals

Risk-based lockout policy tuning

September 17, 2025

Risk-based lockout policy tuning: Cloud vs on-prem comparisons, deep mechanics, and technical implementation Risk-based lockout policy tuning is the practice of adjusting lockout behavior based on the assessed risk of an authentication attempt, rather than relying on a fixed “X failed passwords = lockout” rule. The goal is simple: slow attackers down hard while keeping…

Active Directory Objects

How to detect stale/orphaned service accounts

September 12, 2025

Detecting stale or orphaned service accounts: a modern playbook for AD & Entra Service accounts are the quietest identities in your estate—and the most dangerous when forgotten. They run backups, talk to databases, deploy code, and glue systems together. When those identities become stale (unused) or orphaned (no clear owner), you inherit invisible risk…

AD behind Zero Trust: Asset mapping strategies

September 12, 2025

AD behind Zero Trust: asset mapping strategies Zero Trust fails in predictable ways when the organization can’t answer basic questions like: “What assets exist, who touches them, and what paths connect them?” In enterprises that still run Active Directory Domain Services (AD DS), that question is trickier than it looks—because AD is…

Active Directory Fundamentals

Leveraging AD improvements for hybrid cloud usage

September 12, 2025

Leveraging AD improvements for hybrid cloud usage Hybrid identity is rarely “cloud identity plus legacy AD.” In most enterprises, Active Directory (AD DS) remains the authoritative source for many user and computer identities, authentication policies, and operational workflows—while cloud services depend on Microsoft Entra ID (Azure AD) and…

Active Directory Fundamentals

Active Directory 25-year evolution: what changed, what stayed true, and what comes next

September 5, 2025

Comparative guide AD modernization Hybrid identity Zero trust Kerberos Forest recovery Classic AD → Modernized AD → Hybrid future From castle-and-moat to zero trust and hybrid identity: the AD journey. Quick jump: definition · core mechanisms · classic vs modernized · modernization runbook · implications · mental models · misunderstandings & fixes · forward look · field…

Active Directory Fundamentals

Common misconfigurations exploited in AD attacks

August 22, 2025

Common Misconfigurations Exploited in Active Directory Attacks (and How to Fix Them) Active Directory (AD) attacks rarely start with “zero-days.” In most incidents, attackers win by chaining ordinary configuration mistakes: over-permissive delegation, weak credential hygiene, stale legacy protocols, and brittle Group Policy controls. This…

gMSA

Automating inactive user account cleanup: beyond “run a script every 90 days”

Removing 'password never expires' accounts

Ensuring compliance for dormant/shared accounts

Alerting on 'password never expires' violations

Risk-based lockout policy tuning

How to detect stale/orphaned service accounts

AD behind Zero Trust: Asset mapping strategies

Leveraging AD improvements for hybrid cloud usage

Active Directory 25-year evolution: what changed, what stayed true, and what comes next

Common misconfigurations exploited in AD attacks

Featured Posts

What is Azure Data Factory (ADF)?

How to demote a Domain Controller: A step-by-step guide

Healthcare data Breaches down almost 50 percent in the first month of 2021

Popular with Readers

Active Directory Users and Computers (ADUC) - An introduction and installation guide

Active Directory Sites

Active Directory Password Policy

Recently Added

How to fix slow DNS lookup

Legacy D-Link DSL Routers Exploited via Unauthenticated DNS Hijacking (CVE-2026-0625)

Migrating from AD FS to Azure AD SSO