Microsoft has just published the Active Directory Authentication Library (ADAL) for Java. Such as ADAL for Android and iOS, the source code and a sample application can be found and downloaded from GitHub: https://github.com/MSOpenTech/azure-activedirectory-library-for-java.
Note-to-self: Microsoft has published lot of new Azure Active Directory (AAD) content after //build:
- Authentication Scenarios for Azure AD, http://msdn.microsoft.com/en-us/library/azure/dn499820.aspx
- Azure AD Samples and Documentation, https://github.com/AzureADSamples
- New samples index in MSDN, http://msdn.microsoft.com/en-us/library/azure/dn646737.aspx
Yesterday was a really great day, because Microsoft released or published the DirectAccess Client Troubleshooting tool on Microsoft Downloads.
But what’s the DirectAccess Client Troubleshooting Tool? Well, here’s a very short description:
The DirectAccess Client Troubleshooting Tool is a graphical application, based on the .NET Framework, which checks the health of a DirectAccess client by running various tests. The following tests are currently implemented:
- Network interfaces
- Network location (NLS and NRPT DNS)
- IP connectivity (6to4, Teredo, IPHTTPS, entry point in a multisite setup, DNS)
- Windows Firewall (applied profile, Firewall outbound rules)
- Certificates (EKU Client Authentication, trust chain for AIA and CRL)
- IPsec infrastructure tunnel (Domain SysVol share)
- IPsec intranet tunnel (PING and HTTP probes)
And there are more “hidden” features that I will describe in a next blog. Oh and yes, the development team of this tool is working on the next release, which will include even more awesome features!
Go and crab your copy from http://www.microsoft.com/en-us/download/details.aspx?id=41938
And here just another one “must read”: http://blogs.msdn.com/b/windowsazure/archive/2014/01/07/new-windows-azure-network-security-whitepaper.aspx.
Interesting whitepaper about the circumstances under which the use of pre-boot authentication with BitLocker is recommended. You can grab a copy of it here http://www.microsoft.com/en-us/download/details.aspx?id=41671.
Released last week – the BPA (Best Practice Analyzer) for DirectAccess based on Windows Server 2012! The BPA scans the DA configuration and lists the found issues in a sortable list.
You can find the BPA for DA on http://www.microsoft.com/en-us/download/details.aspx?id=41178.
And in addition to the three new Connector, Microsoft has shipped a new hotfix rollup package for FIM 2010 R2 as well:
After a couple of months, the three new FIM 2010 R2 Connectors have left the RC phase and are now GA! Here’s a short overview about the three new Connectors:
Windows Azure Active Directory Connector
This Connector can be used in scenarios not supported by DirSync, for example multi-forest or non-AD. The Connector comes with sample code and configuration for a resource/account-forest scenario. For more information, please refer to the TechNet documentation: http://go.microsoft.com/fwlink/?LinkID=330371.
This Connector will allow you to connect to an LDAPv3 compliant directory. It currently supports the same LDAP directories (IBM, Novell, and Oracle) we ship with FIM 2010 R2 and will over time replace the built-in LDAP Management Agents. For more information, please refer to the TechNet documentation: http://go.microsoft.com/fwlink/?LinkID=270179.
SharePoint User Profile Store
This Connector will connect to the SharePoint User Profile Store and can be used as a replacement for the built-in synchronization engine which comes with SharePoint, for example in mulit-forest or non-AD scenarios. For more information, please refer to the TechNet documentation: http://go.microsoft.com/fwlink/?LinkID=331344.
Yesterday, I worked on a DirectAccess case where the IPv6 address disappeared on one of the two ISATAP adapters on a Directaccess server. We’ve found the solution by running the following netsh command, which outputs the configuration of the specified ISATAP adapter. Oh btw, you should use the interface ID of the “internal” ISATAP adapter (there is one ISATAP adapter for each network interface):
netsh int ipv6 show int <InterfaceID>
The most interesting part of the output are the following two lines:
Forwarding : disabled
Advertising : disabled
The problem was, that both settings Forwarding and Advertising were set to disabled. However, they have to be enabled in order to work – so that an IPv6 address is set on the adapter. So after executing the command netsh interface ipv6 set interface <InterfaceID> forwarding=enabled advertise=enabled, everything worked as expected.
Microsoft has just published lot of new Remote Access (DirectAccess) content on TechNet, which is great news. For example, you can find now a list of all available hotfixes for Windows Server 2012, Windows 8 and Windows 7 client computers, or a list of all Product Group unsupported scenarios.
- DirectAccess Known Issues, http://technet.microsoft.com/en-us/library/dn464275.aspx
- DirectAccess Unsupported Configurations, http://technet.microsoft.com/en-us/library/dn464274.aspx
- DirectAccess Prerequisites, http://technet.microsoft.com/en-us/library/dn464273.aspx