Sign in with Microsoft
Sign in or create an account.
Hello,
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.
You cannot install Active Directory Domain Services on a member server ...
You try to install Active Directory Domain Services on a new member server that is running Windows Server 2008 or Windows Server 2008 R2 in a child domain. The DNS communication and LDAP communication is blocked between the new member server that is in the child domain and the forest root domain.
KB5008383—Active Directory permissions updates (CVE-2021-42291)
CVE-2021-42291 addresses a security bypass vulnerability that allows certain users to set arbitrary values on security-sensitive attributes of specific objects stored in Active Directory (AD) or Lightweight Directory Service (LDS).
KB5008102—Active Directory Security Accounts Manager hardening changes ...
This article provides additional details and a frequently asked questions section for the Active Directory Security Accounts Manager (SAM) hardening changes made by Windows updates released on November 9, 2021 and later as documented in CVE-2021-42278.
KB5005413: Mitigating NTLM Relay Attacks on Active Directory ...
To prevent NTLM Relay Attacks on networks with NTLM enabled, domain administrators must ensure that services that permit NTLM authentication make use of protections such as Extended Protection for Authentication (EPA) or signing features such as SMB signing.
KB5004605: Update adds AES encryption protections to the MS-SAMR ...
After installing the July 13, 2021 Windows updates or later Windows updates, Advanced Encryption Standard (AES) encryption will be the preferred method on Windows clients when using the legacy MS-SAMR protocol for password operations if AES encryption is supported by the SAM server.
KB5008102—Active Directory Security Accounts Manager hardening changes ...
This article provides additional details and a frequently asked questions section for the Active Directory Security Accounts Manager (SAM) hardening changes made by Windows updates released on November 9, 2021 and later as documented in CVE-2021-42278.
2020, 2023, and 2024 LDAP channel binding and LDAP signing requirements ...
LDAP channel binding and LDAP signing provide ways to increase the security for communications between LDAP clients and Active Directory domain controllers. A set of unsafe default configurations for LDAP channel binding and LDAP signing exist on Active Directory domain controllers that let LDAP clients communicate with them without enforcing ...
KB5014754: Certificate-based authentication changes on Windows domain ...
Domain administrators can manually map certificates to a user in Active Directory using the altSecurityIdentities attribute of the users Object. There are six supported values for this attribute, with three mappings considered weak (insecure) and the other three considered strong.
Certificate Services (certsvc) doesn't start after upgrade to Windows ...
If you try to manually start the service from Services Management Console (services.msc), the attempt may fail with the following error message: Windows could not start the Active Directory Certificate Services service on Local Computer.
Some Exchange services do not start automatically after installing ...
This behavior occurs because of a timing issue that exists between the Microsoft Exchange Active Directory Topology Service (MSExchangeADTopology) and the WMI Performance Adapter (wmiApSrv) service on Windows Server 2012 R2.