Author: Aad Lutgert

Setup Server 2019 Enterprise CA 5/5: Deploy Policy Templates

Previous: Setup Group Policy   After Setting up an Enterprise CA some Certificate policies are available without additional configuration. In this post I will demonstrate how to add Certificate Template and publish it. Deploy Policy Templates   1. On the Subordinate CA start the “Certification Authority” and select “Certificate Templates”. In the right pane all […]

Setup Server 2019 Enterprise CA 4/5: Setup Group Policy

Previous: Subordinate CA   The CA Servers are now configured. Now the domain computers/servers need to trust the certificates which are created by the Subordinate Server. This is done by adding the Root CA certificate to the “Trusted Root Certification Authorities” store.  The certificate can be added in multiple ways, but the easiest way is […]

Setup Server 2019 Enterprise CA 3/5: Subordinate CA

Previous: Offline Root CA   With the Offline Root CA completed, we can now setup of the Subordinate CA server. This server is authorized by the Root CA to issue the certificates. During the setup the CA role will be added and configured. The server will also be authorized by the Root CA  The Subordinate […]

Setup Server 2019 Enterprise CA 2/5: Offline Root CA

Previous: Overview   The Setup will start with the Offline Root CA server. This server will only be used to authorize the Subordinate Server after that it will be turned off and only turned on to renew the Certificate Revocation List (CRL) & Subordinate CA Certificate. The offline CA Server is the OFFENT-CA01 and is […]

Setup Server 2019 Enterprise CA 1/5: Overview

In this Tutorial we’re going to configure a Two-Tier Enterprise PKI with Microsoft Server 2019. The advantage of a Two-Tier Enterprise PKI Hierarchy is that clients only trust the Root CA.  So if a Subordinate server gets compromised the Root CA does not have to be replaced. During normal operation the Root CA will be […]

How to make a synced W10 Hybrid Azure AD device Intune managed

When you normally join a device to the Azure AD and automatic Windows enrollment has been configured. The device will be automatically enrolled in Intune at the moment the device will added to the Azure Active Directory. This will not happen when a device is being synced from the Active Directory to the AzureAD, then […]

How to recreate the AZUREADSSOACC account

To recreate the Azure Active Directory Seamless Single Sign-On (AzureADSSOACC) account follow the following steps:   1. Login on the server where the Azure AD Connector is installed   2. Start PowerShell as administrator and go to the following path c:\program files\Microsoft Azure Active Directory Connect   3. Import the AzureADSSO module: import-module .\AzureADSSO.psd1   […]

Azure AD Dynamic Groups

In the Azure AD there two ways to manage the membership of groups   – Assigned Membership – Dynamic Membership   The difference between the two is the members of the Assigned group are added manually, by selecting the users and/or groups from the Azure AD. To use Assigned Groups you don’t need any additional […]

Passwordless login with Yubikey (FIDO2) on Windows 10 (AzureAD)

Last year in November passwordless sign-in became available for Windows 10 but only for Microsoft accounts. Although this was a major step forward in towards a passwordless world, most companies do not use Microsoft accounts but AD or Azure AD accounts to sign in to computers.  About a month ago the public preview of Azure […]

Autopilot Lab Part 5/5 – Deploy VM with Autopilot

Previous – Autopilot Part 4 – Add VM to Intune 1. Configure the correct Region and press “Yes”     2. Select the Keyboard Layout you are using and presss “Yes”      3. Press “Skip” to continue.     4. Enter your emailadres and press “Next”.     5. Enter your Password and press […]