Federated Infrastructure

I got an unusual request from a customer today. She is in an environment where everyone is currently a domain admin (not a good thing). Although they are taking my advice and moving to a least priviliged scenario, things are sometimes slow in federations...

A question that comes up frequently involving federated customers is how does an organization need to configure its firewalls to allow users in a trusted, but not fully trusted, domain to access their resources. Consider the following scenario: [WEB...

Active Directory Users and Computers (2003 version) provides a feature called Saved Queries that takes advantage of LDAP queries to find objects in Active Directory that might meet a specific condition. When I am working with customers, I am often surprised...

In my work with a large number of federated customers, the unavoidable component of Active Directory design is the age-old question of "How many forests do I need?" This is simple to define, but challenging to discuss in the board room. There are three...

What happens when a federation, each with its own domain, separated by firewalls within a single forest, attempts to implement the Active Directory Connector in a federated fashion? The perception was that this deployment model would be more secure, because...

What does it mean to have a secure environment? Is it proper authentication and access controls? Freedom from viruses and worms? Availability? Acceptable disaster recovery? Freedom from human error? Data integrity? I would argue, and I would assume most...

As a specialist by trade in both technology and financial audit, internal control structures and security play an important role in the work that I do. I came across Steve Riley's Death of the DMZ over broadband the other day and his thesis really hit...