Articles by 'Ed Bratter'

By Ed Bratter, Posted in Infrastructure

If you are confused about Azure AD hybrid join, what it is, when to use it, and how to set it up - keep reading. Azure AD hybrid join is for Windows devices and is one of three methods to associate devices to Azure AD: Azure AD registered, Azure AD joined, and Hybrid Azure AD joined. This article focuses exclusively on Azure AD hybrid joins and for organizations that use either pass-the-hash (PTA) authentication or pass-through-authentication (PTA). If you are using federated management via AD FS or third-p... read more.

• January 27, 2023

By Ed Bratter, Posted in Infrastructure, Security

One of the benefits of Microsoft 365 is the ability for users to collaborate and share with co-workers, clients, vendors, partners, and people external to the organization. This benefit, however, comes with a downside; users can either purposely or inadvertently expose information that the organization would not want shared externally.   To complicate matters, newly established tenants leave the door wide-open for publishing data to external entities. As a result, users can share data with outside ind... read more.

• July 27, 2021

By Ed Bratter, Posted in Infrastructure

Just wait one damn moment, please. I wonder how many of my fellow IT professionals have experienced some variation of this: You walk into the office on a sunny morning thinking about the tasks you need to do for the day. Before you get to your desk, you run into your manager, who says she needs you to attend a meeting in the conference room in 30 minutes. You grab a cup of coffee, do a couple of quick things, and stroll down the hall wondering what this could be about. You walk into the conference room, wh... read more.

• April 03, 2020

By Ed Bratter, Posted in Infrastructure

Arguably one of the more tedious tasks when building Exchange servers is configuring the disks and volumes. Even in smaller environments, where there may be only two or three databases, the actual number of volumes gets multiplied by the number of copies in the DAG. Consider an Exchange organization that has three databases with three copies of each database. From a configuration perspective that’s nine volumes that need to be configured. Disk Manager does not provide an efficient way to do this. Ther... read more.

• April 02, 2020

By Ed Bratter, Posted in Infrastructure, Security

Perhaps one of the most popular features of Exchange is the ability to connect Outlook running on a PC to Exchange over the Internet when outside the corporate network without the need to establish a VPN connection. This feature was introduced with Exchange 2003 and is called Outlook Anywhere. Of course, convenience always comes at a price: once enabled, Outlook Anywhere allows anyone with Outlook to connect to Exchange from any PC regardless of who owns it. Many organizations want or need to restrict Outlo... read more.

• January 10, 2020

By Ed Bratter, Posted in Security

As a consultant in the Active Directory (AD) space, I see a lot of AD environments up close. One theme that has become painfully clear to me is that we, as the gatekeepers of Active Directory, are not doing a good enough job of securing our kingdom. Even the organizations that put a strong emphasis on security come up short in one way or another. This is often because the security professionals are focused on other areas of the network such as firewalls or intrusion detection. Those security professionals... read more.

• April 21, 2016

By Ed Bratter, Posted in Uncategorized

Background If your organization has deployed a Microsoft Certificate Authority (CA) for its PKI solution, your users probably started inquiring recently what the yellow triangle in the address bar of Google Chrome is all about (if they haven’t, either you are ahead of the curve or your users are… Well, I won’t go down that slippery slope). When clicking on the padlock, additional information shows that the website is encrypted with obsolete cryptography. Additionally, there is a reference that SHA1... read more.

• May 20, 2015

By Ed Bratter, Posted in Uncategorized

Exchange 2010 and Exchange 2013 offer several different methods to recover from mailbox server failures. One such method is known as database portability, which allows a mailbox database that was mounted on one mailbox server to be remounted on a different mailbox server. This can be helpful when there is a server failure and the physical database files are still intact (and, of course, a different copy of the database is not available to be activated if the server is a member of a DAG). In the exampl... read more.

• April 21, 2014

By Ed Bratter, Posted in Uncategorized

With Exchange 2003 end of support on the horizon (April, 2014) and Exchange 2013 migrations hitting full stride, those of us in the trenches are beginning to experience the road bumps that are encountered when performing an Exchange 2013 migration from Exchange 2007/2010. (There is no direct migration path from Exchange 2003 to Exchange 2013). One of the architectural changes in Exchange 2013 is the way Outlook clients connect to Exchange. Gone is RPC over TCP connectivity that has existed since the earl... read more.

• October 15, 2013

By Ed Bratter, Posted in Uncategorized

So you have a disaster recovery center, you have a playbook that provides specific instructions on how to bring it online in the event of a disaster, and you test the plan once a year – but are you really as prepared as you think you are? For many of us in the Northeast, Hurricane Sandy gave us the opportunity to find out. I’d like to share an experience that made me rethink the way we approach disaster planning and testing. I had a customer who thought they were well prepared, but when disaster struck –... read more.

• January 30, 2013