From mi-announce at u.washington.edu Wed Jul 6 10:27:56 2022 From: mi-announce at u.washington.edu (Microsoft Infrastructure Service Announcements) Date: Wed Mar 20 13:41:44 2024 Subject: [mi-announce] NETID domain controller planned changes Message-ID: What: NETID domain controller planned changes UW-IT will promote three new domain controllers and demote four existing domain controllers based on the schedule below. An additional communication will be sent out 2 weeks in advance on the domain controller demotion. When: July 11-15, 2022 - three new domain controllers promoted During the month of August 2022 - four older domain controllers demoted Will be promoted Will be demoted No change Ezra (site: UW) Kanan (site: UW) Obiwan (site: UW) Aayla (site: UW) Barriss (site: UW) Luminara (site: UW) Rey (site: UW) Ahsoka (site:Azure) Leia (site:Azure) What you need to do: If you have an application or code which relies on the NETID Active Directory domain, you may need to adjust its configuration. Known problems: -If your application does not automatically use the Microsoft DC locator process, but instead hard-codes domain controller names or caches domain controller names for an inordinate period of time More info: All Windows computers use the Microsoft DC locator process. Non-Windows computers generally do not, although there are exceptions. If your system does not automatically locate domain controllers, you may need to manually configure and/or take actions that clear any cached information. If you have questions, concerns, or encounter problems as a result of this planned change, please contact us by sending an email to help@uw.edu with "MI DC demotion" in the subject line. Thank you for partnering with Microsoft Infrastructure and Identity & Access Management. Best, ~Anne Anne Tacazon (she/her) | Interim Business Service Manager |Identity & Access Management|UW Information Technology |annedt@uw.edu| University of Washington -------------- next part -------------- An HTML attachment was scrubbed... URL: From mi-announce at u.washington.edu Thu Jul 21 15:15:51 2022 From: mi-announce at u.washington.edu (Microsoft Infrastructure Service Announcements) Date: Wed Mar 20 13:41:44 2024 Subject: [mi-announce] Require LDAP signing for NETID AD: 10/11/2022 Message-ID: What: UW-IT will require LDAP signing for the NETID Active Directory. When: October 11, 2022 What you need to do: Nothing. At this time, we are unaware of any unsigned LDAP activity. More info: Using LDAPS instead of LDAP has been recommended for many years. UW-IT has performed several campaigns to convert applications not using LDAPS which exposed UW NetID passwords on the network. LDAP and LDAPS are in containment and not recommended for application integration, but their use persists due to vendors who haven't adopted modern protocols and technologies. There should be no impact at the time of this change, and new applications won't have the option of a configuration which is inherently insecure. The changes UW-IT will make in specific are: * Change the Default Domain Controllers Policy, adding: 'Domain controller: LDAP server signing requirements'=Require signing per https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements * Change the Default Domain Policy, adding 'Network security: LDAP client signing requirements'=Require signing per https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements Brian Arkills Microsoft Infrastructure service owner UW-IT -------------- next part -------------- An HTML attachment was scrubbed... URL: