Name Suffix Routing into the rescue publishing Non-Claims-Aware application using Kerberos Constrained Delegation

Last week I faced a challenge publishing non-claims-aware application (SharePoint 2013) using Kerberos Constrained Delegation (KCD) by Web Application Proxy (WAP).

ADFS cross forest Mirosoft Intune Infrastructure

The customer environment consists of a multi-forest active directory where user accounts and server objects each stored in a separate forest. Due to the introduction of Microsoft Enterprise Mobility Suite (EMS) we added a public User Principal Name (UPN) which was required to log on using a public domain namespace.

Continue reading “Name Suffix Routing into the rescue publishing Non-Claims-Aware application using Kerberos Constrained Delegation”

Apply computer account AD membership changes without reboot required

Applying AD group membership changes for computer account(s) without a reboot required? Use klist.exe (Kerberos List) which is part of the Windows 2003 Resource Kit tools. Install the resource toolkit and copy klist.exe to the appropriate computer.

Start a CMD-box  in elevated rights after the computer account is added to the appropriate AD security group and use the following command to purge kerberos ticket on the affected computer:

“klist.exe purge”

As simple as that…