SOLVED

Rebuild Azure AD Connect and Hybrid

%3CLINGO-SUB%20id%3D%22lingo-sub-3288014%22%20slang%3D%22en-US%22%3ERebuild%20Azure%20AD%20Connect%20and%20Hybrid%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3288014%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EThere%20was%20a%20security%20bridge%20through%20a%20ransomware%20in%20the%20local%20company%20servers%20and%20the%20Azure%20AD%20Connect%20is%20not%20working%20anymore.%20It%20is%20not%20possible%20for%20the%20users%20to%20sign%20in%20to%20the%20cloud.%20How%20can%20I%20rebuild%20the%20Hybrid%20environment%20and%20to%20set%20up%20again%20the%26nbsp%3BAzure%20AD%20Connect%3F%20How%20can%20I%20avoid%20in%20the%20future%20such%20hacking%20attacks%3F%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3288014%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EActive%20Directory%20(AD)%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%20Connect%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3289853%22%20slang%3D%22en-US%22%3ERe%3A%20Rebuild%20Azure%20AD%20Connect%20and%20Hybrid%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3289853%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F331904%22%20target%3D%22_blank%22%3E%40AtanasM%3C%2FA%3E%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20wrote%20some%20instructions%20on%20enabling%20AAD%20Connect%20with%20PHS%20and%20compared%20to%20Cloud%20sync%20(if%20plausible%20for%20you)%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.cloudpartner.fi%2F%3Fp%3D4904%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3ESection%204%20%E2%80%93%20Implement%20an%20Identity%20Management%20Solution%20%E2%80%93%20Implement%20and%20manage%20hybrid%20identity%20%E2%80%93%20AADC%2C%20Cloud%20Sync%20and%20PHS%20%E2%80%93%20Set-AzWebApp%20-name%20%22Anything%20Microsoft%20and%20other%20stuff%20on%20the%20side%22%20(cloudpartner.fi)%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAnd%20for%20PTA%2C%20SSO%20and%20ADFS%20integration%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.cloudpartner.fi%2F%3Fp%3D5119%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3ESection%205%20%E2%80%93%20Implement%20an%20Identity%20Management%20Solution%20%E2%80%93%20Implement%20and%20manage%20hybrid%20identity%20%E2%80%93%20PTA%2C%20SSO%20and%20ADFS%20%E2%80%93%20Set-AzWebApp%20-name%20%22Anything%20Microsoft%20and%20other%20stuff%20on%20the%20side%22%20(cloudpartner.fi)%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20first%20security%20practices%20are%20to%20use%20the%20new%20Hybrid%20Administrator%20as%20sync%20account%20and%20treat%20your%20AAD%20Connect%20servers%20as%20Tier0%20servers%2C%20just%20like%20Domain%20controllers%20and%20ADFS.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ENever%20give%20too%20much%20rights%20for%20anyone%20and%20use%20different%20accounts%2C%20preferably%20GMSA%20accounts%2C%20not%20single%20users.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHope%20this%20helps%2C%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3288034%22%20slang%3D%22en-US%22%3ERe%3A%20Rebuild%20Azure%20AD%20Connect%20and%20Hybrid%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3288034%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20AtanasM!%3CBR%20%2F%3EWhat%20authentication%20model%20are%20you%20using%20(PHS%2FPTS%2FFederation)%3F%20Based%20on%20your%20description%20that%20users%20can't%20login%2C%20it's%20probably%20not%20PHS.%20Are%20federation%20servers%20or%20PTA%20agents%20server%20available%3F%20Maybe%20the%20better%20option%20is%20to%20build%20a%20new%20server%20and%20make%20the%20that%20primary%20and%20then%20remove%20AADConnect%20from%20the%20current%20one.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ep%2Fs%20you%20can%20use%20PHS%20as%20a%20failover%20to%20PTA%20and%20Federate%3C%2FP%3E%3C%2FLINGO-BODY%3E
Frequent Contributor

There was a security bridge through a ransomware in the local company servers and the Azure AD Connect is not working anymore. It is not possible for the users to sign in to the cloud. How can I rebuild the Hybrid environment and to set up again the Azure AD Connect? How can I avoid in the future such hacking attacks?

2 Replies

Hello AtanasM!
What authentication model are you using (PHS/PTS/Federation)? Based on your description that users can't login, it's probably not PHS. Are federation servers or PTA agents server available? Maybe the better option is to build a new server and make the that primary and then remove AADConnect from the current one.

 

p/s you can use PHS as a failover to PTA and Federate

best response confirmed by AtanasM (Frequent Contributor)
Solution

Hi @AtanasM,

 

I wrote some instructions on enabling AAD Connect with PHS and compared to Cloud sync (if plausible for you) Section 4 – Implement an Identity Management Solution – Implement and manage hybrid identity – AADC,...

 

And for PTA, SSO and ADFS integration Section 5 – Implement an Identity Management Solution – Implement and manage hybrid identity – PTA, ... 

 

The first security practices are to use the new Hybrid Administrator as sync account and treat your AAD Connect servers as Tier0 servers, just like Domain controllers and ADFS.

 

Never give too much rights for anyone and use different accounts, preferably GMSA accounts, not single users.

 

Hope this helps,