AD Sync check
Our customer had an issue recently, with the SGN console not able to push the AD modifications to the SQL database ; as a consequence, all the users went out of the domain, and were not having the regular policy. Customer found the root cause of this issue, which is the adding of a domain in self-reg, with the Netbios name "XX" (existing one), followed with the renaming of the correct one. We know that this action is not done by our APIs, which are only getting the information.
In order to no longer have this situation reproduced (it happened again yesterday), our customer would like to have a security feature implemented, regarding the AD sync ; right before the synchronisation takes place, a good thing would be to check, if the netbios name resolved is matching a name into the database, and, in the case it is not matching, then, to cancel the synchronisation, showing then a clear message into the logs.