Update to the AAD Connect Advanced Permissions tool

Update to the AAD Connect Advanced Permissions tool

Rate this post

On the recommendation of my good friend Darryl, I’ve added some things to my AAD Connect permissions tool:

  • Better logging of errors.  When running the tool for a large organization that had $ characters in its service account names, the tool would report successful but not leave any log files or indicators where things may have happened.  I’ve added a logging function to it that timestamps and displays output to both the screen and a log file.
  • Updating a few checks before attempting to load/unload modules.  Depending on the order things were run, there were some instances where a Remove-Module would get called without the module having been imported.
  • Updated a check for the Active Directory RSAT.  There were a few places I missed checking for / prompting for the AD RSAT, which resulted in unexplained errors when calling commands that relied upon commands available on DCs or in the RSAT.  My general assumption was that the tool would be run on the AAD Connect server (and, I always install the AD RSAT on the AAD Connect server to assist in troubleshooting), but not everyone does this.

The updated tool is available in the same place as the last: https://gallery.technet.microsoft.com/AD-Advanced-Permissions-49723f74

Reader Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.