Update to the AAD Connect Advanced Permissions tool

Update to the AAD Connect Advanced Permissions tool

Be the first to vote!

On the recommendation of my good friend Darryl, I’ve added some things to my AAD Connect permissions tool:

  • Better logging of errors.  When running the tool for a large organization that had $ characters in its service account names, the tool would report successful but not leave any log files or indicators where things may have happened.  I’ve added a logging function to it that timestamps and displays output to both the screen and a log file.
  • Updating a few checks before attempting to load/unload modules.  Depending on the order things were run, there were some instances where a Remove-Module would get called without the module having been imported.
  • Updated a check for the Active Directory RSAT.  There were a few places I missed checking for / prompting for the AD RSAT, which resulted in unexplained errors when calling commands that relied upon commands available on DCs or in the RSAT.  My general assumption was that the tool would be run on the AAD Connect server (and, I always install the AD RSAT on the AAD Connect server to assist in troubleshooting), but not everyone does this.

The updated tool is available in the same place as the last: https://gallery.technet.microsoft.com/AD-Advanced-Permissions-49723f74

Published by Aaron Guilmette

Helping companies conquer inferior technology since 1997. I spend my time developing and implementing technology solutions so people can spend less time with technology. Specialties: Active Directory and Exchange consulting and deployment, Virtualization, Disaster Recovery, Office 365, datacenter migration/consolidation, cheese. View all posts by Aaron Guilmette

Reader Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Exit mobile version