Scripting

Trapping your favorite exceptions

Like most folks, I hate errors.

As a scripter, I hate seeing blood on the screen–to me, it means failure that I didn’t anticipate.  When you’re trying to put tools out there for other folks to use, nothing toasts your peer’s or customer’s confidence like a tool that doesn’t fix itself or errors out without explanation.… [ Continue reading ]

Identity

Update to the “Find Duplicate Address” tool

Last week, I saw some internal discussion about trying to locate the source of a duplicate object error on-premises.  While an advanced administrator will be able to figure it out by looking at the Connector Spaces for connected directories, it’s not necessarily obvious to a lot of people (especially if you’re not experienced with our identity management products).… [ Continue reading ]

Client

Dynamics 365 Network Test Tool

Yesterday, I was asked if I had developed any testing tools for the Dynamics CRM suite availability—but, never having had to do much with them, I didn’t have anything available.  I just built a quick tool today, and it covers all of the endpoints listed at https://support.microsoft.com/en-us/help/2655102/internet-accessible-urls-required-for-connectivity-to-microsoft-dynami and https://msdn.microsoft.com/en-us/library/gg328127.aspx, broken apart by region, with the exception of the following URLs that we have listed:

  • https://cloudredirectorsam.cloudapp.net – no valid DNS
  • https://cloudredirectorsamsec.cloudapp.net – no valid DNS
  • https://www.crmdyntint.com – unregistered domain
  • http://*.passport.net – no valid URLs to test
  • https://sc.imp.live.com – no valid DNS
  • https://cloudredirectornam.cloudapp.net – no valid DNS
  • https://cloudredirectornamsec.cloudapp.net – no valid DNS
  • https://cloudredirectoreur.cloudapp.net – no valid DNS
  • https://cloudredirectoreursec.cloudapp.net – no valid DNS
  • https://cloudredirectorapj.cloudapp.net – no valid DNS
  • https://cloudredirectorapjsec.cloudapp.net – no valid DNS
  • https://cloudredirectorjpn.cloudapp.net – no valid DNS
  • https://cloudredirectorjpnsec.cloudapp.net – no valid DNS
  • https://dynamicscrmgcc.accesscontrol.usgovcloudapi.net – No valid DNS
  • https://cloudredirectoroce.cloudapp.net – No valid DNS

As a note, I haven’t added any of the Azure datacenter IPs in there (since we don’t have any endpoints or ability to stand up generic services in those).… [ Continue reading ]

Identity

Let’s Go Phishing – Spear Phishing, That Is

Over the last few weeks, we’ve released some great new features for Office 365 Advanced Threat Protection users.  The Attack Simulator has three core components, each of which I’ll cover in a series:

  • Spear Phishing (Credential Harvest)
  • Brute Force Password (Dictionary Attack)
  • Password Spray Attack

For this post, I want to focus on the Spear Phishing campaign.… [ Continue reading ]

Configuration

Updated Tool Roundup!

Over the last couple of days, I’ve updated a few tools that I have published on the gallery.  Here’s the run-down:

AAD Connect Network and Name Resolution Test

I’ve been busy with this tool a lot lately, both adding tests and tweaking the way things are done. … [ Continue reading ]

Configuration

Change from AD FS authentication to Pass-Through Authentication with Seamless SSO

Update: We now have some public documentation available for this as well, so be sure to check there, too! https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-deployment-plans

Imagine this scenario: You’ve been running Active Directory Federation Services (AD FS) since before it was cool, and you’re tired of maintaining that highly available infrastructure (at least 4 servers) and the whole federation thing and its myriad of quirks and drawbacks and headaches (such as alt-id (which is still supported in Pass-through authentication with some caveats, listed below), claims rules, certificates, and the fun of trying to change UPN suffixes from one federated UPN to another).… [ Continue reading ]