Update: AAD Connect Advanced Permissions Tool

Update: AAD Connect Advanced Permissions Tool

  •  
  •  
  •  
  •  
  •  
  •  
Update: AAD Connect Advanced Permissions Tool
5 (100%) 1 vote

It’s Two-fer Friday.  I don’t know if it was a thing, but it is now.

Based on received feedback, I have updated the AAD Connect Advanced Permissions tool to check for the Active Directory schema version in addition to the Exchange schema.  The msDS-ExternalDirectoryObjectID attribute was added to the schema as part of both the Exchange 2016 schema update or by updating the schema to Windows Server 2016.

The tl;dr version:

$ADSchema = (Get-ADObject (Get-ADRootDSE).schemaNamingContext -property objectVersion).objectVersion
If ($ADschema -ge 87)
{
$cmd = "dsacls '$DN' /I:S /G '`"$User`":WP;msDS-ExternalDirectoryObjectID;iNetOrgPerson'`n"
$cmd = "dsacls '$DN' /I:S /G '`"$User`":WP;msDS-ExternalDirectoryObjectID;user'`n"
}

There was also an issue reported where the ADSync module was not importing to finish configuring Password Writeback.  I have updated that as well.

Go get you some new AAD Connect Advanced Permissions tool stat.  Of course, if you ran it after deploying Exchange 2016 in your environment, then you don’t need it for this permissions delegation update. And, if you’re not Azure AD Password Writeback, you don’t need the other update, since it won’t affect you anyway.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.