Update to the AAD Connect Advanced Permissions tool

Update to the AAD Connect Advanced Permissions tool

  •  
  •  
  •  
  •  
  •  
  •  
Update to the AAD Connect Advanced Permissions tool
4.7 (93.33%) 3 vote[s]

It’s been a while since I’ve updated this popular tool, and the need was brought to my attention by a peer who noticed an attribute being exported to on-premises AD (but failing):

As it turns out, the msDS-KeyCredentialLink is required for Windows Hello for Business Hybrid.

I’ve updated the permissions tool to handle the msDS-KeyCredentialLink attribute (which is used in Windows Hello for Business).  I’m sure there are some weird edge cases, so I’ve not only added the user to the Key Admins group, but I have also delegated RP and WP on the objects directly (I’m a belt and suspenders kind of guy).

Go grab the new version at http://aka.ms/aadpermissions.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.