Update to the AAD Connect Advanced Permissions tool

Update to the AAD Connect Advanced Permissions tool

  •  
  •  
  •  
  •  
  •  
  •  

It’s been a while since I’ve updated this popular tool, and the need was brought to my attention by a peer who noticed an attribute being exported to on-premises AD (but failing):

As it turns out, the msDS-KeyCredentialLink is required for Windows Hello for Business Hybrid.

I’ve updated the permissions tool to handle the msDS-KeyCredentialLink attribute (which is used in Windows Hello for Business).  I’m sure there are some weird edge cases, so I’ve not only added the user to the Key Admins group, but I have also delegated RP and WP on the objects directly (I’m a belt and suspenders kind of guy).

Go grab the new version at http://aka.ms/aadpermissions.

Published by Aaron Guilmette

Helping companies conquer inferior technology since 1997. I spend my time developing and implementing technology solutions so people can spend less time with technology. Specialties: Active Directory and Exchange consulting and deployment, Virtualization, Disaster Recovery, Office 365, datacenter migration/consolidation, cheese.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.