The hosting venue has changed to serve you better.
Over the last few weeks, I’ve been noodling on a good way to get B2B synchronization to work (similar to cross-tenant synchronization) involving Microsoft 365 Government Community Cloud High (GCCH) and Microsoft 365 Worldwide/Commercial.
While there is a preview available for cross-cloud synchronization, it’s a ways off from being generally available.… [ Continue reading ]
One of the things that’s difficult about documenting an environment is figuring out who has what role memberships. What makes finding this information frustrating from an automation and formatting perspective is that it’s difficult to get the necessary properties of various commands to come together easily.… [ Continue reading ]
I’ve had a few customers ask for information on how to detect account expirations in Active Directory. There are a number of ways to do it, but one of the more interesting ways is to compute the expiration based on the accountExpires attribute.… [ Continue reading ]
When attempting to migrate a Microsoft 365 organization from federated authentication to Password Hash Sync, there are a couple of gotchas that can impact how you manage certain accounts. These changes in authentication behavior determine whether you need to implement new workflows or business processes–changes surrounding expired accounts and accounts flagged to force password change on next logon.… [ Continue reading ]
While working on a unique tenant-to-tenant migration, we were going to be synchronizing a significant number of identities that had already been hybrid moved to a tenant from an on-premises Exchange organization.
Since they had existing values in msExchMailboxGuid, there was a likelihood that they might not be synchronized as just user identities–even though they were set with the msExchRecipientDisplayType of 6 (RemoteMailUser) and msExchRecipientTypeDetails of 128 (MailUser). … [ Continue reading ]
It’s been a busy day heading into the weekend, for sure!
I’ve refreshed the Azure AD Connect Communications Test tool (and sad that I gave it such a pigeonholed name). It’s got new endpoints for GCCH and I’ve cleaned up some deprecated package management tool downloads in it.… [ Continue reading ]
So today, one of my former peers posed an interesting question to me:
Suppose I have customer that a bunch of service accounts that have on-premises mailboxes and need the object to show up in the cloud GAL, but the security organization maintains that those accounts must not be allowed to log into Azure AD. … [ Continue reading ]
While working with a customer over the past few weeks implementing a new AAD Connect synchronization rule to disable expired accounts, we wanted to evaluate how many accounts might be selected by such a rule.
Checking hundreds, thousands, or even tens of thousands of accounts by hand doesn’t rank high on anyone’s list–fortunately, that’s what PowerShell was made for.… [ Continue reading ]
When attempting to migrate a Microsoft 365 organization from federated authentication to Password Hash Sync, there are a couple of gotchas that can impact how you manage certain accounts. These changes in authentication behavior determine whether you need to implement new workflows or business processes–changes surrounding expired accounts and accounts flagged to force password change on next logon.… [ Continue reading ]
It’s been a few months since I’ve updated this tool, but feedback from two individuals led me to a couple of small updates:
Hey! As we enter the waning days of summer, I wanted to update a tool that I’ve had sitting around for a while.
Years ago, when I was in Microsoft Consulting Services, I ran into one particular customer that had manually populated the mail property of thousands of service accounts, groups, vendor accounts, and contacts–not with the object or user’s individual email address, but with the email address of the person who managed the AD object. … [ Continue reading ]
A few years back, I created a script for a customer to help find broken AD object inheritance during an Exchange migration. I then created a blog post to go through it.
However, time has marched on and the TechNet Gallery fell off the face of the earth, and I needed to update this. … [ Continue reading ]
We’ve updated our baseline requirements for deploying AAD Connect, so I’ve updated the AAD Connect Network Communications Test to reflect those changes.
Key changes:
There are times when your organization (or a customer’s organization) just can’t run the Exchange Hybrid Configuration Wizard. If you’re embarking on one of our strategies to take advantage of Microsoft Teams while your mailboxes are still on-premises, the Exchange Hybrid configuration is the go-to way to get there, since it sets all this stuff up automatically. … [ Continue reading ]
This week, I’m exploring some of the basics of Conditional Access and using it with Microsoft Teams.
In the “legacy” world (the term we attach to most things that aren’t bleeding edge these days), we typically saw organizations build the high, high walls and dig the deep, deep moats (and occasionally fill them with alligators) to keep the bad guys out.… [ Continue reading ]