We’ve updated our baseline requirements for deploying AAD Connect, so I’ve updated the AAD Connect Network Communications Test to reflect those changes.
- We now allow you to configure AAD Connect using the Hybrid Identity Administrator role, so the tool now checks for it.
… [ Continue reading ]
There are times when your organization (or a customer’s organization) just can’t run the Exchange Hybrid Configuration Wizard. If you’re embarking on one of our strategies to take advantage of Microsoft Teams while your mailboxes are still on-premises, the Exchange Hybrid configuration is the go-to way to get there, since it sets all this stuff up automatically. … [ Continue reading ]
This week, I’m exploring some of the basics of Conditional Access and using it with Microsoft Teams.
In the “legacy” world (the term we attach to most things that aren’t bleeding edge these days), we typically saw organizations build the high, high walls and dig the deep, deep moats (and occasionally fill them with alligators) to keep the bad guys out.… [ Continue reading ]
It’s literally been a year since I’ve updated it–mainly because we haven’t made any significant endpoint changes.
I did detect some CRL endpoint updates and a few other odds and ends for Worldwide Commercial and GCC Moderate, so I’ve updated the AAD Network Communications Test tool accordingly.… [ Continue reading ]
This past week, I’ve been heads down working on an application to take inbound data from one application that doesn’t have a webhook or API available and query a Dynamics 365 instance.
In order to query Dynamics 365 (or any Azure/Microsoft 365 service, to be honest) successfully, you’ll need to work with OAuth. … [ Continue reading ]
Yesterday, I needed to help configure a SharePoint Server 2019 User Profile service to import from local Active Directory using the native SharePoint Active Directory Import.
In order to perform Active Directory Import, the service account you specify must have Replicating Directory Changes permissions.… [ Continue reading ]
Yesterday, a peer brought an interesting problem to me:
His customer had been storing data in the on-premises msExchExtensionCustomAttribute properties for users and wanted to be able to use that data in Exchange Online for filtering and dynamic group membership.… [ Continue reading ]
Or at least, every last one that I know.
Over the years, I’ve amassed quite a collection of these. Yesterday, I was helping out a colleague determine what a particular value meant and referenced a spreadsheet that I’ve been maintaining for my own purposes.… [ Continue reading ]
This week, I’ve got a few updates for the AAD Network Communications Test!
- I’ve moved it to the PowerShell Gallery. You can now install it with PowerShellGet by using the command:
Install-Script -Name AADConnect-CommunicationsTest
- I’ve updated the GCC High and DOD endpoints to the best of my ability (I’m always looking for feedback on this, so if you have new endpoints, be sure to connect with me!)
… [ Continue reading ]
Last week, I began working with a customer that was experiencing what appeared to be a significant amount of updates to a certain group of objects in the local Active Directory. These objects were being imported from another forest as contacts, yet found themselves being updated very frequently by the local AAD Connect instance.… [ Continue reading ]
A new year, a new test!
While troubleshooting a few installation and update issues, I noticed that the endpoints list was a smidgen out of date, so I’ve updated that. For this update, I attached Fiddler (http://www.telerik.com/Fiddler… [ Continue reading ]
Just a quickie post this holiday week.
Many customers have had Exchange on-premises forever. Back in the olden days, we just had user mailboxes. Need a shared team mailbox? You get a user mailbox. Need a conference room mailbox? … [ Continue reading ]
I got caught up in doing this, and now it’s 3:45AM. C’est la vie! My loss of sleep is your threat analysis gain.
I’ve made several updates to the PwnCheck tool (used to query the HaveIBeenPwned.com… [ Continue reading ]
I couldn’t really come up with a cool-sounding title for this post, so I just went with the basics of what it does.
Last week, I worked with a customer that wanted to deploy custom retention labels to custom folders inside a user’s mailbox–the idea being that they would create a custom folder structure such as this under a user’s Inbox:
\Inbox\Retention Schedule\2 Year (apply a 2-year retention label to everything in this folder)
\Inbox\Retention Schedule\4 Year (apply a 4-year retention label to everything in this folder)
\Inbox\Retention Schedule\7 Year (apply a 7-year retention label to everything in this folder)
\Inbox\Retention Schedule\Forever (apply a ‘Never delete’ retention label to everything in this folder)
Seems easy enough, right? … [ Continue reading ]
A few weeks ago, I ran into an issue with a customer. Scenario:
- Customer had configured alternate-id sign in with AAD Connect (the gist is that it flows on-premises mail to cloud UPN)
- Synced identity to tenant
- Tenant did not have any verified domains
As expected, without a matching verified domain in the tenant, UPN suffixes in the tenant were actually set as @tenant.onmicrosoft.com. … [ Continue reading ]