Configuration

AAD Connect, a dedicated resource forest, a custom connector, and a bunch of transform rules: a GalSync story (Part 2)

In part 1 of our adventure, we built an Azure AD lab to support configuring AAD Connect to work as a GalSync engine. In this post, we’ll finish up the configuration.  As a reminder, this is the what the overall solution will look like:

And, as I mentioned in part 1:

Please don’t call Premier asking for support on this.[ Continue reading ]

Configuration

AAD Connect, a dedicated resource forest, a custom connector, and a bunch of transform rules: a GalSync story (Part 1)

A few years ago, I worked with one of my close consultant peers to build a GALSync-style solution for a big state government that was going through a divestiture from a single BPOS-D (yes, I am old) and a single managed hosted Exchange environment to multiple O365 multi-tenant instances. … [ Continue reading ]

Configuration

Update: AAD Connect Network Test Tool

I trotted out the trusty WireShark and Fiddler tools today and ran through the latest iteration of AAD Connect setup.  In so doing, I’ve added a few endpoints to the test:

$CRL
http://ocsp.msocsp.com

$RequiredResources
adminwebservice-s1-co2.microsoftonline.com

$RequiredResourcesEndpoints
https://adminwebservice-s1-co2.microsoftonline.com/provisioningwebservice.svc

As always, the newest version is available at http://aka.ms/aadnetwork.… [ Continue reading ]

Client

Dynamics 365 Network Test Tool

Yesterday, I was asked if I had developed any testing tools for the Dynamics CRM suite availability—but, never having had to do much with them, I didn’t have anything available.  I just built a quick tool today, and it covers all of the endpoints listed at https://support.microsoft.com/en-us/help/2655102/internet-accessible-urls-required-for-connectivity-to-microsoft-dynami and https://msdn.microsoft.com/en-us/library/gg328127.aspx, broken apart by region, with the exception of the following URLs that we have listed:

  • https://cloudredirectorsam.cloudapp.net – no valid DNS
  • https://cloudredirectorsamsec.cloudapp.net – no valid DNS
  • https://www.crmdyntint.com – unregistered domain
  • http://*.passport.net – no valid URLs to test
  • https://sc.imp.live.com – no valid DNS
  • https://cloudredirectornam.cloudapp.net – no valid DNS
  • https://cloudredirectornamsec.cloudapp.net – no valid DNS
  • https://cloudredirectoreur.cloudapp.net – no valid DNS
  • https://cloudredirectoreursec.cloudapp.net – no valid DNS
  • https://cloudredirectorapj.cloudapp.net – no valid DNS
  • https://cloudredirectorapjsec.cloudapp.net – no valid DNS
  • https://cloudredirectorjpn.cloudapp.net – no valid DNS
  • https://cloudredirectorjpnsec.cloudapp.net – no valid DNS
  • https://dynamicscrmgcc.accesscontrol.usgovcloudapi.net – No valid DNS
  • https://cloudredirectoroce.cloudapp.net – No valid DNS

As a note, I haven’t added any of the Azure datacenter IPs in there (since we don’t have any endpoints or ability to stand up generic services in those).… [ Continue reading ]

Configuration

Change from AD FS authentication to Pass-Through Authentication with Seamless SSO

Update: We now have some public documentation available for this as well, so be sure to check there, too! https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-deployment-plans

Imagine this scenario: You’ve been running Active Directory Federation Services (AD FS) since before it was cool, and you’re tired of maintaining that highly available infrastructure (at least 4 servers) and the whole federation thing and its myriad of quirks and drawbacks and headaches (such as alt-id (which is still supported in Pass-through authentication with some caveats, listed below), claims rules, certificates, and the fun of trying to change UPN suffixes from one federated UPN to another).… [ Continue reading ]

Configuration

Update to the AAD Connect Network and Name Resolution Test Tool

A few months ago, I debuted a new tool for AAD Connect deployment (read about it here: AAD Connect Network and Name Resolution Test or download it here: https://gallery.technet.microsoft.com/Azure-AD-Connect-Network-150c20a3) which allows you to test a number of conditions to make sure your server and environment are suitable for deploying AAD Connect.… [ Continue reading ]

Configuration

Update to the Office 365 Proxy PAC Tool

I have updated the Office 365 Proxy PAC tool to allow selection of the US Department of Defense XML feed for proxy bypass configurations.

You can see previous updates for the tool:

Update to the Office 365 Proxy PAC tool

Updates to Office 365 Proxy PAC Generator

And of course, the updated tool is available on the TechNet Gallery, with a couple of other bugfixes that some people reported (invalid characters/smart quotes appeared in some versions of the file, which have been corrected): https://gallery.technet.microsoft.com/Office-365-Proxy-Pac-60fb28f7 [ Continue reading ]

Configuration

Update to the Office 365 Proxy PAC tool

The people have spoken.

I’ve updated the tool with a couple of features:

  • Include the Skype for Business IP ranges in the proxy bypass list, since there are occasions that it is necessary.
  • Added an option for *all* IP ranges in the XML feed for selected products to be added to the proxy bypass list
  • Added an option for *only* IP ranges in the XML feed for selected products to be added to the proxy bypass list
  • Added an option to export the IP ranges for selected products to a separate text file.
[ Continue reading ]