One of my peers this week was looking for a script to help check global DNS resolution for particular records for both replication and geo-loadbalancing testing.
The record types and data he was looking for:
- TXT (for SPF)
- TXT (for DMARC)
This is what I came up with, so maybe it can help someone else.… [ Continue reading ]
Hey, all! One AAD tool update deserves another!
Every so often, I check in to make sure I’m keeping the AAD Connect Network Test Tool as fresh as I can. I’ve made a few changes to the way it works (hopefully which you all think is for the better). … [ Continue reading ]
In part 1 of our adventure, we built an Azure AD lab to support configuring AAD Connect to work as a GalSync engine. In this post, we’ll finish up the configuration. As a reminder, this is the what the overall solution will look like:
And, as I mentioned in part 1:
Please don’t call Premier asking for support on this.… [ Continue reading ]
A few years ago, I worked with one of my close consultant peers to build a GALSync-style solution for a big state government that was going through a divestiture from a single BPOS-D (yes, I am old) and a single managed hosted Exchange environment to multiple O365 multi-tenant instances. … [ Continue reading ]
It’s that time of the year again! I’ve expanded upon an existing feature in the AAD Network Test Tool.
One of the prerequisites listed on the AAD Connect support page is to ensure the Turn on PowerShell Transcription GPO is set to Not Configured. … [ Continue reading ]
Update (7/24): I updated this since the last revision, so if you downloaded it prior to 7/24/2018, get the newest version.
I began working with the product group on rolling in some of the network connectivity and testing checks available in the AAD Connect Network Test tool into the actual AAD Connect product. … [ Continue reading ]
I trotted out the trusty WireShark and Fiddler tools today and ran through the latest iteration of AAD Connect setup. In so doing, I’ve added a few endpoints to the test:
As always, the newest version is available at http://aka.ms/aadnetwork.… [ Continue reading ]
This week, while troubleshooting a networking problem for a customer, I wanted to limit or block network connectivity to some remote endpoints from a test workstation. To accomplish this, I created a quick PowerShell function to null route the traffic (send it to an invalid/null next hop).… [ Continue reading ]
Earlier today, I was notified that the Dynamics 365 network URLs page was updated, so I updated my Dynamics test tool.
But then, I thought, what else could I put in it?
Never one to leave well enough alone, I started tinkering. … [ Continue reading ]
Update: This tool has a new shortlink: http://aka.ms/aadnetwork
Since the tool passed the 500 download mark a few weeks ago, I’ve started getting more questions (internal and external) about a few of the tests and checks. So, I decided to update/refine them to hopefully provide better guidance.… [ Continue reading ]
Yesterday, I was asked if I had developed any testing tools for the Dynamics CRM suite availability—but, never having had to do much with them, I didn’t have anything available. I just built a quick tool today, and it covers all of the endpoints listed at https://support.microsoft.com/en-us/help/2655102/internet-accessible-urls-required-for-connectivity-to-microsoft-dynami and https://msdn.microsoft.com/en-us/library/gg328127.aspx, broken apart by region, with the exception of the following URLs that we have listed:
- https://cloudredirectorsam.cloudapp.net – no valid DNS
- https://cloudredirectorsamsec.cloudapp.net – no valid DNS
- https://www.crmdyntint.com – unregistered domain
- http://*.passport.net – no valid URLs to test
- https://sc.imp.live.com – no valid DNS
- https://cloudredirectornam.cloudapp.net – no valid DNS
- https://cloudredirectornamsec.cloudapp.net – no valid DNS
- https://cloudredirectoreur.cloudapp.net – no valid DNS
- https://cloudredirectoreursec.cloudapp.net – no valid DNS
- https://cloudredirectorapj.cloudapp.net – no valid DNS
- https://cloudredirectorapjsec.cloudapp.net – no valid DNS
- https://cloudredirectorjpn.cloudapp.net – no valid DNS
- https://cloudredirectorjpnsec.cloudapp.net – no valid DNS
- https://dynamicscrmgcc.accesscontrol.usgovcloudapi.net – No valid DNS
- https://cloudredirectoroce.cloudapp.net – No valid DNS
As a note, I haven’t added any of the Azure datacenter IPs in there (since we don’t have any endpoints or ability to stand up generic services in those).… [ Continue reading ]
Over the last couple of days, I’ve updated a few tools that I have published on the gallery. Here’s the run-down:
AAD Connect Network and Name Resolution Test
I’ve been busy with this tool a lot lately, both adding tests and tweaking the way things are done. … [ Continue reading ]
Update: We now have some public documentation available for this as well, so be sure to check there, too! https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-deployment-plans
Imagine this scenario: You’ve been running Active Directory Federation Services (AD FS) since before it was cool, and you’re tired of maintaining that highly available infrastructure (at least 4 servers) and the whole federation thing and its myriad of quirks and drawbacks and headaches (such as alt-id (which is still supported in Pass-through authentication with some caveats, listed below), claims rules, certificates, and the fun of trying to change UPN suffixes from one federated UPN to another).… [ Continue reading ]
A few months ago, I debuted a new tool for AAD Connect deployment (read about it here: AAD Connect Network and Name Resolution Test or download it here: https://gallery.technet.microsoft.com/Azure-AD-Connect-Network-150c20a3) which allows you to test a number of conditions to make sure your server and environment are suitable for deploying AAD Connect.… [ Continue reading ]
Update: I’ve added several additional parts to this tool since it was originally released, including some debug logging, an Azure credential check to ensure that your identity is part of Global Admins, additional cloud endpoint checks, and a more thorough system inventory.… [ Continue reading ]
This week, I had an interesting issue to resolve–one of my customers previously hosting their architecture on-premises was utilizing geo-filtering services provided by their ISP. These geofiltering services were provided at the network layer, so filtered requests never reached the environment.… [ Continue reading ]
I have updated the Office 365 Proxy PAC tool to allow selection of the US Department of Defense XML feed for proxy bypass configurations.
You can see previous updates for the tool:
Update to the Office 365 Proxy PAC tool
Updates to Office 365 Proxy PAC Generator
And of course, the updated tool is available on the TechNet Gallery, with a couple of other bugfixes that some people reported (invalid characters/smart quotes appeared in some versions of the file, which have been corrected): https://gallery.technet.microsoft.com/Office-365-Proxy-Pac-60fb28f7 … [ Continue reading ]
The people have spoken.
I’ve updated the tool with a couple of features:
- Include the Skype for Business IP ranges in the proxy bypass list, since there are occasions that it is necessary.
- Added an option for *all* IP ranges in the XML feed for selected products to be added to the proxy bypass list
- Added an option for *only* IP ranges in the XML feed for selected products to be added to the proxy bypass list
- Added an option to export the IP ranges for selected products to a separate text file.
… [ Continue reading ]
I wrote the original Proxy PAC tool for a customer almost a year ago, and since have added a lot of new functionality. Rather than updating my previous blog posts about it, I thought I would start a fresh thread. If you want some background on how Proxy PAC files work and how to distribute them to your users via GPO or WPAD, I would suggest taking a look at my posts dealing with those topics:
Now, on to the new stuff.… [ Continue reading ]
Several months ago, I released a tool (the Office 365 Proxy Pac Gen) to generate a Proxy Automatic Configuration file that can be used to bypass local proxy servers for Office 365 services. I also wrote a blog (Office 365 PAC file) on using the tool.… [ Continue reading ]