The hosting venue has changed to serve you better.
If you’re like a lot of folks, you probably click through dialog boxes and prompts on autopilot because you (think) you’ve seen them a million times. Sometimes, though, that can have unwanted (but not necessarily unexpected) consequences.
For example, let’s say you are working with a variety of Microsoft 365 tenants (such as a dev and production tenant), and as such, you create multiple Edge browser profiles.… [ Continue reading ]
While working on a recent tenant-to-tenant migration, I wanted to start updating my tooling to work with the new MgGraph cmdlets. Am I the only one that thinks “MgGraph” sounds like a value meal?
Anyway.
During the connection process, I ran into this error:
… [ Continue reading ]AADSTS50105: Your administrator has configured the application Microsoft Graph Command Line Tools (’14d82eec-204b-4c2f-b7e8-296a70dab67e’) to block users unless they are specifically granted (‘assigned’) access to the application.
One of the things that’s difficult about documenting an environment is figuring out who has what role memberships. What makes finding this information frustrating from an automation and formatting perspective is that it’s difficult to get the necessary properties of various commands to come together easily.… [ Continue reading ]
If you’ve ever been involved in tenant-to-tenant migrations, getting an accounting for which users are consuming which licenses is part of the job. When you’re working with large shared infrastructures with lots of different SKUs and license assignments, it goes from being a chore to a full-on headache sometimes.… [ Continue reading ]
Howdy!
Here’s a great tip that I recently put into practice again for a Microsoft 365 tenant-to-tenant migration. As you (should) know, a custom domain can only be verified in a single Microsoft 365 tenant. When performing tenant-to-tenant migrations, at some point, you need to remove the domain from the source tenant and add to the target tenant–but you can’t do that when the domain is already attached to mailboxes that you’re actively migrating.… [ Continue reading ]
I’ve had a few customers ask for information on how to detect account expirations in Active Directory. There are a number of ways to do it, but one of the more interesting ways is to compute the expiration based on the accountExpires attribute.… [ Continue reading ]
For folks studying for either the MS-100 exam (or the new MS-102 exam), I’ve just dropped a new book. While the MS-102 exam has about 25-30% content difference, much of the content is the same as the MS-100 exam it replaces.… [ Continue reading ]
Sometimes, progress for progress’s sake is just annoyance.
Such as the new context menu for Windows 11. You know what I’m talking about.
If you select Show more options, you’ll see the legacy menu that we know and love. For those of us that still want to be able to get to that menu with a single click, here’s a reg hack to revert Explorer.exe… [ Continue reading ]
When attempting to migrate a Microsoft 365 organization from federated authentication to Password Hash Sync, there are a couple of gotchas that can impact how you manage certain accounts. These changes in authentication behavior determine whether you need to implement new workflows or business processes–changes surrounding expired accounts and accounts flagged to force password change on next logon.… [ Continue reading ]
While working on a unique tenant-to-tenant migration, we were going to be synchronizing a significant number of identities that had already been hybrid moved to a tenant from an on-premises Exchange organization.
Since they had existing values in msExchMailboxGuid, there was a likelihood that they might not be synchronized as just user identities–even though they were set with the msExchRecipientDisplayType of 6 (RemoteMailUser) and msExchRecipientTypeDetails of 128 (MailUser). … [ Continue reading ]
A few days ago, I was trying to find all instances of a value stored in AD. I was trying to understand all of the places that a particular partial GUID value was being used. so I had to come up with a way to search all properties for all objects across the directory space.… [ Continue reading ]
This morning, I was working with a new build of Windows 11 (22H2) and came across this frustrating error:
After running the Get-Credential cmdlet, the console is immediately returned to me with an error that I didn’t specify the -Credential parameter.… [ Continue reading ]
The title of this post is a mouthful. I understand that.
Fortunately, the steps are pretty straightforward.
When working with transitioning organizations to Azure AD, it’s important to give the consumers of said systems the best possible experiences from a sign-on perspective.… [ Continue reading ]
Finally landed!
Got my author copies of Microsoft 365 Administration: Inside Out delivered. I’m super excited. Some folks who pre-ordered theirs have already received them as well.
I want to thank my great co-authors, Darryl Kegg (https://www.identitydude.com) and Ed Fisher.… [ Continue reading ]
It’s been a busy day heading into the weekend, for sure!
I’ve refreshed the Azure AD Connect Communications Test tool (and sad that I gave it such a pigeonholed name). It’s got new endpoints for GCCH and I’ve cleaned up some deprecated package management tool downloads in it.… [ Continue reading ]