The hosting venue has changed to serve you better.
Howdy!
Here’s a great tip that I recently put into practice again for a Microsoft 365 tenant-to-tenant migration. As you (should) know, a custom domain can only be verified in a single Microsoft 365 tenant.… [ Continue reading ]
When attempting to migrate a Microsoft 365 organization from federated authentication to Password Hash Sync, there are a couple of gotchas that can impact how you manage certain accounts. These changes in authentication behavior determine whether you need to implement new workflows or business processes–changes surrounding expired accounts and accounts flagged to force password change on next logon.… [ Continue reading ]
So today, one of my former peers posed an interesting question to me:
Suppose I have customer that a bunch of service accounts that have on-premises mailboxes and need the object to show up in the cloud GAL, but the security organization maintains that those accounts must not be allowed to log into Azure AD. … [ Continue reading ]
When attempting to migrate a Microsoft 365 organization from federated authentication to Password Hash Sync, there are a couple of gotchas that can impact how you manage certain accounts. These changes in authentication behavior determine whether you need to implement new workflows or business processes–changes surrounding expired accounts and accounts flagged to force password change on next logon.… [ Continue reading ]
It’s been a few months since I’ve updated this tool, but feedback from two individuals led me to a couple of small updates:
Greetings!
While working with a new customer this week, I was reviewing the Azure AD Connect prerequisites, and it turns out we have updated the prereq list as well made some information public about what the installation wizard checks for.
As such, I have updated the tool.… [ Continue reading ]
Several years ago, I wrote a script and a blog post to help customers use AAD Connect to strip out proxy addresses during the synchronization process. The goal was to keep the on-premises AD proxyAddresses attribute for users untouched, as it was needed for other applications and communication on-premises.… [ Continue reading ]
We’ve updated our baseline requirements for deploying AAD Connect, so I’ve updated the AAD Connect Network Communications Test to reflect those changes.
Key changes:
This week, while helping a customer onboard to Azure AD Connect, we ran into an interesting error:
Azure Service Connectivity Failed, Unable to proceed
The on-premises synchronization service is not able to connect to Azure Active Directory. Updating the proxy settings for the ADSync service account may resolve this issue.… [ Continue reading ]
Yesterday, while working with my colleague Michael Anderson, I needed to investigate where a particular on-premises value was being synced in AAD. The result is this table:
| AD Property | Get-MsolUser | Get-AzureADUser | Get-User | Get-CSOnlineUser | |
| Friendly name | ldapDisplayName | ||||
| Telephone number | telephoneNumber | PhoneNumber | TelephoneNumber | Phone | Phone |
| Pager | pager | – | – | Pager | – |
| Mobile | mobile | MobilePhone | – | Fax | MobilePhone |
| Fax | facsimileTelephoneNumber | Fax | FacsimileTelephoneNumber | Fax | Fax |
| IP Phone | ipPhone | – | – | – | IPPhone |
| Home | homePhone | – | – | HomePhone | HomePhone |
| {otherMobile} | {AlternateMobilePhones} | – | – | – | |
| {otherIpPhone} | – | – | – | – | |
| {otherHomePhone} | – | – | {OtherHomePhone} | – | |
| {otherFacsimileTelphoneNumber} | – | – | {OtherFax} | – | |
| {otherPager} | – | – | – | – | |
| {otherTelephone} | – | – | {OtherTelephone} | {OtherTelephone} | |
It’s important to note that values displayed in braces { } are multivalued attributes, so if there’s something stored in one on-premises that you need or want to map to a a different attribute in Azure AD, you’ll need to either map it to another multivalued attribute or extract the value so you can write it to a single-valued string attribute. … [ Continue reading ]
Yesterday, a peer brought an interesting problem to me:
His customer had been storing data in the on-premises msExchExtensionCustomAttribute properties for users and wanted to be able to use that data in Exchange Online for filtering and dynamic group membership.
Easy, right?… [ Continue reading ]
This week, I’ve got a few updates for the AAD Network Communications Test!
Install-Script -Name AADConnect-CommunicationsTest
Last week, I began working with a customer that was experiencing what appeared to be a significant amount of updates to a certain group of objects in the local Active Directory. These objects were being imported from another forest as contacts, yet found themselves being updated very frequently by the local AAD Connect instance.… [ Continue reading ]
With the rise of remote work over the past several weeks (now turned months and years), I’ve engaged with many customers who want to use Microsoft Teams to as part of their work-from-home tool set. Many of my customers have investments in both Microsoft Office 365 as well as Google G Suite Workspace or Google Apps (frequently with other third-party IdP, metadirectory, and federation services thrown in the mix), so it’s not always just as easy as “flipping a switch.”… [ Continue reading ]
A few weeks ago, I ran into an issue with a customer. Scenario:
As expected, without a matching verified domain in the tenant, UPN suffixes in the tenant were actually set as @tenant.onmicrosoft.com. … [ Continue reading ]