This week, while helping a customer onboard to Azure AD Connect, we ran into an interesting error:
The on-premises synchronization service is not able to connect to Azure Active Directory.… [ Continue reading ]
Configuration
Tag: aad connect
Information
AAD Connect Phone/Fax Mappings
Yesterday, while working with my colleague Michael Anderson, I needed to investigate where a particular on-premises value was being synced in AAD. The result is this table:
| AD Property | Get-MsolUser | Get-AzureADUser | Get-User | Get-CSOnlineUser | |
| Friendly name | ldapDisplayName | ||||
| Telephone number | telephoneNumber | PhoneNumber | TelephoneNumber | Phone | Phone |
| Pager | pager | – | – | Pager | – |
| Mobile | mobile | MobilePhone | – | Fax | MobilePhone |
| Fax | facsimileTelephoneNumber | Fax | FacsimileTelephoneNumber | Fax | Fax |
| IP Phone | ipPhone | – | – | – | IPPhone |
| Home | homePhone | – | – | HomePhone | HomePhone |
| {otherMobile} | {AlternateMobilePhones} | – | – | – | |
| {otherIpPhone} | – | – | – | – | |
| {otherHomePhone} | – | – | {OtherHomePhone} | – | |
| {otherFacsimileTelphoneNumber} | – | – | {OtherFax} | – | |
| {otherPager} | – | – | – | – | |
| {otherTelephone} | – | – | {OtherTelephone} | {OtherTelephone} | |
It’s important to note that values displayed in braces { } are multivalued attributes, so if there’s something stored in one on-premises that you need or want to map to a a different attribute in Azure AD, you’ll need to either map it to another multivalued attribute or extract the value so you can write it to a single-valued string attribute. … [ Continue reading ]
Configuration
Use an msExchExtensionCustom Attribute in Exchange Online
Yesterday, a peer brought an interesting problem to me:
His customer had been storing data in the on-premises msExchExtensionCustomAttribute properties for users and wanted to be able to use that data in Exchange Online for filtering and dynamic group membership.… [ Continue reading ]
Configuration
Update to AAD Network Communications Test
This week, I’ve got a few updates for the AAD Network Communications Test!
- I’ve moved it to the PowerShell Gallery. You can now install it with PowerShellGet by using the command:
Install-Script -Name AADConnect-CommunicationsTest - I’ve updated the GCC High and DOD endpoints to the best of my ability (I’m always looking for feedback on this, so if you have new endpoints, be sure to connect with me!)
Configuration
Disabling Writeback for GALSync Contacts
Last week, I began working with a customer that was experiencing what appeared to be a significant amount of updates to a certain group of objects in the local Active Directory. These objects were being imported from another forest as contacts, yet found themselves being updated very frequently by the local AAD Connect instance.… [ Continue reading ]
Configuration
Configure Teams to Co-exist with Google G Suite
With the rise of stay-at-home orders due to COVID-19 over the past several weeks (now turned months), I’ve engaged with many customers who want to use Microsoft Teams to as part of their work-from-home tool set. … [ Continue reading ]
Configuration
Cloud UPNs for AAD Connect users with Alt-ID don’t update after domain verified in tenant
A few weeks ago, I ran into an issue with a customer. Scenario:
- Customer had configured alternate-id sign in with AAD Connect (the gist is that it flows on-premises mail to cloud UPN)
- Synced identity to tenant
- Tenant did not have any verified domains
As expected, without a matching verified domain in the tenant, UPN suffixes in the tenant were actually set as @tenant.onmicrosoft.com. … [ Continue reading ]
Client
Guest Post: Azure AD Connect: Dollar sign character in device’s display name in Azure AD after renaming
As you may have figured out from the title, I’ve got a guest post today. Jorge Lopez is a Premier Field Engineer, and has spent a lot of time in the trenches with Windows, AD, and Azure AD, and currently works helping customers resolve hybrid identity issues. … [ Continue reading ]
Configuration
Update to AAD Network Communications Test Tool
Right before sending a customer the link for the tool, I decided to test it and noticed that I encountered an unexpected credential prompt. I updated the parameter name, and then added a new feature as well–a test to see if your tenant has the correct licensing to enable Password writeback. … [ Continue reading ]
Scripting
Update to AAD Connect Network Test
While troubleshooting an issue for a peer today running the Exchange Hybrid Configuration Wizard, I suspected that the environment might have an authenticated proxy in the way. So, I dug out some code I used in the AAD Connect Network Test for Invoke-WebRequest.… [ Continue reading ]
Configuration
Add legacyExchangeDN as x500 proxy address from a remote forest
The other day, on one of the forums, I came across an issue that I also had with one of my customers a few years ago. In my customer’s instance, they had imported thousands of contacts into an externally trusted forest and deleted them in their primary forest (which then removed the objects from Office 365). … [ Continue reading ]
Configuration
AAD Connect, a dedicated resource forest, a custom connector, and a bunch of transform rules: a GalSync story (Part 2)
In part 1 of our adventure, we built an Azure AD lab to support configuring AAD Connect to work as a GalSync engine. In this post, we’ll finish up the configuration. As a reminder, this is the what the overall solution will look like:
And, as I mentioned in part 1:
Please don’t call Premier asking for support on this.… [ Continue reading ]
Configuration
AAD Connect, a dedicated resource forest, a custom connector, and a bunch of transform rules: a GalSync story (Part 1)
A few years ago, I worked with one of my close consultant peers to build a GALSync-style solution for a big state government that was going through a divestiture from a single BPOS-D (yes, I am old) and a single managed hosted Exchange environment to multiple O365 multi-tenant instances. … [ Continue reading ]
Configuration
Update to the AAD Network Test Tool
It’s that time of the year again! I’ve expanded upon an existing feature in the AAD Network Test Tool.
One of the prerequisites listed on the AAD Connect support page is to ensure the Turn on PowerShell Transcription GPO is set to Not Configured. … [ Continue reading ]
Configuration
Sync Custom Attributes to Office 365 for Group-Based Licensing
This feature is an “oldie but goodie” that my customers are starting to ask questions about as they start looking into ways to automate their Office 365 deployments.
Can I sync additional attributes to Office 365, and can I use them for Group-Based Licensing?… [ Continue reading ]
Configuration
Update: AAD Connect Advanced Permissions Tool
It’s Two-fer Friday. I don’t know if it was a thing, but it is now.
Based on received feedback, I have updated the AAD Connect Advanced Permissions tool to check for the Active Directory schema version in addition to the Exchange schema. … [ Continue reading ]
Configuration
Update: AAD Connect Network Test Tool
Just a quick note: I’ve updated the AAD Connect Network Test Tool to now query Windows Product Edition data to provide a little more system configuration prerequisite testing information, based on the OperatingSystemSKU data listed at https://docs.microsoft.com/en-us/windows/desktop/CIMWin32Prov/win32-operatingsystem… [ Continue reading ]
Configuration
Fixing Office 365 Anonymous Group Write-back and External Delivery
Yes, Hell has frozen over. The cows have come home. The lady of size has sung.
I have come up with a “best case” solution for the Office 365 hybrid group write-back problem.
Background
For the long(er) background, you’ll probably want to go see this post.… [ Continue reading ]
Configuration
Update to the AAD Connect Remove Proxy Addresses Script
This week, while working with one of my customers in a custom Office 365 deployment, I had the opportunity to revisit and update one of my scripts (Remove Proxy Addresses via AAD Connect). … [ Continue reading ]
Configuration
Update to the AAD Connect Advanced Permissions Tool
Woo! A day of updates! I’ve made a few updates to this tool, so hopefully you’ll find them useful:
2018-08-12: A reader noticed that the UpdateAdminSDHolder switch didn’t work ask expected when specifying the ExchangeHybridWriteBack OU without the ExchangeHybridWriteBackOUs parameter. … [ Continue reading ]