The hosting venue has changed to serve you better.
When attempting to migrate a Microsoft 365 organization from federated authentication to Password Hash Sync, there are a couple of gotchas that can impact how you manage certain accounts. These changes in authentication behavior determine whether you need to implement new workflows or business processes–changes surrounding expired accounts and accounts flagged to force password change on next logon.… [ Continue reading ]
While working on a unique tenant-to-tenant migration, we were going to be synchronizing a significant number of identities that had already been hybrid moved to a tenant from an on-premises Exchange organization.
Since they had existing values in msExchMailboxGuid, there was a likelihood that they might not be synchronized as just user identities–even though they were set with the msExchRecipientDisplayType of 6 (RemoteMailUser) and msExchRecipientTypeDetails of 128 (MailUser). … [ Continue reading ]
It’s been a busy day heading into the weekend, for sure!
I’ve refreshed the Azure AD Connect Communications Test tool (and sad that I gave it such a pigeonholed name). It’s got new endpoints for GCCH and I’ve cleaned up some deprecated package management tool downloads in it.… [ Continue reading ]
So today, one of my former peers posed an interesting question to me:
Suppose I have customer that a bunch of service accounts that have on-premises mailboxes and need the object to show up in the cloud GAL, but the security organization maintains that those accounts must not be allowed to log into Azure AD. … [ Continue reading ]
When attempting to migrate a Microsoft 365 organization from federated authentication to Password Hash Sync, there are a couple of gotchas that can impact how you manage certain accounts. These changes in authentication behavior determine whether you need to implement new workflows or business processes–changes surrounding expired accounts and accounts flagged to force password change on next logon.… [ Continue reading ]
It’s been a few months since I’ve updated this tool, but feedback from two individuals led me to a couple of small updates:
Today’s a bugfix day! Woo!
One of my peers, @DerrickBaxter, brought a few issues to my attention that I resolved:
I’ve also updated a few other things, including updating the checks for DCOM/OLE permissions, trusted sites, and execution policies.… [ Continue reading ]
Hey!
It’s been a while since I’ve updated this tool. One of my peers, Didier Akakpo, pointed out that we have a new endpoint to add for Self-Service Password Reset Writeback.
As such, I’ve updated the tool to include this endpoint under $OptionalResources for Commercial and GCC-Moderate tenants.… [ Continue reading ]
Several years ago, I wrote a script and a blog post to help customers use AAD Connect to strip out proxy addresses during the synchronization process. The goal was to keep the on-premises AD proxyAddresses attribute for users untouched, as it was needed for other applications and communication on-premises.… [ Continue reading ]
It’s literally been a year since I’ve updated it–mainly because we haven’t made any significant endpoint changes.
I did detect some CRL endpoint updates and a few other odds and ends for Worldwide Commercial and GCC Moderate, so I’ve updated the AAD Network Communications Test tool accordingly.… [ Continue reading ]
This week, while helping a customer onboard to Azure AD Connect, we ran into an interesting error:
Azure Service Connectivity Failed, Unable to proceed
The on-premises synchronization service is not able to connect to Azure Active Directory. Updating the proxy settings for the ADSync service account may resolve this issue.… [ Continue reading ]
Yesterday, a peer brought an interesting problem to me:
His customer had been storing data in the on-premises msExchExtensionCustomAttribute properties for users and wanted to be able to use that data in Exchange Online for filtering and dynamic group membership.
Easy, right?… [ Continue reading ]
This week, I’ve got a few updates for the AAD Network Communications Test!
Install-Script -Name AADConnect-CommunicationsTest
Last week, I began working with a customer that was experiencing what appeared to be a significant amount of updates to a certain group of objects in the local Active Directory. These objects were being imported from another forest as contacts, yet found themselves being updated very frequently by the local AAD Connect instance.… [ Continue reading ]
A few weeks ago, I ran into an issue with a customer. Scenario:
As expected, without a matching verified domain in the tenant, UPN suffixes in the tenant were actually set as @tenant.onmicrosoft.com. … [ Continue reading ]