This week, while helping a customer onboard to Azure AD Connect, we ran into an interesting error:
Azure Service Connectivity Failed, Unable to proceed
The on-premises synchronization service is not able to connect to Azure Active Directory.… [ Continue reading ]
Yesterday, a peer brought an interesting problem to me:
His customer had been storing data in the on-premises msExchExtensionCustomAttribute properties for users and wanted to be able to use that data in Exchange Online for filtering and dynamic group membership.… [ Continue reading ]
This week, I’ve got a few updates for the AAD Network Communications Test!
- I’ve moved it to the PowerShell Gallery. You can now install it with PowerShellGet by using the command:
Install-Script -Name AADConnect-CommunicationsTest
- I’ve updated the GCC High and DOD endpoints to the best of my ability (I’m always looking for feedback on this, so if you have new endpoints, be sure to connect with me!)
… [ Continue reading ]
Last week, I began working with a customer that was experiencing what appeared to be a significant amount of updates to a certain group of objects in the local Active Directory. These objects were being imported from another forest as contacts, yet found themselves being updated very frequently by the local AAD Connect instance.… [ Continue reading ]
A few weeks ago, I ran into an issue with a customer. Scenario:
- Customer had configured alternate-id sign in with AAD Connect (the gist is that it flows on-premises mail to cloud UPN)
- Synced identity to tenant
- Tenant did not have any verified domains
As expected, without a matching verified domain in the tenant, UPN suffixes in the tenant were actually set as @tenant.onmicrosoft.com. … [ Continue reading ]
Right before sending a customer the link for the tool, I decided to test it and noticed that I encountered an unexpected credential prompt. I updated the parameter name, and then added a new feature as well–a test to see if your tenant has the correct licensing to enable Password writeback. … [ Continue reading ]
Hey, all! One AAD tool update deserves another!
Every so often, I check in to make sure I’m keeping the AAD Connect Network Test Tool as fresh as I can. I’ve made a few changes to the way it works (hopefully which you all think is for the better). … [ Continue reading ]
Hi! It’s a day ending in “y,” which means it’s a good day to update a script!
Today, while on-site with a customer and running my AAD Connect Permissions script, I noticed that the logging output wasn’t as helpful as I wanted it to be.… [ Continue reading ]
It’s that time of the year again! I’ve expanded upon an existing feature in the AAD Network Test Tool.
One of the prerequisites listed on the AAD Connect support page is to ensure the Turn on PowerShell Transcription GPO is set to Not Configured. … [ Continue reading ]
This feature is an “oldie but goodie” that my customers are starting to ask questions about as they start looking into ways to automate their Office 365 deployments.
Can I sync additional attributes to Office 365, and can I use them for Group-Based Licensing?… [ Continue reading ]
It’s Two-fer Friday. I don’t know if it was a thing, but it is now.
Based on received feedback, I have updated the AAD Connect Advanced Permissions tool to check for the Active Directory schema version in addition to the Exchange schema. … [ Continue reading ]
Just a quick note: I’ve updated the AAD Connect Network Test Tool to now query Windows Product Edition data to provide a little more system configuration prerequisite testing information, based on the OperatingSystemSKU data listed at https://docs.microsoft.com/en-us/windows/desktop/CIMWin32Prov/win32-operatingsystem… [ Continue reading ]
Yes, Hell has frozen over. The cows have come home. The lady of size has sung.
I have come up with a “best case” solution for the Office 365 hybrid group write-back problem.
For the long(er) background, you’ll probably want to go see this post.… [ Continue reading ]
Woo! A day of updates! I’ve made a few updates to this tool, so hopefully you’ll find them useful:
2018-08-12: A reader noticed that the UpdateAdminSDHolder switch didn’t work ask expected when specifying the ExchangeHybridWriteBack OU without the ExchangeHybridWriteBackOUs parameter. … [ Continue reading ]
I trotted out the trusty WireShark and Fiddler tools today and ran through the latest iteration of AAD Connect setup. In so doing, I’ve added a few endpoints to the test:
adminwebservice-s1-co2.microsoftonline.com… [ Continue reading ]
Update: This tool has a new shortlink: http://aka.ms/aadnetwork
Since the tool passed the 500 download mark a few weeks ago, I’ve started getting more questions (internal and external) about a few of the tests and checks. … [ Continue reading ]
A few users reported bugs with logging that I have updated. There was also an unreported bug when searching the XML generated by Get-ADSyncServerConfiguration for the connector’s AD user, which I have also resolved.
You can get the updated tool at https://gallery.technet.microsoft.com/AD-Advanced-Permissions-49723f74… [ Continue reading ]
A few months ago, I debuted a new tool for AAD Connect deployment (read about it here: AAD Connect Network and Name Resolution Test or download it here: https://gallery.technet.microsoft.com/Azure-AD-Connect-Network-150c20a3) which allows you to test a number of conditions to make sure your server and environment are suitable for deploying AAD Connect.… [ Continue reading ]
Update: I’ve added several additional parts to this tool since it was originally released, including some debug logging, an Azure credential check to ensure that your identity is part of Global Admins, additional cloud endpoint checks, and a more thorough system inventory.… [ Continue reading ]
Two updates for the tool in a week? Yes! It is so!
At the behest of my good friend Darryl and one of his customer’s needs, I have updated the the AAD Connect Advanced Permissions tool with the following:
- Allow the underscore (“_”) character to be used in an OU name path
- Allow CN= to be used as part of the OU filter name path, since some organizations may want to try to scope permissions specifically to CN=Users.
… [ Continue reading ]