Configuration

## Cloud UPNs for AAD Connect users with Alt-ID don’t update after domain verified in tenant

A few weeks ago, I ran into an issue with a customer.  Scenario:

• Synced identity to tenant
• Tenant did not have any verified domains

As expected, without a matching verified domain in the tenant, UPN suffixes in the tenant were actually set as @tenant.onmicrosoft.com. [ Continue reading ]

Configuration

## Update to AAD Network Communications Test Tool

Right before sending a customer the link for the tool, I decided to test it and noticed that I encountered an unexpected credential prompt. I updated the parameter name, and then added a new feature as well–a test to see if your tenant has the correct licensing to enable Password writeback. … [ Continue reading ]

Configuration

## Update to the AAD Network Testing Tool

Hey, all!  One AAD tool update deserves another!

Every so often, I check in to make sure I’m keeping the AAD Connect Network Test Tool as fresh as I can.  I’ve made a few changes to the way it works (hopefully which you all think is for the better). … [ Continue reading ]

Configuration

## Update to the AAD Network Test Tool

It’s that time of the year again! I’ve expanded upon an existing feature in the AAD Network Test Tool.

One of the prerequisites listed on the AAD Connect support page is to ensure the Turn on PowerShell Transcription GPO is set to Not Configured. … [ Continue reading ]

Configuration

## Sync Custom Attributes to Office 365 for Group-Based Licensing

This feature is an “oldie but goodie” that my customers are starting to ask questions about as they start looking into ways to automate their Office 365 deployments.

Can I sync additional attributes to Office 365, and can I use them for Group-Based Licensing?[ Continue reading ]

Configuration

It’s Two-fer Friday.  I don’t know if it was a thing, but it is now.

Based on received feedback, I have updated the AAD Connect Advanced Permissions tool to check for the Active Directory schema version in addition to the Exchange schema. … [ Continue reading ]

Configuration

## Fixing Office 365 Anonymous Group Write-back and External Delivery

Yes, Hell has frozen over. The cows have come home. The lady of size has sung.

I have come up with a “best case” solution for the Office 365 hybrid group write-back problem.

# Background

For the long(er) background, you’ll probably want to go see this post.… [ Continue reading ]

Configuration

Woo! A day of updates!  I’ve made  a few updates to this tool, so hopefully you’ll find them useful:

2018-08-12: A reader noticed that the UpdateAdminSDHolder switch didn’t work ask expected when specifying the ExchangeHybridWriteBack OU without the ExchangeHybridWriteBackOUs parameter. … [ Continue reading ]

Configuration

## Update: AAD Connect Network Test Tool

I trotted out the trusty WireShark and Fiddler tools today and ran through the latest iteration of AAD Connect setup.  In so doing, I’ve added a few endpoints to the test:

$CRL http://ocsp.msocsp.com$RequiredResources

Configuration

## Office 365 Groups and Anonymous External Senders

I have created a more detailed example of how to do this here: https://www.undocumented-features.com/2018/09/14/fixing-office-365-anonymous-group-write-back-and-external-delivery/

Office 365 Groups are glorious creations.  There are, however, some instances where they don’t work as you anticipate (or hope).… [ Continue reading ]

Configuration

• 2017-10-11 – delegating write permissions to the CN=adminSDHolder,CN=System container
• 2017-10-05 – delegating write permissions to the ms-DS-ConsistencyGuid property

These two updates should allow for a more complete AAD Connect permissions delegation experience. … [ Continue reading ]

Configuration