Configuration

## Use an msExchExtensionCustom Attribute in Exchange Online

Yesterday, a peer brought an interesting problem to me:

His customer had been storing data in the on-premises msExchExtensionCustomAttribute properties for users and wanted to be able to use that data in Exchange Online for filtering and dynamic group membership.… [ Continue reading ]

Configuration

## Update to AAD Network Communications Test

This week, I’ve got a few updates for the AAD Network Communications Test!

• I’ve moved it to the PowerShell Gallery.  You can now install it with PowerShellGet by using the command:
Install-Script -Name AADConnect-CommunicationsTest
• I’ve updated the GCC High and DOD endpoints to the best of my ability (I’m always looking for feedback on this, so if you have new endpoints, be sure to connect with me!)
Configuration

## Disabling Writeback for GALSync Contacts

Last week, I began working with a customer that was experiencing what appeared to be a significant amount of updates to a certain group of objects in the local Active Directory.  These objects were being imported from another forest as contacts, yet found themselves being updated very frequently by the local AAD Connect instance.… [ Continue reading ]

Configuration

## Cloud UPNs for AAD Connect users with Alt-ID don’t update after domain verified in tenant

A few weeks ago, I ran into an issue with a customer.  Scenario:

• Synced identity to tenant
• Tenant did not have any verified domains

As expected, without a matching verified domain in the tenant, UPN suffixes in the tenant were actually set as @tenant.onmicrosoft.com. [ Continue reading ]

Configuration

## Update to AAD Network Communications Test Tool

Right before sending a customer the link for the tool, I decided to test it and noticed that I encountered an unexpected credential prompt. I updated the parameter name, and then added a new feature as well–a test to see if your tenant has the correct licensing to enable Password writeback. … [ Continue reading ]

Configuration

## Update to the AAD Network Testing Tool

Hey, all!  One AAD tool update deserves another!

Every so often, I check in to make sure I’m keeping the AAD Connect Network Test Tool as fresh as I can.  I’ve made a few changes to the way it works (hopefully which you all think is for the better). … [ Continue reading ]

Configuration

## Update to the AAD Network Test Tool

It’s that time of the year again! I’ve expanded upon an existing feature in the AAD Network Test Tool.

One of the prerequisites listed on the AAD Connect support page is to ensure the Turn on PowerShell Transcription GPO is set to Not Configured. … [ Continue reading ]

Configuration

## Sync Custom Attributes to Office 365 for Group-Based Licensing

This feature is an “oldie but goodie” that my customers are starting to ask questions about as they start looking into ways to automate their Office 365 deployments.

Can I sync additional attributes to Office 365, and can I use them for Group-Based Licensing?[ Continue reading ]

Configuration

It’s Two-fer Friday.  I don’t know if it was a thing, but it is now.

Based on received feedback, I have updated the AAD Connect Advanced Permissions tool to check for the Active Directory schema version in addition to the Exchange schema. … [ Continue reading ]

Configuration

## Fixing Office 365 Anonymous Group Write-back and External Delivery

Yes, Hell has frozen over. The cows have come home. The lady of size has sung.

I have come up with a “best case” solution for the Office 365 hybrid group write-back problem.

# Background

For the long(er) background, you’ll probably want to go see this post.… [ Continue reading ]

Configuration

Woo! A day of updates!  I’ve made  a few updates to this tool, so hopefully you’ll find them useful:

2018-08-12: A reader noticed that the UpdateAdminSDHolder switch didn’t work ask expected when specifying the ExchangeHybridWriteBack OU without the ExchangeHybridWriteBackOUs parameter. … [ Continue reading ]

Configuration

## Update: AAD Connect Network Test Tool

I trotted out the trusty WireShark and Fiddler tools today and ran through the latest iteration of AAD Connect setup.  In so doing, I’ve added a few endpoints to the test:

$CRL http://ocsp.msocsp.com$RequiredResources

Configuration

A few users reported bugs with logging that I have updated.  There was also an unreported bug when searching the XML generated by Get-ADSyncServerConfiguration for the connector’s AD user, which I have also resolved.

Configuration

Configuration

## AAD Connect Network and Name Resolution Test

Update: I’ve added several additional parts to this tool since it was originally released, including some debug logging, an Azure credential check to ensure that your identity is part of Global Admins, additional cloud endpoint checks, and a more thorough system inventory.[ Continue reading ]

Configuration

Two updates for the tool in a week?  Yes! It is so!

At the behest of my good friend Darryl and one of his customer’s needs, I have updated the the AAD Connect Advanced Permissions tool with the following:

• Allow the underscore (“_”) character to be used in an OU name path
• Allow CN= to be used as part of the OU filter name path, since some organizations may want to try to scope permissions specifically to CN=Users.