Updated with additional requirements and scenarios, 2017-10-26.
I recently worked with a customer that needed assistance in configuring the additional permissions required for AAD Connect delegation. After chasing down an incredible number of prerequisite information, I decided it would be more helpful to my customer to put together a tool that would help them configure the various permissions delegations.… [ Continue reading ]
From time to time, you may find that you need to selectively filter out users going to Office 365. The easiest way to do it is with a scoping filter. We do have some documents on setting the cloudFiltered attribute in the metaverse to True, but that requires creating new rules. … [ Continue reading ]
This afternoon, I ran into a customer with a very interesting configuration–a 300-user department with 15 domain controllers spread among 6 sites.
Which, given our guidance in the past didn’t seem that out of line (redundant domain controllers at each site to process logons).… [ Continue reading ]
This afternoon, while configuring AAD Connect for a customer, I ran into a new error when I clicked Install at the end of the installation wizard:
An error occurred executing Configure AAD Sync task: Unexpected exception thrown. Action: PingProvisioningServiceEndPoint, Exception: An error occurred.
… [ Continue reading ]
For those of you that have embarked upon the trek to Office 365, you’ve undoubtedly run (or at least heard of) IDFix. It detects and fixes a number of conditions that will cause the directory sync to report errors.… [ Continue reading ]
* UPDATE* After doing this originally, I decided to take a different route and write it back to the on-premises AD, so that way, the objects are synchronous. This post now reflects the updated content.
A few weeks ago, I had an issue where I needed to remove a proxy address from the proxyAddresses array of a user being synchronized to Office 365. … [ Continue reading ]
So, a million years and tens of thousands of lines of code ago, I wrote a script for a customer to populate the Office 365 UsageLocation property (Set-MsolUser -UsageLocation) with the ISO country codes from Active Directory. In Office 365, UsageLocation is used to determine what features are available to your users.… [ Continue reading ]
I had an interesting request from a customer the other day where they were synchronizing Active Directory into two disparate environments–Office 365 and another hosted Exchange environment. In their new Office 365 environment, they didn’t want any address proxies matching a particular pattern to be part of a user’s proxyAddress array–BUT–they also didn’t want to remove them from their on-premises accounts since they are being used by their other hosting environment as an application routing address.… [ Continue reading ]
While troubleshooting a Password Hash Sync issue with a customer, I found myself needing to trigger a full password hash sync for various connectors. Password Hash Sync is a separate process from the AADSync process. It’s not a difficult process, but becomes time consuming (especially if you have a lot of connectors from which to choose).… [ Continue reading ]
A few years ago, we released “DirSync with Password Hash Synchronization,” and it was kind of an all-or-nothing choice. You could either have a synchronized account database with synchronized password hashes (so users would authenticate in the cloud), or a federated environment. … [ Continue reading ]