Update to the AAD Connect Network and Name Resolution Test Tool
Configuration

Update to the AAD Connect Network and Name Resolution Test Tool

A few months ago, I debuted a new tool for AAD Connect deployment (read about it here: AAD Connect Network and Name Resolution Test or download it here: https://gallery.technet.microsoft.com/Azure-AD-Connect-Network-150c20a3) which allows you to test a number of conditions to make sure your server and environment are suitable for deploying AAD Connect.… [ Continue reading ]

Update to the AAD Connect Advanced Permissions tool
Configuration

Update to the AAD Connect Advanced Permissions tool

Two updates for the tool in a week?  Yes! It is so!

At the behest of my good friend Darryl and one of his customer’s needs, I have updated the the AAD Connect Advanced Permissions tool with the following:

  • Allow the underscore (“_”) character to be used in an OU name path
  • Allow CN= to be used as part of the OU filter name path, since some organizations may want to try to scope permissions specifically to CN=Users.
[ Continue reading ]
Update to Advanced AAD Connect Permissions tool
Configuration

Update to Advanced AAD Connect Permissions tool

Since it’s initial creation, I’ve made a few updates to the Advanced AAD Connect permissions tool.  The most recent updates:

  • 2017-10-11 – delegating write permissions to the CN=adminSDHolder,CN=System container
  • 2017-10-05 – delegating write permissions to the ms-DS-ConsistencyGuid property

These two updates should allow for a more complete AAD Connect permissions delegation experience. … [ Continue reading ]

Use AAD Connect to disable accounts with expired on-premises passwords
Configuration

Use AAD Connect to disable accounts with expired on-premises passwords

This week, I received an email from a colleague asking if there was a way to work around the default behavior described in https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-implement-password-synchronization:

Password expiration policy

If a user is in the scope of password synchronization, the cloud account password is set to Never Expire.[ Continue reading ]

Advanced AAD Connect Permissions Configuration
Configuration

Advanced AAD Connect Permissions Configuration

Updated with additional requirements and scenarios, 2017-10-26.

I recently worked with a customer that needed assistance in configuring the additional permissions required for AAD Connect delegation.  After chasing down an incredible number of prerequisite information, I decided it would be more helpful to my customer to put together a tool that would help them configure the various permissions delegations.… [ Continue reading ]