Hi! It’s a day ending in “y,” which means it’s a good day to update a script!
It’s Two-fer Friday. I don’t know if it was a thing, but it is now.
Based on received feedback, I have updated the AAD Connect Advanced Permissions tool to check for the Active Directory schema version in addition to the Exchange schema. … [ Continue reading ]
Woo! A day of updates! I’ve made a few updates to this tool, so hopefully you’ll find them useful:
2018-08-12: A reader noticed that the UpdateAdminSDHolder switch didn’t work ask expected when specifying the ExchangeHybridWriteBack OU without the ExchangeHybridWriteBackOUs parameter. I have found and updated that! … [ Continue reading ]
A few users reported bugs with logging that I have updated. There was also an unreported bug when searching the XML generated by Get-ADSyncServerConfiguration for the connector’s AD user, which I have also resolved.
You can get the updated tool at https://gallery.technet.microsoft.com/AD-Advanced-Permissions-49723f74.… [ Continue reading ]
Two updates for the tool in a week? Yes! It is so!
At the behest of my good friend Darryl and one of his customer’s needs, I have updated the the AAD Connect Advanced Permissions tool with the following:
- Allow the underscore (“_”) character to be used in an OU name path
- Allow CN= to be used as part of the OU filter name path, since some organizations may want to try to scope permissions specifically to CN=Users.
On the recommendation of my good friend Darryl, I’ve added some things to my AAD Connect permissions tool:
- Better logging of errors. When running the tool for a large organization that had $ characters in its service account names, the tool would report successful but not leave any log files or indicators where things may have happened.
Since it’s initial creation, I’ve made a few updates to the Advanced AAD Connect permissions tool. The most recent updates:
- 2017-10-11 – delegating write permissions to the CN=adminSDHolder,CN=System container
- 2017-10-05 – delegating write permissions to the ms-DS-ConsistencyGuid property
These two updates should allow for a more complete AAD Connect permissions delegation experience. … [ Continue reading ]
From time to time, an issue that crops up during Exchange or Office 365 migrations is the dreaded “insufficient access rights:”
It’s commonly manifested like this (though I have seen it displayed other ways as well):
Warning: Unable to update Active Directory information for the source mailbox at the end of the move.… [ Continue reading ]