Update to the AAD Connect Advanced Permissions tool
Configuration

Update to the AAD Connect Advanced Permissions tool

Two updates for the tool in a week?  Yes! It is so!

At the behest of my good friend Darryl and one of his customer’s needs, I have updated the the AAD Connect Advanced Permissions tool with the following:

  • Allow the underscore (“_”) character to be used in an OU name path
  • Allow CN= to be used as part of the OU filter name path, since some organizations may want to try to scope permissions specifically to CN=Users.
[ Continue reading ]
Update to Advanced AAD Connect Permissions tool
Configuration

Update to Advanced AAD Connect Permissions tool

Since it’s initial creation, I’ve made a few updates to the Advanced AAD Connect permissions tool.  The most recent updates:

  • 2017-10-11 – delegating write permissions to the CN=adminSDHolder,CN=System container
  • 2017-10-05 – delegating write permissions to the ms-DS-ConsistencyGuid property

These two updates should allow for a more complete AAD Connect permissions delegation experience. … [ Continue reading ]

Finding Active Directory objects with Inheritance Disabled
Configuration

Finding Active Directory objects with Inheritance Disabled

From time to time, an issue that crops up during Exchange or Office 365 migrations is the dreaded “insufficient access rights:”

It’s commonly manifested like this (though I have seen it displayed other ways as well):

Warning: Unable to update Active Directory information for the source mailbox at the end of the move.

[ Continue reading ]