When Active Directory on-premises and Azure AD work together, it’s called Hybrid Identity. Hybrid Identity is relatively easy to setup, when you use the Express Settings for Azure AD Connect. However, setting up Hybrid Identity with Active Directory Federation Services (AD FS) is not that hard either. I’ll show you how to achieve this goal … Continue reading "Setting up Hybrid Identity with AD FS through Azure AD Connect"
It’s time for a new version of Azure AD Connect to incorporate Microsoft’s lessons learned and distribute the fixes Microsoft made to the larger public. Last Friday, Microsoft released the first version in the 1.6 branch of Azure AD Connect: v18.104.22.168 Azure AD Connect is Microsoft’s free Hybrid Identity bridge product to synchronize objects and … Continue reading "Azure AD Connect version 22.214.171.124 defaults to the v2 endpoint and adds support for Selective Password Hash Synchronization"
Roughly a year ago, I wrote a blogpost on the ten things you need to know about Azure AD Connect Cloud Provisioning. At that time, the agent was in public preview. Today, I want to talk about the renamed product: Azure AD Connect Cloud Sync, because I feel there’s a couple of things you should … Continue reading "Ten things you should know about Azure AD Connect Cloud Sync"
Azure AD Connect Sync’s uses three separate accounts. Its AD Connector account is an account that has several permissions that warrant a closer look at how the account can be abused. Of course, we’ll need command lines to hunt for any misuse. About the AD Connector account Since Azure AD Connect version 126.96.36.199, the use … Continue reading "HOWTO: Hunt for abuse of Azure AD Connect’s AD Connector account"
If you are using an older version of Azure AD Connect, you might want to consider upgrading it. Yesterday, Microsoft published new information on changes to come. The Azure AD Connect product team is constantly making updates to Azure AD Connect Sync to ensure optimal security and performance of organizations’ synchronization processes. Therefore, Microsoft retires … Continue reading "Older versions of Azure AD Connect will be retired on February 29th, 2024"
One of the issues you might encounter, when you misconfigure the delegated permissions for Azure AD Connect’s Active Directory connector account is events in your Domain Controllers’ event viewers every hour with event ID 1699. The situation You are using Azure AD Connect with Password Hash Synchronization as either the sign-in method to Azure AD … Continue reading "KnowledgeBase: You experience EventID 1699 on Domain Controllers targeted by Azure AD Connect"
Roughly a year ago, I shared how to properly delegate Directory permissions to Azure AD Connect service accounts. One of the issues you might encounter with those steps is that you privileged accounts and previously-privileged accounts might present permission-issue errors in Azure AD Connect’s Synchronization Service Manager: Initially, I didn’t include these accounts into the … Continue reading "How to solve Azure AD Connect synchronization errors for objects with adminCount attributes set to 1"
Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In many environments, tier 0 systems like Azure AD Connect installations are only allowed Internet access through one … Continue reading "HOWTO: Install Azure AD Connect behind an Internet Proxy"
Azure AD Connect is Microsoft’s free tool to synchronize objects and their attributes from Active Directory Domain Services (AD DS) implementations to Azure Active Directory tenants. Many millions of organizations depend on Azure Active Directory and the APIs that the tool connects to. Azure AD Connect’s v2 Endpoint Microsoft has deployed a new endpoint (API) … Continue reading "Azure AD Connect’s v2 endpoint is now Generally Available (GA)"
Azure AD Connect is a crucial component in today’s Hybrid Identity strategies. This tool takes care of the synchronization of objects and their attributes from an on-premises Active Directory environment to Azure AD. In some scenarios, it also takes care of authentication when accessing Azure AD-integrated applications. In version 188.8.131.52, Microsoft introduced Import and Export … Continue reading "Configuration Items that are part of Azure AD Connect’s Export and Import functionality"