Search Results for: mS-DS-ConsistencyGUID

How to solve Azure AD Connect synchronization errors for objects with adminCount attributes set to 1

Roughly a year ago, I shared how to properly delegate Directory permissions to Azure AD Connect service accounts. One of the issues you might encounter with those steps is that you privileged accounts and previously-privileged accounts might present permission-issue errors in Azure AD Connect’s Synchronization Service Manager: Initially, I didn’t include these accounts into the … Continue reading "How to solve Azure AD Connect synchronization errors for objects with adminCount attributes set to 1"

Configuration Items that are part of Azure AD Connect’s Export and Import functionality

Azure AD Connect is a crucial component in today’s Hybrid Identity strategies. This tool takes care of the synchronization of objects and their attributes from an on-premises Active Directory environment to Azure AD. In some scenarios, it also takes care of authentication when accessing Azure AD-integrated applications. In version 1.5.42.0, Microsoft introduced Import and Export … Continue reading "Configuration Items that are part of Azure AD Connect’s Export and Import functionality"

The DirTeam.com/ActiveDir.org Weblogs in 2020

Goodbye 2020! As we say goodbye to yet another calendar year, we’re sharing our achievements for the past year. Pageviews and visits Throughout 2020, the DirTeam.com / ActiveDir.org Weblogs served just shy of 12 million pages. To be exact, we saw 11,728,906 pageviews this calendar year. Top blogs Traditionally, at the end of the year … Continue reading "The DirTeam.com/ActiveDir.org Weblogs in 2020"

Using Azure AD Connect to synchronize Active Directory Lightweight Directory Services (AD LDS) and other LDAPv3 directories to Azure Active Directory

An estimated 97% of all organizations with over 50 people use Active Directory Domain Services (AD DS) as their on-premises directory service. This, however, leaves a lot of organizations with other directories, that are largely LDAPv3-compatible. How would these organizations embrace Azure Active Directory, as the world and Microsoft’s investments shift to cloud-based directory services? … Continue reading "Using Azure AD Connect to synchronize Active Directory Lightweight Directory Services (AD LDS) and other LDAPv3 directories to Azure Active Directory"

Command-line switches for Azure AD Connect

After you install Azure AD Connect, but before you configure the product through the Microsoft Azure Active Directory Connect wizard, you can fiddle with the Azure AD Connect installer. Below is a list of command-line switches that you can use: Note: The below list is based on Azure AD Connect version 1.5.45.0.   AzureADConnect.exe /UseExistingDatabase … Continue reading "Command-line switches for Azure AD Connect"

HOWTO: Attach a previously sync’ed Azure AD Tenant to a new AD Forest

This week, I was contacted by an organization who were in the process of starting anew with Active Directory Domain Services (AD DS). The old Active Directory forest was too … old, basically. It showed signs of problems around attribute integrity, schema extension bloat and delegation defaults from the 00’s. The challenge I assisted with, … Continue reading "HOWTO: Attach a previously sync’ed Azure AD Tenant to a new AD Forest"

Fun with Veeam’s Active Directory Explorer’s LDAP Filter

Being serious about Disaster Recovery means taking into account events like 9/11. Being serious about Active Directory means being serious about Backup and Restore. But… All work and no play makes Jack a dull boy. That’s why sometimes you need to have a little fun. For fun times’ sake, let’s look at the LDAP Filter … Continue reading "Fun with Veeam’s Active Directory Explorer’s LDAP Filter"

Azure AD Connect fixes an issue when you’ve cloned the ‘In from AD–Group Join’ sync rule before Azure AD Connect v1.5.20.0

Azure AD Connect version 1.5.18.0 introduced a new feature: mS-DS-ConsistencyGUID as the source anchor for groups. Now, as organizations are upgrading to the new version, some overlooked scenarios rear their heads. Azure AD Connect version 1.5.22.0 is here to fix an issue when you’ve cloned a synchronization rule.   What’s Fixed Version 1.5.22.0 addresses an … Continue reading "Azure AD Connect fixes an issue when you’ve cloned the ‘In from AD–Group Join’ sync rule before Azure AD Connect v1.5.20.0"

Azure AD Connect version 1.5.20.0 fixes an issue with Group Filtering

Hot on the heels of Azure AD Connect version 1.5.18.0, Microsoft is releasing a new version of Azure AD Connect to fix an issue introduced in that first version of this 1.5.x.x branch of Azure AD Connect versions. This is an important version if your organization has deployed Group Filtering.    About Azure AD Connect … Continue reading "Azure AD Connect version 1.5.20.0 fixes an issue with Group Filtering"

Explained: User Hard Matching and Soft Matching in Azure AD Connect

In Hybrid Identity implementations, where objects and their attributes are synchronized between on-premises Active Directory environments and Azure AD tenants, integrity is key; When user objects on both sides have different attributes, or exist multiple times at one side, information security drops to critical levels fast. To avoid this situation, Azure AD Connect matches user … Continue reading "Explained: User Hard Matching and Soft Matching in Azure AD Connect"