Category Archives: Best Practices

Azure AD Connect Custom Settings vs Express Settings

Azure AD Connect is Microsoft’s free Hybrid Identity bridge product to synchronize objects and their attributes from on-premises Active Directory Domain Services (AD DS) environments and LDAPv3-based identity platforms to Azure Active Directory. During installation, Azure AD Connect offers a choice. This is the first choice and also the most fundamental choice for Azure AD […]

Posted on March 23, 2018 by Sander Berkouwer in Active Directory, Azure Active Directory, Best Practices, Office 365

0  

Pro Tip! Use the claim rules from ADFSHelp for your ‘Office 365 Identity Platform’ Relying Party Trust

Whenever I talk about the claim rules in Active Directory Federation Services (AD FS) for the ‘Office 365 Identity Platform’ Relying Party Trust (RPT), between the on-premises AD FS implementation and Azure AD, I get the following question: How do we manually set up the advanced claim rules that Azure AD Connect configures automatically? Let’s […]

Posted on March 21, 2018 by Sander Berkouwer in Active Directory Federation Services, Azure Active Directory, Best Practices, Tools I Use

2  

Azure AD Connect v1.1.749.0 adds Privacy and Security Controls

Last week, Microsoft released version 1.1.749.0 of Azure AD Connect, its free Hybrid Identity bridge product to synchronize objects and their attributes from on-premises Active Directory Domain Services (AD DS) environments to Azure Active Directory. This version adds privacy controls, additional security controls, a wizard page for device write-back and other miscellaneous fixes.   What’s […]

Posted on March 1, 2018 by Sander Berkouwer in Active Directory, Azure Active Directory, Best Practices, Tools I Use, What's New

0  

Hybrid Identity features per Active Directory Domain Services Domain Controller Operating System, Domain Functional Level, Forest Functional Level and Schema version

Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. These components have requirements of Active Directory Domain Services (AD DS) in terms of the schema, the Windows Server versions on the Domain Controllers an organization runs, the Domain Functional Level (DFL) and the […]

Posted on February 12, 2018 by Sander Berkouwer in Active Directory, Active Directory Federation Services, Azure Active Directory, Best Practices, Microsoft Windows Server 2003, Microsoft Windows Server 2008, Microsoft Windows Server 2008 R2, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016

4  

Using Azure AD Connect with a gMSA

Since version 1.1.443.0, you can use Azure AD Connect with a group Managed Service Account (gMSA) as its service account. I thought it was time to show you how to configure Azure AD Connect with a gMSA.   The problem with service accounts We all use service accounts in our environments. These accounts allow us […]

Posted on December 28, 2017 by Sander Berkouwer in Active Directory, Azure Active Directory, Best Practices, Security Updates

0  

Why installing Azure AD Connect on an Active Directory Domain Controller might not be the most brilliant of ideas

When you read through Azure AD Connect’s prerequisites page, you’ll notice that Microsoft supports installing Azure AD Connect on Active Directory Domain Controllers. While this would certainly be a helpful scenario for organizations with up to 50 user accounts, I would not recommend doing so. Note: Installing Azure AD Connect on a Read-only Domain Controller […]

Posted on October 9, 2017 by Sander Berkouwer in Active Directory, Azure Active Directory, Best Practices

0  

Azure AD Connect 1.1.614.0 offers a load of fixes and enhanced functionality

Yesterday, Microsoft released version 1.1.614.0 of Azure AD Connect, its free Hybrid Identity bridge product to synchronize objects and their attributes from on-premises Active Directory Domain Services (AD DS) environments to Azure Active Directory.   What’s New Azure AD Connect Sync Azure AD Connect now features a Troubleshoot task in the Azure AD Connect wizard […]

Posted on September 6, 2017 by Sander Berkouwer in Active Directory, Azure Active Directory, Best Practices

2  

Azure AD Connect: objectGUID vs. mS-DS-ConsistencyGuid, Part 3

This entry is part 3 of 3 in the series Azure AD Connect: objectGUID vs. mS-DS-ConsistencyGuid

In the first part of this series, I’ve explained how Azure AD Connect version 1.1.553.0 and beyond allows you to switch from objectGUID to mS-DS-ConsistencyGuid as the source anchor attribute , the benefits of doing so and what you may and may not expect when you make the switch. Now that I’ve shown you the […]

Posted on August 31, 2017 by Sander Berkouwer in Active Directory, Azure Active Directory, Best Practices

4  

I’m presenting at the Dutch Windows Management User Group 2017-4 Meetup

The Dutch Windows Management User Group (WMUG) is one of the more active IT Pro user groups in the Netherlands. I was honored when they invited me to speak at their next meetup on September 13, 2017. Of course, I’d present at this meetup; their fourth meetup this year!   About the Dutch Windows Management […]

Posted on August 25, 2017 by Sander Berkouwer in Azure, Best Practices, Community, Microsoft MVP, Personal

0  

Azure AD Connect: objectGUID vs. mS-DS-ConsistencyGuid, Part 2

This entry is part 2 of 3 in the series Azure AD Connect: objectGUID vs. mS-DS-ConsistencyGuid

In the first part of this series, I’ve explained how Azure AD Connect version 1.1.553.0 and beyond allows you to switch from objectGUID to mS-DS-ConsistencyGuid as the source anchor attribute, the benefits of doing so and what you may and may not expect when you make the switch. In this second part, I’ll share the […]

Posted on August 24, 2017 by Sander Berkouwer in Active Directory, Azure Active Directory, Best Practices

8