AD FS 2016 and Azure MFA – a few Nuances

I was recently helping a colleague with AD FS 2016 and Azure MFA integration, specifically in-line proof up of users. Working through this, there were a few points of confusion that we were able to clear up and I wanted to share these here Background Before I go any further, there are a few things…

4

New Role for Me!

It’s been a while since I last posted. This is largely due to a change in role. I’ve moved out of Microsoft Services (as a Premier Field Engineer) and into the Azure Active Directory Product Group. Moving forward I’m a Program Manager in the Azure Active Directory Get to Production team where we focus on…

1

Identify ADMX/ADML Files used by Group Policies

The Problem Group Policy ADMX versioning has caused a few concerns for Microsoft customers in the past one to two years. A great description of the issue and how to address it is found here. Recently, one of my customers wanted to identify the ADMX files referenced by Group Policies deployed in their domain so…

2

Authoritative Restore of SYSVOL after Deallocation of Azure DCs

The Problem If you run an isolated lab in Azure IaaS with more than one Domain Controller and are in the habit of shutting down and de-allocating the VMs to save money, you may have found that SYSVOL doesn’t replicate when you start them back up. The Cause De-allocation/re-allocation of a VM changes the VM…

9

Choosing a sourceAnchor for Groups in Multi-Forest Sync with AAD Connect

Introduction Earlier this year I authored a post discussing choices for sourceAnchor in Multi-Forest Sync with AAD Connect. Following that series, the Azure Active Directory Product Group included sync rules that use mS-DS-ConsistencyGuid as the sourceAnchor for user objects. This was great because it all works out of the box and as an added bonus,…

0

An Alternative for DFSR Database GUID-to-Name Resolution

Recently I was connected to a support incident where a SYSVOL DFS Replication storm was causing trouble for a customer. Using the DFSR debug logs, the Microsoft support teams were able to identify that one file was being changed over and over again. The log entries were similar to – + fid 0x5000000019841 + usn…

2

Choosing a sourceAnchor for Multi-Forest Sync with AAD Connect – Part 7, Migrating Users

Update 25th May 2017:- As of AAD Connect May 2017 release, version 1.1.524, the default sourceAnchor used by the setup wizard is mS-DS-ConsistencyGuid. This renders most of this blog post series moot but it will be maintained for reference.   This blog post series is based upon and tested with AAD Connect, December 2016 release,…

2

Choosing a sourceAnchor for Multi-Forest Sync with AAD Connect – Part 6, Moving off objectGuid

Update 25th May 2017:- As of AAD Connect May 2017 release, version 1.1.524, the default sourceAnchor used by the setup wizard is mS-DS-ConsistencyGuid. This renders most of this blog post series moot but it will be maintained for reference.   This blog post series is based upon and tested with AAD Connect, December 2016 release,…

6

Choosing a sourceAnchor for Multi-Forest Sync with AAD Connect – Part 5, Using mS-DS-ConsistencyGuid

Update 25th May 2017:- As of AAD Connect May 2017 release, version 1.1.524, the default sourceAnchor used by the setup wizard is mS-DS-ConsistencyGuid. This renders most of this blog post series moot but it will be maintained for reference.   This blog post series is based upon and tested with AAD Connect, December 2016 release,…

10

Choosing a sourceAnchor for Multi-Forest Sync with AAD Connect – Part 4, Using msDS-SourceAnchor

Update 25th May 2017:- As of AAD Connect May 2017 release, version 1.1.524, the default sourceAnchor used by the setup wizard is mS-DS-ConsistencyGuid. This renders most of this blog post series moot but it will be maintained for reference.   This blog post series is based upon and tested with AAD Connect, December 2016 release,…

2