AD FS 2016 and Azure MFA – a few Nuances

I was recently helping a colleague with AD FS 2016 and Azure MFA integration, specifically in-line proof up of users. Working through this, there were a few points of confusion that we were able to clear up and I wanted to share these here Background Before I go any further, there are a few things…

4

Authoritative Restore of SYSVOL after Deallocation of Azure DCs

The Problem If you run an isolated lab in Azure IaaS with more than one Domain Controller and are in the habit of shutting down and de-allocating the VMs to save money, you may have found that SYSVOL doesn’t replicate when you start them back up. The Cause De-allocation/re-allocation of a VM changes the VM…

9

Choosing a sourceAnchor for Groups in Multi-Forest Sync with AAD Connect

Introduction Earlier this year I authored a post discussing choices for sourceAnchor in Multi-Forest Sync with AAD Connect. Following that series, the Azure Active Directory Product Group included sync rules that use mS-DS-ConsistencyGuid as the sourceAnchor for user objects. This was great because it all works out of the box and as an added bonus,…


Choosing a sourceAnchor for Multi-Forest Sync with AAD Connect – Part 7, Migrating Users

Update 25th May 2017:- As of AAD Connect May 2017 release, version 1.1.524, the default sourceAnchor used by the setup wizard is mS-DS-ConsistencyGuid. This renders most of this blog post series moot but it will be maintained for reference.   This blog post series is based upon and tested with AAD Connect, December 2016 release,…

2

Choosing a sourceAnchor for Multi-Forest Sync with AAD Connect – Part 6, Moving off objectGuid

Update 25th May 2017:- As of AAD Connect May 2017 release, version 1.1.524, the default sourceAnchor used by the setup wizard is mS-DS-ConsistencyGuid. This renders most of this blog post series moot but it will be maintained for reference.   This blog post series is based upon and tested with AAD Connect, December 2016 release,…

6

Choosing a sourceAnchor for Multi-Forest Sync with AAD Connect – Part 5, Using mS-DS-ConsistencyGuid

Update 25th May 2017:- As of AAD Connect May 2017 release, version 1.1.524, the default sourceAnchor used by the setup wizard is mS-DS-ConsistencyGuid. This renders most of this blog post series moot but it will be maintained for reference.   This blog post series is based upon and tested with AAD Connect, December 2016 release,…

10

Choosing a sourceAnchor for Multi-Forest Sync with AAD Connect – Part 4, Using msDS-SourceAnchor

Update 25th May 2017:- As of AAD Connect May 2017 release, version 1.1.524, the default sourceAnchor used by the setup wizard is mS-DS-ConsistencyGuid. This renders most of this blog post series moot but it will be maintained for reference.   This blog post series is based upon and tested with AAD Connect, December 2016 release,…

2

Choosing a sourceAnchor for Multi-Forest Sync with AAD Connect – Part 3, An Aside on EmployeeID

Update 25th May 2017:- As of AAD Connect May 2017 release, version 1.1.524, the default sourceAnchor used by the setup wizard is mS-DS-ConsistencyGuid. This renders most of this blog post series moot but it will be maintained for reference.   This blog post series is based upon and tested with AAD Connect, December 2016 release,…


Choosing a sourceAnchor for Multi-Forest Sync with AAD Connect – Part 2, Lab Setup

Update 25th May 2017:- As of AAD Connect May 2017 release, version 1.1.524, the default sourceAnchor used by the setup wizard is mS-DS-ConsistencyGuid. This renders most of this blog post series moot but it will be maintained for reference.   This blog post series is based upon and tested with AAD Connect, December 2016 release,…

6

Choosing a sourceAnchor for Multi-Forest Sync with AAD Connect – Part 1, Introduction

  Update 25th May 2017:- As of AAD Connect May 2017 release, version 1.1.524, the default sourceAnchor used by the setup wizard is mS-DS-ConsistencyGuid. This renders most of this blog post series moot but it will be maintained for reference.   This blog post series is based upon and tested with AAD Connect, December 2016…