Update: AAD Connect Network Test Tool

I trotted out the trusty WireShark and Fiddler tools today and ran through the latest iteration of AAD Connect setup.  In so doing, I’ve added a few endpoints to the test: $CRL http://ocsp.msocsp.com $RequiredResources adminwebservice-s1-co2.microsoftonline.com $RequiredResourcesEndpoints https://adminwebservice-s1-co2.microsoftonline.com/provisioningwebservice.svc As always, the newest version is available at http://aka.ms/aadnetwork. Goodnight and good luck!


Update: AAD Connect Network and Name Resolution Test

Update: This tool has a new shortlink: http://aka.ms/aadnetwork Since the tool passed the 500 download mark a few weeks ago, I’ve started getting more questions (internal and external) about a few of the tests and checks.  So, I decided to update/refine them to hopefully provide better guidance. The big changes: Updated reporting method for TLS…


Update to the AAD Connect Advanced Permissions Tool

A few users reported bugs with logging that I have updated.  There was also an unreported bug when searching the XML generated by Get-ADSyncServerConfiguration for the connector’s AD user, which I have also resolved. You can get the updated tool at https://gallery.technet.microsoft.com/AD-Advanced-Permissions-49723f74.


Update to the AAD Connect Network and Name Resolution Test Tool

A few months ago, I debuted a new tool for AAD Connect deployment (read about it here: AAD Connect Network and Name Resolution Test or download it here: https://gallery.technet.microsoft.com/Azure-AD-Connect-Network-150c20a3) which allows you to test a number of conditions to make sure your server and environment are suitable for deploying AAD Connect. This week, I needed…


AAD Connect Network and Name Resolution Test

Update: I’ve added several additional parts to this tool since it was originally released, including some debug logging, an Azure credential check to ensure that your identity is part of Global Admins, additional cloud endpoint checks, and a more thorough system inventory. While assisting some of my customers last year on an multi-forest AAD Connect…


Update to the AAD Connect Advanced Permissions tool

Two updates for the tool in a week?  Yes! It is so! At the behest of my good friend Darryl and one of his customer’s needs, I have updated the the AAD Connect Advanced Permissions tool with the following: Allow the underscore (“_”) character to be used in an OU name path Allow CN= to…


Update to the AAD Connect Advanced Permissions tool

On the recommendation of my good friend Darryl, I’ve added some things to my AAD Connect permissions tool: Better logging of errors.  When running the tool for a large organization that had $ characters in its service account names, the tool would report successful but not leave any log files or indicators where things may…


Update to Advanced AAD Connect Permissions tool

Since it’s initial creation, I’ve made a few updates to the Advanced AAD Connect permissions tool.  The most recent updates: 2017-10-11 – delegating write permissions to the CN=adminSDHolder,CN=System container 2017-10-05 – delegating write permissions to the ms-DS-ConsistencyGuid property These two updates should allow for a more complete AAD Connect permissions delegation experience.  The script has…


Use AAD Connect to disable accounts with expired on-premises passwords

This week, I received an email from a colleague asking if there was a way to work around the default behavior described in https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-implement-password-synchronization: Password expiration policy If a user is in the scope of password synchronization, the cloud account password is set to Never Expire. You can continue to sign in to your cloud…


Advanced AAD Connect Permissions Configuration

Updated with additional requirements and scenarios, 2017-10-26. I recently worked with a customer that needed assistance in configuring the additional permissions required for AAD Connect delegation.  After chasing down an incredible number of prerequisite information, I decided it would be more helpful to my customer to put together a tool that would help them configure…