Update to the AAD Connect Advanced Permissions tool

Two updates for the tool in a week?  Yes! It is so! At the behest of my good friend Darryl and one of his customer’s needs, I have updated the the AAD Connect Advanced Permissions tool with the following: Allow the underscore (“_”) character to be used in an OU name path Allow CN= to…

0

Update to the AAD Connect Advanced Permissions tool

On the recommendation of my good friend Darryl, I’ve added some things to my AAD Connect permissions tool: Better logging of errors.  When running the tool for a large organization that had $ characters in its service account names, the tool would report successful but not leave any log files or indicators where things may…

1

Update to Advanced AAD Connect Permissions tool

Since it’s initial creation, I’ve made a few updates to the Advanced AAD Connect permissions tool.  The most recent updates: 2017-10-11 – delegating write permissions to the CN=adminSDHolder,CN=System container 2017-10-05 – delegating write permissions to the ms-DS-ConsistencyGuid property These two updates should allow for a more complete AAD Connect permissions delegation experience.  The script has…

1

Finding Active Directory objects with Inheritance Disabled

From time to time, an issue that crops up during Exchange or Office 365 migrations is the dreaded “insufficient access rights:” It’s commonly manifested like this (though I have seen it displayed other ways as well): Warning: Unable to update Active Directory information for the source mailbox at the end of the move. Error details:…

4