Update to the AAD Connect Advanced Permissions Tool

A few users reported bugs with logging that I have updated.  There was also an unreported bug when searching the XML generated by Get-ADSyncServerConfiguration for the connector’s AD user, which I have also resolved. You can get the updated tool at https://gallery.technet.microsoft.com/AD-Advanced-Permissions-49723f74.


Update to the AAD Connect Advanced Permissions tool

Two updates for the tool in a week?  Yes! It is so! At the behest of my good friend Darryl and one of his customer’s needs, I have updated the the AAD Connect Advanced Permissions tool with the following: Allow the underscore (“_”) character to be used in an OU name path Allow CN= to…


Update to the AAD Connect Advanced Permissions tool

On the recommendation of my good friend Darryl, I’ve added some things to my AAD Connect permissions tool: Better logging of errors.  When running the tool for a large organization that had $ characters in its service account names, the tool would report successful but not leave any log files or indicators where things may…


Update to Advanced AAD Connect Permissions tool

Since it’s initial creation, I’ve made a few updates to the Advanced AAD Connect permissions tool.  The most recent updates: 2017-10-11 – delegating write permissions to the CN=adminSDHolder,CN=System container 2017-10-05 – delegating write permissions to the ms-DS-ConsistencyGuid property These two updates should allow for a more complete AAD Connect permissions delegation experience.  The script has…


Finding Active Directory objects with Inheritance Disabled

From time to time, an issue that crops up during Exchange or Office 365 migrations is the dreaded “insufficient access rights:” It’s commonly manifested like this (though I have seen it displayed other ways as well): Warning: Unable to update Active Directory information for the source mailbox at the end of the move. Error details:…