Overcoming Issues Installing Azure Active Directory Connect

27th of November, 2018 / / No Comments

AzureADConnect

Having recently gone through the process of implementing a custom AADConnect staging installation for a large enterprise customer with more than 30,000 users, with a view to it serving as a fall back to an existing production AADConnect installation.

The requirement being to setup an Azure virtual machine running Windows 2016 Datacentre, AADConnect and SQL Server Standard 2017 (locally installed). Rather than SQL Express which comes by default but suffers limitations which preclude its use in large environments.… [Keep reading] “Overcoming Issues Installing Azure Active Directory Connect”

Azure AD Connect – Using AuthoritativeNull in a Sync Rule

1st of December, 2016 / / No Comments

There is a feature in Azure AD Connect that became available in the November 2015 build 1.0.9125.0 (listed here), which has not had much fanfare but can certainly come in handy in tricky situations. I happened to be working on a project that required the DNS domain linked to an old Office 365 tenant to be removed so that it could be used in a new tenant. Although the old tenant was no long used for Exchange Online services, it held onto the domain in question, and Azure AD Connect was being used to synchronise objects between the on-premise Active Directory and Azure Active Directory.… [Keep reading] “Azure AD Connect – Using AuthoritativeNull in a Sync Rule”

Active Directory – What are Linked Attributes?

26th of September, 2016 / / No Comments

A customer request to add some additional attributes to their Azure AD tenant via Directory Extensions feature in the Azure AD Connect tool, lead me into further investigation. My last blog here set out the customer request, but what I didn’t detail in that blog was one of the attributes they also wanted to extend into Azure AD was directReports, an attribute they had used in the past for their custom built on-premise applications to display the list of staff the user was a manager for.… [Keep reading] “Active Directory – What are Linked Attributes?”

Azure AD Connect – Multi-valued Directory Extensions

16th of September, 2016 / / No Comments

I happened to be at a customer site working on an Azure project when I was asked to cast a quick eye over an issue they had been battling with. They had an Azure AD Connect server synchronising user and group objects between their corporate Active Directory and their Azure AD, used for Office 365 services and other Azure-based applications. Their intention was to synchronise some additional attributes from their Active Directory to Azure AD so that they could be used by some of their custom built Azure applications.… [Keep reading] “Azure AD Connect – Multi-valued Directory Extensions”

Azure AD Connect manual sync cycle with powershell, Start-ADSyncSyncCycle

8th of March, 2016 / / 4 Comments

This morning at Kloud NSW HQ (otherwise known as the Kloud office, or the office, or anything else that does not sound cool or interesting at all) James Lewis (@Jimmy_Lewis on Twitter) asked the question:

What is the powershell cmdlet to kick off a manual sync in AADConnect?

Back in the olden days, as they say, in DirSync there was a powershell cmdlet called:

Start-OnlineCoexistenceSync

As Microsoft do often times, this cmdlet has changed. However, the reason this has changed is because of the way the sync process is now handled in AADConnect. The AADConnect Sync Scheduler has come about to replace the pre-existing process of an external sync engine tied to a Windows service and Windows task scheduler.

The new scheduler is responsible to complete two key tasks: run and manage the synchronisation cycle where import, sync and export processes are looked after; and to complete regular maintenance tasks, like for example renew certificates and keys for password reset and device registration (DRS), to name a few.

Read More

Feb 2016 Azure AD Connect Upgrade Fails – IndexOutOfRangeException resolution

26th of February, 2016 / / 3 Comments

I’ve been doing some work for a client recently who decided to upgrade their Azure AD Connect appliance to the latest February release. This was a prerequisite task for future work to follow. As an aside, it’s always nice to run the current version of the sync client. Microsoft regularly update the client to provide new features and improvements. A key driver for this client in particular was the fact that the new client (1.1.105.0 – Released 16/2/2016) will allow you to synchronise every 30 minutes, which is a welcome change from the previous 3-hour sync cycles.… [Keep reading] “Feb 2016 Azure AD Connect Upgrade Fails – IndexOutOfRangeException resolution”

Azure AD Connect – “The specified domain does not exist or cannot be contacted” when adding an untrusted AD forest

16th of December, 2015 / / 6 Comments

I ran into a little issue while on site with a customer who required AAD Connect to be configured for use in a multi-forest environment with three forests. There was a forest trust between two of the forests, however the third forest did not have any trusts in place. Prior to implementing this solution, we ran up a test environment to do a run through and document the steps required for an implementation plan.

The test environment consisted of three Windows Server 2012 AD forests all at 2012 functional level – kloudy.net,… [Keep reading] “Azure AD Connect – “The specified domain does not exist or cannot be contacted” when adding an untrusted AD forest”

[UPDATED] Azure AD Connect: SyncRuleEditor.exe and why is targetAddress missing

17th of September, 2015 / / No Comments

Originally  blogged @ lucian.blog. Follow Lucian on Twitter @LucianFrango. Send Lucian an email.

Today is back to AAD Connect. I want to talk about Office 365 migrations and how they can be tricky with various options and scenarios around hybrid or non hybrid. On a recent project we were migrating a client from IBM Lotus Notes to Exchange Online in Office 365. The plan and proposed solution was designed to not use Exchange Server Hybrid on-premises and use Dell Software Migrator for a direct migration from on-premises to the cloud.

The client has never had Exchange Server on-premises before and was running a well-managed ADDS deployment spanning three sites across three continents. To allow for the schema requirements for Exchange Online, Exchange Server 2013 was downloaded and the ADDS schema was extended with that from Exchange Server 2013. All simple, standard stuff right?..

Read More

How to provision Azure Active Directory Connect

20th of July, 2015 / / 33 Comments

Originally posted @ Lucian.Blog

Time flies when you’re connecting to Azure AD. Late last month Microsoft announced that Azure AD Connect is now generally available. At the time of writing this, the synchronisation app itself still isn’t the default sync standard for Azure and obtaining the installer requires a quick Google. Since I’m deploying it for a client, I thought I’d run through the install process for future reference.

AADConnect provides allot of new functionality like for example this new fandangled ADDS password sync. In this scenario I’m keeping federation services, so ADFS will be deployed, which is more aligned with the previous or most common enterprise identity design.

This is going to be a long blog post with allot of screen shots (you’re welcome) on how to deploy Azure AD Connect. I’ll be going though the wizard process which will follow the automated process to deploy AADConnect, ADFS and ADFS WAP servers- pretty cool indeed.

At the moment AADConnect still isn’t the standard synchronisation service for Office 365 or Azure AD and requires download from the Microsoft Download Centre. To begin with, I’ve downloaded the AADConnect installer from this location.

Read More

Azure Active Directory Connect high-availability using ‘Staging Mode’

25th of June, 2015 / / 11 Comments

With the Azure Active Directory Connect product (AAD Connect) being announced as generally available to the market (more here, download here), there is a new feature available that will provide a greater speed of recovery of the AAD Sync component. This feature was not available with the previous AAD Sync or DirSync tools and there is little information about it available in the community, so hopefully this model can be considered for your synchronisation design.… [Keep reading] “Azure Active Directory Connect high-availability using ‘Staging Mode’”