[UPDATED] Azure AD Connect: SyncRuleEditor.exe and why is targetAddress missing

17th of September, 2015 / / No Comments

Originally  blogged @ lucian.blog. Follow Lucian on Twitter @LucianFrango. Send Lucian an email.

Today is back to AAD Connect. I want to talk about Office 365 migrations and how they can be tricky with various options and scenarios around hybrid or non hybrid. On a recent project we were migrating a client from IBM Lotus Notes to Exchange Online in Office 365. The plan and proposed solution was designed to not use Exchange Server Hybrid on-premises and use Dell Software Migrator for a direct migration from on-premises to the cloud.

The client has never had Exchange Server on-premises before and was running a well-managed ADDS deployment spanning three sites across three continents. To allow for the schema requirements for Exchange Online, Exchange Server 2013 was downloaded and the ADDS schema was extended with that from Exchange Server 2013. All simple, standard stuff right?..

Read More

Azure Active Directory Connect Export profile error: stopped-server-down.

5th of August, 2015 / / 14 Comments

Follow Lucian on Twitter @LucianFrango.

A couple of weeks ago I deployed Azure AD Connect in production. It was a relatively smooth process. The wizard did most of the work which was great. There was a few hiccups (blog post) along the way, which, in most cases is expected if the problems are not so serious.

Fast forward to my second install of the latest and greatest sync service for Azure AD and Office 365 cloud identities and we have problem no. 2. This time, though, I can say that the process ran through allot smoother. There was no real errors. Things were looking straight great and I was looking at my next task with some enthusiasm.

However, come 8.30ish this morning and going over the AADConnect server once more for peace of mind, I had noticed that the “Export” profile task that runs as the last task in the scheduled hourly run for AADConnect synchronisation (I’ve set it to 60min), unfortunately had a nice little error for me:

2015-08-05--AADC-Error--01

Read More

Azure Preview Features website

31st of July, 2015 / / No Comments

I had stumbled upon this site before, however, on my long journey through the interwebs I must have forgotten or lost it. The site I’m referring to is the Azure Preview Features site which isn’t directly accessible through the main Azure site top or bottom menu’s. So as this is a lucky find, I thought I’d share.

(Note: If you Google Azure preview; the site is the first result that comes up. Face palm?)

The Azure Feature Preview site is a list of current publicly accessible preview features and functionality. Moreover, Microsoft explain that the preview features in Azure are as follows:

Azure currently offers the following preview features, which are made available to you for evaluation purposes and subject to reduced or different service terms, as set forth in your service agreement and the preview supplemental terms. Azure may include preview, beta, or other pre-release features, services, software, or regions to obtain customer feedback (“Previews”). Previews are made available to you on the condition that you agree to these terms of use, which supplement your agreement governing use of Microsoft Azure.

Read More

Azure VNET gateway: basic, standard and high performance

23rd of July, 2015 / / 6 Comments

Originally posted @ Lucian.Blog. Follow Lucian on twitter @Lucianfrango.

I’ve been working a lot with Azure virtual network (VNET) virtual private network (VPN) gateways of late. The project I’m working on at the moment requires two sites to connect to a multi-site dynamic routing VPN gateway in Azure. This is for redundancy when connecting to the Azure cloud as there is a dedicated link between the two branch sites.

Setting up a multi-site VPN is a relatively streamlined process and Matt Davies has written a great article on how to run through that process via the Azure portal on the Kloud blog.

Read More

ADFS sign-in error: “An error occurred. Contact your administrator for more information.”

22nd of July, 2015 / / 4 Comments

Originally posted @ Lucian.Blog. Follow Lucian on twitter @Lucianfrango.

I’ve not had that much luck deploying Azure AD Connect and ADFS 3.0 in Azure for a client in the last few weeks. After some networking woes I’ve moved onto the server provisioning and again got stuck. Now, I know IT is not meant to be easy otherwise there wouldn’t be some of the salaries paid out to the best and brightest, this install though was simple and nothing out of the ordinary. A standard deployment that I and many others have done before.

Let me paint the picture: ADFS is now running, although not working, in Azure compute across a load balanced set of two servers with a further load balanced set of web application proxy (WAP) servers in front. Theres two domain controllers and a AAD Connect server all across a couple of subnets in a VNET.

Read More

Azure AD Connect: Connect Service error “stopped-extension-dll-exception”

21st of July, 2015 / / 8 Comments

Originally posted @ Lucian.Blog. Follow Lucian on twitter @Lucianfrango.

I was rather stuck the other day. Azure AD Connect provisioning has not been the smoothest of installs even following the wizard and successfully completing the mostly automated process. Azure AD Connect has built upon the previous generation sync services and, from what I’ve read, isn’t much of a new app, rather a version upgrade and re-name from the AADSync service still (as of July 2015) the default for Office 365 directory replication from on-premises to Azure AD.

Past versions and previous generation aside, a now generally available app should feature a working and thoroughly tested feature set. Should…

Read More

How to provision Azure Active Directory Connect

20th of July, 2015 / / 33 Comments

Originally posted @ Lucian.Blog

Time flies when you’re connecting to Azure AD. Late last month Microsoft announced that Azure AD Connect is now generally available. At the time of writing this, the synchronisation app itself still isn’t the default sync standard for Azure and obtaining the installer requires a quick Google. Since I’m deploying it for a client, I thought I’d run through the install process for future reference.

AADConnect provides allot of new functionality like for example this new fandangled ADDS password sync. In this scenario I’m keeping federation services, so ADFS will be deployed, which is more aligned with the previous or most common enterprise identity design.

This is going to be a long blog post with allot of screen shots (you’re welcome) on how to deploy Azure AD Connect. I’ll be going though the wizard process which will follow the automated process to deploy AADConnect, ADFS and ADFS WAP servers- pretty cool indeed.

At the moment AADConnect still isn’t the standard synchronisation service for Office 365 or Azure AD and requires download from the Microsoft Download Centre. To begin with, I’ve downloaded the AADConnect installer from this location.

Read More

Microsoft Intune: what, when, where, why, how

8th of June, 2015 / / No Comments

Originally posted at Lucian.Blog.

Having worked with Microsoft Intune a fair bit recently, in some clever ways like to extended System Centre Configuration Manager to the cloud for multi-factor authentication purposes, I’ve come to find Intune quite handy. In most ways it can be considered SCCM in the cloud which isn’t necessarily a bad thing.

In this post I’d like to quick fire off a whole bunch of handy Intune facts, figures and maybe other f-words for commonly asked questions I’ve been asked about the product suite…

Read More

Microsoft Office 365 readiness assessment

1st of June, 2015 / / 2 Comments

Originally posted at Lucian.Blog.

Okay, you have the green light and it’s time to get cracking deploying Office 365. Before a mailbox can be migrated, before even an account can be AADSync’ed, before you even provision the O365 tenant, there is the matter of checking if the existing infrastructure is ready to handle the great features of Office 365.

What is always recommended before the design phase of a project even starts is to conduct an Office 365 readiness assessment. Working on a project recently and having it fresh in my mind, I thought I’d put finger to keyboard (pen to paper) and jot down the key items to check.

There’s allot of IT companies out there who offer this discovery and assessment process which is great. As a handy reference point, here’s the approach I take, with the a focus on Exchange Online messaging as that’s what I’m pretty good at…

Read More

Amazon Web Services (AWS) networking: public IP address and subnet list

8th of May, 2015 / / No Comments

Originally posted on Lucian’s blog over at Lucian.Blog.

Amazon Web Services (AWS) has many data centre’s in many continents and countries all over the world. AWS has two key grouping methods of these data centres: regions and availability zones.

It can be very handy to either reference the IP address or subnet of a particular service in say a proxy server to streamline connectivity. This is a good practice to avoid unnecessary latency via proxy authentication requests. Below is an output of Amazon Web Services IP address and subnet details split into the key categories as listed by AWS via thier publishing of information through the IP address JSON file available here.

Sidebar: Click here to read up more on regions and availability zones or click here or click here. Included in these references is also information about the DNS endpoints for services that are therefore IP address agnostic. Also, If you’d like more details about the JSON file click here.

Read More