Powershell Status Reporting on AAD Connect

6th of June, 2016 / / 1 Comment

Recently, I had a customer request the ability to quickly report on the status of two AAD Connect servers.

Since these two servers operate independently, it is up to the administrator to ensure the servers are healthy and they are operating in the correct configuration modes with respect to each other.

Typically, if you’re going to spend money operating two AAD connect servers, it make sense they both are enabled with their import cycles but only one runs in ‘Normal’ mode (i.e.… [Keep reading] “Powershell Status Reporting on AAD Connect”

Configuring Proxy for Azure AD Connect V1.1.105.0 and above

24th of May, 2016 / / 8 Comments

My colleague David Ross has written a previous blog about configuring proxy server settings to allow Azure AD Sync (the previous name of Azure AD Connect) to use a proxy server.

Starting with version 1.1.105.0, Azure AD Connect has completely changed the configuration steps required to allow the Azure AD Connect configuration wizard and Sync. Engine to use a proxy.

I ran into a specific proxy failure scenario that I thought I’d share to provide further help.… [Keep reading] “Configuring Proxy for Azure AD Connect V1.1.105.0 and above”

AAD Connect: Custom AAD Attributes & Scheduler PowerShell

10th of March, 2016 / / 3 Comments

Following on from the posts from my esteemed colleagues: Lucian and Josh, I thought I’d post my experiences working with the latest version (v1.1.110.0) specifically two areas:

  1. Working with the AAD Connect Scheduler, that is now based in Powershell and whose configuration is now stored in AAD, using the ‘Set-ADSyncScheduler’ commands
  2. Working with ‘extension Attributes’ using Directory Extensions feature of AAD Connect

Both of these features are new to the latest version of AAD Connect.… [Keep reading] “AAD Connect: Custom AAD Attributes & Scheduler PowerShell”

Direct Access on Azure, Why? Can? How?

28th of October, 2014 / / 10 Comments

Direct Access on Azure?

A customer recently requested Kloud to assist them in implementing a Windows 2012 R2 server based Direct Access (DA) service, as their work force had recently moved to a Windows 8 client platform.  What did surprise me was that they requested it be one of the first solutions to be hosted on their Microsoft Azure service.

Direct Access, for those unfamiliar with the technology, is essentially an ‘always on’ VPN style connection that provides a user access to a corporate network from any basic Internet network connection without any user interaction. … [Keep reading] “Direct Access on Azure, Why? Can? How?”

PowerShell Detection Method for SCCM 2012 Application Compliance management

12th of August, 2014 / / 8 Comments

Microsoft System Center Configuration Manager (SCCM) 2012 has a very powerful Application Detection and Delivery model, separate from the existing ‘package and program delivery model’ of previous versions of SCCM & SMS.

The power of this new model is not having to ‘daisy chain’ packages and executables together to achieve a desired outcome.  Using SCCM’s Detection Model reduces the burden in managing a Windows client base in terms of keeping its baseline configuration the same across every client in the Organisation.… [Keep reading] “PowerShell Detection Method for SCCM 2012 Application Compliance management”

FIM Case Study: Trying to achieve a 100% Declarative (or “Codeless”) Architecture

4th of October, 2013 / / 4 Comments

When it comes to Microsoft’s Forefront Identity Manager (FIM), I sometimes run into ‘religious arguments’ with fellow FIM consultants about which way is the ‘correct’ or ‘right way’ to architect FIM to implement identity business rules into a brand new FIM architecture. Typically the argument comes about determining at the very start of a project about whether to base the FIM code base on ‘classical’ rules extensions using VB.NET or C# or try to use FIM R2’s Management Policy Rules (MPR), Sets, Sync.… [Keep reading] “FIM Case Study: Trying to achieve a 100% Declarative (or “Codeless”) Architecture”

Microsoft FIM: Working with Domino Connector v8

22nd of July, 2013 / / 7 Comments

We don’t always work with all of the ‘latest’ or ‘bleeding edge’ software here at Kloud, and occasionally us Identity Management consultants have to delve into the past and use some knowledge once thought lost from the world. Okay, so it’s not that bad, but I did find myself having to work with IBM Domino Server version 8 and FIM R2’s ECMA based Lotus Domino Management Agent (or ‘Connector’ in the new language) for a bi-directional sync between Domino and Active Directory (Exchange, Lync etc.).… [Keep reading] “Microsoft FIM: Working with Domino Connector v8”

Office 365: To Federate or Not to Federate… that is the Question

5th of June, 2013 / / 8 Comments

Yesterday, Microsoft released a new version of their ‘DirSync’ utility (http://technet.microsoft.com/en-us/library/dn246918.aspx) which up until yesterday provided a basic ‘copy’ of your local Active Directory accounts (Active Directory Domain Service or ‘AD DS’) from your premises to the MS Cloud directory (referred to as ‘Azure Active Directory’) for Office 365 (and other Cloud apps such as Team Foundation Service (TFS Online).

This blog is written for those considering moving to Office 365 (or have moved to Office 365) but haven’t identified any other application in the organisation apart from Office 365 that requires Active Directory Federation Services and SAML/WS.Federation… [Keep reading] “Office 365: To Federate or Not to Federate… that is the Question”

BHOLD SP1 Core Portal Role Management for Dummies

20th of May, 2013 / / 8 Comments

I’ve had the rare luxury of time in learning BHOLD SP1 for a customer recently and I thought I’d share the basics of what I’ve learned about the product. There’s very little in the way of information in the public realm about BHOLD SP1, particularly as Microsoft have made significant changes to the database schema for Service Pack 1 of BHOLD, so I thought I’d share some learnings.

Beware, this is a ‘BHOLD for Dummies’ scenario where all you might like to do is develop a quick scenario to show off BHOLD’s capabilities in role management.… [Keep reading] “BHOLD SP1 Core Portal Role Management for Dummies”

Fixing issues with BHOLD SP1 FIM Integration MSI installation

17th of May, 2013 / / No Comments

For those struggling to get their BHOLD SP1 demo working in a Windows 2008 R2 64-bit environment, I’ve recently run into two critical errors I thought I would blog about as they took me and my colleague Stefan Buchman some hair pulling time to work through. As this is a bleeding edge release, there isn’t much in the way of public information about others running into these errors so I thought I’d blog their fixes in case others were struggling.… [Keep reading] “Fixing issues with BHOLD SP1 FIM Integration MSI installation”