Active Directory User Migration in Hybrid Exchange Environment Using ADMT – Part4

Active Directory Groups

Now that we have got our both the AD environments ready to start the migration and installed all the required tools, let’s start moving the objects over. To ensure that we have the proper security structure in place before users are migrated to target domain, we’ll be dealing with Active Directory groups before migrating any of the user objects.

So, what is an AD group? How is the security structure controlled by these groups?… [Keep reading] “Active Directory User Migration in Hybrid Exchange Environment Using ADMT – Part4”

Batching Microsoft Graph API Requests with JSON Batching and PowerShell

Late in 2018 it came to my attention new functionality with the Microsoft Graph API for batching API requests into a single request. As I predominantly use PowerShell for scripting into Microsoft Graph parallel requests historically required extra functions to achieve something similar. Use of Invoke-Parallel for instance, that I’ve previously discussed in posts such as How to create an Azure Function App to Simultaneously Start|Stop all Virtual Machines in a Resource Group.

Fast forward to 2019 and I’ve been building a bunch of reports from Microsoft Graph that aggregate data from multiple API endpoints such as /users /auditLogs and /security .… [Keep reading] “Batching Microsoft Graph API Requests with JSON Batching and PowerShell”

Active Directory User Migration in Hybrid Exchange Environment Using ADMT – Part3

Installation and configuration of ADMT tool and Password Export Server

Now that we have got our active directories in both source and target domain ready for migration, let’s install the tools required for migration.

ADMT Migration Account

The ADMT service account needs to have administrative rights in both source and target domains. It’s a good idea to create a user specifically for the ADMT Migration, however you may still use an existing user if desired. A single service account will be used for the entire migration:

  • In the target domain, create an administrator account

Target Domain:

  • In the source domain add the same user to the built-in Administrators group (it can’t be added directly to domain admins group).
[Keep reading] “Active Directory User Migration in Hybrid Exchange Environment Using ADMT – Part3”

Build a better technical architecture with reusable components in React for SharePoint Framework webparts

If there is a complex web part to be implemented (for eg. with over 5000 lines of code), then the important question to ask is how to distribute the implementation logic, so it could be better maintained. From a technical architecture point of view, better readability and efficiency, the react components provide a suitable solution for it.

Another important consideration for this is to increase performance of the control during build and debugging. From experience, if a control’s logic goes beyond 5000 lines of code then the build performance decreases drastically, it takes about 30 secs or more to build and another 30 secs or more to ready the control for debugging.… [Keep reading] “Build a better technical architecture with reusable components in React for SharePoint Framework webparts”

Active Directory User Migration in Hybrid Exchange Environment Using ADMT – Part2

Configuring source and target domains

In the previous post of this series I discussed about the tasks involved in migrating a user from a domain to another in a hybrid exchange environment. Now let’s get down to the nitty-witty of migration.

Before getting into moving the users across to target domain, there are few things that need to be installed and configured in both source and target domain. Let’s start by looking at the configuration steps for source and target domains.… [Keep reading] “Active Directory User Migration in Hybrid Exchange Environment Using ADMT – Part2”

Retrieve Office 365 Audit logs using PowerShell and store in Azure table for quick retrieval

To create custom reports for Office 365 events, we could use the Audit logs from Security and Compliance center. The process is quite simple and could be implemented easily using PowerShell. In this blog, we will look at the steps for the same.

Later we will also see how we could store this data in a Azure Storage Table, so it is easy to fetch the data available.

Steps to fetch data from Office 365 Audit log using Exchange Online PowerShell

The first step in the process is to import the commands from Exchange online PowerShell.… [Keep reading] “Retrieve Office 365 Audit logs using PowerShell and store in Azure table for quick retrieval”

Azure Self Service Password Reset Reporting using PowerShell

Just over 18 months ago I wrote this post on using PowerShell and oAuth to access the Azure AD Reports API to retrieve MIM Hybrid Report data. This week I went to re-use that for Azure Password Reset Reporting and found out that the API had been deprecated.

API Deprecated.PNG

Using the error information that actually was informative I proceeded to the new API. Having authenticated as I had in the previous article, I executed the following to retrieve a list of the Audit Reports available.… [Keep reading] “Azure Self Service Password Reset Reporting using PowerShell”

Using SailPoint IdentityNow v3 API’s with PowerShell

Update: Oct 2019. Leveraging the SailPoint IdentityNow API's is now easier using the SailPoint IdentityNow PowerShell Module.

The SailPoint IdentityNow SaaS product is evolving. I’ve previously posted about integrating with the IdentityNow API’s using PowerShell;

IdentityNow now has v3 API’s which are essentially the v2 and non-Published API’s with the added benefit of being able to obtain an oAuth token from a new oAuth Token endpoint.… [Keep reading] “Using SailPoint IdentityNow v3 API’s with PowerShell”

Enabling Requestable Roles in SailPoint IdentityNow using PowerShell

Update: Oct 2019. IdentityNow Roles can be easily managed using the SailPoint IdentityNow PowerShell Module.

Recently I wrote this post about Retrieving, Creating, and Managing SailPoint IdentityNow Roles using PowerShell.

Last week SailPoint enhanced Roles with the ability to request them. The details are located on Compass here.

I had a number of Roles that we wanted to make requestable, so rather than opening each and using the Portal UI to enable them, I did it via the API using PowerShell.… [Keep reading] “Enabling Requestable Roles in SailPoint IdentityNow using PowerShell”

Using Invoke-WebRequest calls within a Granfeldt PowerShell MA for Microsoft Identity Manager

If you use PowerShell extensively you should be familiar with the Invoke-RestMethod cmdlet and the ability for PowerShell to call API’s and receive information. The great thing about Invoke-RestMethod is the inbuilt conversion of the results to PowerShell Objects. However there are times when you need the raw response (probably because you are trying to bend things in directions they aren’t supposed to be; story of many of my integrations).

From within Granfeldt PowerShell Management Agent script(s) that use Invoke-WebRequest calls, these will in turn leverage the Internet Explorer COM API on the local machine.… [Keep reading] “Using Invoke-WebRequest calls within a Granfeldt PowerShell MA for Microsoft Identity Manager”