Query multiple object classes from AD using LDAP Query

31st of January, 2018 / / No Comments

Recently I had to make a query to the Active Directory to get the list of users and contacts. To achieve this, I used the LDAP query. See the following function:

 ///<summary>
/// Queries the Active Directory using LDAP
///</summary>
///<param name="entry">Directory entry</param>
///<param name="search">Directory searcher with properties to load and filters</param>
///<returns>A dictionary with ObjectGuid as the key</returns>
public static Dictionary<string, SearchResult> QueryLDAP(DirectoryEntry entry, DirectorySearcher search)
{
    entry.AuthenticationType
[Keep reading] “Query multiple object classes from AD using LDAP Query”

How to Synchronize users Active Directory/Azure Active Directory Photo using Microsoft Identity Manager

23rd of May, 2017 / / No Comments

Introduction

Whilst Microsoft FIM/MIM can be used to do pretty much anything your requirements dictate, dealing with object types other than text and references can be a little tricky when manipulating them the first time. User Profile Photos fall into that category as they are stored in the directory as binary objects. Throw in Azure AD and obtaining and synchronizing photos can seem like adding a double back-flip to the scenario.
This post is Part 1 of a two-part post.… [Keep reading] “How to Synchronize users Active Directory/Azure Active Directory Photo using Microsoft Identity Manager”

Creating Organizational Units, and Groups in AD with GUID

27th of September, 2016 / / No Comments

A recent client of Kloud, wanted to have the chance to create new organizational units, and groups, automatically, with a unique ID (GUID) for each organizational unit. The groups created needed to share the GUID of the OU.

In this blog, I will demonstrate how you could achieve the aforementioned, through a simple PowerShell script, naturally.

Before you start however, you may have to run PowerShell (run as Administrator), and execute the following cmdlet:
Set-ExecutionPolicy RemoteSigned
This is to allow PowerShell scripts to run on the computer.… [Keep reading] “Creating Organizational Units, and Groups in AD with GUID”

Active Directory – What are Linked Attributes?

26th of September, 2016 / / No Comments

A customer request to add some additional attributes to their Azure AD tenant via Directory Extensions feature in the Azure AD Connect tool, lead me into further investigation. My last blog here set out the customer request, but what I didn’t detail in that blog was one of the attributes they also wanted to extend into Azure AD was directReports, an attribute they had used in the past for their custom built on-premise applications to display the list of staff the user was a manager for.… [Keep reading] “Active Directory – What are Linked Attributes?”

Create a Replica Domain Controller using Desired State Configuration

20th of September, 2016 / / No Comments

Originally posted on Nivlesh’s blog @ nivleshc.wordpress.com
Welcome back. In this blog we will continue with our new Active Directory Domain and use Desired State Configuration (DSC) to add a replica domain controller to it, for redundancy.
If you have not read the first part of this blog series, I would recommend doing that before continuing (even if you need a refresher). The first blog can be found at Create a new Active Directory Forest using Desired State Configuration
Whenever you create an Active Directory Domain, you should have, at a minimum, two domain controllers.… [Keep reading] “Create a Replica Domain Controller using Desired State Configuration”

Create a new Active Directory Forest using Desired State Configuration

8th of September, 2016 / / 9 Comments

Originally posted on Nivlesh’s blog @ nivleshc.wordpress.com

Desired State Configuration (DSC) is a declarative language in which you state “what” you want done instead of going into the nitty gritty level to describe exactly how to get it done. Jeffrey Snover (the inventor of PowerShell) quotes Jean-Luc Picard from Star Trek: The Next Generation to describe DSC – it tells the servers to “Make it so”.

In this blog, I will show you how to use DSC to create a brand new Active Directory Forest.… [Keep reading] “Create a new Active Directory Forest using Desired State Configuration”

Good practices for implementing a healthy Azure Active Directory identity foundation

8th of February, 2016 / / No Comments

Originally posted on Lucian.Blog. Follow Lucian on Twitter @LucianFrango for daily doses of cloud.

This is part frustrated (mild) rant, part helpful hint and like the title says: part public service announcement. While I am most definitely a glass is half full kind of person, and I don’t get stressed out much or phased by pressure much, I, like anyone, do get annoyed with certain things. Let’s start with a quick vent before continuing on with the public service announcement.

Rather then just have a rant or a whinge, let me explain the situation and by doing so I’ll most likely vent some frustration.

Deploying a Hybrid Exchange environment to integrate with Exchange Online in Office 365 can be a behemoth of a task if you lack certain things. While anyone can say any number of criteria or list off important considerations, pre-requisites or requirements, I feel that there is only one thing that needs to be addressed. One thing that sticks in my mind as being the foundation of the endeavour.

Just like the old saying goes “you can’t build a strong house on weak foundations”; the same applies to that initial journey to the cloud.

I say initial journey, as for many organisations that first step after setting up a website, which can be the beginning to being a cloud-focused organisation, Office 365 is truly the first step to move infrastructure, process and systems to the cloud that I see happen the most.

Importantly though is to realise that as amazing and full of features as Office 365 is, deploying a Hybrid environment to leverage what I consider the best of both worlds, a hybrid identity, all that matters is the existing Active Directory Domain Services (ADDS) environment. That is ALL THAT MATTERS.

Step aside Active Directory Federation Services (ADFS) and Azure AD Connect (AADConnect) or even Hybrid Exchange Server 2016 itself. All those components sit on top of the foundation of the existing identity and directory services that is the ADDS environment.

ADDS is so crucial as it key link in the chain, so much so that if it has issues, the entire project can easily and quickly run into trouble and delays. Delays lead to cost. Delays lead to unhappy management. Delays lead to unhappy users. Delays lead to the people working on the project going grey.

I remember a time when I had blonde curly hair. I grew out of that and as I got older my hair darkened to a rich, chocolate (at least 70% cocoa) brown. Now, as each project gets notched on my belt, slowly, the slick chocolate locks are giving way to the odd silky, white sign that there’s not enough emphasis on a well-managed and organised ADDS.

Read More

Dynamic Active Directory User Provisioning placement (OU) using the Granfeldt Powershell Management Agent

3rd of February, 2016 / / No Comments

When using Forefront / Microsoft Identity Manager for provisioning users into Active Directory, determining which organisational unit (OU) to place the user in varies from customer to customer. Some AD OU structures are flat, others hierarchical based on business, departmental, functional role or geography. Basically every implementation I’ve done has been different.

That said the most recent implementation I’ve done is for an organisation that is growing and as such the existing structure is in flux and based on differing logic depending on who you talk to.… [Keep reading] “Dynamic Active Directory User Provisioning placement (OU) using the Granfeldt Powershell Management Agent”

Managing AD Terminal Services Configuration with FIM / MIM using the Granfeldt PowerShell Management Agent

2nd of February, 2016 / / No Comments

Forefront / Microsoft Identity Manager contains numerous Management Agents (MA’s) out of the box. However an MA for managing AD Terminal Services user configuration isn’t one of them. And at first pass you’d think you could just manipulate a few attributes in AD on an AD MA like you do for home directories (aside from creating the file and permissions on the filesystem) and you’d be done. Don’t worry, I made that wrong assumption too.

Overview

In this blog post I’ll document how you can enable Active Directory users with the necessary attributes and file system elements utilising Søren Granfeldt’s extremely versatile PowerShell Management Agent.… [Keep reading] “Managing AD Terminal Services Configuration with FIM / MIM using the Granfeldt PowerShell Management Agent”

Provisioning Home Directories for Active Directory Users with FIM / MIM using the Granfeldt PowerShell Management Agent

29th of January, 2016 / / 1 Comment

Forefront / Microsoft Identity Manager contains numerous Management Agents (MA’s) out of the box. However an MA for creating user home directories and setting the associated permissions isn’t one of them.

Over the years I’ve accomplished home directory provisioning and permissioning in Active Directory / Windows File Services and Novell eDirectory / Novell File Services using methods that aren’t strictly best practice / supported (e.g. calling native libraries from within a Management Agent Extension to create/manage/delete etc).… [Keep reading] “Provisioning Home Directories for Active Directory Users with FIM / MIM using the Granfeldt PowerShell Management Agent”