Azure AD Connect is one of Microsoft’s products for syncing your Active Directory users, groups, and devices to Azure AD. Of these products, it is the most used one and although it has some customization it also is very automated and easy to use in its set up and operations.
Azure & Active Directory Center
ENow Software's Azure & Active Directory blog built by Microsoft MVPs for IT/Sys Admins.
Active Directory (2)
Active Directory replication failures are like a leaking water pipe in your wall. You don’t notice anything at first, but by the time you do, there is significant damage. It’s probably not altogether difficult to “repair” AD at this point and stop the "leak", but the damage remains. Monitoring Active Directory replication is essential to catching the little problems before they become major. It all starts with AD object inconsistencies between domain controllers.
When a network issue leaves your DC stranded on an “island”
Your users know immediately when they lose their internet connection. Those “internet is down!” tickets start flowing. But what happens when the network segment hosting their domain controller (DC) is unreachable? Microsoft refers to the isolated segment as a “replication island”. This is when part of the domain or forest is unable to communicate with the other DCs. That’s a more insidious problem because the symptoms are not immediately obvious.
Previously, MVP Nicolas Blank wrote an interesting article "Having an Identity Crisis" and it talked about all kinds of attacks on your environment. One such attack is on user email. Users tend to choose a password that is easy for them to remember and this makes the password weak and easy to guess by others. Even with some social engineering, user passwords are easy to retrieve, as can be seen on this YouTube clip What is your password?
What a great time to be an IT pro. I mean really, who has it better than us? On any given day there is so much going on, so much to learn, so much to improve, and that's why I do really enjoy my job(s). As I think about how to open this blog post, it occurs to me that I’ve had some great opportunities in my career. Sort of a “as one door closes, another one opens” sort of thing.
Office 365 allows for various authentication mechanisms, which includes federated authentication through Active Directory Federation Services. Federated authentication in Office 365 is configured per domain. However, if you register multiple subdomains in your Office 365 tenant, those subdomains will automatically inherit the authentication settings from the parent domain IF you registered the subdomains in the tenant after the parent domain.
For instance, if you have added child1.domain.com and child2.domain.com after registering domain.com, both subdomains will be converted to use federated authentication if you convert the parent domain.
In the world of hybrid headaches, directory synchronization is the root of all evil. While there's nothing wrong with using directory synchronization (I'm a big fan), most of the issues and questions I encounter when dealing with hybrid issues are a direct result of not understanding directory synchronization and how the process works.
Compromised Domain Controllers are every Active Directory admin’s nightmare. However, Domain Controllers now have nightmares of their own … all through their Print Spooler services.
When you are planning any major IT transformation, we recommend that you do what the great craftsmen do: Measure twice. Cut once. That’s because we have seen it happen time and again. You spend all this effort creating a pristine plan and understanding the cool new features of the cloud platform you are migrating to. You market those features to your end users, to help show them how it will be a change for the better. And then the moment you start migrating, you run into issues. Now you have to stop the project and remediate these problems before you can keep going.
One of the pieces of feedback we received from a previous ENow post (integrating your temporary COVID tenant with your on-premises environment), was the fear of introducing errors and interrupting processes that now rely on the Azure AD tenant. This, indeed, may be the case when you rely solely on Azure AD Connect’s soft matching capabilities and wield a narrow scope for synchronization of objects.
Want to learn more about Active Directory?
Active Directory Administration Cookbook, 2nd Edition
In this book, Microsoft MVP & Technical Editor of ENow's Azure & Active Directory Center, Sander Berkouwer will share the intricacies of managing Azure AD, Azure AD Connect as well as Active Directory for administration in the cloud and on Windows Server 2022.