Category: AADConnect

  • Configuring and Migrating From Entra ID Custom Controls to External Authentication Methods

    Configuring and Migrating From Entra ID Custom Controls to External Authentication Methods

    Custom Controls date back to the Azure AD days and the ability to link an external MFA provider into authentication but without the full step of federation. This feature was in preview for years and never left preview, and was limited to I think three companies. Over the years I have seen this a number…

  • Migrating from AADConnect Sync to Entra Connect Cloud Sync Correctly

    Migrating from AADConnect Sync to Entra Connect Cloud Sync Correctly

    At the time of writing this blog post, the Microsoft guide for doing an AADConnect to Entra ID Cloud Sync migration is lacking quite a lot of detail. It contains the sum of two self referencing documents, one of which is a guide to doing the migration in a lab environment and the other is…

  • MFA, Admin Roles and AADConnect Sync Failures

    Come Feb 29th 2020 and Microsoft are turning off the baseline security policies. If you used these policies to do MFA for all admins (as that was an easy way to achieve this), then a replacement Conditional Access rule might cause errors with AADConnect. The reason being is that you could create a new Conditional…

  • Read Only And Document Download Restrictions in SharePoint Online

    Both SharePoint Online (including OneDrive for Business) and Exchange Online allow a read only mode to be implemented based on certain user or device or network conditions. For these settings in Exchange Online see my other post at https://c7solutions.com/2018/12/read-only-and-attachment-download-restrictions-in-exchange-online. When this is enabled documents can be viewed in the browser only and not downloaded. So…

  • Public Folder Sync–Duplicate Name Error

    I came across this error with a client today and did not find it documented anywhere – so here it is! When running the Public Folder sync script Sync-ModernMailPublicFolders.ps1 which is part of the process of preparing your Exchange Online environment for a public folder migration, you see the following error message: UpdateMailEnabledPublicFolder : Active…

  • Azure AD Single Sign-On Basic Auth Popup

    When configuring Azure AD SSO as part of Pass-Through Authentication (PTA) or with Password Hash Authentication (PHA) you need now (since March 2018) to only configure a single URL in the Intranet Zone in Windows. That URL is https://autologon.microsoftazuread-sso.com and this can be rolled out as a registry preference via Group Policy. Before March 2018…

  • Cloud Admins, AADConnect and Privilege Increase Issues

    Microsoft recommends that you stay on top of version updates to AADConnect. In version 1.1.553.0, which became available in June 2017, there is a reference to a gain in admin privileges that could be possible with password writeback (part of Azure AD Premium and EMS licences) that hints at a security issue. The following is…

  • Administrators, AADConnect and AdminSDHolder Issues (or why are some accounts having permission-issue)

    [Scripts updated 5th October 2017 to support updates for Exchange Hybrid Writeback. If you ran earlier versions of these scripts you will need to run them again] AdminSDHolder is something I come across a lot, but find a lot of admins are unaware of it. In brief it is any user that is a member…

  • AADConnect Password Reset Date Sync Issues

    Got this error the other day at a client and found nothing listed on Internet search for it, which of course means only I have this issue! But even so, lets get to see what it means and how to fix it. The error turned up in the AADConnect tool and it reported sync-generic-failure on…

  • OU Filtering in AADConnect–What They Grey Boxes Mean

    So I had the chance to check this today. If you do OU filtering in the DirSync tools you will get an OU structure with various grey boxes in it. Here is an example: It appears that both and are options in the sync tool. You get the first (grey with a tick ) if…