Categories
AADConnect AADSync Azure AD AzureAD baseline conditional access MFA

MFA, Admin Roles and AADConnect Sync Failures

Come Feb 29th 2020 and Microsoft are turning off the baseline security policies. If you used these policies to do MFA for all admins (as that was an easy way to achieve this), then a replacement Conditional Access rule might cause errors with AADConnect. The reason being is that you could create a new Conditional […]

Categories
AADConnect AADSync active directory Azure Active Directory Azure AD compliance conditional access device download enterprise mobility + security exchange online microsoft Office 365 OneDrive OneDrive For Business sharepoint

Read Only And Document Download Restrictions in SharePoint Online

Both SharePoint Online (including OneDrive for Business) and Exchange Online allow a read only mode to be implemented based on certain user or device or network conditions. For these settings in Exchange Online see my other post at https://c7solutions.com/2018/12/read-only-and-attachment-download-restrictions-in-exchange-online. When this is enabled documents can be viewed in the browser only and not downloaded. So […]

Categories
AADConnect exchange exchange online Exchange Server migration Office 365 Public Folders

Public Folder Sync–Duplicate Name Error

I came across this error with a client today and did not find it documented anywhere – so here it is! When running the Public Folder sync script Sync-ModernMailPublicFolders.ps1 which is part of the process of preparing your Exchange Online environment for a public folder migration, you see the following error message: UpdateMailEnabledPublicFolder : Active […]

Categories
AADConnect AADSync Azure Active Directory Azure AD AzureAD conditional access microsoft modern authentication SSO

Azure AD Single Sign-On Basic Auth Popup

When configuring Azure AD SSO as part of Pass-Through Authentication (PTA) or with Password Hash Authentication (PHA) you need now (since March 2018) to only configure a single URL in the Intranet Zone in Windows. That URL is https://autologon.microsoftazuread-sso.com and this can be rolled out as a registry preference via Group Policy. Before March 2018 […]

Categories
AADConnect AADSync AdminSDHolder Office 365 server administrator

Cloud Admins, AADConnect and Privilege Increase Issues

Microsoft recommends that you stay on top of version updates to AADConnect. In version 1.1.553.0, which became available in June 2017, there is a reference to a gain in admin privileges that could be possible with password writeback (part of Azure AD Premium and EMS licences) that hints at a security issue. The following is […]

Categories
AADConnect AADSync active directory AdminSDHolder dirsync exchange exchange online hybrid Office 365

Administrators, AADConnect and AdminSDHolder Issues (or why are some accounts having permission-issue)

[Scripts updated 5th October 2017 to support updates for Exchange Hybrid Writeback. If you ran earlier versions of these scripts you will need to run them again] AdminSDHolder is something I come across a lot, but find a lot of admins are unaware of it. In brief it is any user that is a member […]

Categories
AADConnect active directory Azure Active Directory Azure AD sync error

AADConnect Password Reset Date Sync Issues

Got this error the other day at a client and found nothing listed on Internet search for it, which of course means only I have this issue! But even so, lets get to see what it means and how to fix it. The error turned up in the AADConnect tool and it reported sync-generic-failure on […]

Categories
AADConnect az Azure Active Directory Azure AD dirsync Office 365

OU Filtering in AADConnect–What They Grey Boxes Mean

So I had the chance to check this today. If you do OU filtering in the DirSync tools you will get an OU structure with various grey boxes in it. Here is an example: It appears that both and are options in the sync tool. You get the first (grey with a tick ) if […]