Downgrading Active Directory Domain and Forest Functional Levels (Part 1)

Background With Windows Server 2008/2008 R2 approaching end of support, more organisations are upgrading their Operating Systems to the latest supported versions. Upgrading of Active Directory Domain Services (AD DS) requires a schema update, and ultimately raising the domain and forest functional levels. Customers are concerned that applications may stop functioning after raising the functional … Continue reading Downgrading Active Directory Domain and Forest Functional Levels (Part 1)

Field Notes: Azure Active Directory Connect – Domain, OU and Group Filtering

This is a continuation of a series on Azure AD Connect. The recently published blog post covers a quick introduction to the troubleshooting task available in Azure AD Connect. This post goes through options that are available in Azure AD Connect to apply filtering on objects that should be synchronized. I provide links to all … Continue reading Field Notes: Azure Active Directory Connect – Domain, OU and Group Filtering

AD: Nitty Gritty of Fine-Grained Password Policies

Hey everyone, Theron (aka T-) here, Senior Consultant with Microsoft Consulting Services (MCS) specializing in Active Directory. Fine-Grained Password Policies (FGPP) have been around for a while, but in my experience with various customers, they aren't used often, if at all. This post is an attempt to simplify them, provide some details and list some … Continue reading AD: Nitty Gritty of Fine-Grained Password Policies

Test read rights for user-assigned managed identity on a Linux VM in Azure Gov

I recently came across an issue where a user-assigned managed identity on a VM was not able to read the properties of the resource group where the VM object it was assigned to resided. As our deployment relied on these permissions being set it would fail until the permissions were added. Normally, you could easily … Continue reading Test read rights for user-assigned managed identity on a Linux VM in Azure Gov

AKS: Enabling and using preview features such as nodepools using CLI

Most of the time we use the familiar Azure portal to consume Azure Resources. That is all well and good. However sometimes we find that having the Azure CLI to do this is more easier, as once we perfect the script we can just run it, instead of having to use the Portal. In this … Continue reading AKS: Enabling and using preview features such as nodepools using CLI

SCOM 2019 Agent Installation Error

While providing support at a customer, I encountered a strange issue with the SCOM agent installations as shown below: Upon investigation the findings were as follows: The usual workaround is to delete the following  three Registry Entries: HKEY_CLASSES_ROOT\Installer\Products\Microsoft Monitoring Agent ID (D996D247BE65CC940AA413D70EF113DC)HKEY_LOCAL_Machine\SOFTWARE\Microsoft\Microsoft Operations ManagerHKEY_LOCAL_Machine\SOFTWARE\Microsoft\System Center Operations Manager Usually after deleting the above entries the installation … Continue reading SCOM 2019 Agent Installation Error

AD: Domain controllers – discover what you’ve got

Hey everyone, Theron (aka T-) here, Senior Consultant with Microsoft Consulting Services (MCS) specializing in Active Directory. During an engagement with a customer a couple of years ago, I needed to identify some info regarding their domain controllers. They were in the process of deploying System Center Operations Manager (SCOM) at the time, but it … Continue reading AD: Domain controllers – discover what you’ve got