Field Notes: Error when changing DNS replication scope

Introduction Way back when your AD integrated DNS zone data lived inside of the naming context in AD (next to your users and computers) you could protect it from accidental deletion just like any other object. But this can cause a problem years later when you want to move these zones to their own application … Continue reading Field Notes: Error when changing DNS replication scope

Field Notes: Azure AD – Configuring Self-Service Password Reset in Hybrid Deployments

This is a continuation of a series on Azure AD Connect. The second blog post of the series covered a custom installation. One of the optional features I promised to cover then was password writeback, which I discuss in this blog post as part of enabling the self-service password reset (SSPR) feature in a hybrid … Continue reading Field Notes: Azure AD – Configuring Self-Service Password Reset in Hybrid Deployments

Field Notes: Azure AD Connect – Migrating from AD FS to Password Hash Synchronization

This is a continuation of a series on Azure AD Connect. I started off this Azure AD Connect series by going through the express installation path, where the password hash synchronization (PHS) sign-in option is selected by default. This was followed by the custom installation path where I selected pass-through authentication (PTA) as a user … Continue reading Field Notes: Azure AD Connect – Migrating from AD FS to Password Hash Synchronization

Field Notes: The case of the stopped Azure AD Connect synchronization – stale Internet proxy server

This is a continuation of a series on Azure AD Connect. In this blog post, I cover a specific case where an export to Azure AD fails due to stale Internet proxy settings configured on the server running Azure AD Connect. I go through various tools, some of which we have covered in our previous … Continue reading Field Notes: The case of the stopped Azure AD Connect synchronization – stale Internet proxy server

Field Notes: Azure AD Connect – Attribute-based Filtering

This is a continuation of a series on Azure AD Connect. I recently covered using domain/OU and group filtering options that are available in Azure AD Connect to help control which objects are synchronized to Azure AD. I also took a closer look in group filtering, which is not recommended for use in production. Another … Continue reading Field Notes: Azure AD Connect – Attribute-based Filtering

Field Notes: Azure AD Connect – Group Filtering Gotchas

This is a continuation of a series on Azure AD Connect. In the previous blog post, we looked at filtering options that can be used to control which objects are synchronized from on-premises directories to Azure AD - domain, OU and group filtering. I would like take a closer look at group filtering here, and … Continue reading Field Notes: Azure AD Connect – Group Filtering Gotchas

AD: Nitty Gritty of Fine-Grained Password Policies

Hey everyone, Theron (aka T-) here, Senior Consultant with Microsoft Consulting Services (MCS) specializing in Active Directory. Fine-Grained Password Policies (FGPP) have been around for a while, but in my experience with various customers, they aren't used often, if at all. This post is an attempt to simplify them, provide some details and list some … Continue reading AD: Nitty Gritty of Fine-Grained Password Policies

AD: Domain controllers – discover what you’ve got

Hey everyone, Theron (aka T-) here, Senior Consultant with Microsoft Consulting Services (MCS) specializing in Active Directory. During an engagement with a customer a couple of years ago, I needed to identify some info regarding their domain controllers. They were in the process of deploying System Center Operations Manager (SCOM) at the time, but it … Continue reading AD: Domain controllers – discover what you’ve got