When attempting to migrate a Microsoft 365 organization from federated authentication to Password Hash Sync, there are a couple of gotchas that can impact how you manage certain accounts. These changes in authentication behavior determine whether you need to implement new workflows or business processes–changes surrounding expired accounts and accounts flagged to force password change on next logon.… [ Continue reading ]
“Get-Credential” fails with “Cannot process command because of one or more missing mandatory parameters: Credential.”
This morning, I was working with a new build of Windows 11 (22H2) and came across this frustrating error:
After running the Get-Credential
cmdlet, the console is immediately returned to me with an error that I didn’t specify the -Credential
parameter.… [ Continue reading ]
Working around accounts that expire with AAD Connect
When attempting to migrate a Microsoft 365 organization from federated authentication to Password Hash Sync, there are a couple of gotchas that can impact how you manage certain accounts. These changes in authentication behavior determine whether you need to implement new workflows or business processes–changes surrounding expired accounts and accounts flagged to force password change on next logon.… [ Continue reading ]
Update to AADConnect Network Communications Test
It’s been a few months since I’ve updated this tool, but feedback from two individuals led me to a couple of small updates:
- Updated the method by which domain controllers are selected for testing. Previously, I just used the $env:LOGONSERVER variable to find the authenticating DC and didn’t actually use any of the other DCs in site (any of which AAD Connect can bind to).
Art imitates life: You can now talk to yourself in Teams
If you talk to yourself, is it bad? Or is it only bad if you answer?
You can now find out. In a new feature rolling out, you can now initiate a chat conversation with yourself.
To use this new feature, simply strike up a chat–and address it to yourself.… [ Continue reading ]
Update to AADConnect Network Communications Test
Today’s a bugfix day! Woo!
One of my peers, @DerrickBaxter, brought a few issues to my attention that I resolved:
- Updated password write-back endpoints
- Updated syntax for checking for RODCs
- Error resolving Administrator Roles
- Failing Azure AD Credential check functionality that logged both failure AND success
I’ve also updated a few other things, including updating the checks for DCOM/OLE permissions, trusted sites, and execution policies.… [ Continue reading ]
Update to AAD Connect Communications Test
Greetings!
While working with a new customer this week, I was reviewing the Azure AD Connect prerequisites, and it turns out we have updated the prereq list as well made some information public about what the installation wizard checks for.
As such, I have updated the tool.… [ Continue reading ]
Update to Wipe Exchange Online Mailbox Script
Earlier this evening, a former peer asked me about trying to bulk delete items from the Drafts folder on a customer’s Exchange Server 2010. While Microsoft Exchange Server 2010 reached end of support in October 2020, it still will work (though we certainly don’t recommend keeping it around, as it’s no longer receiving regular maintenance, support, or security updates).… [ Continue reading ]
Update to AADConnect Network Communications Test
Hey!
It’s been a while since I’ve updated this tool. One of my peers, Didier Akakpo, pointed out that we have a new endpoint to add for Self-Service Password Reset Writeback.
As such, I’ve updated the tool to include this endpoint under $OptionalResources for Commercial and GCC-Moderate tenants.… [ Continue reading ]
Removing on-premises proxy address on the way to the cloud
Several years ago, I wrote a script and a blog post to help customers use AAD Connect to strip out proxy addresses during the synchronization process. The goal was to keep the on-premises AD proxyAddresses attribute for users untouched, as it was needed for other applications and communication on-premises.… [ Continue reading ]
Update to Teams Auto Answer Script
Hey-o!
It looks like there may have been an encoding problem for some folks with the recent update of the Teams-AutoAnswer script. I’ve updated the encoding in the file and re-posted it, so please let me know if you have problems.… [ Continue reading ]
Re-posted Sensitive Information Type XML
While continuing my stroll down old posts lane, I stumbled across one that I made for building custom sensitive information types. One of the things that I noticed about it was that it it had a link a file hosted on our now-sunsetted Technet Gallery.… [ Continue reading ]
Update to Find-DuplicateValues script
Hey! As we enter the waning days of summer, I wanted to update a tool that I’ve had sitting around for a while.
Years ago, when I was in Microsoft Consulting Services, I ran into one particular customer that had manually populated the mail property of thousands of service accounts, groups, vendor accounts, and contacts–not with the object or user’s individual email address, but with the email address of the person who managed the AD object. … [ Continue reading ]
Update: AAD Connect Test Tool Updated
We’ve updated our baseline requirements for deploying AAD Connect, so I’ve updated the AAD Connect Network Communications Test to reflect those changes.
Key changes:
- We now allow you to configure AAD Connect using the Hybrid Identity Administrator role, so the tool now checks for it.
Update to Teams-AutoAnswerWithVideo Script
Nearing the height of the COVID pandemic here in the U.S., I bashed together a script to help customers auto-answer Teams calls with video. You can find the original here: Auto-Answer Teams Call with Video and PowerShell. The premise was quite simple: monitor the Teams log file for an incoming call entry and then send the Teams hotkey sequence to answer.… [ Continue reading ]