Today I finally I got some time to play with the new Azure Active Directory Sync tool and its configuration.
The installation was very straight forward. The step-by-step instruction are provided on MSDN. The administration tools and scripts are located in difference places compared to DirSync which was little confusing in the beginning.
By default DirSync runs every three hours; which for some environments or during testing may not be frequent enough…
You must install the appropriate version of the Windows Azure AD Module for Windows PowerShell for your operating system from the Microsoft Download Center.
Once installed you can start the Windows Azure Active Directory Module for Windows PowerShell.
To help detect and prevent malicious behavior I usually implement different scripts or other monitoring features in my customers environments.
One of the snippets I frequently use is one that detects newly created accounts.
There are several reasons to change the default organizational unit of computers that join the domain.
The default OU (domain.local\Computers) cannot be linked with GPOs, and should be avoided since its builtin.
I was getting an error at startup on a new Windows 2008 R2 Domain Controller. Apparently the WinRM attempts to create two SPNs after the startup process.
Since that WinRM runs under “Network Service” account, I was able to fix this warning by granting the “Validated Write to Service Principal Name” permission to the NETWORK SERVICE…
When setting up Active Directory delegation, you want administrators to be able to maintain Group Policy without being a Domain Admin.
If you read TechNet, Microsoft tells you to use Group Policy Creator Owners. However CO does not have permissions to modify or edit any other group policy objects.
I created a powershell-script which will reset the password of all users in a specific Organizational Unit.
I prefer to set unique high-end passwords for all users. If you prefer a more ‘user friendly’ approach simply…