Paul Williams talked in his blog about using another attribute from on-premises Ad’s to act as the ImmutableID for Azure Active Directory (http://blog.msresource.net/2014/03/10/windows-azure-active-directory-connector-part-3-immutable-id/)
While making a very detailed blog entry on why and which attribute to choose, there wasn’t a guide on how to make this work in AADSync.
[update 21-Aug-2017: The latest version of Azure AD Connect have the functionality built-in to select the ImmutableID. There is no need to hack the rules manually anymore.. read more about it at: http://blog.azureinfra.com/2017/08/21/immutableid-ms-ds-consistencyguid-adconnect-final-part/]
So a recent project got me thinking about this. In this particular scenario there is already a forest (1 domain) using DirSync to replicate their users to AAD, and the requirement is to prepare for an AD migration, while also adding other users to the same AAD tenant. As usual, user objects might be duplicate between the two forests and we want to use the mS-DS-ConsistencyGuid attribute to be the immutableID.
In a previous post we looked at the ability of creating a Site-2-Site connection from Checkpoint to Azure using a Dynamic Gateway. In this post, we look at client-dialup (VPN) into the Azure network and establish routing between all the sites involved.
In this post, how to configure a Site2Site VPN connecting using a Checkpoint firewall.
[EDIT: The instructions below are for R77, which is a really old version. I’m currently writing the instructions for the R80.20 version, but it seems it’s a bit harder to get the S2S tunnel up and stable.. certainly on my PPPOE internet connection… more updates soon!
But in case you still want to make this work, please check this hidden article with my notes.. that have not been validated yet! [/EDIT]
While http://msdn.microsoft.com/en-us/library/azure/dn133795.aspx tells you how to create the Site2Site VPN, the firewall part only covers Juniper or Cisco appliances. As I do not own such a device, I got to work on the Checkpoint together with Syed Pasha.
Below the network overview…
So all documentation on BHOLD informs you there are “out of the box” reports available.. none of the articles show which reports they are.. so here they are..
So this post is more of an advertisement.. Office 365, the latest version of BPOS (Business Productivity Suite Online) is in beta stage at the moment and more enterprises decide to go for it. It is based on Exchange 2010, Lync (new OCS), SharePoint 2010 and lots more.. My colleagues have decided to create a […]
I’ve been working with CCF the last days, CCF you say what is that? Well its a product from Microsoft that can be used to enhance the experience of users when working with multiple applications that require the same input. Say we have a call center with many applications. When a customer calls the agent asks for your zip code or address. Then you state your problem and the agent needs to open a different program and re-enter your zip code, then the company needs to send you a package and for that application he again needs your address details.. annoying for you (every time the agent asks you for your creds and even more annoying for the call center agent since he/she has to type the same info multiple times.
So CCF can help you with that..it requires a lot of programming to integrate all the apps, but it could be worth it.. are you designing CCF? are you interested in the architecture.. check out this post …
When creating a forest trust, each domain within the trusted forest becomes trusted. While this is sometimes not desired it is possible to limit the scope by implementing selective-authentication. It is possible to only allow authentication between those domains you want by granting the allowed to authenticate right to only those domains objects.
When you want to control the bindings on a network card in Server Core (2008R2), your stuck with the registry editor. So how do you A: know what binding you want to remove, B: where to locate it, C: to disable it.. A is easy.. you want to remove, File and Printer Sharing, Client for […]
Daylight saving time.. (DST).. some love it (due to some extra hours of sleep) some hate it.. because the have to program around it.. and so do the developers at Microsoft.. and then.. there are some countries that like to switch the dates they change the time (Argentina for example).. well all fuzzy logic if you ask me.. and so did the developers think.. and they accidently missed one date.. a date very close to come..(October 25th)