Cannot Recreate Azure AD ‘Local’ AD Connector
KB ID 0001659 Problem While trying to fix another Azure AD Replication problem today I managed to delete one of the connectors (the one for the local ‘on-prem’ Active Directory). In an effort to ‘recreate’ it, I ran the ‘Microsoft Azure Active Directory Connect’ and went to ‘Customise the Synchronisation Options’. Unfortunately I got this error; The forest {forest-name} cannot be added...
VMware Edge Gateway VPN to Cisco ASA
KB ID 0001658 Problem I was asked to setup a VPN to help out a colleague this week. When I had a look, one end turned out to be an Edge Gateway, I wasn’t that concerned, I’d done similar things in my prior role, I just didn’t have access to the vCloud or VMware at this datacenter. Depite my best efforts on the ASA, the tunnel refused to come up, it took a little looking ‘under the covers’ to accurately...
Adding Duo 2FA to Microsoft ADFS
KB ID 0001656 Problem I did a Duo run through a few weeks ago, and to be honest their documentation is usually pretty good. I was spinning this up as a PoC for a client so I thought I’d put my take on the procedure here. ADFS Duo Pre-Requisites I already have a Duo Authentication Proxy server setup and my users are enrolled, you will need to set this up first. See the following article; Duo: ADSync and Enroll Users via SMS Log...
PowerShell: Disable MFA For All O365 Users
KB ID 0001655 Problem If you have something boring/repetitive to do then Powershell is your friend! I needed to do this for a client that’s replacing their Office365/Azure AD MFA (Multi Factor Authentication) with Duo. Solution Connect to your Microsoft Services Online, i.e. Office365/Azure, using your administrative credentials with the following command; Connect-MsolService Then (Note: I’ve got more than 1000 users so I...
Group Policy: Item-Level Targeting
KB ID 0001654 Problem Yesterday I wrote a post about Deploying a ‘Mapped’ Drive to a couple of users using Group Policy. This received a comment that was basically ‘Why not simply use Client Targeting?’ To be fair that’s a good point, I was using a Group Policy Preference and they can be specifically targeted. So here’s how to do that. Solution If you do not already have one, create a group for your...