Cannot Recreate Azure AD ‘Local’ AD Connector
Feb24

Cannot Recreate Azure AD ‘Local’ AD Connector

KB ID 0001659 Problem While trying to fix another Azure AD Replication problem today I managed to delete one of the connectors (the one for the local ‘on-prem’ Active Directory). In an effort to ‘recreate’ it, I ran the ‘Microsoft Azure Active Directory Connect’ and went to ‘Customise the Synchronisation Options’. ¬†Unfortunately I got this error; The forest {forest-name} cannot be added...

Read More
Group Policy: Item-Level Targeting
Feb08

Group Policy: Item-Level Targeting

KB ID 0001654 Problem Yesterday I wrote a post about Deploying a ‘Mapped’ Drive to a couple of users using Group Policy. This received a comment that was basically ‘Why not simply use Client Targeting?’ To be fair that’s a good point, I was using a Group Policy Preference and they can be specifically targeted. So here’s how to do that. Solution If you do not already have one, create a group for your...

Read More
Apply Group Policy To a Security Group
Feb07

Apply Group Policy To a Security Group

KB ID 0001653 Problem On EE this morning someone asked how to map a drive to only two users, so that wherever they logged in, they got their mapped drive. Seemed like a good Idea for a post so here you go; Solution If you do not already have one, create a group for your users. Add the users, (as appropriate). On a Domain Controller > Administrative Groups > Locate the OU that contains your users (Note: if your users are in...

Read More
Unable to Connect to the Synchronisation Service
Feb04

Unable to Connect to the Synchronisation Service

KB ID 0001649 Problem I’m doing some work for a client that has Azure AD Sync running, and we keep kicking each other off the server, so I thought I’d login with another account. However, when I tried to open the Synchronisation Service Manager; Unable to connect to the Synchronisation Service Some possible reasons are: 1) The service is not started. 2) Your account is not a member of the requires security group. See the...

Read More
Duo: ADSync and Enroll Users via SMS
Feb03

Duo: ADSync and Enroll Users via SMS

KB ID 0001648 Problem Before you can use Duo 2FA/MFA you need to have your users enrolled. Theres a number of ways to enrol them, you can bulk email them, or manually add them. Below I’m going to Sync Duo with my Active Directory, so that if users are members of a specific AD group, they will ‘appear’ in the Duo Admin Portal. Then I’m going to enter a users mobile phone number and send them an SMS to enrol....

Read More
Duo: Migrate from LDAP to LDAPS
Feb02

Duo: Migrate from LDAP to LDAPS

KB ID 0001647 Problem With the impending ‘turning off’ of cleartext LDAP queries to Windows Server, I wanted to make sure my new Duo deployments were already using LDAPS. I got LDAP deployed very quickly and easily, but making the ‘swap’ to LDAPS proved to be massively problematic. Normally I find Duo a pleasure to deploy, but their technical documentation just confused me for this and I went running up some...

Read More