Disabling Directory Sync for Hybrid - Overthinking?
Hi all, I am at the finish line for decommissioning On-Prem AD and moving from our Hybrid environment to managing our identities in Entra. About to cut off the Directory Sync. Weirdly couldn't find a concrete answer on this question online, but I might just be overthinking this. **Devices are Entra enrolled + Intune Managed, NOT Domain Joined.** User profiles that originate from On-Prem AD on the endpoints still show as DOMAIN\username. User profiles that originate from Cloud on the endpoints show as AzureAD\email address removed for privacy reasons. What happens to these On-Prem User Profiles when we disable Directory Sync? Do they change over auto-magically to "AzureAD\email address removed for privacy reasons" on the endpoints? Am I missing something here? Thanks in advance.
Entra ID expressions for attribute mapping
Hi All, we have the following requirement. if [StatusEndEmploymentDate] is null or if its grater than today's date and city value is present the user should move to repective OU if [StatusEndEmploymentDate] is less than today's date than user should move to the staging OU. we have tried following query but there is no luck. need your help to achieve the requirement. Switch([StatusEndEmploymentDate],Switch([City],"OU=Users,DC=abc,DC=com", "Amsterdam", "OU=Users,OU=Amsterdam,DC=abc,DC=com", "Antwerp", "OU=Users,OU=Antwerp,DC=abc,DC=com", "Bengaluru", "OU=Users,OU=Bengaluru,DC=abc,DC=com", "Copenhagen", "OU=Users,OU=Copenhagen,DC=abc,DC=com"),IIF(DateDiff("d", Now(), [StatusEndEmploymentDate])>"-1",Switch([City],"OU=Users,OU=IAM,DC=abc,DC=com","Amsterdam","OU=Users,OU=Amsterdam,DC=abc,DC=com","Antwerp","OU=Users,OU=Antwerp,DC=abc,DC=com","Bengaluru","OU=Users,OU=Bengaluru,DC=abc,DC=com","Copenhagen"))
How to connect ADFS with OAuth 2.0 protocol
Current environment information Server OS Version: Windows Server 2012 R2 ADFS was installed. I can not create an OAuth 2.0 authentication request after ADFS client added. I use this url:(This domain is for internal network access only, because firewall is running to filter tcp 80/443 port by china telecom government security policy limit) https://adfs.dingplace.com/adfs/oauth2/authorize?client_id=wifidog_authportal&response_type=code&redirect_uri=http%3A%2F%2F172.20.1.6%3A8080%2F~dingstudio%2FwebAuth%2FadfsLogin.php&scope=openid&state= to request authentication, but ADFS redirect my request to an error page and take some error description. How can make the ADFS work correctly, and where is ADFS' s resource application program interface ? Before ADFS, my single sign on solution is CAS or myself auth server. I want a solution to help me.Active Directory
We currently have our Active Directory running on a Windows Server 2016 machine. It seems to be working out well for us. If I were to use Azure AD, does that run along side my AD on Server 2016 or would I remove the AD on Server 2016 and only run it on Azure AD. We currently use Office 365 for email, OneDrive, Flow, etc. Thanks for advice and suggestions.
Azure AD Windows 10 and Azure AD Connect
So we sync our AD w/ Azure AD Connect and I have Password Hash Sync enabled. I can't seem to login to any Windows 10 Azure AD joined computers with accounts that are synced. I was able to create a cloud only account *.onmicrosoft.com account and it works. Is it possible for the accounts that are synced from AD -> Azure AD to authenticate? Is there something special we need to make this happen?
Sync an Existing Office365 Tenant into a New Active Directory Domain
Hi, My company is existing Office365 (E3) tenant and i planning to run Azure AD Hybrid join and implement a on-premises new Active directory and sync my Office365 (E3) tenant Azure AD details into it. In this case, do i need to purchase CALs for the on-premise AD services? if no, can we use the GPO features?
Disable or delete AD user object?
What is recomended or best practise when an employee leaves the buisness, disable the account and keep it "for ever" or delete it after a periode? Is there any reason you would want to store a User AD object? Or is it a good reason for why you should delete it? Also do GDPR or the privacy law enforce anything regarding this and the employees sensitive information regarding this user object? Is there any difference regarding this on AD on-prem and Azure AD? Thank you!Directory Services Restore Mode - DSRM - Help needed
Hi there! I'm not sure if I'm bringing this on the right community. If not, please move this for the right place. I have an Active Directory test environment mimicking a real one: - DC's are 2008 R2 and 2012 R2 (a total of four DC's, two of each) - Forest and domain levels are 2008 R2, - Workstations are W7 and W10. We use Symantec Netbackup for backup, and for a restore test, we mess up a little bit with the domain and waited for a little for the replication to take place, shut down three of the DC's, and in the one remain, we went into DSRepair mode, and proceeded with a restore a full restore of the System State. After the restore, we use the ntdsutil to set it as authoritative. Everything went well, the data was restored successfully and replicated successfully to the other DC's. The problem is, I can't go into Directory Services Restore Mode anymore, in any of the domain controllers. When I select the DSRM mode, pressing F8 or using MSConfig, it always goes into SAFE Mode. Does anyone face this before? What's that I did wrong? Thanks.
