Today would shed some light on the cmdlet “Enable-ADSyncExportDeletionThreshold” which comes with the Azure AD Connect. If you are using Azure AD Connect to synchronize your On-Premise Active Directory to Azure Active Directory, Azure AD Connect will never execute a batch of more than 500 objects to delete. You can check the current value by using “Get-ADSyncExportDeletionThreshold”:
Continue reading
Active Directory
Azure AD – Change from ADFS to pass-through Authentication
Since pass-through Authentication is GA and the major limitations are gone, I decided to change my Azure AD authentication against my local AD from ADFS to pass-through provided with Azure AD Connect.
For those who are not that familiar with the concept of pass-through authentication, on this Microsoft Article “How it works”, you will find all the information. The picture below is from this article as well.
Continue reading
RMS Sharing App Error 0x800704cf
Hi Reader,
this is a small one: I had an issue when I tried to use the RMS Sharing app. Always when I used the Sharing application, I got the following error:
0x800704cf the network location cannot be reached
—–
Unfortunately I haven’t saved a Screenshot of the error Message. But I could not find any information on this topic. The only thing I was thinking about was: Why does the error tell me, that the sharing app can’t connect to a network location. Continue reading
Azure AD Domain Services – What you can do, and what you can’t do
Since Microsoft has Released Azure AD Domain Services, many questions are coming up, and the top one of them might be: Can I join my Windows 10 Client through the internet to my Domain and receive Group Policies? No, you can’t.
But besides this, there are other questions that remains to be answered, and I will try to do so.
The first thing is to explain, what is required to get the Azure AD Domain Services (AAD DS) up and running:
1. Create a group in Azure AD called “AAD DC Administrators”
2. Create a VNET in Azure if not already existent
3. Activate the AAD DS in the Azure Portal:
4. Update DNS Settings for the specific VNET
And now, you are ready to go, for a more detailed explanation refer to this Microsoft Article.
ConfigMgr – NDES Certificate Deployment fails due to Network Device Enrollment Service failure
I was struggling a little bit within my LAB trying to get the Network Device Enrollment Service (NDES) up and running again for the Simple Certificate Enrollment Protocol (SCEP), which is I believe not that simple, but anyway. I was really unsure what I did have changed (because I changed a lot in the last month within my LAB), that would have stopped the functionality of the Certificates to my devices, but I had a start point, the event log of the NDES Server told me the following:
The Network Device Enrollment Service cannot retrieve one of its required certificates (0x80070057). The parameter is incorrect.
The Network Device Enrollment Service cannot be started (0x80070057). The parameter is incorrect.
Continue reading
Windows 10 – Deploy Profile Picture to Logon Screen
In my current deployment I wanted to get our fancy pictures from Active Directory to our Windows 10 Machines where it can be used for the logon screen and other places like start menu:
First, I want to let you know, how I add the Picture to my user accounts. Well this is quite simple, I just use those two lines of Powershell:
$userphoto = [byte[]](Get-Content "C:\temp\MYUserPic.jpg" -Encoding byte)
Set-ADUser -Identity MYUserPic -Replace @{thumbnailPhoto=$userphoto}
If this is done, and you have also Azure AD Connect in Place, your picture will be synced to Azure AD as well, and therefore the picture will show up in Office365. Mind that there are different recommendations for specific systems (Exchange, Office365, Skype for Business), but you can also use high-resolution images. See also this Microsoft Knowledgebase article for issues with pictures larger than 100kb: Technet Article Exchange Online Hybrid Image size
Continue reading
ADFS – Install Web Application Proxy fails with 401: Unauthorized
Hi,
today I faced the issue, that when I tried to install my Web Application Proxy for ADFS, it permanently fails with the Event ID 422:
With Text:
Unable to retrieve proxy configuration data from the Federation Service.
Additional Data
Trust Certificate Thumbprint:
3CD8F7C4697ED510546F74C25B4FD4F8C183CE34
Status Code:
Unauthorized
Exception details:
System.Net.WebException: The remote server returned an error: (401) Unauthorized.
at System.Net.HttpWebRequest.GetResponse()
at Microsoft.IdentityServer.Management.Proxy.StsConfigurationProvider.GetStsProxyConfiguration()
—- End Snip—
I was quite sure, that I had everything quite well configured, and that I was using the correct certificate. Continue reading
Active Directory – Create Printer Queue with Powershell
Today I needed to create a lot of Print Queues in a Remote Domain, which I thought it should not be that hard with all the cmdlets given from Microsoft. But with my first shots with some cmdlets and also with the usage of my preferred Search engine, I could not find a working solution throughout PowerShell to create Printer Queues. I found other people with the same needs, but with no solution and I found a working VBScript, but I needed to put the Block into a PowerShell script, rather than executing a VBScript out of PowerShell.
After a lot of trying and understanding, I could get a Script working:
Continue reading
blog.hosebei.ch 