Azure AD Connect: New version 1.1.561.0 available

A new version of Azure AD Connect is available since yesterday.

This release expands the scope of automatic upgrade to a wider scope, so there is an action needed if you don’t want that:

The scope expansion of the Automatic Upgrade feature affects customers with Azure AD Connect build 1.1.105.0 and after. If you do not want your Azure AD Connect server to be automatically upgraded, you must run following cmdlet on your Azure AD Connect server: 

Set-ADSyncAutoUpgrade -AutoUpgradeState disabled.

 

You can download the new version from HERE.

Read more of this post

Azure AD Connect: New version 1.1.557.0 available

Yesterday a new smaller version update was made available for download. It contains one fix and two improvements/features:

New build number is: 1.1.557.0

See Azure AD Connect: Version release history and download the bits from here.

Fixed issue

  • Fixed an issue with the Initialize-ADSyncDomainJoinedComputerSync cmdlet that caused the verified domain configured on the existing service connection point object to be changed even if it is still a valid domain. This issue occurs when your Azure AD tenant has more than one verified domains that can be used for configuring the service connection point.

New features and improvements

  • Password writeback is now available for preview with Microsoft Azure Government cloud and Microsoft Cloud Germany. For more information about Azure AD Connect support for the different service instances, refer to article Azure AD Connect: Special considerations for instances.
  • The Initialize-ADSyncDomainJoinedComputerSync cmdlet now has a new optional parameter named AzureADDomain. This parameter lets you specify which verified domain to be used for configuring the service connection point.

MIM2016: Configuration best practices with MIMCheck

My fellow MVP Jeff Ingalls released a new cool tool to check your MIM solution against well known best practices. There was a FIM 2010 R2 BPA (Best practice analyzer) in the past but that tool has not get updates for a long time.

So Jeff decided to create his own tool putting in all the know best practices spread over the internet.

These are the bullet points of MIMCheck:

A read-only, stand-alone, remote, command-line tool that performs Microsoft Identity Manager best practice analysis checks.

Version 1.0 features include:

  • 38 best practice task checks including data integrity checks of the synchronization service database
  • Run an entire category of tasks: syncserver, portalserver, syncdb, portaldb
  • Manually specify synchronization or portal server names, ports, instance names, and database names
  • Export all tasks, description, and references to output without performing any action
  • Verbose output which includes task names, which can be used to run the task individually, requirements to run the task, reference(s) for further reading, a description of the task, number of errors, and a task result.
  • Redirection of output to a datetime name stamped file for periodic automation
  • Digitally signed
  • Licensing options available for consultants and consulting companies who which to use the product as a service and/or charge for the use of the software.

You can download the tool from here: http://www.ingallsdesigns.com/downloads.html

You can drop Jeff a mail for feedback or feature requests.

He did also a small presentation of the tool at the MIM Team User Group meeting yesterday, so you can wait for the recording of that presentation available on the Unify Solutions youtube channel within a few days.

 

MIM Configuration Documenter released on GitHub

The Identity community project team has recently released the MIM Configuration Documenter on GitHub as an open source project.

Its a very cool and easy tool to document your MIM solution (Sync and Service).
It also supports MIMWAL.

The main intend of that tool is:

  • Document deployment configuration details for the MIM / FIM solution!
  • Track any configuration changes you have made since a specific baseline!!
  • Build confidence in getting things right when making changes to the deployed solution!!

Current Version 1.17.0522.0 is the public beta which has limitation one some Management Agents but I’m sure there is more to come.

You can download precompiled binaries and source code from the Microsoft Repo:

https://github.com/Microsoft/MIMConfigDocumenter

 

Azure AD B2B: How to bulk add guest users without invitation redemption.

I think most of you are familiar with the concept of Azure AD Business-to-Business (B2B) where you can add users of other companies to your Azure AD tenant. This feature does not require the partner organization to already own or manage their own tenant; you can simply invite every user with an email address.

If the invited user already exists in an Azure AD tenant a guest user is created in your tenant that is linked to this user object in the foreign tenant.

If the invited user does not exists in an Azure AD tenant a shadow/unmanaged tenant is created behind the scenes for that user, additional users from the same domain will then created within this unmanaged tenant.

However, if you add a foreign user to your tenant an invitation mail is send to this user you add and the user has to redeem the invitation. By default, users are created as a guest user, which don’t have any permission (even read directory) in your tenant. Nevertheless, you can assign permissions like application permission, Azure AD or RBAC roles to such users.
Read more of this post

Global Azure Bootcamp: Speaking at Let’s talk Azure in Saarbruecken

On Saturday, 22.04.2017 there will be the next Global Azure Bootcamp.

I will speak at the meetup “Let’s talk Azure” in Germany, Saarbruecken. There are still some seats free, so come an join us.

My topic will be Microsoft Identity Manager 2016 (MIM) as an extented tool for Hybrid Identity.
The following points will be covered by my presentation and demos:

  • Manage Azure AD and PIM Role with on-Premises groups
  • Customized group write-back for static and dynamic security groups
  • Manage licenses and group membership of cloud-only and B2B users
  • B2B user write-back to on-Premises Active Directory

 

 

Hotfix rollup package (build 4.4.1459.0) available for Microsoft Identity Manager 2016 SP1

Yesterday Microsoft released a new hotfix rollup package for Microsoft Identity Manager 2016 SP1.

This hotfix contains a lot of improvements and in addtion fixes several issues which cannot all be listed here.
One major improvement is the support of:

SQL 2016 Always On Availability Groups

and

System Center Service Manager 2016 Reporting supportability

See more details on the following blog posts and KB article:

Hotfix rollup package (build 4.4.1459.0) is available for Microsoft Identity Manager 2016 Service Pack 1

Download Update for Microsoft Identity Manager 2016 SP1 (KB4012498)

Supported platforms for MIM 2016

Identity and Access Management Support Team Blog

%d bloggers like this: