Recent Updates Toggle Comment Threads | Keyboard Shortcuts

  • markparris 12:12 pm on November 19, 2015 Permalink | Reply
    Tags: AADConnect,   

    Azure AD Connect – AdSyncPrep:Initialize-ADSyncDomainJoinedComputerSync 


    Azure Active Directory Connect (AADConnect) is the tool that connects your on-premises Active Directory to Azure Active Directory.

    At the end of the setup there is a rather unhelpful message asking you to run


    Translated to English this means.

    1. Open PowerShell and set your execution policy to unrestricted.
      set-executionpolicy unrestricted
    2. Change directory to
      C:\Program Files\Microsoft Azure Active Directory Connect\AdPrep>
    3. Then
      import-module .\AdSyncPrep.psm1
    4. Then
    5. Supply values for the following parameters:

      AdConnectorAccount: your AAD connector account.
      i.e. identitatem\

      AzureADCredentials: your credentials for Azure.

    6. If successful you should see

      Initializing your Active Directory forest to sync Windows 10 domain joined computers to Azure AD.

      Configuration Complete

    7. As good practice, set  your execution policy back to restricted.
      set-executionpolicy restricted



  • markparris 11:58 pm on October 16, 2015 Permalink | Reply
    Tags: , , Hybrid Identity,   

    RIP – MVP: Directory Services 

    Last week Microsoft announced some radical changes to the Microsoft MVP program

    Steve Guggenheimer: Moving into the next generation of the Microsoft MVP Award
    MVP Website: Award Update – Oct 2015

    In summary (there are a few exceptions), MVP’s have been categorised under one of ten new headings. Directory Services now comes under the categorisation of Enterprise Mobility, therefore I am now an MVP for Enterprise mobility.

    My initial thought was, Enterprise Mobility? I don’t do telephony

    I soon realised Microsoft’s logic in their categorisations, enterprise mobility is not all about mobile telephones and the utilisation of various parts of the radio spectrum, it is in fact about being able to access your enterprise from anywhere and on any device and identity is a key component of Microsoft’s enterprise mobility strategy.

    In an on-premises world the de facto enterprise identity solution is Active Directory (Directory Services) and in the Microsoft cloud it is Microsoft Azure Active Directory. The term hybrid identity is the fusing of the two methods of identity together to create a seamless identity solution be it on-premises or in the cloud.

    As I delve deeper into the deeper corners of Microsoft identity, I will share my story to this blog and unlike the 15 year old teenager that is Active Directory, not everything that can be written about the Azure Active Directory and Hybrid Identity has been written yet.

  • markparris 5:04 pm on July 3, 2015 Permalink | Reply
    Tags: , ,   

    Directory Services: MVP Renewed. 

    I am once again honoured to be a recipient of the Microsoft MVP award for Directory Services.

    Since first becoming an MVP in 2009, the Directory Services designation has evolved to cover many complimentary technologies and solutions in both on-premises and cloud solutions, such as traditional Active Directory to Azure Active Directory.  Microsoft’s rate of innovation and change within the Azure space alone is phenomenal and shows no sign of abating and  whilst these new technologies are exciting they have to be learnt and understood in order to implement and support the adoption of these new technologies.

    The book I am currently reading “Rookie Smarts” by Liz Wiseman highlights an interesting research analysis, in the book Liz states that.

    Knowledge decay in the 1970’s was 10% per annum” but “In 2005 it was estimated that knowledge becomes obsolete at 15% per year, but in high tech this is as much as 30%.   If information doubles every 9 months and decays at 30% a year; within 5 years, only 15% of your knowledge will be relevant”.

    If I want to keep being awarded the MVP designation, it’s obvious (well to me anyway) that I need to keep up with the technology (as well as supporting the community), else my skills will soon be as relevant as my MCSE in NT 3.51.

  • markparris 11:00 am on June 9, 2015 Permalink | Reply
    Tags: , career path,   

    Thought Leadership. 

    It never fails to amaze me how ones words and actions can directly and indirectly influence another person’s actions or even alter their career path.  Over the years I have always tried to share my knowledge with my peers and the IT community as a whole and yesterday I felt rather humbled to receive this comment in an email.

    This is my first full time AD role. I find it funny you ask [sic. an irrelevant question], you’re indirectly responsible for me getting this job.  I followed your work for years, so thank you.

    It’s the little things that make a big difference.

  • markparris 5:02 pm on March 30, 2015 Permalink | Reply
    Tags: , ,   

    The hidden benefit of hacking your own Active Directory? 

    This summary stems from a brief conversation within a peer circle. A parallax perspective on the issue of passwords. 

    Most IT organisations have an IT Security policy, which defines the required password parameters for an organisation.  Active Directory provides a method to enforce the password parameters, from their complexity and length to the frequency that they must be changed. 

    Once a company’s password policy is understood and required parameters are known, internally bad practice can set in and this is not necessarily limited to the end users, IT can equally be at fault.  For example the service desk may create all new user or service accounts with the same common password.  Password1234$$ or Welcome2015! 

    So what has this got to do with hacking your own Active Directory? 

    Using one of the numerous Active Directory password cracking tools on the internet, you can analyse (crack the easy ones) the passwords stored in Active Directory and produce a list of the most common passwords.

    These common passwords can then be cross referenced to their owners and with a little bit of mathematics, it is possible to deduce that perhaps with 10 passwords, 70 % of all systems can be accessed, not only is this a rather frightening metric, but this is reality and one attack vector for anyone with access to a domain controller. 

    This is not a simple problem to fix with the current architecture of Active Directory, but with small process changes and education around the use of common passwords the percentage of systems that could be accessed or compromised may be reduced. 


    • robsilver 10:58 pm on March 30, 2015 Permalink | Reply

      Let’s not even talk about Service Accounts, Stale Accounts, Bulk or Shared Accounts. Then BYOD and Enterprise internet via WiFi on a Corp Network to keep the CxOs happy…


  • markparris 9:26 pm on November 9, 2014 Permalink | Reply
    Tags: , , ,   

    Active Directory: What to learn next? 

    The Microsoft MVP summit was held last week (3rd – 7th November) in Redmond, where I had the good fortune to spend the week with members of various Microsoft product teams that are responsible for what we commonly know as Active Directory.  I can genuinely say that in technology terms I have not been this interested in the future of Windows since I did my first Windows Server 2000 course (MOC 1561) back  in 1999.

    The MVP Summit content is mostly under NDA and I have always respected the NDA and with this in mind all I will say is that over the next few months I will be reading and learning as much as I can on the following areas of Microsoft technology.

    Azure Active Directory

    Azure Active Directory Sync Services

    Azure Rights Management

    Windows 10

    I would also recommend that you start to start to think about the concept of Active Directory being an identity provider and that in the future it will all be about managing identities and not solely about managing the technologies that deliver them.

    Food for thought, think about what type of identities your business will support, business only or perhaps personal too? What is an identity? What is a personal identity? Who owns the identity?  (I will follow up on this concept with another post).

  • markparris 12:44 am on November 4, 2014 Permalink | Reply
    Tags: , ,   

    Lifelong Learning 

    There are so many things to learn about in life, that I rarely find time to read fiction and over time I appear to have made an unconscious decision to subscribe to constant or “lifelong learning”.

    This may appear to directly contradict what I stated in this post , but lifelong learning does not necessarily relate directly to the skills you need to do your job, it may give you the ability to progress or diversify in your career, skills that compliment your current skillset to enable you to advance into management or leadership positions; equally you could learn about something for no other reason than to learn about it.

    Since embarking on lifelong learning, I have academically studied wireless and mobile data networks; copyright and mathematics; additionally self-studied TOGAF©, Six Sigma© and evolutionary leadership. Many of the new skills that I have learned, I have found helping me in my professional career and personal life in ways that perhaps I did not originally conceive when I started to learn. The skills I have learned for example, the mathematics has enabled me to assist my son with his homework; copyright introduced ethical concepts into my thought process and TOGAF© has made me think about how I approach aspects of the deliverables I produce.

    My constant quest for knowledge has also had what some people may determine being a negative benefit, such as I have picked up systems at work and learned them because I needed to leverage the applications capabilities, by default I became the owner and administrator of the application, which was not my intended outcome.

    As Francis Bacon is attributed to have said “knowledge is power” and for me the power comes from knowing more about what you currently don’t know about. Lifelong learning is not down to your employer, whilst they can contribute it is ultimately your choice.

    So where do you start? Pick a topic or subject, buy a book, find a website and start to learn.

    Originally published on LinkedIn.

Compose new post
Next post/Next comment
Previous post/Previous comment
Show/Hide comments
Go to top
Go to login
Show/Hide help
shift + esc

Get every new post delivered to your Inbox.

Join 1,483 other followers

%d bloggers like this: