Azure AD Connect: User Realm Discovery Failed.

Recently I faced an issue with Azure AD Connect. The scenario: A Windows Server 2012 R2 box with direct access to the internet with Azure AD Connect installed and running under the context of a service account. As Azure AD Connect was running in the context of a service account, it wanted to utilise a … Continue reading Azure AD Connect: User Realm Discovery Failed.

Azure AD Connect: Initialize-ADSyncDomainJoinedComputerSync

Azure Active Directory Connect (AADConnect) is the tool that connects your on-premises Active Directory to Azure Active Directory. At the end of the setup there is a rather unhelpful message asking you to run "AdSyncPrep:Initialize-ADSyncDomainJoinedComputerSync" Translated to English this means. (also see Update 20/07/2016) Open PowerShell and set your execution policy to unrestricted. set-executionpolicy unrestricted … Continue reading Azure AD Connect: Initialize-ADSyncDomainJoinedComputerSync

The hidden benefit of hacking your own Active Directory?

This summary stems from a brief conversation within a peer circle. A parallax perspective on the issue of passwords. Most IT organisations have an IT Security policy, which defines the required password parameters for an organisation.  Active Directory provides a method to enforce the password parameters, from their complexity and length to the frequency that they must … Continue reading The hidden benefit of hacking your own Active Directory?

Active Directory: What to learn next?

The Microsoft MVP summit was held last week (3rd - 7th November) in Redmond, where I had the good fortune to spend the week with members of various Microsoft product teams that are responsible for what we commonly know as Active Directory.  I can genuinely say that in technology terms I have not been this interested in the … Continue reading Active Directory: What to learn next?

Active Directory: A user cannot be in more than 1015 groups.

In any Microsoft Active Directory forest, a user can only a member of 1024 groups but after allowing for up to 9 well known SIDS this number is actually 1015. See KB http://support.microsoft.com/kb/328889If a user exceeds the hard limit of 1015 group memberships they probably will not be able to logon.What do you do to rectify … Continue reading Active Directory: A user cannot be in more than 1015 groups.