Not so much of a blog post but more of an FYI to let you know that these reference architecture for Azure Identity Management (and other parts of Azure) exist.
Microsoft’s regularly release performance tuning guides for Windows Server, this guide for Windows Server 2016 organises performance and tuning guidance across three tuning categories:
|Server Hardware||Server Role||Server Subsystem|
|Hardware performance considerations||Active Directory Servers||Cache and memory management|
|Hardware power considerations||File Servers||Networking subsystem|
|Hyper-V Servers||Storage Spaces Direct|
|Remote Desktop Services||Software Defined Networking (SDN)|
|Windows Server Containers|
I regularly work with multiple Azure Active Directory and Office 365 tenants, recently I wanted to utilise a domain that was attached to a tenant that had expired in December 2015, but did not know how to recover it.
The various portals that you can utilise offer very little guidance.
Azure Active Directory was a little more than useless
but the new Office 365 portal offered hope, with an indication as to which tenant it was attached to.
So now what are my credentials?
Fortunately there is a link to reset your account details which were emailed to my @outlook.com email address which I added when creating the tenant.
So once I had recovered my credentials then I could access the portal and delete the domain.
If you get the message below, you have objects(users, groups or contacts) in the directory that still have the domain you are trying to delete associated to them.
The domain is now removed and can be utilised in another tenant.
Azure Active Directory Connect (AADConnect) is the tool that connects your on-premises Active Directory to Azure Active Directory.
At the end of the setup there is a rather unhelpful message asking you to run
Translated to English this means. (also see Update 20/07/2016)
AdConnectorAccount: your AAD connector account.
AzureADCredentials: your credentials for Azure.
This must be run from a computer that has the Active Directory module for Windows PowerShell and the AD DS Snap-Ins and Command-Line Tools installed.
Failure to have both options installed will result in two errors:
The first error is obvious.
The second is not quite so obvious, a dsacls.exe error is generated as the command line tooling is not installed.
This is a book that I have read a few times and I have found it invaluable in how I approach issues in life, the office and specifically issues around IT.
This book has made me no longer approach the problem with the question “What are you trying to do?”, but with “Why are you doing this?“.
Understanding the “Why“
Attempting to understanding the “Why” has helped me immensely when implementing a solution or service, if it does meet the “Why”, it has made me think perhaps I should not be doing it.
Blatant self-promotion, but I wanted to share a blog post from OneLogin that gives their list of top Active Directory experts (including me) and our top tips on “What you should never do when working with Active Directory“.
Does anyone else have any other “No No’s” they would like to share?
Unlike previous versions of this vital information, this is not currently available as a word download, but only as web based information.
These can now be downloaded in PDF format from here.