Blog Categories


Archive for the ‘Active Directory’ Category

New features for Office 365 SSO and RMS – Ignite 2015

Some very exciting new capabilities were announced here (Ignite conference) as part of the Office 365 suite powered by Azure AD and rights management service. I will share two of these here
• Cloud App Discovery
• Document Tracking

Cloud App Discovery

With 365 you’re already setup for SSO but if you require some advanced functionality like adding your third party or on-premises apps to this single sign on experience then this section of the Office 365 portal will be very valuable

Once you have synchronized users with Office 365
• In the Office 365 Admin portal go to azure AD. Go to Cloud App Discovery if you wish to add your apps to single sing on experience (Upgrade to Azure AD premium if u want self service)
• With cloud app discovery you can see how many users using which SAAS apps.
• You can view which users were denied access
• You can assign multi factor authentication (even if the app like twitter comes with single factor OOB)
Password rollover- Every week or two users passwords for SAAS apps is randomly changed. So admins also won’t be privy of user password. Initial password is changed instantaneously
Users can see log reports and incident report.

Document Tracking with Azure RMS

• Recipients can download a mobile RMS sharing app to view shared protected RMS document
• Allows doc owners to track activity on docs they sent
○ Who was denied or accessed
○ Various views – timeline view, category view, chart view, map view with geographically location where files were accessed
• Sender gets Notification email with link to tracking site and it will list all docs he shared externally or internally
• Sender can revoke access from document tracking site. Recipients get notification
There were many other features announced at the Ignite but I think these two at the very least deserve a round of applause !!

Creating Microsoft FIM Management Agent: lessons learned

extensibilityMicrosoft FIM (Frontend Identity Manager) is a popular enterprise product which is allowing to automate user creation, provisioning and de-provisioning in Microsoft Active Directory. FIM has many out-of-the-box extension connectors which allows for connecting FIM to external systems (like external user catalogs), including a set of web services. When out-of-the-box connectors are not sufficient, it’s possible to implement a custom Management Agent (MA) for FIM using .NET framework.

I recently helped to connect FIM to external system which had MySQL user database. There is no out-of-the-box FIM connector for MySQL, we had to implement our own custom management agent. While working on this task I found out that the process of creating FIM MAs is very scarcely documented. This reference and that example is pretty my the only source of information about creating Extensible Connectivity Management Agents (ECMA). The problem though is that the reference doesn’t provide a complete documentation for creating ECMAs and the code example, while providing a complete code listing for management agent, doesn’t cover all everything. In fact, the code sample represents one specific, quite simple case of ECMA 2.2 agents, and there are a couple of places in this example which require additional explanation.

Read the rest of this post »

Perficient’s Top 5 Microsoft Azure Blog Posts of 2014

Yesterday, we shared the top five SharePoint related blog posts of 2014. Gold TOP five.As several of those SharePoint posts alluded to, when it comes to the cloud, 2014 could be called the year Microsoft went “all in” and truly made cloud king. And Azure is a significant piece of that. 80% of Fortune 500 companies are on the Microsoft Cloud, with 50% using Azure. Our team shared their knowledge around Azure throughout the year, and here are the top five posts, in no particular order:

Multi-Forest Identity Solution – Azure AD Sync
In this post, Vaibhav Mathur discusses the much awaited multi-forest identity solution, Azure Active Directory Sync Tool. He gives background on why customers with complex multi-forest environments needed this. AADSync has its underpinnings from components of Microsoft’s Forefront Identity Manager (FIM) metadirectory service, so its architecture is similar to both DirSync and FIM.

Watch Out Amazon-Microsoft Azure is Here to Rule
After an impromptu airport encounter with Amazon and Google advocates, Vaibhav recognizes just how little some folks know about Azure and its capabilities. Most know Azure as only IaaS, but it has a wide variety of features in its PaaS offering and SaaS. In fact, Microsoft was one of two vendors described as leaders in Gartner’s application PaaS (which it calls aPaaS) Magic Quadrant. He goes on to talk about storage, business continuity, predictive analysis and security. Read the rest of this post »

Anglebrackets Conference – Day 2

I have been fortunate to attend this year’s Anglebrackets conference in Las Vegas. (See my coverage of Day 1 here.)

The following are my notes from the Day 2 keynote, The Integration of Technologies with Office 365. The speaker: Rob Leffers, the director of program management for the Office 365 apps team.

– Our vision
– What’s next
– Futures
– Calls to action

– Office
– Visual Studio
– Azure

Connect to Office 365 services
– Users and groups
– Files
– Mail
– Calendar
– Contacts

Build using an open platform
– Azure
– .Net
– Android
– iOS
– Html5
– Xamarin

Robust Office 365 APIs
– designed for openness and flexibility
– Consistent development platform
– Powering a world of devices

Read the rest of this post »

Spaces in Binding String Causes Issues in Sitecore AD Module

Recently working with a client in which we installed the Sitecore Active Directory Module version 1.1 with a Sitecore 7.1 implementation. So after configuring the AD module in the client’s authoring environment, two issues existed. The first was we received a .NET error as follows -> [ArgumentException: Provider name cannot be null or empty.]. We wanted to include additional fields in Sitecore from AD such as telephone number. Once we reverted out profile configuration, we also realized that roles from AD were not being integrated.

Spaces in Binding String Causes Issues in Sitecore AD ModuleSo after a lot of trial and error, and a couple of rounds through Sitecore support, the culprit ended up being a space character. Our specific space character was in the organizational unit similar to OU=Corporate Users. So Sitecore support developed a quick patch to work around the issue. We installed the new assembly and made some configuration changes:

<add name=”ad” type=”LightLDAP.Support.SitecoreADProfileProviderFixed, Sitecore.Support.403508″ connectionStringName=”ad” … …/> – change the profile provider definition

<add name=”ad” type=”LightLDAP.Support.SitecoreADRoleProviderFixed, Sitecore.Support.403508″ connectionStringName=”ad” … …/> – change the role provider definition

If you run into such an issue in your implementation, don’t hesitate to contact Sitecore support to get the patch. Make reference to issue ID 417172.

What’s New in Microsoft Azure Active Directory

Azure Active Directory is a comprehensive identity and access management cloud solution. It combines core directory services, advanced identity governance, security, and application access management. Azure AD also offers developers an identity management platform to deliver access control to their applications, based on centralized policy and rules.

In the last few months there’s been significant changes to the Azure Active Directory (AAD) features and capabilities and this post will give you a taste to some of them.

Subscription Management

Easier now for large teams to share a single subscription due to increased support for up to 200 co-administrators per subscription, a big change from 10.

Administration Roles include Billing, Service, User, & Password Administrator













Read the rest of this post »

Busy Pre-Build week for Microsoft and Azure!

The Microsoft Build Conference is set to kick off next week but the company got off to an early start this week with several different announcements.

Windows Azure now generally available in China
This may not sound like a huge accomplishment worthy of being called out individually but a little known fact is that Windows Azure is the first major public cloud service that China has made available.  This opens Azure up to an enormous user base that cloud competitors Google and Amazon don’t yet have access to.

Windows Azure will soon be re-branded Microsoft Azure
In an effort to strengthen the Azure brand, Microsoft is removing “Windows” from the name.  This is the help emphasize that the Azure platform is completely open and a variety of technologies can utilize it, not just Microsoft and Windows based technology.  The name “Windows Azure” has been a source of confusion since its introduction.  People who are new to cloud computing often did not know if only technologies supported by Windows were designed to work on the Azure platform.  This name change should clear up any lingering confusion.

Office for iPad debuts along with Enterprise Mobility Suite 
On Thursday Microsoft announced a fully functional, touch friendly edition of their Office suite tailored for iPads.  This has been a long time coming as millions of iPad users have had to find other methods of editing documents on their tablets.  The entire Office suite is free to download and use to view documents and presentations.  In order to edit documents an Office 365 subscription is needed, priced at $99 a year.  This subscription also provides you with desktop versions of Office 2013 as well as an Exchange Online account.

The Enterprise Mobile Suite is aimed to bring Single Sign On to all users for a variety of devices across services.  This would allow an Android tablet, iPad or Windows 8 machine using Azure Active Directory to authenticate against Office 365, Dynamics CRM and Windows Intune  as well as a variety of already available third party products.  This allows Microsoft technologies to be at the very core of the Enterprise Cloud while allowing users to “Bring Your Own Device”.

Microsoft is sure to provide more insight into this strategy next week at the Build Conference, in addition to their future road map for Windows!

The fast and easy way to get your on-premise users into Yammer!

Does your company have a freemium Yammer environment that pre-dates your latest Enterprise Agreement?  Do you want to have the same set of users in Yammer as you do in your on-premise Active Directory?  Wonder no longer, dear readers.

We now have some recommended reading for anyone who finds themselves trying to rationalize a pre-existing Yammer environment with their SharePoint 2013 investment– or the rest of their Microsoft infrastructure.

Microsoft has just released a new TechNet posting on syncing up your Yammer users with your on-premise AD.  Check it out!

Using System Center Automation to Manage Office 365

Manage Office 365 with Microsoft System Center Service Manager, Orchestrator, PowerShell or Custom GUI.

Working with office 365 projects one of the things I come across frequently is what are some of the ways to manage Office 365 from an on premise location. Up to now there has been a very limited tool set to do simple task. DirSync is a tool offered by Microsoft to Synchronize the User Principle Names from Local Active Directory to the Office 365 cloud. Federated Services helps create a Single Sign on to the Cloud which helps the administrators to manage passwords locally. Exchange Management console has some management functionality of Office 365 mailboxes but it requires a Hybrid Deployment. Power Shell offers the most flexible on premise management abilities. Then there are some third parties out there that provide simple management tools to do things like Synchronize passwords or Migrate mailboxes. Read the rest of this post »

Using PowerShell in Windows Server 2012 to create a simple lab

I’ve been meaning to sit down and spend some time exploring the new Active Directory cmdlets that come with Windows Server 2012 so I decided to use my lab to create some test objects and populate the mailboxes with some messages.

My lab setup is very simple:

  • 1 – Windows Server 2012 domain controller
  • 1 – Exchange 2013 server (hosted on Windows 2012)
  • 1 – Windows 8 client with Office 2013

My goal was to be able to quickly create some test users and groups in a new OU structure, populate the groups with the accounts, and finally populate the mailboxes with some test messages. Here is the script I created to do that. It should be fairly straightforward to follow. There are obviously many other ways to do this. This is just one such way. I ran the script from the Exchange 2013 Management Shell after installing the Active Directory PowerShell module.

Read the rest of this post »