|
Is Azure AD Premium the only way to allow users to change their Office 365 passwords and have that change roll back to on-prem AD?
|
#
?
Apr 10, 2015 20:22
|
|
|
|
| # ? May 27, 2024 11:32 |
|
|
Correct. Password writeback requires an AAD Premium license
|
|
#
?
Apr 10, 2015 20:29
|
|
|
Thanks Ants posted:Is Azure AD Premium the only way to allow users to change their Office 365 passwords and have that change roll back to on-prem AD? Yes but I think you could get creative Powershell. Gucci Loafers fucked around with this message at 20:38 on Apr 10, 2015 |
|
#
?
Apr 10, 2015 20:34
|
|
|
skipdogg posted:Correct. Password writeback requires an AAD Premium license Cool, thanks. Did I imagine a bit shake-up coming this Summer with regards to Azure AD sync, or are there changes coming? I can't see anything mentioned on the Office 365 roadmap site.
|
|
#
?
Apr 10, 2015 20:48
|
|
|
Augh I'm so mad I'm not going to Ignite.
|
|
#
?
Apr 10, 2015 20:54
|
|
|
FISHMANPET posted:Augh I'm so mad I'm not going to Ignite. Over the premium requirement? skipdogg posted:If you're willing to lose all the on premise AD stuff you could do that. You can't use Azure AD in it's current form to handle other parts of AD like joining computers to the domain, security groups (to secure on premise resources), and letting other applications authenticate to it. (Though with Azure AD Premium SSO/SAML could be setup pretty easily) I was looking at this earlier and I thought to myself if there's just a Site-to-Site VPN to Azure why do I still need a local DC? The more I look into it there's a lot of feature loss but I'm going to lab this out. Maneki Neko posted:Windows 10 will support the ability to authenticate natively against Azure AD instead of an onprem ad, so you could look at that when it comes out. Can that be tested now with the Win10 preview?
|
|
#
?
Apr 10, 2015 22:27
|
|
|
Tab8715 posted:Over the premium requirement? When I started here back in January it was brought up as a possibility that we'd all load into a van and drive down to Chicago for Ignite, and then I'd keep bringing it up and bringing it up and it was always "well if there's interest..." until last week when it was decided that since all of the 88 hotels were sold out (I have no idea if this is true) that we wouldn't be going. So I guess I should have pushed harder for that, since it's only a 6 or 7 hour drive there.
|
|
#
?
Apr 10, 2015 22:44
|
|
|
Tab8715 posted:I was looking at this earlier and I thought to myself if there's just a Site-to-Site VPN to Azure why do I still need a local DC? Ah, I think a wire got crossed somewhere. Azure AD is different from AD in a VM on Azure. The latter works as you'd expect, while Azure AD is different.
|
|
#
?
Apr 11, 2015 09:58
|
|
|
Venusy posted:Ah, I think a wire got crossed somewhere. Azure AD is different from AD in a VM on Azure. The latter works as you'd expect, while Azure AD is different. I'm getting a little confused but what exactly is the benefit of Azure AD? I get from the diagram there's a sync between on-premise resources to Azure AD but unless you have applications in the cloud how is this beneficial? If you don't have applications in the cloud there isn't much a purpose and you can already get a connection between your on-premise domain and Office 365 with ADFS. Granted, it would eliminate the local ADFS server.
|
|
#
?
Apr 11, 2015 22:28
|
|
|
Azure AD costs nothing unless you go for one of the paid service tiers: http://azure.microsoft.com/en-gb/pricing/details/active-directory/ I think the idea is that Azure AD acts as the main directory that you authenticate Azure applications and third-party cloud apps against (inc. Office 365), and this then syncs with your on-prem AD which can be extended to Azure/AWS/Rackspace/etc virtual machines using a VPN tunnel if you don't have a separate location or datacenter space.
|
|
#
?
Apr 11, 2015 22:37
|
|
|
Thanks Ants posted:Azure AD costs nothing unless you go for one of the paid service tiers: It won't sync-back unless you have AD Premium which isn't free. Does Azure automatically auth with O365? I'm in my account and there doesn't appear to be a way...
|
|
#
?
Apr 11, 2015 22:43
|
|
|
Office 365 uses Azure AD in the background, so you should be able to authenticate other services (e.g. Mimecast) against this directory by activating the Azure account and configuring the directory.
|
|
#
?
Apr 11, 2015 22:44
|
|
|
Thanks Ants posted:Office 365 uses Azure AD in the background, so you should be able to authenticate other services (e.g. Mimecast) against this directory by activating the Azure account and configuring the directory. Yup, underlying Office 365 is Azure AD. That makes sense. Let's say I have an azure account of azure.contoso.onmicrosoft.com and a Office 365 Account of office365.contoso.onmicrosoft.com but with a verified domain of contoso.com and I want use the Azure Directory. I can't add a TXT Record into Azure when it's already in Office 365. What's my next solution?
|
|
#
?
Apr 11, 2015 22:52
|
|
|
If you're logged into the 365 portal and go to https://manage.windowsazure.com then it will give you the opportunity to create a new Azure account which I think uses the same directory as 365, but I have no idea how to bring an existing Azure account in. If you find out let me know. For what it's worth though I don't think there's a difference in authenticating against an AD in the same Azure tenant vs. a separate one, since it works off client IDs, app keys and URIs of services. Edit: I don't know if this would get you close to what you want to do. https://msdn.microsoft.com/en-us/library/azure/dn736055.aspx Thanks Ants fucked around with this message at 23:27 on Apr 11, 2015 |
|
#
?
Apr 11, 2015 23:24
|
|
|
I've been tasked with migrating all of our servers into a new domain and I just want to make sure I gather all the correct info so it goes as smoothly as possible. Here's what I've got so far:
Any other major details I should have beforehand to come up with the proper migration plan?
|
|
#
?
Apr 12, 2015 21:56
|
|
|
Server dependencies - what servers rely on what SQL server, etc, so you can make sure that they are migrated at the same time.
|
|
#
?
Apr 12, 2015 22:11
|
|
|
TheDestructinator posted:I've been tasked with migrating all of our servers into a new domain and I just want to make sure I gather all the correct info so it goes as smoothly as possible. Might also be good to track down what's doing active directory based authentication (be it application specific, databases, etc) so you can migrate those easily.
|
|
#
?
Apr 13, 2015 01:09
|
|
|
As part of the migration, are you building the new domain next to the old domain and establishing forest trust with the old domain?
|
|
#
?
Apr 13, 2015 01:53
|
|
|
TheDestructinator posted:I've been tasked with migrating all of our servers into a new domain and I just want to make sure I gather all the correct info so it goes as smoothly as possible. are IP addresses changing
|
|
#
?
Apr 13, 2015 03:59
|
|
|
devmd01 posted:Server dependencies - what servers rely on what SQL server, etc, so you can make sure that they are migrated at the same time. Potato Salad posted:As part of the migration, are you building the new domain next to the old domain and establishing forest trust with the old domain? NevergirlsOFFICIAL posted:are IP addresses changing
|
|
#
?
Apr 13, 2015 14:52
|
|
|
I'm gonna post this in the Storage thread too, but has anyone seen problems with slow storage performance on Server 2012 R2? I've got an open case with Microsoft but we're a month in and still seem to just be flailing randomly at even identifying a problem. I've heard mumblings of others having problems, but wondering if anyone has noticed anything.
|
|
#
?
Apr 13, 2015 18:55
|
|
|
FISHMANPET posted:I'm gonna post this in the Storage thread too, but has anyone seen problems with slow storage performance on Server 2012 R2? I've got an open case with Microsoft but we're a month in and still seem to just be flailing randomly at even identifying a problem. I've heard mumblings of others having problems, but wondering if anyone has noticed anything. We have quite a few 2012 R2 file servers and none of them have performance issues. Most of them are VMs on ESXi 5.5 with VMDK storage. We also have a clustered pair of DL360 G7's with FC connected storage that are blazing fast.
|
|
#
?
Apr 13, 2015 19:06
|
|
|
FISHMANPET posted:I'm gonna post this in the Storage thread too, but has anyone seen problems with slow storage performance on Server 2012 R2? I've got an open case with Microsoft but we're a month in and still seem to just be flailing randomly at even identifying a problem. I've heard mumblings of others having problems, but wondering if anyone has noticed anything. what kind of storage and what kind of slowness are we looking at?
|
|
#
?
Apr 13, 2015 20:34
|
|
|
We've got a 2012 R2 server running Commvault, and Commvault managing it's "database." Which for us is a 90Gb pile of 20k files, a few of them enormous, most of them tiny. I guess in operation CommVault does a standard OS level file copy of these files within the same drive. In our case from J: to J:. (I'm not the backup guy so this is all secondhand). If I do a drag and drop in the GUI of these same files it's pretty fast for the big files, and then when it gets to all the tiny files the speed nosedives. This has been on a Fibre Channel SAN, a local 10k SAS disk, and a FusionIO card. Basically, whatever each device is capable of, we're seeing much less than that. We're also seeing some slowness in our Citrix environment running on VMware with a VSAN, but that may or may not be related.
|
|
#
?
Apr 13, 2015 21:15
|
|
|
FISHMANPET posted:We've got a 2012 R2 server running Commvault, and Commvault managing it's "database." Which for us is a 90Gb pile of 20k files, a few of them enormous, most of them tiny. I guess in operation CommVault does a standard OS level file copy of these files within the same drive. In our case from J: to J:. (I'm not the backup guy so this is all secondhand). If I do a drag and drop in the GUI of these same files it's pretty fast for the big files, and then when it gets to all the tiny files the speed nosedives. This has been on a Fibre Channel SAN, a local 10k SAS disk, and a FusionIO card. Basically, whatever each device is capable of, we're seeing much less than that. I have to do all transfers / backups of thousands of small files at a block level as opposed to filesystem level. An ancient database of ours used to backup with zip files, which would take 8+ hours to be created as the limitation was the filesystem's capacity to churn through millions of file handles. You need a product that will do the backups on a block level. The limitation is not your storage or storage network, but the limitations of doing this at the NFS / CIFS / other filesystem-level layer of abstraction.
|
|
#
?
Apr 14, 2015 02:37
|
|
|
I'll state it another way. Each of those tiny files represents an action. That action includes the system identifying each file, copying each file, verifying the copy with the destination agent, and any resultant network connections therewithin. Without getting into the nitty-gritty of exactly what happens in MS when you touch a file / copy a file, that's a lot of overhead. Your storage destination and storage network are most likely idle for the majority of this time. Eliminate the filesystem bottleneck altogether by using a product that just copies the disk. If you are properly segregating the system disk and the any disks for your applications -- and with your data on a J: letter, it sounds like the case -- your backup guy just needs to do a copy of the whole disk without regard for the contents. If this is a virtual server, that could mean just doing a copy of the vdisk. If it's physical, use an agent-based backup product or a partition copy tool.
|
|
#
?
Apr 14, 2015 02:46
|
|
|
Potato Salad posted:I'll state it another way. Each of those tiny files represents an action. That action includes the system identifying each file, copying each file, verifying the copy with the destination agent, and any resultant network connections therewithin. Without getting into the nitty-gritty of exactly what happens in MS when you touch a file / copy a file, that's a lot of overhead. Your storage destination and storage network are most likely idle for the majority of this time. I like using Veeam for doing this.
|
|
#
?
Apr 14, 2015 04:32
|
|
|
The files in question are not the files being backed up, they're the database that CommVault uses to manage the files it is backing up (I don't know exactly how much, but probably tens or hundreds of terabytes). The way CommVault manages its database is that it just does a "standard buffered Windows copy" (according to the vendor) of its database files. The reason this has landed in my lap is that according to the vendor performance is far below what it should be.
|
|
#
?
Apr 14, 2015 05:01
|
|
|
FISHMANPET posted:The files in question are not the files being backed up, they're the database that CommVault uses to manage the files it is backing up (I don't know exactly how much, but probably tens or hundreds of terabytes). The way CommVault manages its database is that it just does a "standard buffered Windows copy" (according to the vendor) of its database files. The reason this has landed in my lap is that according to the vendor performance is far below what it should be. So, which component precisely is being slow, the J: to J: copy of CommVault's DB files? Or is CommVault itself not backing other things up as it should? Edit: also, what's the underlying hardware as far as the Win2012 box is concerned? Potato Salad fucked around with this message at 05:07 on Apr 14, 2015 |
|
#
?
Apr 14, 2015 05:04
|
|
|
Yes, that's the part.
|
|
#
?
Apr 14, 2015 05:05
|
|
|
" I guess in operation CommVault does a standard OS level file copy of these files within the same drive. In our case from J: to J:. (I'm not the backup guy so this is all secondhand). If I do a drag and drop in the GUI of these same files it's pretty fast for the big files, and then when it gets to all the tiny files the speed nosedives. " This is the critical part of your original email. It sounds like CommVault is doing its own backup of its database before running. 90gb comprised of thousands of thousands of files....... Ask Commvault if they can do a DB consolidation (many files --> fewer files). I'm trying to make sense of their whitepapers; at an absolutely topical level, it looks like they use a proprietary application database. If the DB is fragmented into a bajillion little files, perhaps they have a re-consolidation tool? It may be worth asking. Edit: If CommVault is citing stats related to "90gb of data across a small handful of files," that would be a far cry from "90gb of data with thousands of files." It comes back to the filesystem being asked to do the copying of thousands of files. That's monstrously inefficient, and it is the bottleneck. Potato Salad fucked around with this message at 05:25 on Apr 14, 2015 |
|
#
?
Apr 14, 2015 05:18
|
|
|
Is there an Active Directory thread? Anywhere people that know lots about it hang out?
|
|
#
?
Apr 14, 2015 09:54
|
|
|
...spiceworks community? 
|
|
#
?
Apr 14, 2015 10:27
|
|
|
There is, it just has a lousy title so it gets buried. It's called "leveraging" something something "group policies". Edit: it's on page 5 Zero VGS fucked around with this message at 14:24 on Apr 14, 2015 |
|
#
?
Apr 14, 2015 13:51
|
|
|
Or just use this one
|
|
#
?
Apr 14, 2015 14:01
|
|
|
Yeah, this one works for AD stuff, the other kinda died out.
|
|
#
?
Apr 14, 2015 16:06
|
|
|
Is it Enterprise Windows? Do you have a question? Is it Enterprise related (hint: AD is). Do you hate Small Business Server Forever? Then join us!
|
|
#
?
Apr 14, 2015 16:21
|
|
|
Is it possible to recover the product key for office 2013 home & business? Nirsoft produkey doesn't work, and from googling it it seems like the best we can do is use ospp.vbs to reveal the last five characters.
|
|
#
?
Apr 14, 2015 16:39
|
|
|
mewse posted:Is it possible to recover the product key for office 2013 home & business? Nirsoft produkey doesn't work, and from googling it it seems like the best we can do is use ospp.vbs to reveal the last five characters. Maybe this guy: https://www.magicaljellybean.com/keyfinder/
|
|
#
?
Apr 14, 2015 16:44
|
|
|
|
| # ? May 27, 2024 11:32 |
|
|
Two way trust between two 2008r2 domains in separate forests, domain DNS zones are replicated as secondaries across each other on all domain controllers. When I validate the trust both directions on domain A its successful, but when I try to do the same from domain B it fails with "no logon servers available, etc." _GC, _LDAP, and _kerberos records are all correct on both domains with no lingering issues. DNS zone replication occurs with no issues. I have recently replaced all of the domain controllers in domain B with 2008r2 servers and raised the functional level, but dcdiag is clean and I made sure to set up the zone transfers as I went. This is my first time dealing with a trust issue, so I'm not sure where to go from here. Any ideas? E: fixed. The _msdcs subdomain didn't exist in the primary DNS zone for domain B, it was separated due to ms best practice after the 2008r2 upgrades. Set up domain A to replicate the _msdcs.domainb.local zone to its dns servers and that fixed it. devmd01 fucked around with this message at 19:31 on Apr 14, 2015 |
|
#
?
Apr 14, 2015 17:01
|
|