Few of the articles are posted as Images, Please use Laptop / Computers to go through the articles for best experience. For phone users, switch to Web Version

Please Share with your colleagues if you found these blogs informative. Happy Learning :-)

Stopped-extension-DLL-exception / no-start-ma Error

I faced a strange issue few days back when i was trying to  force a Delta sync it gave me "Stopped-extension-DLL-exception / no-start-ma" errors.





Steps taken for fix -

1. Using Global Administrator credentials, I logged into Azure Portal. I quickly check the Sign in logs & noticed some Failure events & on exploring them, i found possible reasons under Additional details.

Possible reasons could be a Policy blocking the access. Policy could be a coming from Conditional access or from Identity Protection .















2. Navigate to Security feature under EntraAD --> Cross checked if in past, any conditional access policy was created that might block access.

3. I then verified Azure Identity Protection Policy & under Sign-in risk Policy, i did have a Policy which was configured for Testing purpose. 

Policy was about if the Sign in risk is Low & above, then for all users access would be blocked.
















I disabled that policy & tried forcing the Sync. This time, it got completed successfully.






No comments:

Stopped-deletion-threshold-exceeded error while running Azure AD Sync

 Fixing - Stopped-deletion-threshold-exceeded error while doing Sync.









Possible Reasons - I am getting this error particularly because i have Un synced an OU from AzureAD Connect & that OU contains items which was above threshold limit for Object Sync & Unsync. 

In order to fix it, we will login to Azure AD connect server & run below commands -

1. Get-ADSyncExportDeletionThreshold - Check ADSyncExport Deletion threshold currently set.

Currently it's set to 50. This means if there is an OU which contains more then 50 objects, then probably it would throw the error.




2. Editing threshold from 50 to 200 since the OU i am unsyncing right now contains total 153 objects.





Once done, try forcing the sync again & this time you won't see any error.






No comments:

Powershell Script - Finding Group Membership differences b/w two ID's in AD

 #Created By - Abhishek Bansal
#Use Case - Useful in finding membership differences b/w two ID's. ( Mirroring Group membership)
#Note - This won't do any modification in Group membership. This only fetches the membership, compares them & give us the output in a CSV file.
#Below is the Script, Copy paste it into Powershell ISE & run it directly.



$sourceid = Read-Host "Enter Source ID from which would be used for mirroring = "
$requestorid = Read-Host "Enter requestor ID whicn needs to be mirrored = "

$Sourceid_Data = Get-ADPrincipalGroupMembership -Identity $sourceid | Select SamAccountName,GroupScope,GroupCategory,objectClass
$requestorid_data = Get-ADPrincipalGroupMembership -Identity $requestorid | Select SamAccountName,GroupScope,GroupCategory,objectClass

$counter = 0
$totalcounter = $Sourceid_Data.Count
$percentagecomplete = 0
foreach($Sourceid_entry in $Sourceid_Data)
{
$counter++
$percentagecomplete = ($counter/$totalcounter)*100
Write-Progress -Activity "Comparing values" -Status "$counter checking" -PercentComplete $percentagecomplete
    foreach($Sourceid_entry1 in $requestorid_data)
    {
        if(($Sourceid_entry.SamAccountName -eq $Sourceid_entry1.SamAccountName))
        {
            $flag = 1   
            break
        }  
        else
        {
            $flag = 0
        }
     }
     if($flag -eq 0)
     {
     
 $Sourceid_entry | Select @{n="SamAccountName";e={$Sourceid_entry.SamAccountName}},@{n="GroupScope";e={$Sourceid_entry.GroupScope}},@{n="GroupCategory";e={$Sourceid_entry.GroupCategory}},@{n="objectClass";e={$Sourceid_entry.objectClass}},@{n="distinguishedName";e={$Sourceid_entry.distinguishedName}} | Export-Csv .\Differences_$sourceid.csv -NoTypeInformation -Append
     }
  }


No comments:

Moving FSMO Roles via Command line

 Listing all the FSMO roles at once via different ways -
Command 1- net dom query fsmo










Command 2 - Listing Domain Wide FSMO roles


Command 3 - Listing Forest wide FSMO roles








As per all above snaps, we can find out which DC's are holding different FSMO roles.
Our task would be to move Schema & Infrastructure master role from "DDC01" to another DC named "GDC01".

Below command will be used for movement.

Syntax 
Move-ADDirectoryServerOperationMasterRole -Identity "DestinationDC" -OperationMasterRole 'FSMO Roles separated by comma'




  We can then check again & this time we will see those two roles on another DC.







No comments:

Syncing / Unsyncing an OU from Azure AD Connect

 Scenario-

I have an OU named "Dummy OU" containing 3 sub OU's. At present all 3 Sub OU's are syncing but as per requirements i have to Unsync  one of the Sub OU named "Dummy Groups".

Solution

First, we will open Azure AD Connect. Connect to Azure AD by providing 'Global Admin' Credentials of your tenant.










Connect to OnPrem AD
















Next would be unselect "Dummy Groups" OU under Domain and OU filtering















We will then proceed & Click on Configure. Incase you don't want to initiate the syn right now, uncheck it.





 







No comments:
Subscribe to: Posts (Atom)