Tag: ad

AD integration changes in Ubuntu 16.04

I’ve written an extensive tutorial about integrating Ubuntu 15.10 with Active Directory. Today I’ve deployed our first testbed comp with 16.04 (beta2) installed. Joined it to AD, set up FDE, everything’s fine. Then the user complains he cannot sudo. Hmm, lemme check the sudoRole for typos. Nope, it’s fine. Let’s delete and recreate it. It […]

Integrating Ubuntu with Active Directory

Prelude You can run, but you can’t hide, sooner or later it’ll knock on your door. I was assigned with the task of providing our colleagues with Linux workstations. Previously we had Windows, which is no biggie. Then came OS X, which is far from being perfect, but still reasonably doable. And then came Linux… […]

Azure AD Connect Best Practices

The disaster I had gave me some good pointers regarding how one should configure and use their Office 365 tenant and on-premises AD together. Here’s some suggestions: Always use a separate “in cloud” global admin account for directory synchronization. In case you lose your synced admin accounts, you’ll still have another admin that can recover […]

Azure AD Connect Disaster Recovery

Prelude Yeah, I know, the title’s already promising enough. And yeah, it did happen. At some point in my previous post I mentioned that after group filtering failed on me I reverted to OU filtering. So at the time I had 2 filters in place. This may or may not be the cause of what […]

Azure AD Connect Preview 2

Overview I’ve just covered my experience with Azure AD Connect Preview 1, but here’s the new preview already. Some highlights: In-place DirSync upgrade is supported. Group-based filtering, in addition to OU-based filtering I’ve demonstrated with Preview 1. Syncing of on-premises custom attributes by extending the Azure AD schema. A lot of writeback stuff like user, […]

Migrating from DirSync to Azure AD Connect

Preface So DirSync is a thing of the past now. It’s deprecated but it’s supposed to keep working. For us, it didn’t. Password sync just never occured, so when a new colleague arrived at our office needing a new account I was basically forced to upgrade to the newcomer dubbed Azure AD Connect, or Azure […]

FileVault with Active Directory

Remember storing BitLocker passwords in Active Directory? Wouldn’t it be great if you could store OS X FileVault keys the same way? Well, actually, you can. Not out-of-box, but technically nothing is in the way of doing just that – it’s just a bunch of characters. So I decided to create a simple utility for […]

BitLocker with Active Directory

Preamble Here’s the deal: you want to deploy BitLocker on your workstations you want to backup the recovery keys and TPM info to Active Directory your domain and forest functional level is Windows Server 2012 R2 (at least that’s where I performed all this) If your level differs, it may still work, but according to […]