Great news. At work I actually have three AAD Connect instances syncing three forests to three tenants. So any shortcuts are welcome. Glad this helped you. Thanks.
@@ShotokuTech mine was pretty simple . May b u can tell old AAD Connect v1.6 on ADFS SERVER win 2012r12. Today configured AAD Connect v2 on staging mode,win svr 2022. What all I need to take care when turn new one into Active Mode.
@@vgwarelearning4057 I cover cutting over staged to production in this video. So please review it carefully, Also look for my pinned comment for the commands to test the output of the staged server before cutover. The import export feature has been moved into AAD Connect setup now. I cover that in this video: "Azure AD Connect Things I Didn't Know" ua-cam.com/video/-QjwXwzZg7g/v-deo.htmlsi=FIlneIDcZXPNAPzl
Thanks. Make sure to check this one out. It follows up on this one with a couple key details. Thanks! Azure AD Connect Things I Didn't Know ua-cam.com/video/-QjwXwzZg7g/v-deo.html
Quick question if I may: If I ran export validation commands and they show that every single user OMODT is UPDATE and AMODT is ADD - what does that mean as far as promoting this new staging server? Why would it show all records as having to be updated?
I'm not so concerned about updates as I am deletes. But can you see what attributes are being added? "Understanding the export.csv file Most of the file is self-explanatory. Some abbreviations to understand the content: OMODT - Object Modification Type. Indicates if the operation at an object level is an Add, Update, or Delete. AMODT - Attribute Modification Type. Indicates if the operation at an attribute level is an Add, Update, or delete." docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-staging-server#verify
@@ShotokuTech On local AD, it wants to Update Attribute "msDS-ExternalDirectoryObjectId" on all objects. On Azure AD it wants to ADD 3 Attributes: dnsDomainName, netBiosName and onPremisesSamAccountName
@@romakogan4527 These seem like new attributes being added to sync. I think you are fine. It's when you have an unusual number of deletes or adds I get concerned. Back when Dirsync was replaced by AAD Connect, they changed the logic to sync rules and I managed to delete 18 corporate executives from the other forest, who fell prey to an errant contact filter. Had I known how to check this then, it would have spared me. LOL
This came in with v1.6.x.x I think. I have not tried it on anything earlier. On some newer versions and now on v2.x.x.x it is actually a menu option in AAD Connect setup. And the PowerShell script seemed to not work at that point. This video updates on it. ua-cam.com/video/-QjwXwzZg7g/v-deo.html
This is an interesting question that I don't think I can answer in the context of the comment section. Let me give is a thought and I will see what I can do.
#CSEXPORT to analyize the pending export changes.
pushd C:\Program Files\Microsoft Azure AD Sync\Bin
csexport YourADDomain c:\temp\aaco.xml /f:x
csexport "AzureDomain.onmicrosoft.com - AAD" c:\temp\aadexport.xml /f:x
CSExportAnalyzer c:\temp\aaco.xml > c:\temp\aaco-export.csv
CSExportAnalyzer c:\temp\aadexport.xml > c:\temp\aadexport.csv
docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-staging-server
The Connector Staging part helped me.
Thanx.
Thanks, yes it is a good test to make sure something bad won't happen.
Thanks for the Help! Network Admin from Kansas!
Thanks! Make sure to see this short followup video. Things in production were different from the lab! ua-cam.com/video/-QjwXwzZg7g/v-deo.html
Awesome video.. this guy is full of knowledge
Thanks! Hard work pays off. Never give up.
Another amazing video, cool tech stuff here as always!
Hey! Thanks for checking it out!
Thank you @shotokutech
Thank you very much! You helped me to migrate configuration settings!
Great news. At work I actually have three AAD Connect instances syncing three forests to three tenants. So any shortcuts are welcome. Glad this helped you. Thanks.
@@ShotokuTech WOW ,, Do u have like MULTI CLOUD enviorment ?
@@vgwarelearning4057 Yeah, the struggle is real! 😅
@@ShotokuTech mine was pretty simple . May b u can tell old AAD Connect v1.6 on ADFS SERVER win 2012r12. Today configured AAD Connect v2 on staging mode,win svr 2022. What all I need to take care when turn new one into Active Mode.
@@vgwarelearning4057 I cover cutting over staged to production in this video. So please review it carefully, Also look for my pinned comment for the commands to test the output of the staged server before cutover. The import export feature has been moved into AAD Connect setup now. I cover that in this video: "Azure AD Connect Things I Didn't Know" ua-cam.com/video/-QjwXwzZg7g/v-deo.htmlsi=FIlneIDcZXPNAPzl
Awesome job covering this
Thanks. Make sure to check this one out. It follows up on this one with a couple key details. Thanks!
Azure AD Connect Things I Didn't Know
ua-cam.com/video/-QjwXwzZg7g/v-deo.html
Thank you for the video!
Thanks! Don't miss my followup video with more new details: Azure AD Connect Things I Didn't Know
ua-cam.com/video/-QjwXwzZg7g/v-deo.html
Thanks for sharing all that knowledge.
Thanks for watching!
Very good video! Thank you!
Thanks! I heartily recommend my follow up to this video: "Azure AD Connect Things I Didn't Know"
ua-cam.com/video/-QjwXwzZg7g/v-deo.html
good stuff
Make sure to watch "Azure AD Connect Things I Didn't Know"
ua-cam.com/video/-QjwXwzZg7g/v-deo.html
Quick question if I may: If I ran export validation commands and they show that every single user OMODT is UPDATE and AMODT is ADD - what does that mean as far as promoting this new staging server? Why would it show all records as having to be updated?
I'm not so concerned about updates as I am deletes. But can you see what attributes are being added?
"Understanding the export.csv file Most of the file is self-explanatory. Some abbreviations to understand the content:
OMODT - Object Modification Type. Indicates if the operation at an object level is an Add, Update, or Delete.
AMODT - Attribute Modification Type. Indicates if the operation at an attribute level is an Add, Update, or delete."
docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-staging-server#verify
@@ShotokuTech On local AD, it wants to Update Attribute "msDS-ExternalDirectoryObjectId" on all objects. On Azure AD it wants to ADD 3 Attributes: dnsDomainName, netBiosName and onPremisesSamAccountName
@@romakogan4527 These seem like new attributes being added to sync. I think you are fine. It's when you have an unusual number of deletes or adds I get concerned. Back when Dirsync was replaced by AAD Connect, they changed the logic to sync rules and I managed to delete 18 corporate executives from the other forest, who fell prey to an errant contact filter. Had I known how to check this then, it would have spared me. LOL
Can I do this with the old server having a old version of AD connect?
This came in with v1.6.x.x I think. I have not tried it on anything earlier. On some newer versions and now on v2.x.x.x it is actually a menu option in AAD Connect setup. And the PowerShell script seemed to not work at that point. This video updates on it. ua-cam.com/video/-QjwXwzZg7g/v-deo.html
I wan to migrate AAD user to ON-perm AD
Please Guide me
This is an interesting question that I don't think I can answer in the context of the comment section. Let me give is a thought and I will see what I can do.
Here is my test. Let me know what you think? ua-cam.com/video/mc8KlVrW6rU/v-deo.html