Daily Archives: 07/05/2015

What’s new in AD FS on Windows Server 2016

Published by:

Identity Federation is one of my favourite IT topics, maybe also because it is the foundation for any discussion about cyber security in a cloud-first world. And I am glad that Microsoft presented today at Ignite some cool new feature that will be included in the AD FS server role in Windows Server 2016, as well as some key improvements made to some great features already present in Windows Server 2012 R2. So let’s take a look at them!

The first great thing I noticed is the ability to authenticate users from LDAP v3 directories, such like AD LDS, Novell, OpenLDAP just to name few of them. This is because modern LDAP directories are modelled as a local claim provider (just like Active Directory is). This LDAP directories will show up as another Claims Provider in the home realm discovery for passive authentication. Login ID can be any attribute, but it has to be unique in the LDAP directory. For authentication to Office 365, the attribute chosen for authentication should be unique across al directories that are configured for authentication to Office 365. In other.  Continue reading

Some PowerShell magic with Office 365 licenses

Published by:

PowerShell is a great tool when we have to manage a lot of resources, because it enables automation. Most of you may be already aware that we can use PowerShell also with Office 365. So let’s see some PowerShell magic with Office 365 licenses.

These days one of my colleague had to deal with a very interesting scenario. A customer moved to Exchange Online and therefore assigned only Exchange Online licenses to the users that were synchronized from the local Active Directory. After the whole migration process was ended, the customer decided to also use the powerful features of SharepointOnline. So he wanted an automated option to assign to some users also the SharePoint Online licenses, without removing the Exchange Online license first. (Removing an Exchange Online license would disconnect the mailbox and put it into a soft deleted state. Assigning the license back would re-connect the mailbox, but in some cases this process causes some big problems).  Continue reading