This will (hopefully) be brief…

Here is the Scenario:

  • You have deployed Office365
  • You have an on-prem Domain Controller (hopefully more than one!)
  • You are using Azure AD Connect 1.1 or greater, (which is installed on one of your domain controllers)
  • You create or manage user accounts using your on-prem domain controllers
  • Whenever you create a new user or make a change in AD you have to wait around (up to 30 minutes) for Office365 to reflect the change

In previous version of AAD Connect there was a Windows Scheduled task that would periodically sync AD data to Office365.

In later/latest versions of the tool there is now a scheduling engine that is part of the tool which is set to do a “delta” sync (only updates/changes) every 30 minutes.

When you are working though you might not want to wait around 30 minutes.
(more…)

I have written articles on how to start using RealmD and SSSD for integrating ubuntu into a windows network. However, prior to that I wrote an article on using PBIS. RealmD and SSSD is, by far, the superior method IMHO and experience, so for all of those folks that want to switch, you probably want to get rid of PBIS on a bunch of servers. To that end, I just wanted to drop a line (for myself and anyone else that needs it) on how to remove an existing PBIS install on a server.

Thankfully, PBIS did make it pretty easy, the two following commands will get you there:

sudo /opt/pbis/bin/domainjoin-cli leave
sudo /opt/pbis/bin/uninstall.sh uninstall

The first command disconnects/unjoins your server from the domain. The second command removes PBIS.

There is probably some additional cleanup that can and should be done as well but I think that the above will at least clear the way for working with SSSD and RealmD.

Cheers!

Reference:
http://stackoverflow.com/questions/35916591/ubuntu-how-uninstall-powerbroker-identity-services

I found myself creating security groups for different servers in one of my domains over and over again and using the GUI can get a bit tedious. So I decided to write a quick powershell script that provides an interactive prompt asking for the server name, group type (select from options) and then from there creates a security group called “SERVERNAME-GROUP” in Active Directory. In my case, I had three different groups for each server, local “Admins”, local “Users”, and finally a special group for database admins used in Microsoft SQL Server. This requires the Active Directory module for powershell and must be run from a Domain Controller.

Below is the powershell code: (more…)

For this tutorial I will be walking through how to use a tool called Realmd to connect an Ubuntu Server or Ubuntu Desktop system to a Windows Active Directory Domain.

In the past I wrote an article talking about how to use Powerbroker Identity Services to do the same thing, but the scope of the article was limited to the server version of Ubuntu only. Furthermore, it has since been my experience that PBIS is an unreliable solution at best.

Part of the confusion I have had on this issue in the last two years has been in thinking that there are only one or maybe two ways to make an Ubuntu Desktop/Server OS connect to a Microsoft Active Directory domain and they both used the same underlying stuff. In fact there are more like 10 different ways to do it all using a mix and match of different technologies.

Finally, I don’t like proprietary stuff. PBIS, while having a free version, was still proprietary. Today we will be using a suite of tools called SSSD. SSSD was created by Redhat and it’s opensource. Furthermore we will be using RealmD, which is a “wrapper” of sorts for SSSD that makes it easier to setup and configure. That’s the short of it. Let’s get started. (more…)