Skip to content

Commit

Permalink
Merging changes synced from https://github.com/MicrosoftDocs/entra-do…
Browse files Browse the repository at this point in the history
…cs-pr (branch live)
  • Loading branch information
Learn Build Service GitHub App authored and Learn Build Service GitHub App committed Dec 3, 2024
2 parents 5d50aa2 + 0177e7d commit f19ae26
Show file tree
Hide file tree
Showing 37 changed files with 66 additions and 47 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ description: Learn about the authentication methods policy and different ways to
ms.service: entra-id
ms.subservice: authentication
ms.topic: conceptual
ms.date: 10/04/2024
ms.date: 12/03/2024

ms.author: justinha
author: justinha
Expand Down Expand Up @@ -108,6 +108,9 @@ Tenants are set to either Pre-migration or Migration in Progress by default, dep
- In recent updates, we removed the ability to target individual users. Previously targeted users will remain in the policy, but we recommend moving them to a targeted group.
- Registration of an authentication method can fail if many groups are included in the Authentication methods policy or a registration campaign. We recommend consolidating multiple groups into a single group for each authentication method. To maintain registration for users during consolidation, add the new group and remove current groups in the same operation.

>[!NOTE]
>You might not be able to save updates to the Authentication methods policy if it targets many groups and the policy size exceeds 20 KB. While we work to increase the policy size limit, consolidate targeted groups as much as possible.
## Next steps

- [How to migrate MFA and SSPR policy settings to the Authentication methods policy](how-to-authentication-methods-manage.md)
Expand Down
2 changes: 1 addition & 1 deletion docs/identity/domain-services/manage-group-policy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ metadata:
author: justinha
ms.author: justinha
manager: amycolannino
ms.date: 09/15/2023
ms.date: 12/03/2024
ms.service: entra-id
ms.subservice: domain-services
ms.topic: how-to
Expand Down
2 changes: 1 addition & 1 deletion docs/identity/domain-services/mismatched-tenant-error.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ ms.assetid: 40eb75b7-827e-4d30-af6c-ca3c2af915c7
ms.service: entra-id
ms.subservice: domain-services
ms.topic: troubleshooting
ms.date: 09/23/2023
ms.date: 12/03/2024
ms.author: justinha
---
# Resolve mismatched directory errors for existing Microsoft Entra Domain Services managed domains
Expand Down
2 changes: 1 addition & 1 deletion docs/identity/domain-services/overview.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ manager: amycolannino
ms.service: entra-id
ms.subservice: domain-services
ms.topic: overview
ms.date: 09/15/2023
ms.date: 12/03/2024
ms.author: justinha
#Customer intent: As an IT administrator or decision maker, I want to understand what Domain Services is and how it can benefit my organization.
---
Expand Down
2 changes: 1 addition & 1 deletion docs/identity/domain-services/password-policy.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ ms.assetid: 1a14637e-b3d0-4fd9-ba7a-576b8df62ff2
ms.service: entra-id
ms.subservice: domain-services
ms.topic: how-to
ms.date: 09/21/2023
ms.date: 12/03/2024
ms.author: justinha
---
# Password and account lockout policies on Microsoft Entra Domain Services managed domains
Expand Down
2 changes: 1 addition & 1 deletion docs/identity/domain-services/scoped-synchronization.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ ms.assetid: 9389cf0f-0036-4b17-95da-80838edd2225
ms.service: entra-id
ms.subservice: domain-services
ms.topic: how-to
ms.date: 09/21/2023
ms.date: 12/03/2024
ms.author: justinha
---
# Configure scoped synchronization from Microsoft Entra ID to Microsoft Entra Domain Services using the Microsoft Entra admin center
Expand Down
2 changes: 1 addition & 1 deletion docs/identity/domain-services/secure-your-domain.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ ms.assetid: 6b4665b5-4324-42ab-82c5-d36c01192c2a
ms.service: entra-id
ms.subservice: domain-services
ms.topic: how-to
ms.date: 09/23/2023
ms.date: 12/03/2024
ms.author: justinha
ms.custom: has-azure-ad-ps-ref, azure-ad-ref-level-one-done
---
Expand Down
2 changes: 1 addition & 1 deletion docs/identity/domain-services/suspension.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ ms.assetid: 95e1d8da-60c7-4fc1-987d-f48fde56a8cb
ms.service: entra-id
ms.subservice: domain-services
ms.topic: how-to
ms.date: 11/01/2023
ms.date: 12/03/2024
ms.author: justinha
---
# Understand the health states and resolve suspended domains in Microsoft Entra Domain Services
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ manager: amycolannino
ms.service: entra-id
ms.subservice: domain-services
ms.topic: troubleshooting
ms.date: 09/21/2023
ms.date: 12/03/2024
ms.author: justinha
#Customer intent: As a directory administrator, I want to troubleshoot why user accounts are locked out in a Microsoft Entra Domain Services managed domain.
---
Expand Down
2 changes: 1 addition & 1 deletion docs/identity/domain-services/troubleshoot-alerts.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ ms.assetid: 54319292-6aa0-4a08-846b-e3c53ecca483
ms.service: entra-id
ms.subservice: domain-services
ms.topic: troubleshooting
ms.date: 09/15/2023
ms.date: 12/03/2024
ms.author: justinha
---
# Known issues: Common alerts and resolutions in Microsoft Entra Domain Services
Expand Down
2 changes: 1 addition & 1 deletion docs/identity/domain-services/troubleshoot-domain-join.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ manager: amycolannino
ms.service: entra-id
ms.subservice: domain-services
ms.topic: troubleshooting
ms.date: 09/21/2023
ms.date: 12/03/2024
ms.author: justinha
#Customer intent: As a directory administrator, I want to troubleshoot why VMs can't join a Microsoft Entra Domain Services managed domain.
---
Expand Down
2 changes: 1 addition & 1 deletion docs/identity/domain-services/troubleshoot-sign-in.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ manager: amycolannino
ms.service: entra-id
ms.subservice: domain-services
ms.topic: troubleshooting
ms.date: 09/21/2023
ms.date: 12/03/2024
ms.author: justinha
#Customer intent: As a directory administrator, I want to troubleshoot user account sign in problems in a Microsoft Entra Domain Services managed domain.
---
Expand Down
2 changes: 1 addition & 1 deletion docs/identity/domain-services/troubleshoot.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ ms.service: entra-id
ms.subservice: domain-services
ms.custom: has-azure-ad-ps-ref, azure-ad-ref-level-one-done
ms.topic: troubleshooting
ms.date: 11/26/2023
ms.date: 12/03/2024
ms.author: justinha
---
# Common errors and troubleshooting steps for Microsoft Entra Domain Services
Expand Down
2 changes: 1 addition & 1 deletion docs/identity/domain-services/tshoot-ldaps.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ ms.assetid: 445c60da-e115-447b-841d-96739975bdf6
ms.service: entra-id
ms.subservice: domain-services
ms.topic: troubleshooting
ms.date: 01/29/2023
ms.date: 12/03/2024
ms.author: justinha
---
# Troubleshoot secure LDAP connectivity issues to a Microsoft Entra Domain Services managed domain
Expand Down
2 changes: 1 addition & 1 deletion docs/identity/domain-services/tutorial-configure-ldaps.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ manager: amycolannino
ms.service: entra-id
ms.subservice: domain-services
ms.topic: tutorial
ms.date: 09/15/2023
ms.date: 12/03/2024
ms.author: justinha
ms.reviewer: xyuan
#Customer intent: As an identity administrator, I want to secure access to a Microsoft Entra Domain Services managed domain using secure Lightweight Directory Access Protocol (LDAPS)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ manager: amycolannino
ms.service: entra-id
ms.subservice: domain-services
ms.topic: tutorial
ms.date: 09/15/2023
ms.date: 12/03/2024
ms.author: justinha
#Customer intent: As an identity administrator, I want to create and configure a virtual network subnet or network peering for application workloads in a Microsoft Entra Domain Services managed domain
---
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ manager: amycolannino
ms.service: entra-id
ms.subservice: domain-services
ms.topic: tutorial
ms.date: 09/21/2023
ms.date: 12/03/2024
ms.author: justinha
#Customer intent: As a server administrator, I want to learn how to enable password hash synchronization with Microsoft Entra Connect to create a hybrid environment using an on-premises AD DS domain.
---
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ ms.service: entra-id
ms.subservice: domain-services
ms.custom: has-azure-ad-ps-ref, azure-ad-ref-level-one-done
ms.topic: tutorial
ms.date: 09/15/2023
ms.date: 12/03/2024
ms.author: justinha
#Customer intent: As an identity administrator, I want to create a Microsoft Entra Domain Services managed domain and define advanced configuration options so that I can synchronize identity information with my Microsoft Entra tenant and provide Domain Services connectivity to virtual machines and applications in Azure.
---
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ manager: amycolannino
ms.service: entra-id
ms.subservice: domain-services
ms.topic: tutorial
ms.date: 09/15/2023
ms.date: 12/03/2024
ms.author: justinha
#Customer intent: As an identity administrator, I want to create a management VM and install the required tools to connect to and manage a Microsoft Entra Domain Services managed domain.
---
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ manager: amycolannino
ms.service: entra-id
ms.subservice: domain-services
ms.topic: tutorial
ms.date: 09/15/2023
ms.date: 12/03/2024
ms.author: justinha
#Customer intent: As an identity administrator, I want to create and use replica sets in Microsoft Entra Domain Services to provide resiliency or geographical distributed managed domain data.
---
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ manager: amycolannino
ms.service: entra-id
ms.subservice: domain-services
ms.topic: tutorial
ms.date: 09/21/2023
ms.date: 12/03/2024
ms.author: justinha
#Customer intent: As an identity administrator, I want to perform a disaster recovery drill by using replica sets in Microsoft Entra Domain Services to demonstrate resiliency for geographically distributed domain data.
---
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ manager: amycolannino
ms.service: entra-id
ms.subservice: domain-services
ms.topic: how-to
ms.date: 09/21/2023
ms.date: 12/03/2024
ms.author: justinha
---
# Review security audit events in Microsoft Entra Domain Services using Azure Monitor Workbooks
Expand Down
26 changes: 21 additions & 5 deletions docs/identity/enterprise-apps/migrate-okta-sync-provisioning.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ author: gargi-sinha
manager: martinco
ms.service: entra-id
ms.topic: tutorial
ms.date: 04/18/2024
ms.date: 12/03/2024
ms.author: gasinh
ms.subservice: enterprise-apps
ms.custom: kr2b-contr-experiment, not-enterprise-apps, has-azure-ad-ps-ref
Expand Down Expand Up @@ -44,7 +44,14 @@ To use Microsoft Entra Connect, you need to sign in with a Hybrid Identity Admin

The ImmutableID attribute ties synchronized objects to their on-premises counterparts. Okta takes the Active Directory objectGUID of an on-premises object and converts it to a Base-64-encoded string. By default, it then stamps that string to the ImmutableID field in Microsoft Entra ID.

You can connect to Microsoft Graph PowerShell and examine the current ImmutableID value. If you haven't used the Microsoft Graph PowerShell module, run it in an administrative session before you run commands:
You can connect to Microsoft Graph PowerShell and examine the current ImmutableID value. If you haven't used the Microsoft Graph PowerShell module, run:

`Install-Module AzureAD` in an administrative session before you run the following commands:

```Powershell
Import-Module AzureAD
Connect-MgGraph
```

If you have the module, a warning might appear to update to the latest version.

Expand All @@ -68,7 +75,6 @@ The following command gets on-premises Microsoft Entra users and exports a list

1. Run the following command in Microsoft Graph PowerShell on an on-premises domain controller:


```PowerShell
Get-MgUser -Filter * -Properties objectGUID | Select-Object
UserPrincipalName, Name, objectGUID, @{Name = 'ImmutableID';
Expand All @@ -77,8 +83,18 @@ The following command gets on-premises Microsoft Entra users and exports a list
} } | export-csv C:\Temp\OnPremIDs.csv
```

2. Run a command in a Microsoft Graph PowerShell session to list the synchronized values.
3. After both exports, confirm user ImmutableID values match.
2. Run the following command in a Microsoft Graph PowerShell session to list the synchronized values:

```powershell
Get-MgUser -all $true | Where-Object {$_.dirsyncenabled -like
"true"} | Select-Object UserPrincipalName, @{Name = 'objectGUID';
Expression = {
[GUID][System.Convert]::FromBase64String($_.ImmutableID) } },
ImmutableID | export-csv C:\\temp\\AzureADSyncedIDS.csv
```

3. Run a command in a Microsoft Graph PowerShell session to list the synchronized values.
4. After both exports, confirm user ImmutableID values match.

>[!IMPORTANT]
>If your ImmutableID values in the cloud don't match objectGUID values, you've modified the defaults for Okta sync. You've likely chosen another attribute to determine ImmutableID values. Before going the next section, identify which source attribute populates ImmutableID values. Before you disable Okta sync, update the attribute Okta is syncing.
Expand Down
2 changes: 1 addition & 1 deletion docs/identity/hybrid/accidental-deletes.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ manager: amycolannino
ms.service: entra-id
ms.topic: conceptual
ms.tgt_pltfrm: na
ms.date: 11/06/2023
ms.date: 12/03/2024
ms.subservice: hybrid
ms.author: billmath

Expand Down
2 changes: 1 addition & 1 deletion docs/identity/hybrid/accounts.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ manager: amycolannino
ms.service: entra-id
ms.topic: conceptual
ms.tgt_pltfrm: na
ms.date: 11/06/2023
ms.date: 12/03/2024
ms.subservice: hybrid
ms.author: billmath

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ manager: amycolannino
ms.service: entra-id
ms.topic: how-to
ms.tgt_pltfrm: na
ms.date: 11/06/2023
ms.date: 12/03/2024
ms.subservice: hybrid-cloud-sync
ms.author: billmath

Expand Down
2 changes: 1 addition & 1 deletion docs/identity/hybrid/cloud-sync/how-to-gmsa-cmdlets.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ author: billmath
manager: amycolannino
ms.service: entra-id
ms.topic: how-to
ms.date: 11/06/2023
ms.date: 12/03/2024
ms.subservice: hybrid-cloud-sync
ms.author: billmath

Expand Down
14 changes: 7 additions & 7 deletions docs/identity/hybrid/cloud-sync/how-to-install-pshell.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ author: billmath
manager: amycolannino
ms.service: entra-id
ms.topic: how-to
ms.date: 11/06/2023
ms.date: 12/03/2024
ms.subservice: hybrid-cloud-sync
ms.author: billmath

Expand Down Expand Up @@ -34,8 +34,8 @@ The Windows server must have TLS 1.2 enabled before you install the Microsoft En

[!INCLUDE [sign in](~/includes/cloud-sync-sign-in.md)]
3. Select **Manage**.
4. Click **Download provisioning agent**
5. On the right, click **Accept terms and download**.
4. Select **Download provisioning agent**
5. On the right, select **Accept terms and download**.
6. For the purposes of these instructions, the agent was downloaded to the C:\temp folder.
7. Install ProvisioningAgent in quiet mode.
```
Expand Down Expand Up @@ -81,18 +81,18 @@ The Windows server must have TLS 1.2 enabled before you install the Microsoft En
Add-AADCloudSyncADDomain -DomainName contoso.com -Credential $contosoDomainAdminCreds -PreferredDomainControllers $preferredDCs
```
14. Repeat the previous step to add more domains. Provide the account names and domain names of the respective domains.
14. To add more domains, repeat the previous step. Provide the account names and domain names of the respective domains.
15. Restart the service.
```
Restart-Service -Name AADConnectProvisioningAgent
```
16. Go to the Microsoft Entra admin center to create the cloud sync configuration.
16. To create the cloud sync configuration, go to the Microsoft Entra admin center.
## Provisioning agent gMSA PowerShell cmdlets
Now that you've installed the agent, you can apply more granular permissions to the gMSA. For information and step-by-step instructions on how to configure the permissions, see [Microsoft Entra Connect cloud provisioning agent gMSA PowerShell cmdlets](how-to-gmsa-cmdlets.md).
After you install the agent, you can apply more granular permissions to the gMSA. For information and step-by-step instructions on how to configure the permissions, see [Microsoft Entra Connect cloud provisioning agent gMSA PowerShell cmdlets](how-to-gmsa-cmdlets.md).
## Installing against US government cloud
By default, the Microsoft Entra provisioning agent installs against the default Azure cloud environment. If you are installing the agent for use in the US government cloud do the following:
By default, the Microsoft Entra provisioning agent installs against the default Azure cloud environment. If you're installing the agent for use in the US government cloud, do the following:
- In step #8, add **ENVIRONMENTNAME=AzureUSGovernment** to the command line like the example.
```
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ manager: amycolannino
ms.service: entra-id
ms.topic: how-to
ms.tgt_pltfrm: na
ms.date: 11/06/2023
ms.date: 12/03/2024
ms.subservice: hybrid-cloud-sync
ms.reviewer: chmutali
ms.author: billmath
Expand Down
2 changes: 1 addition & 1 deletion docs/identity/hybrid/cloud-sync/how-to-map-usertype.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ author: billmath
manager: amycolannino
ms.service: entra-id
ms.topic: how-to
ms.date: 11/06/2023
ms.date: 12/03/2024
ms.subservice: hybrid-cloud-sync
ms.author: billmath

Expand Down
2 changes: 1 addition & 1 deletion docs/identity/hybrid/cloud-sync/how-to-sso.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ author: billmath
manager: amycolannino
ms.service: entra-id
ms.topic: how-to
ms.date: 11/06/2023
ms.date: 12/03/2024
ms.subservice: hybrid-cloud-sync
ms.author: billmath

Expand Down
2 changes: 1 addition & 1 deletion docs/identity/hybrid/cloud-sync/reference-powershell.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ manager: amycolannino
ms.service: entra-id
ms.custom: has-azure-ad-ps-ref, azure-ad-ref-level-one-done
ms.topic: how-to
ms.date: 11/06/2023
ms.date: 12/03/2024
ms.subservice: hybrid-cloud-sync
ms.author: billmath

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ metadata:
manager: amycolannino
ms.service: entra-id
ms.topic: faq
ms.date: 06/21/2023
ms.date: 12/03/2024
ms.subservice: hybrid-cloud-sync
ms.author: billmath

Expand Down
2 changes: 1 addition & 1 deletion docs/identity/hybrid/cloud-sync/tutorial-basic-ad-azure.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ author: billmath
manager: amycolannino
ms.service: entra-id
ms.topic: tutorial
ms.date: 11/06/2023
ms.date: 12/03/2024
ms.subservice: hybrid-cloud-sync
ms.author: billmath

Expand Down
Loading

0 comments on commit f19ae26

Please sign in to comment.