Comments (9)
@benoithamet, revisiting this thread again. You stated that "you can do the following test yourself: 2 AADConnect server, when you add one domain on one server type with capital the domain (do not use the drop down which automatically list the domain where the server is member), on the other do the same with all lower cap. This will be the only difference in the configuration". Finally I got an opportunity to try this outs and not able to repro this. No matter what case you type in for remote forests, the name is same was what is in actual AD configuration. So what version you have that repro's this?
from aadconnectconfigdocumenter.
Ok, I found the reason why I got the O365 sync rules marked as deleted; the tool is case sensitive
On production the connector has capital letters while staging has it all lowercase
Feedback: ensure this is not case sensitive for comparison
That said there is still the incorrect reporting regarding the password features
thanks
from aadconnectconfigdocumenter.
How did you get in the situation where names of the connectors are different? Was it a legitimate change effected by AADC Wizard? Also seems like one of the server once had PW Sync and WriteBack features enabled and then subsequently removed. The report is essentially telling that. Since the names and everything are system generated, there is no plan to make the tool case insensitive as people find any such inconsequential changes help their forensic investigation, if nothing else :)
from aadconnectconfigdocumenter.
Nilesh
I have no idea why the connectors name are different; I know they are all generated when adding the domains with AAD Connect wizard
Having case sensitive for the connectors name is really not helpful as this identify them as different, and so making the 'production' configuration connector(s) missing from the 'pilot' configuration
Hence my feedback
from aadconnectconfigdocumenter.
There is much more likely case of this happening when you do the comparison against two different tenants. So this is broadly addressed as a note on the README wiki and same can be done here:
!!NOTE!! If the names of the connector(s) do(es) not exactly match between the supplied "Pilot" and "Production" configuration files, then before running the tool, "prep" the exported config files by manually editing the xml files located in the "Connectors" folder so that the name of the connector(s) match. The name of the connector is located inside the "name" element at the start of the content.
from aadconnectconfigdocumenter.
I'm sorry but we are not comparing 2 different tenants. The comparison is between 2 ADD Connect servers - prod and staging - connected to the same domains and same tenant
And again your note is just going to my feedback: case sensitive is should not be implemented for tenant name
So just close the conversation as I understand you are not willing to listen on a simple feedback
thanks anyway
from aadconnectconfigdocumenter.
Appreciate your feedback, but I already provided you the reason for not wanting to make the tool case-insensitive that is it helps in doing the forensic investigation when your are troubleshooting real problems. In this particular instance, there is no change to the way names are generated by the AADC wizard, so something was done differently when these servers were deployed first. Now whether the reported change matters or not is a different story altogether and reporting tool will not answer that questions. It's not designed to answer that questions, it's a dump file compare tool by design.
from aadconnectconfigdocumenter.
When you do forensic investigation you should not have to modify any file; if you do, you are not doing proper forensic
again to conclude this discussion, you can do the following test yourself: 2 AADConnect server, when you add one domain on one server type with capital the domain (do not use the drop down which automatically list the domain where the server is member), on the other do the same with all lower cap. This will be the only difference in the configuration
run your tool, you will get the answer; no configuration differences BUT because your tool is case sensitive for the connector name you will got deletion and add actions
from aadconnectconfigdocumenter.
So you already know the where the difference came from and that is the forensic investigation I'm talking about :) Now it's up to you do decide what needs to be done, remediate or ignore or change the config files by hand, forensic investigation is already done at this point. What is wrong to assume is that, just because for you the change is innocuous (I really hope it is, but can we ever be sure? :)), does not mean someone else will run not into the issue. Assume that someone has a sync rule that produces a transformation based on the connector name where string comparisons are case-sensitive by default (try IIF("A" = "a", "A=a", "A!=a")). Now you copy such rule to a different server and it bombs there. So now you have a deployment that is case-sensitive. This may be a far fetched example, but I think everyone has seen such examples in real life and I've certainly seen with previous version of the tool (FIM).
from aadconnectconfigdocumenter.
Related Issues (20)
- wrong (old) ExportDeletionThresholdValue value HOT 3
- Options HOT 4
- Minor point of confusion : Naming of cmd files HOT 2
- Does not support running on a machine with AADConnect v1.2.70.0 installed HOT 5
- Missing command-line arguments for pilot/production folders HOT 2
- Single quotes in AADConnect Rule Names lead to System.Xml.XPath.XPathException HOT 1
- Error with Report HOT 1
- Group filter group HOT 6
- Target/Pilot and Reference/Production names are confusing and not consistently referenced in the tool HOT 2
- Typo in Sync Rule Change script HOT 2
- Unsupported changes detected in Sync Rule Change script HOT 4
- Error when running the report again HOT 2
- Add HOT 1
- I am not able to find the .cmd file to edit the only one I get is the conteso file. tried several. I agree that there are confusing instructions or something. HOT 1
- Please consider rewriting these instructions... HOT 12
- LDAP
- Does this tool captures changes in the OU scope ? HOT 1
- This repo is missing important files
- PowerShell Deployment Script HOT 1
- Possible issue with End to End attribute Flows Summary tables
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aadconnectconfigdocumenter.