Configuration comparison issue about aadconnectconfigdocumenter HOT 9 CLOSED

@benoithamet, revisiting this thread again. You stated that "you can do the following test yourself: 2 AADConnect server, when you add one domain on one server type with capital the domain (do not use the drop down which automatically list the domain where the server is member), on the other do the same with all lower cap. This will be the only difference in the configuration". Finally I got an opportunity to try this outs and not able to repro this. No matter what case you type in for remote forests, the name is same was what is in actual AD configuration. So what version you have that repro's this?

from aadconnectconfigdocumenter.

Ok, I found the reason why I got the O365 sync rules marked as deleted; the tool is case sensitive
On production the connector has capital letters while staging has it all lowercase
Feedback: ensure this is not case sensitive for comparison

That said there is still the incorrect reporting regarding the password features
thanks

from aadconnectconfigdocumenter.

How did you get in the situation where names of the connectors are different? Was it a legitimate change effected by AADC Wizard? Also seems like one of the server once had PW Sync and WriteBack features enabled and then subsequently removed. The report is essentially telling that. Since the names and everything are system generated, there is no plan to make the tool case insensitive as people find any such inconsequential changes help their forensic investigation, if nothing else :)

from aadconnectconfigdocumenter.

Nilesh
I have no idea why the connectors name are different; I know they are all generated when adding the domains with AAD Connect wizard
Having case sensitive for the connectors name is really not helpful as this identify them as different, and so making the 'production' configuration connector(s) missing from the 'pilot' configuration
Hence my feedback

from aadconnectconfigdocumenter.

There is much more likely case of this happening when you do the comparison against two different tenants. So this is broadly addressed as a note on the README wiki and same can be done here:

!!NOTE!! If the names of the connector(s) do(es) not exactly match between the supplied "Pilot" and "Production" configuration files, then before running the tool, "prep" the exported config files by manually editing the xml files located in the "Connectors" folder so that the name of the connector(s) match. The name of the connector is located inside the "name" element at the start of the content.

from aadconnectconfigdocumenter.

I'm sorry but we are not comparing 2 different tenants. The comparison is between 2 ADD Connect servers - prod and staging - connected to the same domains and same tenant
And again your note is just going to my feedback: case sensitive is should not be implemented for tenant name
So just close the conversation as I understand you are not willing to listen on a simple feedback
thanks anyway

from aadconnectconfigdocumenter.

Appreciate your feedback, but I already provided you the reason for not wanting to make the tool case-insensitive that is it helps in doing the forensic investigation when your are troubleshooting real problems. In this particular instance, there is no change to the way names are generated by the AADC wizard, so something was done differently when these servers were deployed first. Now whether the reported change matters or not is a different story altogether and reporting tool will not answer that questions. It's not designed to answer that questions, it's a dump file compare tool by design.

from aadconnectconfigdocumenter.

When you do forensic investigation you should not have to modify any file; if you do, you are not doing proper forensic
again to conclude this discussion, you can do the following test yourself: 2 AADConnect server, when you add one domain on one server type with capital the domain (do not use the drop down which automatically list the domain where the server is member), on the other do the same with all lower cap. This will be the only difference in the configuration
run your tool, you will get the answer; no configuration differences BUT because your tool is case sensitive for the connector name you will got deletion and add actions

from aadconnectconfigdocumenter.

So you already know the where the difference came from and that is the forensic investigation I'm talking about :) Now it's up to you do decide what needs to be done, remediate or ignore or change the config files by hand, forensic investigation is already done at this point. What is wrong to assume is that, just because for you the change is innocuous (I really hope it is, but can we ever be sure? :)), does not mean someone else will run not into the issue. Assume that someone has a sync rule that produces a transformation based on the connector name where string comparisons are case-sensitive by default (try IIF("A" = "a", "A=a", "A!=a")). Now you copy such rule to a different server and it bombs there. So now you have a deployment that is case-sensitive. This may be a far fetched example, but I think everyone has seen such examples in real life and I've certainly seen with previous version of the tool (FIM).

from aadconnectconfigdocumenter.