Comments (4)
Hi @dbird03,
One reason is:
Write-Warning ("If only the precedence number is different for this out-of-box rule, this warning may be safely ignored.")
This category should cover 95% cases.
A small percentage of warnings are reported is when you are comparing against a newer version, the OOB rules may have been updated by the product itself instead of by the customer. Tool has no way of knowing this. If in your review of the report and if you determine that it's not you, then you can ignore them. If it's indeed you, then you need to create your own custom rules with higher precedence than modifying the OOB rules.
from aadconnectconfigdocumenter.
Hi @NileshGhodekar, thank you for your reply. I figured the tool has no way of knowing these details, but thank you for confirming this.
The person who created the Target/Pilot config is unfortunately no longer with the company, so I have no way of knowing for sure if they modified the OOB rules or not. I would lead towards they did not modify them, only because the report identified three custom inbound rules existed in the Target/Pilot config. This leads me to believe the person was aware of the best practice of creating custom rules with a different precedence as you mentioned. I had no trouble exporting and importing these custom rules to the Reference/Production config.
Aside from a person modifying the OOB rules or an updated version of AAD Connect modifying the OOB rules, is there anything else that is capable of modifying the OOB rules which may explain the changes in my report? I did check the version release history for AAD Connect to see if any changes highlighted in my report were mentioned in the release notes since the version of AAD Connect on our old server, but I did not see anything. Have I exhausted all of my options at this point for trying to explain why these changes exist between the configs?
from aadconnectconfigdocumenter.
If you have the option of setting up a throwaway server where you could install the same AADC version as that on the current old server, you can generate the report and doubly confirm that there are no changes to OOB rules and conclusively prove that any changes to the OOB rules are solely due to newer AADC version. You could also review the CSExportAnalyser output on the new server and confirm that there are no unexpected updates to the attributes.
from aadconnectconfigdocumenter.
@NileshGhodekar Thank you for that suggestion. I had briefly looked in to CSExportAnalyser, but didn't get too deep in to it. I like the idea of spinning up a test server and installing the same version of AAD Connect as our current old server to have a baseline for comparing the OOB rules against. I hadn't considered that.
I've had an Azure support case open for this as well, but the support engineer was not able to provide assistance. Since my last reply to this GitHub issue, I was contacted by a more knowledgeable support engineer to review my report with me. He was able to assure me the changes were minor changes due to the version of AAD Connect and nothing to be concerned about, so I am going to close this issue. I appreciate your insight in to this. If I am ever in a similar situation again and don't feel confident about the configs, I will definitely consider spinning up a test server as you suggested.
from aadconnectconfigdocumenter.
Related Issues (20)
- wrong (old) ExportDeletionThresholdValue value HOT 3
- Options HOT 4
- Minor point of confusion : Naming of cmd files HOT 2
- Does not support running on a machine with AADConnect v1.2.70.0 installed HOT 5
- Missing command-line arguments for pilot/production folders HOT 2
- Single quotes in AADConnect Rule Names lead to System.Xml.XPath.XPathException HOT 1
- Error with Report HOT 1
- Group filter group HOT 6
- Target/Pilot and Reference/Production names are confusing and not consistently referenced in the tool HOT 2
- Typo in Sync Rule Change script HOT 2
- Error when running the report again HOT 2
- Add HOT 1
- I am not able to find the .cmd file to edit the only one I get is the conteso file. tried several. I agree that there are confusing instructions or something. HOT 1
- Please consider rewriting these instructions... HOT 12
- LDAP
- Does this tool captures changes in the OU scope ? HOT 1
- This repo is missing important files
- PowerShell Deployment Script HOT 1
- Possible issue with End to End attribute Flows Summary tables
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aadconnectconfigdocumenter.