While troubleshooting a (relatively complex) issue with a customer recently, I was involved in troubleshooting call with several “Subject Matter Experts”, and the problem came down to, what attributes are in Azure AD. AD Attributes don’t all synch by default. (even if ticked in AD Connect).
We needed a PowerShell developer to check which attributes are there in Azure. But without saying it in so many words, he wasn’t confident he knew what he was doing.
We needed someone else who was slightly better at PowerShell to check was the PowerShell they were using correct. The blind leading the blind comes to mind. When they were sure they were sure(about the PowerShell), still no one really knew what was happening.
If AD attributes don’t sync to Azure but you think they should be synching, you’re a bit lost. There’s no real GUI. You’ll spend hours troubleshooting. You’ll probably get someone to set up a specific Synchronization rule. If they haven’t done it before that make accidently delete the attribute on premise by accident. (though that definitely didn’t happen with these “Subject Matter Experts” *coughs*).
I have to question is this really progress? Why is Azure-AD so cumbersome? (and I actually like many aspects of PowerShell, I just don’t think you should be an expert to perform basic admin tasks)
It brings me back to Domino and makes me appreciate the Domino Directory, and replication of the Domino directory. It’s simple to manage. Everything replicates unless you tell it not to. If you tell it not to, it’s relatively simple to see what isn’t replicating. Oh and there’s a bonus. A Novel item called a GUI.
A lot of the time Domino makes some things considerably easier than any other platform, this is just one example.
Cormac McCarthy – Domino People Ltd
