Description

lRespond to Aurora:

  • what tools can be used to bulk modify the attributes of identified user accounts?

One of the ways to modify account in Active Directory in bulk is by exporting to CSV and editing it using Microsoft Excel. This way the accounts can be listed and changed in bulk then imported in to AD. There are also some GUI’s such as AD Bulk User Update Tool, that will make it easier to update user attributes in bulk (Allen, 2019).

  • How many instances of Azure AD Connect are needed for Ohm Productions?

Azure AD connect can support multiple on-premises Active Directory forest. Because of this only one instance of Azure AD connect would be needed for OHM productions. Azure also supports a full mesh topology and trusts between all forests (Microsoft).

  • How can you ensure that the members of the Development and Plant Operations department do not synchronize?

By default everything will be synced once connected. However, filtering can be used to control what does or does not get synced from on-premise AD to the Azure AD.

  • How do you meet the recovery process requirement?

If a user I accidentally deleted from Azure AD, they can be recovered within 30 days. User accounts that have been deleted are just moved into a deleted status, but are not completely removed. By going to “Deleted Users’ area you can find the account that needs to be recovered.

On premise Active Directories are slightly different. If the AD has a restore bin, the account can be recovered from that bin. However, if the bin does not exist or the user is no longer in there, then an administrator can try to restore the account using ADRestore Tool instead (Microsoft, 2020).

References:

Allen, R. (2019, January 5). How to Bulk Modify Active Directory User Attributes. Active Directory Pro. https://activedirectorypro.com/how-to-bulk-modify-ad-user-attributes/.

© Microsoft 2021. (2021). Multiple forests with AD DS and Azure AD – Azure Example Scenarios. Azure Example Scenarios | Microsoft Docs. https://docs.microsoft.com/en-us/azure/architecture/example-scenario/wvd/multi-forest.

© Microsoft 2021. (2020, September 3). How to restore deleted user accounts in Office 365, Azure, and Intune – Office 365. Office 365 | Microsoft Docs. https://docs.microsoft.com/en-us/office365/troubleshoot/active-directory/restore-deleted-user-accounts.

lRespond to Steven:

Address the following based on the given information.

  • What tools can be used to bulk modify the attributes of identified user accounts?

Some tools that you can use to bulk modify attributes are Bulk AD Users, AD Bulk User Update Tool, and ADManager Plus. All three tools allow updates through a .csv file and the ability to export an Active Directory (AD) to a .csv file. You can edit the attributes in an Excel file and import the changes back into the AD. They also offer a Graphical User Interface to perform these tasks versus command line tools and scripts. They make it more user friendly.

  • How many instances of Azure AD Connect are needed for Ohm Productions?

One Azure AD Connect instance can cover the three forests and 10 domains of Ohm production. You must make sure that the forests are only connected to one Azure AD Connect sync server and this server must be joined to the domain. A user may only be used once in the Azure AD. If there are multiple accounts of the same user, you must consolidate them. (Topologies, 2018)

  • How can you ensure that the members of the Development and Plant Operations department do not synchronize?

By using the filtering options when conducting an Azure AD Connect sync you can disable the Development and Plant departments from syncing. You must first disable the scheduled task, so it does not run, on its own, without the filters you want. You can then set a filter based on Group, Domain, Organizational Unit, or Attribute. And you can set multiple options at the same time. (Configure filtering, 2019)

  • How do you meet the recovery process requirement?

I would use Azure Migrate to move the on-premises AD to Azure AD. Before I did that I would backup the information of every user into a separate storage device, as a fail-safe. Another method would be to follow the documentation at https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/retore-deleted-accounts-and-groups-in-ad which shows you how to restore deleted user accounts to the AD.

Topologies. (November 27, 2018). Topologies for Azure AD Connect. Microsoft. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies

Configure filtering. (March 26, 2019). Azure AD Connect sync: Configure filtering. Microsoft. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering