Hybrid Join Troubleshooting in Microsoft Entra ID
You followed the Hybrid Join guide. Entra Connect is happily syncing. The SCP is in AD. The four URLs are reachable. The device is domain-joined. Yet dsregcmd /status on the…
Tag: Entra Connect
Microsoft Entra Hybrid Join: Step-by-Step Guide
Microsoft Entra Hybrid Join is the configuration that lets a Windows device live in two directories at once — your on-premises Active Directory (e.g. lab.local) and Microsoft Entra ID (e.g.…
Find Microsoft Entra Connect Service Accounts: Three Identities, Three Locations
Microsoft Entra Connect uses three different service accounts, each in a different place. When troubleshooting permission errors or stuck syncs, knowing which account does what — and where to look…
Enable Entra Self-Service Password Reset (SSPR) with Writeback — All Six Phases
SSPR — Self-Service Password Reset — lets users reset their own password from passwordreset.microsoftonline.com without calling the helpdesk. With writeback enabled, the new password flows back to on-premises AD via…
Disable Entra Directory Sync: PowerShell, the Cut, and the 72-Hour Wait
Sometimes you need to stop the sync entirely. Maybe you’re going fully cloud and decommissioning the on-prem servers. Maybe you’re consolidating tenants. Maybe legacy AD is too rotted to fix…
Convert a Synced Entra User to Cloud-Only: The Delete-and-Restore Trick
You have a synced user in M365. Their on-prem AD account is going away (employee left, contractor finished, account being decommissioned). You want to keep the cloud account — mailbox,…
Entra Connect High Availability: Active-Passive Pair With Hot-Standby Failover
Single-server Entra Connect is a single point of failure. The server dies, sync stops; password changes can’t flow to the cloud; new users don’t appear in M365. For most environments…
Migrate Entra Connect to a New Server: Export-Import + Staging Swap
Old EC server is on Server 2016 with Server 2025 due imminent. Different hardware approaching end-of-life. The OS in-place upgrade path Microsoft doesn’t support for the EC role. Whatever the…
Entra Connect In-Place Upgrade: 4 Phases, ~30 Minutes, Sync Resumes Automatically
Microsoft releases new Entra Connect builds frequently — security patches, performance fixes, occasional new features. Keeping current is the easy part of operating Entra Connect IF you do an in-place…
Change Entra Connect OU Filter Without Reinstalling: Sync Service Manager Path
You set up an OU filter at install time per Part 7. Months later, you need to change it — new OUs were added that should sync, old OUs got…
Entra Connect Seamless SSO: Silent Sign-In for Domain-Joined Users
Domain-joined users sign in to Windows in the morning, hit a Microsoft 365 URL in the browser, and… get prompted for their password. Why? They’re already authenticated on this machine;…
Find Your Entra Connect Server: Ask the Cloud (No RDP Required)
You inherited an Entra Connect deployment with no documentation. Or you suspect there’s a rogue EC install somewhere on your network. Or you’re auditing for compliance and need to know…