A quick PowerShell script to check your server environments for EternalBlue/WannaCry/Petya patching status:
Category Archives: AD
FIM Azure AD Management Agent returns error Stopped-Extension-DLL-Exception on Full Import or Delta Import
After enabling the new Intune Mobile Device Management features inside the O365 tenant and enrolling some new devices into Intune you now have device objects in your Azure AD tenant to deal with.
The next time you do a Full Import or Delta Import you will most likely encounter a DLL Exception error in the FIM console.
If you debug the Azure connector further using the ILSpy tool and trace what line it is failing on it will most likely be this:
SchemaType schemaType = this.targetDirectorySchema.get_Types()[text];
Errors logged in the Application log:
FIMSynchronizationService Event 6801
The extensible extension returned an unsupported error.
The stack trace is:
“System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary.
at System.Collections.Generic.Dictionary`2.get_Item(TKey key)
at System.Collections.ObjectModel.KeyedCollection`2.get_Item(TKey key)
at Microsoft.Azure.ActiveDirectory.Connector.Connector.GetConnectorSpaceEntryChange(SyncObject syncObject)
at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext()
at System.Collections.Generic.List`1.InsertRange(Int32 index, IEnumerable`1 collection)
at Microsoft.Azure.ActiveDirectory.Connector.Connector.GetImportEntriesCore()
at Microsoft.Azure.ActiveDirectory.Connector.Connector.GetImportEntries(GetImportEntriesRunStep getImportEntriesRunStep)
Forefront Identity Manager 4.1.3634.0″
DirectorySynchronization Event 109:
Failure while importing entries from Windows Azure Active Directory. Exception: System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary.
at System.Collections.Generic.Dictionary`2.get_Item(TKey key)
at System.Collections.ObjectModel.KeyedCollection`2.get_Item(TKey key)
at Microsoft.Azure.ActiveDirectory.Connector.Connector.GetConnectorSpaceEntryChange(SyncObject syncObject)
at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext()
at System.Collections.Generic.List`1.InsertRange(Int32 index, IEnumerable`1 collection)
at Microsoft.Azure.ActiveDirectory.Connector.Connector.GetImportEntriesCore()
at Microsoft.Azure.ActiveDirectory.Connector.Connector.GetImportEntries(GetImportEntriesRunStep getImportEntriesRunStep).
Updating the Schema for the Management Agent for the Azure AD tenant in the FIM Synch console and adding the missing object type (Device) to the Azure AD Management Agent resolved the issue in my case.
Other scenarios known to return Stopped-Extension-DLL-Exception error in the FIM Synch console:
- The password of your Azure AD Synch service account has expired
- You have outdated binaries of the MSOL Sign-in Assistant installed
- You have removed the default objects from the WAAD Synch configuration (Contact or Group when a Contact or Group is present in WAAD)
- The Azure AD Subscription is inactive or expired
Further details:
Windows Azure Active Directory Connector for FIM 2010 R2 Technical Reference
https://msdn.microsoft.com/en-us/library/dn511001(v=ws.10).aspx
ILSpy Visual Studio extension
https://visualstudiogallery.msdn.microsoft.com/8ef1d688-f80c-4380-8004-2ec7f814e7de
Using the ILSpy extension
https://channel9.msdn.com/coding4fun/blog/ILSpy-the-Visual-Studio-Extension
Decompiler tools for the .NET framework
http://blogs.msdn.com/b/amb/archive/2011/05/24/decompiling-tools-for-net-framework.aspx
[Troubleshooting] Connectors: Azure Active Directory Connector: stopped-extension-dll-exception
http://blogs.msdn.com/b/ms-identity-support/archive/2014/01/28/troubleshooting-connectors-azure-active-directory-connector-stopped-extension-dll-exception.aspx
The version of the AAD connector has a dependency on the Azure Active Directory Sign-in Assistant, a.k.a. Microsoft Online Services Sign-in Assistant, version 7.250.4551.0 or later
http://blog.msresource.net/2014/01/21/microsoft-online-coexistence-security-dynamicpinvokeexception-failed-to-get-address-for-method-createidentityhandle2-from-library/
Azure AD Sync failing
http://exchangeserverpro.com/azure-active-directory-synchronization-failing-stopped-extension-dll-exception-error/
Troubleshooting synchronization with Windows Azure Active Directory (WAAD) Parts 1-3
http://www.msexchange.org/articles-tutorials/exchange-server-2013/management-administration/troubleshooting-synchronization-windows-azure-active-directory-waad-part1.html
Predicting the future with Powershell and Mathemagic
Have you ever had the pleasure of being awoken in the middle of the night by a low disk space alert on one of your business-critical LOB systems?
Did you ever wish for a more proactive method for catching this than waiting for the yellow/red alerts to go “ping!”?
I know I did, so I sat down and played math for a couple of hours and then applied the result using Powershell and a scheduled task. The result is a configurable script that sends you an email alert when the sustained disk consumption on the system is estimated to consume all freespace on one of the disks within the set amount of time you specify (by default 30 Days).
Download ChkBurn 0.8 – modify all references to Contoso to fit your domain.
Sample output:
Why doesn’t Sharepoint see my attribute?
Legolas visited the Bellevue Square Lego store and came back with this…
When working with Sharepoint and attributes that you want to make available, keep in mind that Sharepoint uses a Global Catalog search on port 3268/3269 rather than a standard LDAP query on port 389/636. However, not all attributes in the AD schema are a part of the Global Catalog attribute set.
This means that if the attribute you’re trying to search for isn’t in the GC then Sharepoint won’t see it until you add it to the list of attributes in the AD schema that should be a part of the GC set.
Example: the serialNumber attribute in AD
