This morning while I was sipping my tea, I pondered life’s most important question: “Why aren’t my users synchronizing from my on-premises Active Directory to my Microsoft Entra ID tenant?” During my initial Password Hash Sync attempt, my synchronization service account was created, but none of the users synchronized, and the installation service timed out with this error: _“An internal problem has occurred. It appears that you are resuming a scenario that was not completed previously during installation.

How to Resolve: Can’t leave Microsoft Entra ID tenant If you attempted to use the “leave tenant” button in the Microsoft Entra portal and your account is a personal Microsoft account that is a guest user of that tenant, you need to leave the directory using the My Account page instead of the Microsoft Entra portal page. If this is the case, you can follow these steps to leave the tenant:

How to Resolve: Unable to Receive Weekly Digest for PIM If you are not receiving the weekly digest emails for Privileged Identity Management (PIM), you need to make sure that you have a valid “Email” or “Alternate email” configured. Once the email is configured, Global admins, security admins, and security readers will automatically receive weekly digest mails. As an administrator, you can choose the users assigned to receive the email and configure the weekly digest email in the Microsoft Entra admin center > Protection > Identity Protection > Weekly digest.

Unable to switch directories in Azure AD Have you tried to sign into an Azure tenant and selected the correct directory, only to be redirected to an entirely different directory from the one you chose? If you are having trouble switching directories in Azure Active Directory, here are the steps to resolve this issue. Problem When attempting to switch directories or sign into a particular directory, Azure AD automatically signs you into your default or startup directory.

In Azure AD Connect, the sourceAnchor attribute connects an on-premises object to a cloud object. It ensures that a hybrid object has the same identity both on-premises and in Azure. After the sourceAnchor attribute has been set, it is best practice to avoid updating the sourceAnchor attribute value unless it is absolutely necessary to do so. Attributes such as UserPrincipalName or email, for example, should not be used, since they can change if a user’s user name or email changes.

In 2019 I answered a question on Stack Overflow about the difference between App Registrations and Enterprise Applications in Azure Active Directory. Two years later I still see questions about the differences between these two terms, as well as questions about how the term “Service Principal” relates to each. The purpose of this blog post is to define these three terms and clarify how they differ from each other. App Registrations