I created a bunch of account via PowerShell script, but they have empty displayName.
idFix noticed me, fill up correctly new displayName but it FAIL when I hit Apply button (with no error message)
It does not matter if I edit UPDATE manually or I leave it as is. It always fails.
I'm able to change displayName by AD Users and Computers manually without problem.

Thank you for reporting an issue, suggesting an enhancement, or asking a question. We appreciate your feedback - to help the team understand your
needs please complete the below template to ensure we have the details to help. Thanks!

Please check out the Docs to see if your question is already addressed there. This will help us ensure our documentation covers the most frequent questions.

If you are reporting a security related issue, instead of submitting it here, please email [email protected] to ensure it is properly handled to resolution.

Category

• Enhancement
• Bug
• Question
• Documentation gap/issue

Version

Please specify what version of IdFix you are using: [ 2.2.0.0 ]

If you are not using the latest release, please update and see if the issue is resolved before submitting an issue.

Expected / Desired Behavior / Question

If you are reporting an issue please describe the expected behavior. If you are suggesting an enhancement please
describe thoroughly the enhancement, how it can be achieved, and expected benefit. If you are asking a question, ask away!

Observed Behavior

Install fails, with the following error:
An error occurred trying to download 'https://raw.githubusercontent.com/Microsoft/idfix/master/publish/IdFix.application'.

See the setup log file located at 'C:\Users\scg\AppData\Local\Temp\2\VSD3C4E.tmp\install.log' for more information.
The log file contains the following:
The following properties have been set:
Property: [AdminUser] = true {boolean}
Property: [InstallMode] = HomeSite {string}
Property: [NTProductType] = 3 {int}
Property: [ProcessorArchitecture] = AMD64 {string}
Property: [VersionNT] = 6.3.0 {version}
Running checks for package 'Microsoft .NET Framework 4.5.2 (x86 and x64)', phase BuildList
Reading value 'Release' of registry key 'HKLM\Software\Microsoft\NET Framework Setup\NDP\v4\Full'
Read integer value 528049
Setting value '528049 {int}' for property 'DotNet45Full_Release'
Reading value 'v4' of registry key 'HKLM\SOFTWARE\Microsoft\NET Framework Setup\OS Integration'
Read integer value 1
Setting value '1 {int}' for property 'DotNet45Full_OSIntegrated'
The following properties have been set for package 'Microsoft .NET Framework 4.5.2 (x86 and x64)':
Property: [DotNet45Full_OSIntegrated] = 1 {int}
Property: [DotNet45Full_Release] = 528049 {int}
Running checks for command 'DotNetFX452\NDP452-KB2901907-x86-x64-AllOS-ENU.exe'
Result of running operator 'ValueEqualTo' on property 'InstallMode' and value 'HomeSite': true
Result of checks for command 'DotNetFX452\NDP452-KB2901907-x86-x64-AllOS-ENU.exe' is 'Bypass'
Running checks for command 'DotNetFX452\NDP452-KB2901907-x86-x64-AllOS-ENU.exe'
Result of running operator 'ValueEqualTo' on property 'InstallMode' and value 'HomeSite': true
Result of checks for command 'DotNetFX452\NDP452-KB2901907-x86-x64-AllOS-ENU.exe' is 'Bypass'
Running checks for command 'DotNetFX452\NDP452-KB2901954-Web.exe'
Result of running operator 'ValueNotEqualTo' on property 'InstallMode' and value 'HomeSite': false
Result of running operator 'ValueGreaterThanEqualTo' on property 'DotNet45Full_Release' and value '379893': true
Result of checks for command 'DotNetFX452\NDP452-KB2901954-Web.exe' is 'Bypass'
Running checks for command 'DotNetFX452\NDP452-KB2901954-Web.exe'
Result of running operator 'ValueNotEqualTo' on property 'InstallMode' and value 'HomeSite': false
Result of running operator 'ValueGreaterThanEqualTo' on property 'DotNet45Full_Release' and value '379893': true
Result of checks for command 'DotNetFX452\NDP452-KB2901954-Web.exe' is 'Bypass'
'Microsoft .NET Framework 4.5.2 (x86 and x64)' RunCheck result: No Install Needed
Launching Application.
URLDownloadToCacheFile failed with HRESULT '-2146697208'
Error: An error occurred trying to download 'https://raw.githubusercontent.com/Microsoft/idfix/master/publish/IdFix.application'.

Steps to Reproduce

Logged in as the domain admin, tried logging in as an alternate domain admin, also tried downloading/installing on a system other than the two DC's, none of it worked. (Server 2012r2 or later in all cases, latest .Net installed)

Thank you for your feedback!

Category

• Enhancement
• Bug
• Question
• [X ] Documentation gap/issue

The documentation is currently using "preperation" for links and filenames instead of "preparation".

Category

• Enhancement
• Bug
• Question
• Documentation gap/issue

Version

Please specify what version of IdFix you are using: [ 2.1.3.0 ]

Expected / Desired Behavior / Question

The documentation between AAD Connect valid characters and what IDFix checks for doesn't look to be consistent. AAD Connect flags apostrophes (') as invalid for UPN and ProxyAddresses, but IDFix doesn't check for that. The desired behaviour is that any character that's invalid for AAD Connect would be flagged by IDFix

Observed Behavior

UPN and ProxyAddress with an apostrophe are not flagged by IDFix

Steps to Reproduce

Set a user in AD to have a ProxyAddress and UPN with a ' (example: david.o'[email protected]), then run the latest build of IDFix.

Thank you for reporting an issue, suggesting an enhancement, or asking a question. We appreciate your feedback - to help the team understand your
needs please complete the below template to ensure we have the details to help. Thanks!

Please check out the Docs to see if your question is already addressed there. This will help us ensure our documentation covers the most frequent questions.

If you are reporting a security related issue, instead of submitting it here, please email [email protected] to ensure it is properly handled to resolution.

Category

• Enhancement
• [X ] Bug
• [ X] Question
• Documentation gap/issue

Version

Please specify what version of IdFix you are using: [2.3.0.0 ]

If you are not using the latest release, please update and see if the issue is resolved before submitting an issue.

Expected / Desired Behavior / Question

If you are reporting an issue please describe the expected behavior. If you are suggesting an enhancement please
describe thoroughly the enhancement, how it can be achieved, and expected benefit. If you are asking a question, ask away!

IDFix is flagging apostrophe as invalid character in UPN and ProxyAddresses; however, apostrophe is a valid character for syncing identities with AzureAD Connect. No Sync Errors in AAD Connect when apostrophe is used.

MicrosoftDocs/azure-docs#14404

Observed Behavior

If you are reporting an issue please describe the behavior you expected to occur when performing the action. If you are making
suggestion or asking a question delete this section.
Expect IDFix to not flag UPN or ProxyAddress with apostrophe.

Steps to Reproduce

If you are reporting an issue please describe the steps to reproduce the bug in sufficient detail to allow testing. If you are making
a suggestion or asking a question delete this section.

Sync and AD Object with UPN or Proxyaddresses to AzureAD that contain apostrophe. Observe no sync errors.

Submission Guidelines

Thank you for your feedback!

Category

• Enhancement
• Bug
• Question
• Documentation gap/issue

Version

Please specify what version of IdFix you are using: [ N\A ]

Expected / Desired Behavior / Question

We are running the IDfix tool for a very large organization and are having issues with their top level domain not being recognised so an error is being logged for every single smtp attribute (over 3 million errors).

Do you know if the list of supported TLD’s in the tool is visible or if we can edit it to include *.edu.au as a valid topleveldomain attribute?

Observed Behavior

N\A

Steps to Reproduce

N\A

Thank you for reporting an issue, suggesting an enhancement, or asking a question. We appreciate your feedback - to help the team understand your
needs please complete the below template to ensure we have the details to help. Thanks!

Please check out the Docs to see if your question is already addressed there. This will help us ensure our documentation covers the most frequent questions.

If you are reporting a security related issue, instead of submitting it here, please email [email protected] to ensure it is properly handled to resolution.

Category

• Enhancement
• Bug
• Question
• Documentation gap/issue

Version

Please specify what version of IdFix you are using: [2.6.0.0]

Expected / Desired Behavior / Question

domains.txt should be installed at C:\Program Files\Microsoft FastTrack Open Source\Microsoft IdFix with the default list of top level domains.

Observed Behavior

domains.txt file is missing

Steps to Reproduce

open C:\Program Files\Microsoft FastTrack Open Source\Microsoft IdFix in windows explorer

Thank you for your feedback!

Category

• Enhancement
• Bug
• Question
• Documentation gap/issue

Version

Please specify what version of IdFix you are using: [ 2.2.0.0 ]

If you are not using the latest release, please update and see if the issue is resolved before submitting an issue.

Expected / Desired Behavior / Question

Able to search a specific OU using the search base option in the connection screen.

Observed Behavior

When entering a value in the search base, tick the box to enable the search base text box, when entering a value, and clicking OK, i then go back in and edit the connection,, the search base box is ticked, but the value entered is blank, so the search base appears to have no effect when doing a search.

Steps to Reproduce

Open IDfix, click the Cog to configure connection, enter value in search base, click OK. Click cog again, an value is blank.

Thanks,
Steve

Category

• Enhancement
• Bug
• Question
• Documentation gap/issue

Version

Please specify what version of IdFix you are using: [2.6.0.2]

IdFix returns four objects right after query. The first three are expected, but the fourth one is either

• falsely reported
• throwing the wrong error message or
• missing the conflicting item in the list

As far as I was able to search through my AD I was not able to find any conflict with the mentioned mail address.
It seems this was introduced in 2.5.0.0, as 2.4.0.0 works fine and only shows the first three entries:

This sounds similar to #29 and #40 though #29. Unfortunately, I have no idea on how to investigate any further. Are there any log files that are more verbose that I could take a look at?

Category

• Enhancement
• Bug
• Question
• Documentation gap/issue

Version[ 2.6.0.1 and 2.5.0.0]

When I click on Query, instead of showing results, I get a message saying "Sequence contains no matching element". Below, it says "Error in RulesRunner: Sequence contains no matching element."

What could be wrong? I ran it on my server running AAD Connect, on a DC, and on my client system, I am getting the same results.

HI,

Is there any option to run the tool in offline mode with out connecting first to the internet?
Thanks.

Version

Please specify what version of IdFix you are using: [ 1.11.6579.29793 ]

This executable from Microsoft is not signed. Please add this in the next version for authenticity and application whitelisting.

Thank you for reporting an issue, suggesting an enhancement, or asking a question. We appreciate your feedback - to help the team understand your
needs please complete the below template to ensure we have the details to help. Thanks!

Please check out the Docs to see if your question is already addressed there. This will help us ensure our documentation covers the most frequent questions.

If you are reporting a security related issue, instead of submitting it here, please email [email protected] to ensure it is properly handled to resolution.

Category

• Enhancement
• Bug
• [ x] Question
• Documentation gap/issue

Version

Please specify what version of IdFix you are using: [ 2.3.0.0 ]

I am unable to run IDFIX on Server 2012. When i click on query option in the IDFIX program, the screen is blan and the message i get is cleared grid. Can someone help me with this issue

Team...
I have a government customer that needs to turn off auto update for software versioning is that even possible? Has anyone out there has been able to disable auto update for idfix?
Thanks

Category

• Enhancement
• Bug
• Question
• Documentation gap/issue

Version

Please specify what version of IdFix you are using: [ 1.x ]

Expected / Desired Behavior / Question

It would be nice if you could tell the tool to ignore certain OU’s. Say import a list of OU’s to ignore in your scan OR at least allow entry for multiple OU exclusions.

Thank you for reporting an issue, suggesting an enhancement, or asking a question. We appreciate your feedback - to help the team understand your
needs please complete the below template to ensure we have the details to help. Thanks!

Please check out the Docs to see if your question is already addressed there. This will help us ensure our documentation covers the most frequent questions.

If you are reporting a security related issue, instead of submitting it here, please email [email protected] to ensure it is properly handled to resolution.

Category

• Enhancement
• Bug
• Question
• Documentation gap/issue

Version

Please specify what version of IdFix you are using: [2.6.0.0]

Expected / Desired Behavior / Question

domains.txt in the installation folder should be populated with the default list of top level domains.

Observed Behavior

domains.txt contains the following line:

"# NOTE: This file will be overwritten by defaultdomains.txt during the build process. Make changes to defaultdomains.txt instead."

Steps to Reproduce

open domains.txt in the folder:

C:\Users\username\AppData\Local\Apps\2.0\Q795T4P0.W59\PEX277G7.LB9\idfi..tion_bdc860f2c35357b9_0002.0006_6007af930c361bb2

Thank you for your feedback!

The Setup.exe is not able to authenticate against Proxy. Setup will stop with ERROR 407.

(i'm unable to edit the title, it should be [Enhancement] Include CanonicalName field )

Category

• Enhancement
• Bug
• Question
• Documentation gap/issue

Version

Please specify what version of IdFix you are using: [ 2.2.0.0 ]

Suggestion

Include a column for CanonicalName (CN) so we can sort the output by OU path easily. Sorting by DN is difficult, even with Excel. Thanks

Category

• Enhancement
• Bug
• Question
• Documentation gap/issue

Version

2.3.0.0

Expected / Desired Behavior / Question

An easy one: the CHANGELOG.md needs updating for the 2.3.0.0 release changes, only has up to 2.2.0.0 changes in there.

Thank you for reporting an issue, suggesting an enhancement, or asking a question. We appreciate your feedback - to help the team understand your
needs please complete the below template to ensure we have the details to help. Thanks!

Please check out the Docs to see if your question is already addressed there. This will help us ensure our documentation covers the most frequent questions.

If you are reporting a security related issue, instead of submitting it here, please email [email protected] to ensure it is properly handled to resolution.

Category

• Enhancement
• [* ] Bug
• [* ] Question
• Documentation gap/issue

Version

Please specify what version of IdFix you are using: [ 2.3.0.0 ]

If you are not using the latest release, please update and see if the issue is resolved before submitting an issue.

Expected / Desired Behavior / Question

If you are reporting an issue please describe the expected behavior. If you are suggesting an enhancement please
describe thoroughly the enhancement, how it can be achieved, and expected benefit. If you are asking a question, ask away!

Observed Behavior

Version 2.3.0.0. will not operate correctly in my customer's environment. If I try and install it, either by clicking on the ClicktoRun link, or downloading whilst I'm connected to their network I get what appears to be a TLS/certificate revocation failure.

If I install it, whilst not connected ,and then connect to their network and run it I get the following experience:

1.) The software launches
2.) It detects my logged in forest name
3.) When I click query it appears to make a connection but it just sits there with the "Starting Query" indicator in the lower left corner of the Window and never gets any further.

There's is nothing of any value in the logs of the application but I will try and follow up with some logs tomorrow...

Thank you for reporting an issue, suggesting an enhancement, or asking a question. We appreciate your feedback - to help the team understand your
needs please complete the below template to ensure we have the details to help. Thanks!

Please check out the Docs to see if your question is already addressed there. This will help us ensure our documentation covers the most frequent questions.

If you are reporting a security related issue, instead of submitting it here, please email [email protected] to ensure it is properly handled to resolution.

Category

• Enhancement
• [ X] Bug
• Question
• Documentation gap/issue

Version

Please specify what version of IdFix you are using: [ 2.2.0.0 ]

If you are not using the latest release, please update and see if the issue is resolved before submitting an issue.

Expected / Desired Behavior / Question

If you are reporting an issue please describe the expected behavior. If you are suggesting an enhancement please
describe thoroughly the enhancement, how it can be achieved, and expected benefit. If you are asking a question, ask away!
IDFix to report duplicate Proxy Addresses found

Observed Behavior

If you are reporting an issue please describe the behavior you expected to occur when performing the action. If you are making a suggestion or asking a question delete this section.
None found, but should report duplicate proxy address

Steps to Reproduce

If you are reporting an issue please describe the steps to reproduce the bug in sufficient detail to allow testing. If you are making
a suggestion or asking a question delete this section.

Add 2 users with the same Proxy Address

Submission Guidelines

Delete this section after reading

• All suggestions, questions and issues are welcome, please let us know what's on your mind.
• Remember to include sufficient details and context.
• Please check back occasionally on your issue as we may have follow up questions.
• If you have multiple suggestions, questions, or bugs please submit them in seperate issues so we can track resolution.

Thank you for your feedback!

Category

• Enhancement
• Bug
• Question
• Documentation gap/issue

Version

Please specify what version of IdFix you are using: [ latest ]

We are looking for feedback from users on removing the dedicated checks from the application. As part of the refactoring (#14) it occurred to us that it is unlikely there are any more dedicated migrations happening. Wondering if we can remove all of the checks/code associated with the dedicated mode?

This work would NOT be done as part of the refactor - looking to have a discussion first before making changes, but the refactor brought up the idea.

Thoughts?

Category

• Enhancement
• Bug
• Question
• Documentation gap/issue

Version 2.4.0.0

Observed Behavior

Schema Warning Notification Window upon clicking Query:

The following attributes are present in the schema but are not marked for replication to the Global Catalog and will not be analyzed for errors. Do you want to continue?
homeMdb
mailnickname

Steps to Reproduce

Click Query

Notes

These 2 attributes are in the schema and marked for replication but different letter case.

• homeMdb in IdFix and homeMDB in Schema
• mailnickname in IdFix and mailNickname in Schema

Category

• Enhancement
• Bug
• Question
• Documentation gap/issue

Version

Please specify what version of IdFix you are using: [ latest ]

We are seeing an uptick in usage of IdFix, which is great and we are excited for all the feedback. In reviewing the issues and looking over the code we decided to take the time to do a larger refactor to make it easier to maintain, add comments, and decouple the logic which is currently contained almost exclusively within in "Form1.cs".

This means that fixing the open issues and publishing a new release will take a bit longer than we planned, but future updates should be quicker.

We have no plans to make any changes to the user experience of the tool and do not plan any UI changes with the code refactor. When done we aim to deliver the same tool with hopefully some small performance improvements and fixes to the open issues.

How you can help

If you are interested in helping test beta versions of the refactored code to compare to the existing tool we would appreciate it. While we do our best to test things, nothing can duplicate the nature of different production environments across the world. More testing is always better. If you want to help please comment below and once we are ready we'll update with how to test beta versions. Thanks!

Like: #5

Category

• [X ] Enhancement

Version

IdFix 2.3.00

Expected / Desired Behavior / Question

I would expect to no TopLevelDomain Error for .Swiss TLD

Observed Behavior

IdFix reports a TopLevelDomain Error for .Swiss which is a routable TLD.

Thanks
Stefan

I've managed to work around this, issue appears to be related to installer permissions. However this version of IDFIX is not recognizing ,africa as a valid top level domain name causing false positives. Is this list stored within a configuration file in the application anywhere or would a file need to be updated in the Github repository? I noticed in the build file download there is a file called domains.txt and I've verified that .africa is not listed there...

Originally posted by @peterjoinobits in #36 (comment)

Just now downloaded the idfix tool from here and testing in hybrid environment . Installed it on Exchange 2019/windows 2019 and GC windows 2019
When trying to do a query it throwing error "The following attributes are present in the schema but are not marked for replication to the globalcalalog and will not be analyzed for errors. Do you want to continue? IscritialSystemobject".Screenshot attached
I click on ok and nothing happens .f

Hi Support,
I've launched IDFix 1.09 and running the Query inside my AD (xxxxx.cloud)
IDfix reported a TopLevelDomain Error, It's quite strange because .Cloud is a routable .TLD.
So i checked your domains.txt inside the GitHub:
https://github.com/microsoft/idfix/blob/master/src/domains.txt
and it is missing the .cloud domain.... is this why I am getting a TLD Error?
Thanks and Regards
Luca

Category

• Enhancement
• Bug
• Question
• Documentation gap/issue

Version

Please specify what version of IdFix you are using: [ 2.0.2.0 ]

In the docs in the operation section it mentions a filter button that is no longer there and the screen shot is out of date. These should be updated to reflect the latest version of the tool.

Category

• Enhancement
• Bug
• Question
• Documentation gap/issue

Version

Please specify what version of IdFix you are using: [ 2.6.0.2 ]

Expected / Desired Behavior / Question

Would it make sense to ignore Apostrophe in X500 Addresses when it contains "/o=ExchangeLabs/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients" ?

Observed Behavior

I have users with an Apostrophe in theyr Lastname like "d'Agostini".
This will result in diffrent Attibutes containing that Apostrophe.
Including the LegacyExchangeDN,CN,DN etc.
When the user is synchronized to Exchange Online with AAD Connect. A Mailuser is created in Exchange online. The LegacyExchangeDN is then added as a X500 Address to the Proxyaddresses AD Attribute

Steps to Reproduce

AD User with an Apostrophe in Lastname

#ADUser from Active Directory
Get-ADUser Sandro.Dagostini -Properties * | fl
AccountExpirationDate :
accountExpires : 9223372036854775807
AccountLockoutTime :
AccountNotDelegated : False
AllowReversiblePasswordEncryption : False
AuthenticationPolicy : {}
AuthenticationPolicySilo : {}
BadLogonCount : 0
badPasswordTime : 0
badPwdCount : 0
CannotChangePassword : False
CanonicalName : corp.icewolf.ch/Icewolf Users/d'Agostini, Sandro
Certificates : {}
City :
CN : d'Agostini, Sandro
codePage : 0
Company :
CompoundIdentitySupported : {}
Country :
countryCode : 0
Created : 16.02.2022 15:54:25
createTimeStamp : 16.02.2022 15:54:25
Deleted :
Department :
Description :
DisplayName : d'Agostini, Sandro
DistinguishedName : CN=d'Agostini, Sandro,OU=Icewolf Users,DC=corp,DC=icewolf,DC=ch
Division :
DoesNotRequirePreAuth : False
dSCorePropagationData : {09.06.2022 22:43:54, 09.06.2022 22:28:32, 09.06.2022 11:24:29, 09.06.2022
11:09:11...}
EmailAddress : S.d'[email protected]
EmployeeID :
EmployeeNumber :
Enabled : True
Fax :
GivenName : Sandro
HomeDirectory :
HomedirRequired : False
HomeDrive :
homeMDB : CN=MDB02,CN=Databases,CN=Exchange Administrative Group
(FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=corp,DC=icewolf,DC=ch
HomePage :
HomePhone :
Initials :
instanceType : 4
isDeleted :
KerberosEncryptionType : {}
LastBadPasswordAttempt :
LastKnownParent :
lastLogoff : 0
lastLogon : 0
LastLogonDate :
legacyExchangeDN : /o=First Organization/ou=Exchange Administrative Group
(FYDIBOHF23SPDLT)/cn=Recipients/cn=c4e80af3b3f645db976e9e625943cec4-d'Ago
LockedOut : False
logonCount : 0
LogonWorkstations :
mail : S.d'[email protected]
mailNickname : Sandro.Dagostini
Manager :
mDBUseDefaults : True
MemberOf : {CN=Group_4edf92dc-3616-425f-9406-baf7c0e9b53f,OU=GroupWriteback,OU=Icewolf
Users,DC=corp,DC=icewolf,DC=ch}
MNSLogonAccount : False
MobilePhone :
Modified : 09.06.2022 23:41:54
modifyTimeStamp : 09.06.2022 23:41:54
mS-DS-ConsistencyGuid : {75, 79, 139, 63...}
msDS-ExternalDirectoryObjectId : User_8a3ec24e-336d-4066-bbdd-e99c3e888008
msDS-User-Account-Control-Computed : 8388608
msExchArchiveQuota : 104857600
msExchArchiveWarnQuota : 94371840
msExchCalendarLoggingQuota : 6291456
msExchDumpsterQuota : 31457280
msExchDumpsterWarningQuota : 20971520
msExchELCMailboxFlags : 130
msExchHomeServerName : /o=First Organization/ou=Exchange Administrative Group
(FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=ICESRV06
msExchMailboxGuid : {159, 238, 226, 72...}
msExchMailboxSecurityDescriptor : System.DirectoryServices.ActiveDirectorySecurity
msExchPoliciesIncluded : {81555ef0-da30-408c-b5d7-e1a1414666b5, {26491cfc-9e50-4857-861b-0cb8df22b5d7}}
msExchRBACPolicyLink : CN=Default Role Assignment Policy,CN=Policies,CN=RBAC,CN=First
Organization,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=corp,DC=icewolf,DC=ch
msExchRecipientDisplayType : 1073741824
msExchRecipientTypeDetails : 1
msExchTextMessagingState : {302120705, 16842751}
msExchUMDtmfMap : {emailAddress:7324678464, lastNameFirstName:324678464726376,
firstNameLastName:726376324678464}
msExchUserAccountControl : 0
msExchVersion : 88218628259840
msExchWhenMailboxCreated : 16.02.2022 15:55:42
Name : d'Agostini, Sandro
nTSecurityDescriptor : System.DirectoryServices.ActiveDirectorySecurity
ObjectCategory : CN=Person,CN=Schema,CN=Configuration,DC=corp,DC=icewolf,DC=ch
ObjectClass : user
ObjectGUID : 3f8b4f4b-8fd7-44a3-af93-fc5fde45e98d
objectSid : S-1-5-21-2172137609-3848174251-3393784778-5210
Office :
OfficePhone :
Organization :
OtherName :
PasswordExpired : True
PasswordLastSet :
PasswordNeverExpires : False
PasswordNotRequired : False
POBox :
PostalCode :
PrimaryGroup : CN=Domain Users,CN=Users,DC=corp,DC=icewolf,DC=ch
primaryGroupID : 513
PrincipalsAllowedToDelegateToAccount : {}
ProfilePath :
ProtectedFromAccidentalDeletion : False
proxyAddresses : {x500:/o=ExchangeLabs/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Reci
pients/cn=47ca0ca35787401e84195e98a4569911-d'Agostini,,
SMTP:[email protected], x500:/o=ExchangeLabs/ou=Exchange Administrative
Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=7a712724b27048fd927b7b8cec5ac3a0-d'Agos
tini,, smtp:[email protected]}
pwdLastSet : 0
SamAccountName : Sandro.Dagostini
sAMAccountType : 805306368
ScriptPath :
sDRightsEffective : 15
ServicePrincipalNames : {}
showInAddressBook : {CN=All Users,CN=All Address Lists,CN=Address Lists Container,CN=First
Organization,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=corp,DC=icewolf,DC=ch, CN=Default
Global Address List,CN=All Global Address Lists,CN=Address Lists
Container,CN=First Organization,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=corp,DC=icewolf,DC=ch}
SID : S-1-5-21-2172137609-3848174251-3393784778-5210
SIDHistory : {}
SmartcardLogonRequired : False
sn : d'Agostini
State :
StreetAddress :
Surname : d'Agostini
Title :
TrustedForDelegation : False
TrustedToAuthForDelegation : False
UseDESKeyOnly : False
userAccountControl : 512
userCertificate : {}
UserPrincipalName : [email protected]
uSNChanged : 244100776
uSNCreated : 241687289
whenChanged : 09.06.2022 23:41:54
whenCreated : 16.02.2022 15:54:25

#Query Mailuser Object in Exchange Online
Get-MailUser -Identity Sandro.Dagostini | fl legacy*
LegacyExchangeDN : /o=ExchangeLabs/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=47ca0ca35787401e84195e98a4569911-d'Agostini,

Regards
Andres

Category

• Enhancement
• Bug
• Question
• Documentation gap/issue

Version

Please specify what version of IdFix you are using: [ none ]

Question / Observed Behavior

This page in the Microsoft 365 Admin Center provides an invalid url to download the IdFix program: https://admin.microsoft.com/AdminPortal/Home#/dirsyncmanagement

The provided link is this, which leads to a non-existing page: https://go.microsoft.com/fwlink/?linkid=867219

Steps to Reproduce

Visit this page in a Microsoft 365 tenant which has dir-sync issues: https://admin.microsoft.com/AdminPortal/Home#/dirsyncmanagement

Screenshots:

Category

• Enhancement
• Bug
• Question
• Documentation gap/issue

Version

Please specify what version of IdFix you are using: [ latest ]

Expected / Desired Behavior / Question

Allow all columns to be resized in the display grid.

Thank you for reporting an issue, suggesting an enhancement, or asking a question. We appreciate your feedback - to help the team understand your
needs please complete the below template to ensure we have the details to help. Thanks!

Please check out the Docs to see if your question is already addressed there. This will help us ensure our documentation covers the most frequent questions.

If you are reporting a security related issue, instead of submitting it here, please email [email protected] to ensure it is properly handled to resolution.

Category

• Bug

Version

Please specify what version of IdFix you are using: [ 2.4.0.0 ]

If you are not using the latest release, please update and see if the issue is resolved before submitting an issue.

Expected / Desired Behavior / Question

If you are reporting an issue please describe the expected behavior. If you are suggesting an enhancement please
describe thoroughly the enhancement, how it can be achieved, and expected benefit. If you are asking a question, ask away!

blanks/spaces should be replaced

Observed Behavior

If you are reporting an issue please describe the behavior you expected to occur when performing the action. If you are making a
suggestion or asking a question delete this section.

Steps to Reproduce

If you are reporting an issue please describe the steps to reproduce the bug in sufficient detail to allow testing. If you are making
a suggestion or asking a question delete this section.

Submission Guidelines

Delete this section after reading

• All suggestions, questions and issues are welcome, please let us know what's on your mind.
• Remember to include sufficient details and context.
• Please check back occasionally on your issue as we may have follow up questions.
• If you have multiple suggestions, questions, or bugs please submit them in seperate issues so we can track resolution.

Thank you for your feedback!

Category

• Enhancement
• Bug
• Question
• Documentation gap/issue

Version

Please specify what version of IdFix you are using: [latest: 2.0.0.0 ]

Expected / Desired Behavior / Question

Old version of IdFix (1.08) works ok with top level domain ".si"

Observed Behavior

Attributes on all objects using top level domain ".si" are marked as error.

Steps to Reproduce

Tested with UPN and proxy address attributes.

Category

• Enhancement
• Bug
• Question
• Documentation gap/issue

Version

2.2.00

Expected / Desired Behavior / Question

I'm having some customers complaining about not being able to lunch IdFix tool from the setup file. I am having the same issue on a windows 2016 server but on windows 10 it works without any issues... Version 2.2.00
Error message:
Launching Application.URLDownloadToCacheFile failed with HRESULT '-2146697208'
Error: An error occurred trying to download 'https://raw.githubusercontent.com/Microsoft/idfix/master/publish/IdFix.application'.
I am able to open the URL manually in the browser.

Any idea what might be causing this?
Thanks in advance!
Cheers,
Pedro

Thank you for reporting an issue, suggesting an enhancement, or asking a question. We appreciate your feedback - to help the team understand your
needs please complete the below template to ensure we have the details to help. Thanks!

Please check out the Docs to see if your question is already addressed there. This will help us ensure our documentation covers the most frequent questions.

If you are reporting a security related issue, instead of submitting it here, please email [email protected] to ensure it is properly handled to resolution.

Category

• Enhancement
• Bug
• Question
• Documentation gap/issue

Version

Please specify what version of IdFix you are using: [ 2.3.0.0 ]

If you are not using the latest release, please update and see if the issue is resolved before submitting an issue.

Expected / Desired Behavior / Question

If you are reporting an issue please describe the expected behavior. If you are suggesting an enhancement please
describe thoroughly the enhancement, how it can be achieved, and expected benefit. If you are asking a question, ask away!

Duplicates not detected or the duplicate object is shown

Observed Behavior

If you are reporting an issue please describe the behavior you expected to occur when performing the action. If you are making a
suggestion or asking a question delete this section.

A duplicate email address is reported. Only one object is shown. The recommended action is to change the email address to the SAME EXACT email address. Unable to find a duplicate in the AD.

Steps to Reproduce

If you are reporting an issue please describe the steps to reproduce the bug in sufficient detail to allow testing. If you are making
a suggestion or asking a question delete this section.

Have to be run in the specific AD. I will be happy to reproduce and troubleshoot.

Category

• Enhancement
• Bug
• Question
• Documentation gap/issue

Version

Please specify what version of IdFix you are using: [ 2.1.2.0 ]

Expected / Desired Behavior / Question

Please add .gmbh to the list of tld's

I have idfix installed on a Windows 7 PC (That is domain joined) with .NET 4.8 installed. Both PC and DC (W2K3 R2) are on the local LAN. Idfix doesn't appear to be able to connect to the AD. (I have tried logging in as domain\user and also domain.local\user ) to no effect.
(I've also tried W2012R2 Server and Windows 2016 Server and still doesn't seem to find the forest)

When clicking Query I get "The Specified forest does not exist or cannot be contacted" This is upon initial opening without touching any settings.

I have tried various settings in the settings
All of the PORTS
Under Active Directory Added my domain.
domain
domain.local

Nothing seems to work.
Does this tool work with W2K3 R2 running a forest and domain functional level of 2003?

Category

• Enhancement
• Bug
• Question
• Documentation gap/issue

Version

Please specify what version of IdFix you are using: [ 2.2.0.0 ]

Question

What level of confidence can admins expect from the recommendations delivered via this tool. Are the possible recommendations the tool presents back reviewed by the AD team?

Observed Behavior

Running the IDFix 2.2.0.0 in my environment returns several recommendations for removing Parentheses from the x500 addreses, which is being addressed in #16 . It also makes suggestions about populating blank displayName attributes for ADFS Certificate Sharing Containers. One would assume that ADFS configured the sharing containers in the way that is supported and expected by AD and ADFS. I interpret this as a bug in the IDfix or that we encountered a bug in the ADFS setup somewhere in it's history, but can't find any documentation supporting the need for this change.

Steps to Reproduce

Run IDfix with ADFS in environment

Category

• Enhancement
• Bug
• Question
• Documentation gap/issue

Version

Please specify what version of IdFix you are using: [2.3.0]

I have errors due to Duplicate mailnickname (they are indeed anomalies), but in the report there is only one of the 2 accounts indicated.
It would be more practical if the 2 accounts were indicated. It seems to me that the old version (1.09) did.

Thanks,
Fred

Category

• [X ] Enhancement
• Bug
• Question
• Documentation gap/issue

Version

2.3.0.0

Expected / Desired Behavior / Question

I tried to export the list of issues into a CSV-File.
The Export itself works but the data in the CSV is not really usable.

Two issues:

• The separator is a "comma" and this character is also used in the distinguishedname. Import in excel etc will then scramble the columns. Recommended Fix: Encapsulate every string in a String

• Charset cannot handle "umlauts".
  I'ld prefer to export Unicode to handle special character

Observed Behavior

You should encapsulate strings, which contain the separater character (like "," in dns)

Steps to Reproduce

Create an AD-User with an Umlaut and run IDFIX and try to export it.
Open the File in Excel or "import-csv" and use "," as separator.

Version: [ 2.0.2.0 ]

Expected Behavior

Use different credentials for specific forest at the moment of connection through settings panel.

Observed Behavior

The credentials are not considered and Windows login session credentials are used neverminding if I chose Current credentials or Other credentials.

Steps to Reproduce

Run IDFix to collect information from an Active Directory that doesn't accept your current windows login credentials.

Demonstrated using 389 protocol (LDAP plain text) and using wireshark the sent credentials are not correct and I receive Invalid credentials error.

Nearly all Exchange OnPremises topologies are still using X400 Addresses (from old Exchange 5.x setups many years ago). They never enen think about removing them (not being aware that they are there).
We also have X500 addresses which are for "Cross Forest Migrations" and they contain the "LegacyExchangeDN" to allow delivery to migrated mailboxes.

I see a lot of errore about characters in ProxyAddresses in combination with X400/X500. The reason are "Spaces" in the X400/X500 Address. I tried to find a description about valid characters for these types but was not successfull. But all my addresses were created by the Exchange ProxyDLLs and i'm sure they to it right. so i assume, that is a valid character for these types.

Category

• Enhancement
• Bug
• Question
• Documentation gap/issue

Version

Please specify what version of IdFix you are using: [2.2.0.0]

Expected Behavior

x500 addresses are not flagged up as invalid proxy addresses
We previously used version 1.11 and that version has the expected behaviour.

Observed Behavior

x500 addresses are flagged up as invalid proxy addresses with a Character error, causing thousands of false errors.
The suggested correction by the tool is to remove Parenthesis "(" and ")" characters.
This is incorrect and sync is unaffected. Our valid x500 addresses contain these characters and are simply repopulated from Azure during the next sync if the address is changed or removed.

Steps to Reproduce

Add an x500 proxy address to an AD object that contains the characters Parenthesis "(" or ")", such as the following:
x500:/o=ExchangeLabs/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=f7a6b595bd894d3ca3d5f1cfae62d4fb-FirstLastna
Run a query in IDFix and review the results.

Thank you for reporting an issue, suggesting an enhancement, or asking a question. We appreciate your feedback - to help the team understand your
needs please complete the below template to ensure we have the details to help. Thanks!

Please check out the Docs to see if your question is already addressed there. This will help us ensure our documentation covers the most frequent questions.

If you are reporting a security related issue, instead of submitting it here, please email [email protected] to ensure it is properly handled to resolution.

Category

• [ X ] Enhancement
• Bug
• Question
• Documentation gap/issue

Version

Please specify what version of IdFix you are using: [ latest ]

If you are not using the latest release, please update and see if the issue is resolved before submitting an issue.

Expected / Desired Behavior / Question

Enable using idfix from the command line and PowerShell for automation scenarios.

Thank you for reporting an issue, suggesting an enhancement, or asking a question. We appreciate your feedback - to help the team understand your
needs please complete the below template to ensure we have the details to help. Thanks!

Please check out the Docs to see if your question is already addressed there. This will help us ensure our documentation covers the most frequent questions.

If you are reporting a security related issue, instead of submitting it here, please email [email protected] to ensure it is properly handled to resolution.

Category

• Enhancement
• [X ] Bug
• [X ] Question
• Documentation gap/issue

Version

Please specify what version of IdFix you are using: [ 2.3.0.0 ]

If you are not using the latest release, please update and see if the issue is resolved before submitting an issue.

Expected / Desired Behavior / Question

*Running setup creates a Start menu Item for iDfix that you can then click to launch.

Also, Where are the transaction Log Files?*

Observed Behavior

*after running Setup, the shortcuts are in teh start menu but they lead to nothing and do not launch iDfix. If I run the setup.exe it launches iDfix

suggestion or asking a question delete this section.*

Steps to Reproduce

Run Setup and try to Launch from Start menu on Server 2016 Data Center edition and nothing happens.

Thank you for your feedback!

Thank you for reporting an issue, suggesting an enhancement, or asking a question. We appreciate your feedback - to help the team understand your
needs please complete the below template to ensure we have the details to help. Thanks!

Please check out the Docs to see if your question is already addressed there. This will help us ensure our documentation covers the most frequent questions.

If you are reporting a security related issue, instead of submitting it here, please email [email protected] to ensure it is properly handled to resolution.

Category

• Question

Version

Please specify what version of IdFix you are using: [ 2.2.0.0]

If you are not using the latest release, please update and see if the issue is resolved before submitting an issue.
I am using the version 2.2.0.0

Expected / Desired Behavior / Question

I am expecting the output. But the tool is crashing with an error

Observed Behavior

The tool is crashing with an error
"The server does not support the control. The control is critical."

Steps to Reproduce

I can reproduce the issue gain. I am running on 2012 R2 server.

Category

• Enhancement
• Bug
• Question
• Documentation gap/issue

Version

Please specify what version of IdFix you are using: [ 1.* ]

Issue came in on the old email alias for version 1:

Hello,
the exported file uses a comma “,” as the field separator; this results in a mess when the file is used in a spreadsheet like Excel, because most of the data are LDAP paths and then contain commas, so fields like “DISTINGUISHEDNAME” are split into many columns.

I suggest that the CSV should use another character as a field separator, like TAB or an unusual one like “|” or “§”, so to split the column into fields appropriately.

Category

• Enhancement
• Bug
• Question
• Documentation gap/issue

Version

Please specify what version of IdFix you are using: [2.3.0]

I was using an old version of IDFix (1.09) so far, with the new version (2.3) I have a lot of errors because the targetAddress attribute is empty.
It seemed to me that in the case of a dedicated tenant that this attribute was not necessary if the homeMdb attribute was filled in.
Extract "not blank (contact and user without homeMdb)" from https://microsoft.github.io/idfix/supported-errors/#targetaddress_1

Thanks
Fred

@patrick-rodgers :

Is it possible to run IDFix remotely to evaluate AD different from DC where IDFix is installed?

I installed IDFix on Win 10 Laptop in DC=Corp_A.
My Win 10 Laptop is configured with the VPN to Windows Server 2010 R2 running DC=Corp_B.
I confirmed that VPN is working and I can access AD on DC=Corp_B.
I can not successfully run IDFix to evaluate AD DC=Corp_B:
I use the port 3268 to add the hostname for AD DC=Corp_B in settings and make sure that only this AD is selected via Check_Box.
I also changed Credentials from to and entered
When I run a query with the filter field 'blank' or any other 'common filter' (objectCategory=Person - as an example),
IDFix reported error: : " The specified Forrest does not exist or can not be contacted " : Error in RulesRunner.

• Enhancement
• Bug
• Question
• Documentation gap/issue

Version

Please specify what version of IdFix you are using: [ 2.2.0.0 ]

If you are not using the latest release, please update and see if the issue is resolved before submitting an issue.

Expected / Desired Behavior / Question

I expect :

• IDFix to 'keep' Additional Active Directories added via setting [Add] Dialog and not to connect to ' home ' DC each time when IDFix is restarted;
• I would expect IDFix to connect to remote ( 'non-home') DC=Corp_B and being able to Query and run other operations
• I would expect an Error message to be a bit more detailed to help me determine what is 'wrong' in Settings.

Observed Behavior

Only works on the DC (Domain) where it is installed.
Need help configuring and running IDFix against external/remote AD domain (DC) via VPN.
Need help troubleshooting and interpreting Error Message

Steps to Reproduce

Connect to remote AD DC via VPN.
Confirm that IDFix installed in your local AD DC runs against the remote AD DC via VPN.
Please, share the configuration parameters for this topology.
Thank you,
Boris.