In Azure AD Connect, the sourceAnchor attribute connects an on-premises object to a cloud object. It ensures that a hybrid object has the same identity both on-premises and in Azure. After the sourceAnchor attribute has been set, it is best practice to avoid updating the sourceAnchor attribute value unless it is absolutely necessary to do so. Attributes such as UserPrincipalName or email, for example, should not be used, since they can change if a user’s user name or email changes.

Even though it is best practice to avoid changing the sourceAnchor attribute value, unplanned situations such as accidental user deletion…


In 2019 I answered a question on Stack Overflow about the difference between App Registrations and Enterprise Applications in Azure Active Directory. Two years later I still see questions about the differences between these two terms, as well as questions about how the term “Service Principal” relates to each. The purpose of this blog post is to define these three terms and clarify how they differ from each other.

App Registrations

An App Registration is a way of reserving an application in Azure AD. The registration enables Azure to communicate with the application and pass tokens to it. When you…


One Year of Riding a Peloton Every Day

I have ridden my Peloton bike for an hour a day since May 2020 and it is the best piece of fitness equipment I have ever owned. Before purchasing the bike, I deliberated for several years over whether it was worth the price, but I wish I had gotten it a lot sooner. If you love spin classes but are on the fence about whether to buy a Peloton, here are my top five reasons why you should bite the bullet and use my $100 off referral code (FTTGW7) to get one.

1. Metrics

What we measure, we improve.

Peloton…


The goal of this post is to help clarify some confusion about setting up Pass-Through Authentication in Azure AD Connect and outline the steps for completing the Azure AD Connect Wizard. Stepping through the AAD Connect Wizard and setting up PTA may seem simple at first, but the tool has some tricky idiosyncrasies that are worth noting. The below steps will help you work through them.

When you have added a custom domain in the Azure Portal and are ready to configure the connect wizard, follow these steps to sync your on-premises directory with Azure Active Directory.

1. Browse to…


Over 300 people have asked questions on Stack Overflow about how to configure Reply URLs for .NET web apps in the Azure Portal. Reply URLs are a very simple concept, but their setup in the Azure Portal is not necessarily intuitive.

When you register an Azure AD application you are required to configure a reply URL, which by default takes its value from the sign-on URL entered during the app registration.

Create App Registration

In Azure AD, the difference between the Reply URL and the PostLogoutRedirectURI is subtle. The official Microsoft documentation defines the Reply URL as follows:

“In the case of a…

Marilee Turscak

Microsoft Azure Identity

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store