Backtrack:  
 
showing posts tagged with 'office365'
 
by lunarg on April 10th 2017, at 11:36

You can manually trigger Azure AD Connect to perform a sync cycle. Open a Powershell on the server running Azure AD Connect, then type:

  • Perform a delta sync:
    Start-ADSyncSyncCycle -PolicyType Delta
  • Perform a full sync:
    Start-ADSyncSyncCycle -PolicyType Initial
by lunarg on April 10th 2017, at 10:41

During the installation of Azure AD Connect, the registration of the Azure AD Connect Health for Sync-agent may fail. When this happens, you can manually register the agent by running this Powershell cmdlet:

Register-AzureADConnectHealthSyncAgent -AttributeFiltering $false -StagingMode $false

You need the credentials of an O365 account with Global Admin rights.

by lunarg on April 6th 2017, at 10:35
Differentiating users that are synchronized from an on-premise AD and users created in Office 365 is easy when logged in through the Office 365 Portal. When using Powershell, it's another matter. While there's a parameter for Get-MsolUser to show only synchronized users, the ability to filter on only cloud users is missing. However, as cloud-only users do not have the ImmutableID set, you can build your own filter.

This one's obvious:

Get-MsolUser -All -Synchronized

You can filter on ImmutableID as it's not set for cloud-only users:

Get-MsolUser -All | ? ImmutableID -eq $null

If you want to filter out external users (i.e. if you shared something in Sharepoint Online with users that aren  ...
by lunarg on January 23rd 2017, at 11:03
In a hybrid Exchange environment, you may get an error when attempting to log in to Office 365 when performing a management task involving Office 365. When clicking the "Sign in to Office 365" link, the following error is displayed:

critical error
The web page isn't loading correctly. Please reload the page by refreshing your browser.

Technical information: Unable to set the property "mkt" of a null reference or undefined

Not really a solution, but you can work around the issue by performing these steps:

In EAC, navigate to Hybrid.

Click Modify.

Click Sign in to Office 365, type in your Office 365 username and password.

Once logged in, click on the Enterprise tab and try per  ...
by lunarg on January 9th 2017, at 16:33
A new Powershell module, called Azure AD v2 is available to manage Office365 from Powershell, and is now the preferred method for managing Office365 tenants from Powershell. Unlike the older MSOnline module, you need to download and install this version from the Powershell Gallery, for which there is no direct download link.

Windows 10 already has the PowershellGet module needed to download modules from Powershell Gallery, so all you need to do is run the following in an elevated Powershell:

Install-Module AzureAD

You may get a message about NuGet provider is required to continue. You can safely confirm this.

Everything pre-Windows 10 and starting from Windows 7 SP1 and 2008R2 SP1, you n  ...
by lunarg on August 10th 2016, at 15:31
It may not seem evident to find out which mailboxes are accessible by a particular user or group. Through EAC, there is no apparent way to do this, as giving access for a user to a (shared) mailbox can only be done through the shared mailbox and then providing the user/group access. There is no way to query a particular user/group and show a list of mailboxes that user/group has access to. Fortunately, it seems that Powershell (EMS) does provide an easier answer.

These cmdlets work in both Office365 and on-premise Exchange 2007 or newer.

List mailboxes to which a user/group has access to:

Get-Mailbox | Get-MailboxPermission -User user1

Although the cmdlet states a user name, replacing th  ...
by lunarg on June 30th 2016, at 13:11
When you migrated your mail from an on-premise Exchange to Office 365, and you did not (yet) uninstall Exchange and/or clean up AD, Outlook will still try to configure itself to connect to the on-premise Exchange when adding a new account, even though Autodiscover has been configured correctly (autodiscover.domain.tld pointing to autodiscover.outlook.com).

The reason for this is in the way how Outlook performs its autodiscovery attempts. The first step in the discovery process is trying to configure the account using Service Connection Point (SCP), which is defined in AD (or in rare cases, in the registry of the computer). As the SCP is still configured in AD/registry, Outlook will use thos  ...
by lunarg on April 20th 2016, at 15:47
A few steps to enable management of your Office 365 subscription using Powershell. One uses Powershell because not all configuration is available through the Office 365 Portal, and it's also useful for automation.

UPDATE (2016-04-20): updated links and information.

Download and install the Microsoft Online Services Sign-In Assistant.This is required in order to be able to sign in to Office 365.

Download and install Azure Active Directory Module for Windows PowerShell (64-bit version).Note: 32-bit users, see below.

Optionally, you can also download and install modules to manage Sharepoint Online and Skype for Business Online.

32-bit Azure AD Module
From October 20, 2014, the Azure Ac  ...
by lunarg on April 8th 2016, at 15:57

In-place online archive, this means having your online archive readily available in Outlook, is only available if you have Office ProPlus or a standalone version of Outlook. Outlook from Office Standard (including Office365 Business Premium) does not provide access to the online archive, and as such, it can only be opened from OWA.

by lunarg on November 23rd 2015, at 10:47
You can block Office 2013 Click-To-Run (CTR) from automatically updating to 2016 through a policy (or registry if you're not in a domain).

If you have the Office 2013 Group Policy templates installed on your domain controller, you can use them to set a policy to disable automatic updating.

You can find the setting at:

Computer Configuration → Administrative Templates → Microsoft Office 2013 (Machine) → Updates

Set Enable Automatic Upgrade to Disabled.

You can also disable the upgrade by manually adjusting the registry.

In regedit, navigate to the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\office\15.0\common\officeupdate

Create a registry value:

Type: DWORD

...
by lunarg on November 5th 2015, at 10:49

The Office365 Admin portal clearly shows which users are synced to AD and which are cloud only. In Powershell, this is less clear. To find out which are cloud-only, you need to check the value of LastDirSyncTime. If it is empty, then the user was never synced from AD, and thus, is a cloud-only user.

Log on to your Office 365 tenant through Powershell, then run:

Get cloud-only users:

Get-MsolUser -All | Where { $_.LastDirSyncTime -eq $null }

Get synchronized-only users:

Get-MsolUser -All | Where { $_.LastDirSyncTime -ne $null }
by lunarg on October 19th 2015, at 12:59
When users change their passwords of their on-premise AD account, these changes are not replicated to Office365 (Azure AD). In the event log of the server running AD Sync, event 611 is logged:

Event ID 611
Password synchronization failed for domain: constoso.com.

Details:
System.DirectoryServices.Protocols.LdapException: The operation was aborted because the client side timeout limit was exceeded.

To resolve the issue, a registry setting has to be changed on the server running AD Sync, followed by a reboot:

On the server running AD Sync, open regedit.

Navigate to the key:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Ldap

Set the value of LdapClientIntegrity to 0.

Restart the se  ...
by lunarg on October 19th 2015, at 12:59
When running an Office 365 with Active Directory synchronisation from your on-premise domain, you may encounter the issue where passwords for one, some or all accounts do not sync anymore. This can particularly happen if changes were made to the configuration of the AD sync (such as change in OUs, change of rules, etc.).

If you're using Azure Active Directory Sync tool (old method) for synchronisation, on the server running AD sync, start Powershell, then run these:

Import-Module DirSyncSet-FullPasswordSyncRestart-Service FIMSynchronizationService -Force

Run the following Powershell script on the server running Azure AD Sync Service or Azure AD Connect:

$adConnector = "contoso.com&  ...
by lunarg on October 9th 2015, at 11:06
In larger environments, installing Office from Office365 can be tedious work. Because of how the installation works (Click-to-Run principal), every user would have to log on to Office365 Portal to download and run the installer, and then stream Office to each computer. From a management perspective, this isn't really a good idea. Luckily, Microsoft has updated their Office Deployment Tool to support Click-to-Run, and that includes Office365.

Using Office Deployment Tool to deploy Office365 is pretty straight-forward and does not require much in terms of dependencies or prerequisites. It is also possible to use the deployment tool to deploy Office365 through System Center Configuration Manag  ...
by lunarg on October 9th 2015, at 10:06
With the release of Office 2016, Microsoft has also released the Office 2016 Deployment Tool (download here).

New features for Office Deployment Tool:

Specify which update branch to use.

Specify which language accessory packs to install.

The download of Office Deployment Tool contains a sample configuration.xml. Check out the Reference for Click-to-Run configuration.xml file for a complete reference on what can be configured.

Aside of some minor additional options to the configuration XML, using the Office Deployment Tool hasn't change very much, so this article about how to configure and use Office Deployment Tool for Office 365 is still valid.

More information about updating to Offic  ...
by lunarg on August 24th 2015, at 16:20
Occasionally (usually once a year), you may have to renew your SSL certificate of your Active Directory Federation Services server, used for your Office 365 Single Sign-On setup. In past versions, this was done quite easily through IIS. However, since 2012 R2 (a.k.a. ADFS 3.0), ADFS no longer uses IIS and it gets a little bit more complicated.

Outlined in this short article are the steps you need to do in order to renew or replace your SSL certificate on a Windows 2012 R2 server, running ADFS 3.0.

First, renew or request a new SSL certificate through your Certificate Authority (such as GoDaddy, Enom, etc.). How to do this depends greatly on the CA. As ADFS on 2012 R2 no longer uses IIS, yo  ...
by lunarg on August 18th 2015, at 15:07
If you have an Exchange Hybrid Configuration setup, you may have some users that use services of Office365 but still have their mailbox on-premise. These users probably have an Office365 license assigned to them. Selecting these users from the Users list in the Office365 Admin Portal reveals the following message when viewing the primary e-mail address for such a user:

Error
The items you're trying to open couldn't be found.

Additionally, the same error is displayed when attempting to view or edit Exchange Online properties for such a user.

The error is actually a "bug" in the Office365 Admin Portal, caused because the user has an Exchange Online license assigned. Because of thi  ...
by lunarg on August 17th 2015, at 13:25
EDIT: highlight required trailing dots + added CNAME for msoid.

If you're using a hosting provider which uses DirectAdmin for its DNS management, it may be a hassle to correctly configure DNS records for Office 365, mainly because of syntax issues. After some trial-and-error and googling, I finally managed to correctly devise the proper syntax to configure Exchange Online and Lync Online.

The set up of the entries below is a left and right field in the DNS management, safe for MX-records, which are set up elsewhere. For most services, don't forget to add the trailing . at the end of each record pointing to a Microsoft Server. Otherwise, resolving will incorrectly add your own do  ...
by lunarg on August 14th 2015, at 12:29
Setting up a hybrid configuration between Office 365 and on-premise Exchange may seem straight forward, but there are a lot of pitfalls to tackle. One of the more frequent issues is a problem with free/busy information not being visible, or the inability to migrate mailboxes from/to Exchange Online.

Additionally, you may have received this error during the initial configuration of the hybrid setup:

Hybrid Configuration Wizard
Office 365 was unable to communicate with your on-premises Autodiscover endpoint. This is typically due to incorrect DNS or firewall configuration. The Office 365 tenant is currently configured to use the following URL for Autodiscover queries from the Office 365 tena  ...
by lunarg on August 14th 2015, at 09:14

In an Office365 hybrid configuration, you may get the following error after the Sign in to Office 365 prompt in the EAC:

Error
412
Cookies Are Disabled :(
Please make sure that you enabled cookies in your browser settings and that your Exchange Admininstration Center domain has been added to trusted sites or local intranet zones.

To resolve, you need to do just that:

  1. Go to Internet Options, tab Security.
  2. Click the Intranet zone, then click the Websites button, then the Advanced button.
  3. Add your EAC FQDN to the list (e.g. https://exchange01.contoso.com/).
  4. Completely close the browser, then log back in.
 
showing posts tagged with 'office365'