Sometimes Windows’ relationship with 365, or a user’s profile, or just a user on a PC or terminal server, will not log into 365. This appears to be the result of corruption of cached credentials.
The most straightforward way is probably to nuke all User/Windows/Azure relationship and recreate. As written, this would probably be very bad on a terminal server, because it will nuke the relationship for all users and all profiles. So far, no per-user commands identified.:
Remove 365 accounts from “Access Work and School”, then run these:
dsregcmd /cleanupaccounts
dsregcmd /debug /leave
from administrative CMD, and also from SYSTEM (paexec or psexec can do this), then reboot, then remove from Access Work and School if still there, then set up user relationship(s) again.
But today we have a report that dsregcmd /status did something, unknown, which fixed one terminal server user. Not sure what. Next time I plan to run many tests with this info:
ss64.com/nt/dsregcmd.html
And if you see error CAA5021, do this:
Search for Manage user certificates in the search bar and open it from Best match. Then navigate to Current User\Personal\Certificates and make sure the MS-Organization-Access and MS-Organization-P2P-Access entries are deleted.
No reboot needed for that last.
Categories:
Microsoft 365
Azure
Here’s the download page:
www.microsoft.com/en-us/microsoft-teams/download-app
This downloads an .MSIX, which one can usually double-click effectively. The link appears to be nicely static at this writing:
statics.teams.cdn.office.net/production-windows-x64/enterprise/webview2/lkg/MSTeams-x64.msix
And some Powershell to do the download and the install:
cd $env:TEMP
curl.exe -O "https://statics.teams.cdn.office.net/production-windows-x64/enterprise/webview2/lkg/MSTeams-x64.msix"
Add-AppxPackage -Path '.\MSTeams-x64.msix'
# placeholder for Enter
Categories:
Microsoft 365
Categories:
Microsoft 365
OK, so it started as DirSync, is still being called on some pages “Azure AD Connect”, including the download page as of this writing:
www.microsoft.com/en-us/download/details.aspx?id=47594
but it is, apparently, officially renamed Microsoft Entra Connect:
learn.microsoft.com/en-us/entra/identity/hybrid/connect/whatis-azure-ad-connect-v2
except within the URL itself :-)
Please note that this is NOT the same as Microsoft Entra Cloud Sync. The above does LDAP, Cloud Sync does not.
Categories:
Azure
Microsoft 365
A new needs page has been put up. Major changes. If you have a strict firewall, try opening all of these up. IPv6 is listed within the required sections, not clear how much that is true.
learn.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide
Categories:
Microsoft 365
Categories:
Microsoft 365
First we connect to Exchange Online via Powershell. First we install or update the MSOnline module.
#Install
Set-Executionpolicy RemoteSigned -Scope Process
Install-Module -Name ExchangeOnlineManagement
Import-Module ExchangeOnlineManagement
#Update
Set-Executionpolicy RemoteSigned -Scope Process
Update-Module -Name ExchangeOnlineManagement
Import-Module ExchangeOnlineManagement
Then we connect:
Connect-MsolService
Now get a list of deleted users:
Get-MsolUser -ReturnDeletedUsers
And here’s how we permanently purge all of them. Do this ONLY if you are certain. There is no going back after this.
Get-MsolUser -ReturnDeletedUsers | Remove-MsolUser -RemoveFromRecycleBin -Force
Categories:
Microsoft 365
Exchange and Exchange Online
There are different methods for 365/Azure. But to get directly to Exchange Online from Powershell running on Windows, a current update of longstanding methods is as follows.
To install the module:
Set-Executionpolicy RemoteSigned -Scope Process
Install-Module -Name ExchangeOnlineManagement
Import-Module ExchangeOnlineManagement
To update the module:
Set-Executionpolicy RemoteSigned -Scope Process
Update-Module -Name ExchangeOnlineManagement
Import-Module ExchangeOnlineManagement
To connect:
Connect-ExchangeOnline -UserPrincipalName admin@domain.com
Current reference, including methods for MacOS and Linux as well:
learn.microsoft.com/en-us/powershell/exchange/exchange-online-powershell-v2
Categories:
Exchange and Exchange Online
Microsoft 365
This is at the 365 level, not the Exchange level. To connect:
Connect-MgGraph -Scope User.Read.All
(or User.ReadWrite.All)
To get user info:
Get-MgUser -UserID username@domain.com
To change immutable ID to “a”:
Update-MgUser -UserID username@domain.com -OnPremisesImmutableId "a"
One cannot change ImmutableID to $null, but it can be changed, so an AD/AZ ‘hard match’ is probably still possible. Have not verified yet.
The Exchange Online direct connection from Powershell, does remain, and is freshly updated.
Categories:
Microsoft 365
Active Directory
Microsoft is getting rid of Powershell modules we have been learning for years, in favor of something radically different, called Microsoft Graph. Here’s a page which gives us the profoundly different pattern of Graph usage for some nice things to have:
blog.raindrops.dev/blog/force-password-change-for-all-users-in-office-365/
The Exchange Online direct connection from Powershell, does remain, and is freshly updated.
Categories:
Microsoft 365
