In administrative Powershell:
In Active Directory Users and Computers, remove the user object from OU being AD-synched. Then complete an Azure/AD sync cycle. Then:
Restore-MsolUser -UserPrincipalName users_login_probably_email
Set-MsolUser -UserPrincipalName users_login_probably_email -ImmutableId "$null"
Do the last step before the next automatic AD sync!
A couple of links:
One can use this to import really big ones, dozens of gigabytes in size, imports which will crash, hang, and otherwise cough on Outlook very easily. Runs directly to folders inside of mailboxes. The amazing Yvonne Wynkoop found the first really good set of instructions we have seen:
Mysteries do abound about the Microsoft-provided command line tool AzCopy, not the least being the fact that there is a version 10 and a version 8.1. Items as of this writing:
- Version 8.1 is downloadable from Office 365, and works. Have no clue what 10 is for.
- Usage and download of it, is now through Office 365 Security & Compliance, Information Governance, Import.
- When you run it for an upload, add “/NC:2” to the end of the command line. This increases its speed and stability quite a lot, and prevents timeouts. Default is reportedly 24. Perhaps the developers are sitting on Google Fiber?
- If it times out, just restart it carefully, it will usually continue where it left off.
If the above works for you, use the same number when downloading PSTs from eDiscovery, via registry edit:
Windows Registry Editor Version 5.00
If you let the eDiscovery Export Tool time out, it will eventually give you a link:
which has the registry edit below. No explanation is given, but it does say that adjustment of the number (in some direction?) can help.
Windows Registry Editor Version 5.00
- Install the Azure Active Directory Module for Powershell.
- Connect to Azure AD, and disable sync:
Set-MsolDirSyncEnabled –EnableDirSync $false
- Check status, repeatedly, until it returns False. It can take 72 hours for sync to be fully deactivated.
This includes Exchange Online, Lync, and others:
This has been updated recently, and many changes have occurred. Ports have been reduced considerably, and many more FQDNs added.
The following method is appearing to work always, at least it has not yet failed in many attempts on many platforms:
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session -DisableNameChecking
When you’re done, be sure to do the following afterwards, or you may have to wait for automatic session expiration.
There is a newer method, below, which recently we have sometimes seen fail. Visually it appears to use newer APIs. Requires Powershell 5.1:
Set-ExecutionPolicy RemoteSigned -Force
Install-Module -Name AzureAD
It can happen fairly easily, that one or more user’s Office 365 login is wrong, and AD Sync fails to correct it. Here is a manual override, courtesy of the excellent Joe Busby.
- On a domain controller, verify the AD username and proxy addresses is set correctly.
- Connect to O365 Powershell on any machine with Powershell 5.1, and run this command:
Set-MsolUserPrincipalName -UserPrincipalName "email@example.com" -NewUserPrincipalName "firstname.lastname@example.org"
- On the user’s PC:
- Navigate to Settings > Accounts > Access work or school
- Disconnect from any accounts linked to the new or old username
- Hit the [ + ] Connect button and provide the credentials to sign in to Office 365
- If their password has been changed since their account was synced up with the wrong username, the password may need to be reset.
- Remove any credentials from windows credential manager that match the old username.
- Check Outlook, you may have to create a new profile.