Category: Office 365

The Office 365 console...
article #1424, updated 43 days ago

…is often like a flying carpet in a hurricane.

Categories:      

==============

When AD -> Azure Sync Fails for a User
article #1417, updated 72 days ago

There are many ways of doing this. Here is one way to bring everything into a single consistent behavior, a landing place from which you can vary slightly at need.

This presumes that you have Azure/AD sync installed and working in general, and yielding errors in the Synchronization Service window for one or more users. Make sure that you don’t have duplicate email addresses in AD, that could be bad.

The first steps are in Active Directory Users and Computers.

  1. Set the user’s email correctly in his/her AD object, in “E-mail” under General.
  2. Set proxyAddresses in the Attribute Editor. The primary email address has to be the same, and in proxyAddresses has to be of the format “SMTP:email@domain.com”. There can be others in proxyAddresses but smtp must be lowercase. Also in proxyAddresses, set mailNickname blank.
  3. Under Account, either the user login name plus the dropdown domain is to be the same as the above, or it is to be a valid login according to the O365 console. If the dropdown domain list is local only, you can add the Internet domain list in Active Directory Domains and Trusts, with a right-click on the root level in the left pane of that window, and then an add of one or more alternative UPN suffixes. Then restart ADUC and the domain(s) you just added will be available in the dropdown.

Now we do some other things.

  1. Run Azure/AD sync, this is CMD, do it as administrator:
repadmin /syncall /AdeP
@"%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -InputFormat None -ExecutionPolicy Bypass -Command ^
"Import-Module ADSync; Start-ADSyncSyncCycle -PolicyType Delta"
  1. If you see errors in the Synchronization Service window, run something called a “hard match”, which changes enough to connect the AD user of that email address, with the Azure user of that email address. Here’s a script for it, Powershell; you’ll need to log into the O365 tenant. Note that while $AzureUPN is the O365 “primary email address”, $ADUPN is the double item under Profile in AD, the username plus the domain dropdown.
$AzureUPN = "user_email_on_azure@domain.com"
$ADUPN = "user_login_in_ad@domain.com"

"First connect to AzureAD:"
Connect-AzureAD

"Now get Azure ImmutableID:"
$AzureUser = Get-AzureADUser -SearchString $AzureUPN
$AzureUser.ImmutableID
""
""
"Extracting AD GUID..."
ldifde -f export.txt -r "(Userprincipalname=$ADUPN)" -l *
$ADGUID = (-split (type export.txt | select-string "ObjectGUID"))[1]
"Extracted AD GUID:"
$ADGUID
""
""
Set-AzureADuser -ObjectID $AzureUser.ObjectID -ImmutableID $ADGUID

"New Azure ImmutableID re-extracted for confirmation:"
$AzureUser = Get-AzureADUser -SearchString $AzureUPN
$AzureUser.ImmutableID

Categories:      

==============

Connect PowerShell to Exchange Online / Office 365 / Azure
article #804, updated 265 days ago

The following method is the Microsoft-recommended current one. You may need to use Install-Module instead of Update-Module depending on pre-existing installations et cetera:

Set-ExecutionPolicy RemoteSigned -Force -Scope Process
Update-Module -Name ExchangeOnlineManagement
Update-Module -Name AzureAD
Update-Module -Name MSOnline
Import-Module -Name ExchangeOnlineManagement
Import-Module -Name MSOnline
Import-Module -Name AzureAD
Connect-ExchangeOnline -UserPrincipalName login@domain.com -ShowProgress $true

The following method is the previous, and is the one which works pre-Windows-10 and/or Powershell before 5.1:

$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session -DisableNameChecking

When you’re done, be sure to do the following afterwards, or you may have to wait for automatic session expiration.

Remove-PSSession $Session

Categories:      

==============

Convert Exchange Online / Office 365 Mailbox from AD Sync to Cloud Only
article #1368, updated 346 days ago

In administrative Powershell:

  1. Install-Module AzureAD
  2. Install-Module MSOnline
  3. Connect-AzureAD
  4. Connect-MsolService

In Active Directory Users and Computers, remove the user object from OU being AD-synched. Then complete an Azure/AD sync cycle. Then:

  1. Restore-MsolUser -UserPrincipalName users_login_probably_email
  2. Set-MsolUser -UserPrincipalName users_login_probably_email -ImmutableId "$null"

Do the last step before the next automatic AD sync!

Categories:      

==============

Filter On-Prem Exchange Attributes for Azure AD Sync and Office 365 Migration
article #1379, updated 379 days ago

A couple of links:

https://itpro-tips.com/2019/this-users-on-premises-mailbox-hasnt-been-migrated-to-exchange-online/

https://answers.microsoft.com/en-us/msoffice/forum/all/this-users-on-premise-mailbox-hasnt-been-migrated/5735f499-7079-42a4-a5e9-8da275404d09

Categories:      

==============

Upload Huge PSTs to Exchange Online / Office 365 Using AzCopy
article #1373, updated 380 days ago

One can use this to import really big ones, dozens of gigabytes in size, imports which will crash, hang, and otherwise cough on Outlook very easily. Runs directly to folders inside of mailboxes. The amazing Yvonne Wynkoop found the first really good set of instructions we have seen:

blog.natfan.io/importing-psts

Mysteries do abound about the Microsoft-provided command line tool AzCopy, not the least being the fact that there is a version 10 and a version 8.1. Items as of this writing:

  • Version 8.1 is downloadable from Office 365, and works. Have no clue what 10 is for.
  • Usage and download of it, is now through Office 365 Security & Compliance, Information Governance, Import.
  • When you run it for an upload, add “/NC:2” to the end of the command line. This increases its speed and stability quite a lot, and prevents timeouts. Default is reportedly 24. Perhaps the developers are sitting on Google Fiber?
  • If it times out, just restart it carefully, it will usually continue where it left off.

If the above works for you, use the same number when downloading PSTs from eDiscovery, via registry edit:

https://docs.microsoft.com/en-us/microsoft-365/compliance/increase-download-speeds-when-exporting-ediscovery-results?view=o365-worldwide

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Client\eDiscovery\ExportTool]
"DownloadConcurrency"="2"

Categories:      

==============

Improve speed and prevent timeouts downloading PSTs from Office 365
article #1311, updated 384 days ago

If you let the eDiscovery Export Tool time out, it will eventually give you a link:

https://docs.microsoft.com/en-us/office365/securitycompliance/increase-download-speeds-when-exporting-ediscovery-results

which has the registry edit below. No explanation is given, but it does say that adjustment of the number (in some direction?) can help.

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Client\eDiscovery\ExportTool]
"DownloadConcurrency"="2"

Categories:      

==============

New Exchange Online connectivity for Powershell
article #1357, updated 477 days ago

New methods, reportedly considerably better, have not tested yet myself:

https://docs.microsoft.com/en-us/powershell/exchange/exchange-online/exchange-online-powershell-v2/exchange-online-powershell-v2?view=exchange-ps

Categories:      

==============

Turn Off Azure AD Sync via Powershell
article #1334, updated 618 days ago

  1. Install the Azure Active Directory Module for Powershell.
  1. Connect to Azure AD, and disable sync:
Set-MsolDirSyncEnabled –EnableDirSync $false
  1. Check status, repeatedly, until it returns False. It can take 72 hours for sync to be fully deactivated.
(Get-MSOLCompanyInformation).DirectorySynchronizationEnabled 

Categories:      

==============

IPs, URLs, and Ports for Microsoft Cloud Services and Office 365 (Firewall Configuration)
article #800, updated 624 days ago

This includes Exchange Online, Lync, and others:

https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity

This has been updated recently, and many changes have occurred. Ports have been reduced considerably, and many more FQDNs added.

Categories: