Just a quickie post this holiday week.
Many customers have had Exchange on-premises forever. Back in the olden days, we just had user mailboxes. Need a shared team mailbox? You get a user mailbox. Need a conference room mailbox? … [ Continue reading ]
I got caught up in doing this, and now it’s 3:45AM. C’est la vie! My loss of sleep is your threat analysis gain.
I’ve made several updates to the PwnCheck tool (used to query the HaveIBeenPwned.com… [ Continue reading ]
I couldn’t really come up with a cool-sounding title for this post, so I just went with the basics of what it does.
Last week, I worked with a customer that wanted to deploy custom retention labels to custom folders inside a user’s mailbox–the idea being that they would create a custom folder structure such as this under a user’s Inbox:
\Inbox\Retention Schedule\2 Year (apply a 2-year retention label to everything in this folder)
\Inbox\Retention Schedule\4 Year (apply a 4-year retention label to everything in this folder)
\Inbox\Retention Schedule\7 Year (apply a 7-year retention label to everything in this folder)
\Inbox\Retention Schedule\Forever (apply a ‘Never delete’ retention label to everything in this folder)
Seems easy enough, right? … [ Continue reading ]
A few weeks ago, I ran into an issue with a customer. Scenario:
- Customer had configured alternate-id sign in with AAD Connect (the gist is that it flows on-premises mail to cloud UPN)
- Synced identity to tenant
- Tenant did not have any verified domains
As expected, without a matching verified domain in the tenant, UPN suffixes in the tenant were actually set as @tenant.onmicrosoft.com. … [ Continue reading ]
Sometimes, your mind just gets to thinking about stuff you could have done better. Last night was one of those times.
I’d started building new lab environments for work, and decided to start pumping users into AD and syncing them to my test tenants. … [ Continue reading ]
Yes, these seems like a silly feature to add (since you can just do a single identity from the haveibeenpwned.com website, buuuuuuuttttttttttt…..), I wanted to showcase the script’s versatility while at a customer, so I added this one on the fly today.… [ Continue reading ]
As you may have figured out from the title, I’ve got a guest post today. Jorge Lopez is a Premier Field Engineer, and has spent a lot of time in the trenches with Windows, AD, and Azure AD, and currently works helping customers resolve hybrid identity issues. … [ Continue reading ]
Right before sending a customer the link for the tool, I decided to test it and noticed that I encountered an unexpected credential prompt. I updated the parameter name, and then added a new feature as well–a test to see if your tenant has the correct licensing to enable Password writeback. … [ Continue reading ]
This update comes from a user–it’s a pretty simple one.
I posted the script Remove-ProxyAddresses back in 2017 after writing a blog post on the same topic. In my script, I had covered Mailboxes, MailUsers, and Contacts. … [ Continue reading ]
This afternoon, while working with a colleague, I was alerted to a customer that appears to have the same 6-character password set for every user, which honestly, I feel like violates the very notion of a password. … [ Continue reading ]
I hadn’t touched this one in a while, but a recent request from a customer had me checking in on it. I tidied it up (no one likes people staring at their dirty laundry), and updated the scripting to be more efficient. … [ Continue reading ]
It’s been a while since I’ve updated this popular tool, and the need was brought to my attention by a peer who noticed an attribute being exported to on-premises AD (but failing):
As it turns out, the msDS-KeyCredentialLink is required for Windows Hello for Business Hybrid.… [ Continue reading ]
One of the issues that some of my larger customers have been dealing with is the lack of tooling and planning around moving legacy Exchange Online In-Place eDiscovery & Holds to the new(ish) Security & Compliance Center. … [ Continue reading ]
The other day, on one of the forums, I came across an issue that I also had with one of my customers a few years ago. In my customer’s instance, they had imported thousands of contacts into an externally trusted forest and deleted them in their primary forest (which then removed the objects from Office 365). … [ Continue reading ]
In part 1 of our adventure, we built an Azure AD lab to support configuring AAD Connect to work as a GalSync engine. In this post, we’ll finish up the configuration. As a reminder, this is the what the overall solution will look like:
And, as I mentioned in part 1:
Please don’t call Premier asking for support on this.… [ Continue reading ]
A few years ago, I worked with one of my close consultant peers to build a GALSync-style solution for a big state government that was going through a divestiture from a single BPOS-D (yes, I am old) and a single managed hosted Exchange environment to multiple O365 multi-tenant instances. … [ Continue reading ]
It’s that time of the year again! I’ve expanded upon an existing feature in the AAD Network Test Tool.
One of the prerequisites listed on the AAD Connect support page is to ensure the Turn on PowerShell Transcription GPO is set to Not Configured. … [ Continue reading ]
This feature is an “oldie but goodie” that my customers are starting to ask questions about as they start looking into ways to automate their Office 365 deployments.
Can I sync additional attributes to Office 365, and can I use them for Group-Based Licensing?… [ Continue reading ]
It’s Two-fer Friday. I don’t know if it was a thing, but it is now.
Based on received feedback, I have updated the AAD Connect Advanced Permissions tool to check for the Active Directory schema version in addition to the Exchange schema. … [ Continue reading ]
Yes, Hell has frozen over. The cows have come home. The lady of size has sung.
I have come up with a “best case” solution for the Office 365 hybrid group write-back problem.
For the long(er) background, you’ll probably want to go see this post.… [ Continue reading ]