Yesterday, I needed to help configure a SharePoint Server 2019 User Profile service to import from local Active Directory using the native SharePoint Active Directory Import.
In order to perform Active Directory Import, the service account you specify must have Replicating Directory Changes permissions.… [ Continue reading ]
Yesterday, a peer brought an interesting problem to me:
His customer had been storing data in the on-premises msExchExtensionCustomAttribute properties for users and wanted to be able to use that data in Exchange Online for filtering and dynamic group membership.… [ Continue reading ]
Or at least, every last one that I know.
Over the years, I’ve amassed quite a collection of these. Yesterday, I was helping out a colleague determine what a particular value meant and referenced a spreadsheet that I’ve been maintaining for my own purposes.… [ Continue reading ]
This week, I’ve got a few updates for the AAD Network Communications Test!
- I’ve moved it to the PowerShell Gallery. You can now install it with PowerShellGet by using the command:
Install-Script -Name AADConnect-CommunicationsTest
- I’ve updated the GCC High and DOD endpoints to the best of my ability (I’m always looking for feedback on this, so if you have new endpoints, be sure to connect with me!)
… [ Continue reading ]
Last week, I began working with a customer that was experiencing what appeared to be a significant amount of updates to a certain group of objects in the local Active Directory. These objects were being imported from another forest as contacts, yet found themselves being updated very frequently by the local AAD Connect instance.… [ Continue reading ]
A new year, a new test!
While troubleshooting a few installation and update issues, I noticed that the endpoints list was a smidgen out of date, so I’ve updated that. For this update, I attached Fiddler (http://www.telerik.com/Fiddler… [ Continue reading ]
Just a quickie post this holiday week.
Many customers have had Exchange on-premises forever. Back in the olden days, we just had user mailboxes. Need a shared team mailbox? You get a user mailbox. Need a conference room mailbox? … [ Continue reading ]
I got caught up in doing this, and now it’s 3:45AM. C’est la vie! My loss of sleep is your threat analysis gain.
I’ve made several updates to the PwnCheck tool (used to query the HaveIBeenPwned.com… [ Continue reading ]
I couldn’t really come up with a cool-sounding title for this post, so I just went with the basics of what it does.
Last week, I worked with a customer that wanted to deploy custom retention labels to custom folders inside a user’s mailbox–the idea being that they would create a custom folder structure such as this under a user’s Inbox:
\Inbox\Retention Schedule\2 Year (apply a 2-year retention label to everything in this folder)
\Inbox\Retention Schedule\4 Year (apply a 4-year retention label to everything in this folder)
\Inbox\Retention Schedule\7 Year (apply a 7-year retention label to everything in this folder)
\Inbox\Retention Schedule\Forever (apply a ‘Never delete’ retention label to everything in this folder)
Seems easy enough, right? … [ Continue reading ]
A few weeks ago, I ran into an issue with a customer. Scenario:
- Customer had configured alternate-id sign in with AAD Connect (the gist is that it flows on-premises mail to cloud UPN)
- Synced identity to tenant
- Tenant did not have any verified domains
As expected, without a matching verified domain in the tenant, UPN suffixes in the tenant were actually set as @tenant.onmicrosoft.com. … [ Continue reading ]
Sometimes, your mind just gets to thinking about stuff you could have done better. Last night was one of those times.
I’d started building new lab environments for work, and decided to start pumping users into AD and syncing them to my test tenants. … [ Continue reading ]
Yes, these seems like a silly feature to add (since you can just do a single identity from the haveibeenpwned.com website, buuuuuuuttttttttttt…..), I wanted to showcase the script’s versatility while at a customer, so I added this one on the fly today.… [ Continue reading ]
As you may have figured out from the title, I’ve got a guest post today. Jorge Lopez is a Premier Field Engineer, and has spent a lot of time in the trenches with Windows, AD, and Azure AD, and currently works helping customers resolve hybrid identity issues. … [ Continue reading ]
Right before sending a customer the link for the tool, I decided to test it and noticed that I encountered an unexpected credential prompt. I updated the parameter name, and then added a new feature as well–a test to see if your tenant has the correct licensing to enable Password writeback. … [ Continue reading ]
This update comes from a user–it’s a pretty simple one.
I posted the script Remove-ProxyAddresses back in 2017 after writing a blog post on the same topic. In my script, I had covered Mailboxes, MailUsers, and Contacts. … [ Continue reading ]
This afternoon, while working with a colleague, I was alerted to a customer that appears to have the same 6-character password set for every user, which honestly, I feel like violates the very notion of a password. … [ Continue reading ]
I hadn’t touched this one in a while, but a recent request from a customer had me checking in on it. I tidied it up (no one likes people staring at their dirty laundry), and updated the scripting to be more efficient. … [ Continue reading ]
It’s been a while since I’ve updated this popular tool, and the need was brought to my attention by a peer who noticed an attribute being exported to on-premises AD (but failing):
As it turns out, the msDS-KeyCredentialLink is required for Windows Hello for Business Hybrid.… [ Continue reading ]
One of the issues that some of my larger customers have been dealing with is the lack of tooling and planning around moving legacy Exchange Online In-Place eDiscovery & Holds to the new(ish) Security & Compliance Center. … [ Continue reading ]
The other day, on one of the forums, I came across an issue that I also had with one of my customers a few years ago. In my customer’s instance, they had imported thousands of contacts into an externally trusted forest and deleted them in their primary forest (which then removed the objects from Office 365). … [ Continue reading ]