* UPDATE* After doing this originally, I decided to take a different route and write it back to the on-premises AD, so that way, the objects are synchronous. This post now reflects the updated content.
A few weeks ago, I had an issue where I needed to remove a proxy address from the proxyAddresses array of a user being synchronized to Office 365. … [ Continue reading ]
Update: There are new cmdlets available for this task. This blog is for historical reference only. A new, updated process is available here (https://www.undocumented-features.com/2017/04/29/disable-office-365-groups-creation-redux/).
Office 365 Groups are a (somewhat) new feature that act both like a distribution list and a public folder or shared mailbox. … [ Continue reading ]
So, a million years and tens of thousands of lines of code ago, I wrote a script for a customer to populate the Office 365 UsageLocation property (Set-MsolUser -UsageLocation) with the ISO country codes from Active Directory. In Office 365, UsageLocation is used to determine what features are available to your users.… [ Continue reading ]
One of the first steps in preparing for an Office 365 migration is running a tool we provide called IDFix. The goal of this tool is to help minimize identity issues when migrating to the cloud. Most identity issues come down to two issues:
- Invalid characters in key attributes
- User objects with duplicate values in indexed attributes (duplicate objects)
The first issue is pretty easy to deal with–IDFix will identify objects with offending characters and the attributes where they exist, and will even make some recommendations. … [ Continue reading ]
I had an interesting request from a customer the other day where they were synchronizing Active Directory into two disparate environments–Office 365 and another hosted Exchange environment. In their new Office 365 environment, they didn’t want any address proxies matching a particular pattern to be part of a user’s proxyAddress array–BUT–they also didn’t want to remove them from their on-premises accounts since they are being used by their other hosting environment as an application routing address.… [ Continue reading ]
From time to time, an issue that crops up during Exchange or Office 365 migrations is the dreaded “insufficient access rights:”
It’s commonly manifested like this (though I have seen it displayed other ways as well):
Warning: Unable to update Active Directory information for the source mailbox at the end of the move.… [ Continue reading ]
While troubleshooting a Password Hash Sync issue with a customer, I found myself needing to trigger a full password hash sync for various connectors. Password Hash Sync is a separate process from the AADSync process. It’s not a difficult process, but becomes time consuming (especially if you have a lot of connectors from which to choose).… [ Continue reading ]
A few years ago, we released “DirSync with Password Hash Synchronization,” and it was kind of an all-or-nothing choice. You could either have a synchronized account database with synchronized password hashes (so users would authenticate in the cloud), or a federated environment. … [ Continue reading ]