Configuration

Cloud UPNs for AAD Connect users with Alt-ID don’t update after domain verified in tenant

A few weeks ago, I ran into an issue with a customer.  Scenario:

  • Customer had configured alternate-id sign in with AAD Connect (the gist is that it flows on-premises mail to cloud UPN)
  • Synced identity to tenant
  • Tenant did not have any verified domains

As expected, without a matching verified domain in the tenant, UPN suffixes in the tenant were actually set as @tenant.onmicrosoft.com. [ Continue reading ]

Configuration

Update: AAD Connect Network Test Tool

I trotted out the trusty WireShark and Fiddler tools today and ran through the latest iteration of AAD Connect setup.  In so doing, I’ve added a few endpoints to the test:

$CRL
http://ocsp.msocsp.com

$RequiredResources
adminwebservice-s1-co2.microsoftonline.com

$RequiredResourcesEndpoints
https://adminwebservice-s1-co2.microsoftonline.com/provisioningwebservice.svc

As always, the newest version is available at http://aka.ms/aadnetwork.… [ Continue reading ]

Client

Dynamics 365 Network Test Tool

Yesterday, I was asked if I had developed any testing tools for the Dynamics CRM suite availability—but, never having had to do much with them, I didn’t have anything available.  I just built a quick tool today, and it covers all of the endpoints listed at https://support.microsoft.com/en-us/help/2655102/internet-accessible-urls-required-for-connectivity-to-microsoft-dynami and https://msdn.microsoft.com/en-us/library/gg328127.aspx, broken apart by region, with the exception of the following URLs that we have listed:

  • https://cloudredirectorsam.cloudapp.net – no valid DNS
  • https://cloudredirectorsamsec.cloudapp.net – no valid DNS
  • https://www.crmdyntint.com – unregistered domain
  • http://*.passport.net – no valid URLs to test
  • https://sc.imp.live.com – no valid DNS
  • https://cloudredirectornam.cloudapp.net – no valid DNS
  • https://cloudredirectornamsec.cloudapp.net – no valid DNS
  • https://cloudredirectoreur.cloudapp.net – no valid DNS
  • https://cloudredirectoreursec.cloudapp.net – no valid DNS
  • https://cloudredirectorapj.cloudapp.net – no valid DNS
  • https://cloudredirectorapjsec.cloudapp.net – no valid DNS
  • https://cloudredirectorjpn.cloudapp.net – no valid DNS
  • https://cloudredirectorjpnsec.cloudapp.net – no valid DNS
  • https://dynamicscrmgcc.accesscontrol.usgovcloudapi.net – No valid DNS
  • https://cloudredirectoroce.cloudapp.net – No valid DNS

As a note, I haven’t added any of the Azure datacenter IPs in there (since we don’t have any endpoints or ability to stand up generic services in those).… [ Continue reading ]

Configuration

Update to the AAD Connect Network and Name Resolution Test Tool

A few months ago, I debuted a new tool for AAD Connect deployment (read about it here: AAD Connect Network and Name Resolution Test or download it here: https://gallery.technet.microsoft.com/Azure-AD-Connect-Network-150c20a3) which allows you to test a number of conditions to make sure your server and environment are suitable for deploying AAD Connect.… [ Continue reading ]

Client

Clearing Skype Cached data

Last year, I had a project that involved migrating a large customer from Office 365 Dedicated to Office 365 GCC (multi-tenant).  While Exchange hybrid moves were possible for the mailboxes, we were unable to perform the necessary hybrid migration configuration for Lync to migrate users. … [ Continue reading ]

Migrating

Troubleshooting Mailbox Migration Error “You can’t use the domain because it’s not an accepted domain for your organization.”

While migrating users via MRS between organizations (especially to Exchange Online), a pretty common error that I run across is:

You can’t use the domain because it’s not an accepted domain for your organization.

This error is generated because the MailUser object of the user you’re attempting to migrate has a proxy address attached to it that is NOT an accepted domain in your target organization or tenant.… [ Continue reading ]

Troubleshooting

Mailbox Delivery Settings

From time to time, I run into environments where things are configured in “non-standard” ways.  Granted, we don’t have a lot of specificity or documentation around some attribute configurations because the default configuration has been tested by the people who created the software and works in almost every conceivable situation. … [ Continue reading ]

Migrating

Fix those IMCEAEX NDRs

I had a customer migrate some mailboxes a few weeks ago, and they’re now just getting some NDRs.  Here’s a sample NDR:

imceaex-1

To fix this, you can take the NDR that you receive, copy/paste it into this function, and then take the resultant decoded x500 address and add it back to the proxyAddress array for the recipient.… [ Continue reading ]