Guidelines for Office 365 User Provisioning and De-provisioning Processes – The Lost Documentation | Jesper Stahle's Notes From the Field:
'via Blog this'
Wednesday, December 7, 2016
Wednesday, November 30, 2016
Saturday, November 26, 2016
Jetze's blog: How to remove the Exchange Autodiscover SCP
Jetze's blog: How to remove the Exchange Autodiscover SCP: "-AutoDiscoverServiceInternalUri $null"
'via Blog this'
'via Blog this'
Sunday, November 13, 2016
Office 365 Error - stuck at "We are preparing a mailbox for this user"
Background: Customer
has an Office 365 tenant with DirSync enabled with OnPremise active directory.
DirSync has been setup successfully and no errors are reported on
synchronization. Users correctly appear in the office 365 portal and are
correctly displayed as "Synced with Active Directory"
Users were then
assigned a license using the Office 365 portal. Around 40% of the users were
provisioned successfully and the Office 365 portal successfully displayed the
email addresses and mail properties for the user. The remaining users had the
message "We are preparing a mailbox for this user" under the mail
properties.
In the Exchange
Admin Center, a mailbox was successfully created for all users, including the
ones showing the above error. However certain attributes such as (First Name,
Last Name, proxyaddresses) that were set in the On Premise AD were not being
populated in EAC. The only proxy address displayed was the primary
"user@default-tenantdomain.com" address.
At this point, the
user mailboxes were successfully receiving email and we were able to configure
outlook 2016. However if a user logged in to the Office 365 Portal, the mail
tile was grayed out and displayed "Setting up…".
Having found very
little useful information on forums, a case was logged with Microsoft support
and 12 hours had lapsed with no response. Below are some of the troubleshooting
steps followed to identify the cause of the issue.
Troubleshooting Process
Remove the license assigned to the user, wait for the mailbox to disappear from EAC, reassign license to use. The same issue persisted.
Troubleshooting Process
Remove the license assigned to the user, wait for the mailbox to disappear from EAC, reassign license to use. The same issue persisted.
Connect to Office
365 with Powershell (http://o365info.com/connecting-to-office-365-with-remote/)
$Cred = Get-Credential
Import-Module MSOnline
Connect-MsolService -Credential $cred
$Session = New-PSSession -ConfigurationName
Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $Cred -Authentication Basic
-AllowRedirection
Import-PSSession $Session
Idenitfy user
accounts with errors. The command below listed all the accounts that were
showing the above error.
Get-MsolUser -HasErrorsOnly
Get-MsolUser -HasErrorsOnly
Check the detailed
status of a user account with the error
Get-MsolUser
-UserPrincipalName user@domain.com | fl
The user accounts
that displayed the issue above had the Errors property populated with an
exception and the ValidationStatus property listed as Errors.
The user accounts
that did not have this issue did not have any values in the Errors property and
the ValidationStatus property was listed as Healthy.
Then I came across a
Microsoft KB article on how to troubleshoot validation errors on Office 365.
https://support.microsoft.com/en-au/kb/2741233
https://support.microsoft.com/en-au/kb/2741233
The following
commands were run to retrieve the errors on user object
$errors = (get-msoluser -userprincipalname
"johnsmith@contoso.com").Error
$errors | foreach-object {"`nService: "+
$_.ErrorDetail.Name.split("/")[0]; "Error Message: "+
$_.ErrorDetail.ObjectErrors.ErrorRecord.ErrorDescription}
The output displayed
an error with the Country code.
This lead me to
investigate the user accounts in Active Directory.
All users did not
have the country code populated in the Address tab. However, looking at the
attribute editor, I found the users with the issue had the "C"
attribute set to the value "EN" whereas the users who did not have
the issue did not have a value set for the "C" attribute.
Solution: Clear the
country code attribute or set the Country in the Address tab for each user.
This can also be done by selecting multiple users.
Once the country
code is set, force a DirSync to replicate.
Start-ADSyncSyncCycle -PolicyType initial
Start-ADSyncSyncCycle -PolicyType initial
Once replication
completed, the user mailboxes were completed successfully within about 5 mins.
Saturday, November 12, 2016
Thursday, October 13, 2016
Friday, October 7, 2016
Netscaler URL Transform
The aim of this exercise was to direct user requests to separate PROD and UAT server based on the request URL.
e.g. Users access the following URLs.
1. https://service.company.com/prod
2. https://service.company.com/uat
The netscaler will then direct these requests to the relevant internal server.
1. http://prod.company.internal
2. http://uat.company.int
................................
Summarized steps are as follows;
1. In Traffic Management > Load Balancing > Servers, define the internal servers (UAT/PROD) providing the service.
2. Then create the HTTP services for these servers.
3. In Load Balancing > Virtual Servers, create a lb_vs for each service with the IP address set to non-addressable.
4. In Load Balancing > Content Switching, create a new content switching virtual server with protocol SSL and set an IP.
4. Create 2 content switching policies with the details below.
Name: Policy_prod
Domain: service.company.com
URL: /prod
Name: Policy_UAT
Domain:service.company.com
URL:/uat
5. Associate the 2 content switching policies with the content switching virtual server. Select the target load balancing virtual server for created in step 3. This will ensure that requests for PROD and UAT traffic is sent to the correct server.
6. Next we need to ensure that requests sent to the back end servers do not have the external Hostname and URL. This is achieved by using a URL transform rule. In AppExpert > Rewrite > URL Transformation, create two profiles with the following transform actions.
Name: acct-prod-transform
Priority: 100
Request URL From: https://service.company.com/prod
Request URL Into: http://prod.company.internal
Response URL Into: http://prod.company.internal
e.g. Users access the following URLs.
1. https://service.company.com/prod
2. https://service.company.com/uat
The netscaler will then direct these requests to the relevant internal server.
1. http://prod.company.internal
2. http://uat.company.int
................................
Summarized steps are as follows;
1. In Traffic Management > Load Balancing > Servers, define the internal servers (UAT/PROD) providing the service.
2. Then create the HTTP services for these servers.
3. In Load Balancing > Virtual Servers, create a lb_vs for each service with the IP address set to non-addressable.
4. In Load Balancing > Content Switching, create a new content switching virtual server with protocol SSL and set an IP.
4. Create 2 content switching policies with the details below.
Name: Policy_prod
Domain: service.company.com
URL: /prod
Name: Policy_UAT
Domain:service.company.com
URL:/uat
5. Associate the 2 content switching policies with the content switching virtual server. Select the target load balancing virtual server for created in step 3. This will ensure that requests for PROD and UAT traffic is sent to the correct server.
6. Next we need to ensure that requests sent to the back end servers do not have the external Hostname and URL. This is achieved by using a URL transform rule. In AppExpert > Rewrite > URL Transformation, create two profiles with the following transform actions.
Name: acct-prod-transform
Priority: 100
Request URL From: https://service.company.com/prod
Request URL Into: http://prod.company.internal
Response URL Into: http://prod.company.internal
Response URL From: https://service.company.com/prod
Similarly, create another profile for UAT
7. Create a Transform Policy with the following expression and the profile above.
Expression: HTTP.REQ.URL.PATH_AND_QUERY.CONTAINS("/prod")
8. Associate the URL transformation policy with the Load Balanced VIP
9. Now the requests to the external address should be transformed to the internal server address and the reponses transformed back to the external address.
Similarly, create another profile for UAT
7. Create a Transform Policy with the following expression and the profile above.
Expression: HTTP.REQ.URL.PATH_AND_QUERY.CONTAINS("/prod")
8. Associate the URL transformation policy with the Load Balanced VIP
9. Now the requests to the external address should be transformed to the internal server address and the reponses transformed back to the external address.
Monday, September 19, 2016
Friday, September 16, 2016
Thursday, September 8, 2016
Wednesday, September 7, 2016
Tuesday, August 30, 2016
Friday, August 5, 2016
Friday, July 15, 2016
Monday, June 20, 2016
Wednesday, June 15, 2016
Monday, June 6, 2016
Ofice 365 License Assignment Powershell
https://blogs.technet.microsoft.com/treycarlee/2014/12/09/powershell-licensing-skus-in-office-365/
https://365lab.net/2014/12/17/office-365-assign-individual-parts-of-licenses-based-on-groups-using-powershell/
https://365lab.net/2014/04/15/office-365-assign-licenses-based-on-groups-using-powershell/
https://365lab.net/2014/12/17/office-365-assign-individual-parts-of-licenses-based-on-groups-using-powershell/
https://365lab.net/2014/04/15/office-365-assign-licenses-based-on-groups-using-powershell/
Sunday, May 22, 2016
Saturday, May 21, 2016
Sunday, May 15, 2016
Friday, May 13, 2016
Monday, May 9, 2016
Saturday, April 30, 2016
AdminSDHolder, Protected Groups and SDPROP
User accounts losing inherited permissions due to membership of a protected group
AdminSDHolder, Protected Groups and SDPROP:
'via Blog this'
AdminSDHolder, Protected Groups and SDPROP:
'via Blog this'
Friday, April 22, 2016
Exchange Mailbox and ProxyAddress Export Script
Get-Mailbox -Server EXSERVERNAME |
select DisplayName, Alias, @{n="First Name";e={(get-user $_.name).FirstName
}}, @{n="Last Name";e={(get-user $_.name).LastName
}}, @{n="Country";e={(get-user $_.name).CountryOrRegion
}}, @{n="Office";e={(get-user $_.name).Office
}}, @{n="City";e={(get-user $_.name).City
}}, @{n="Phone";e={(get-user $_.name).Phone
}}, @{n="Mobile";e={(get-user $_.name).MobilePhone
}}, OrganizationalUnit, RecipientTypeDetails, primarysmtpaddress, ForwardingAddress, DeliverToMailboxAndForward, @{n="Mailbox Size";e={(Get-MailboxStatistics $_.name).TotalItemSize.value.ToMB()
}}, @{n="Title";e={(get-user $_.name).title
}}, @{n="Department";e={(get-user $_.name).department
}}, @{Name=“EmailAddresses”;Expression={$_.EmailAddresses |Where-Object {$_.PrefixString -ceq
“smtp”} |
ForEach-Object {$_.SmtpAddress}}},
MaxsendSize,
recipientlimits,
database |
Export-CSV c:\temp\Mailboxes.csv
Friday, March 18, 2016
Java and Identity Management: Certificate not issued (Denied) Denied by Policy Module The DNS name is unavaila ble and cannot be added to the Subject Alternate name. 0x8009480f
Custom Certificate Request Errors With 0x80094801 | Jermsmit.com - Jermal Smith
Custom Certificate Request Errors With 0x80094801 | Jermsmit.com - Jermal Smith: "certreq -submit -attrib “CertificateTemplate:WebServer” "
'via Blog this'
'via Blog this'
Friday, February 5, 2016
Wednesday, January 13, 2016
Subscribe to:
Posts (Atom)