Removing Inactive Domain Users from Global Address List – Azure AD SYNC

Generally speaking, we can use “Hide from Exchange Address lists” to achieve it.
You can hide the account from the Global Address List in Office 365 by setting the msExchHideFromAddressLists attribute for the object to “true” in their on-premises Active Directory. The prerequisite is that on-premises AD schema is extended for Exchange. You can open the Properties of this accout, and then locate the Attribute Editor tab to check this attribute.

Please refer to this article to see the attributes that are synced from local AD to Windows Azure Active Directory: http://social.technet.microsoft.com/wiki/contents/articles/19901.dirsync-list-of-attributes-that-are-synced-by-the-azure-active-directory-sync-tool.aspx

You can see the attribute msExchHideFromAddressLists is listed on the table.
After that, please force DirSync to update the change, and then wait a little time

Advertisements

Office 365 Calendar sharing – share to a group of people within organisation

Good discussion about sharing calendars with distribution groups and why it doesnt work!

https://community.spiceworks.com/topic/1747210-office-365-calendar-sharing-share-to-a-group-of-people-within-organisation

 

Add PST to Office365

https://support.office.com/en-us/article/Use-network-upload-to-import-PST-files-to-Office-365-103f940c-0468-4e1a-b527-cc8ad13a5ea6

.local again!

Full credit to Mark Parris for the original write up

Active Directory: .local domain design and Office 365.

Active Directory: .local domain design and Office 365.

Microsoft since the release of Windows 2000 Server have recommended that any Windows Server environment promoted to host an Active Directory forest/domain should be configured with a registered Top Level Domain (TLD), such as .com, .net, .org etc.

Many companies have ignored this advice and taken the approach of, my internet presence is for example markparris.net so I will therefore call my Active Directory forest markparris.local.

This approach to the .local namespace in Active Directory has caused no real issue, with exception of Apple Mac Integration into the environment (see below).

With the onset of the cloud, premises and off premises computing the .localnamespace now causes a potential issue. The .local namespace issue may be resolved with a simple fix or it could involve a fair amount of remediation work.

In order to use Microsoft Office 365 Cloud Services with an on premise Active Directory synchronised via DirSync to the “Microsoft Cloud” the forests namespace or to be more precise the users UPN (User Principal Name) must be an internet registered TLD.   In most companies this can be easily achieved by setting all cloud users UPN’s to their email address (or another registered namespace) and then this is what the user presents to Microsoft, to be authenticated/validated.

In some companies, the .local UPN namespace may already be in use for something else and a UPN remediation project may need to be completed prior to any Microsoft cloud integration. This could again be a simple resolution or a huge global project.

So to summarise, the recommendation is still not to use the .local namespace in any new Active Directory implementation, if you have utilised the .localnamespace and you have a requirement to implement Office 365, then identify and configure a registered UPN for the affected accounts.

To be fair to Microsoft, they did tell you.

DNS name registration with an Internet registrar

We recommend that you register DNS names for the top-most internal and external DNS namespaces with an Internet registrar. This includes the forest root domain of any Active Directory forests unless such names are sub-domains of DNS names that are registered by your organization name (For example, the forest root domain “corp.example.com” is a sub-domain of an internal “example.com.” namespace.) Article ID: 300684 – Last Review: February 16, 2011 – Revision: 25.1.  http://support.microsoft.com/kb/300684

As I put my thoughts down, it has also become apparent to me that anyone with an Active Directory namespace that uses a TLD namespace that is not registered to them will also have this same issue and will also need to configure new UPN’s.

Apple Issues

Mac OS X: About Multicast DNS

http://support.apple.com/kb/TA20999?viewlocale=en_US

You receive an “unexpected error occurred” error message when you try to access resources on a Windows-based network from your Macintosh computer

http://support.microsoft.com/kb/836413

.local to Office365 SSO

How to prepare a non-routable domain (such as .local domain) for directory synchronization

---

APPLIES TO: Office 365 Admin

Which version do I have?

When you synchronize your on-premises directory with Office 365 you have to have a verified domain in Azure Active Directory. Only the User Principal Names (UPN) that are associated with the on-premises domain are synchronized. However, any UPN that contains an non-routable domain, for example .local (like billa@contoso.local), will be synchronized to an .onmicrosoft.com domain (like billa@contoso.onmicrosoft.com). If you currently use a .local domain for your user accounts in Active Directory it’s recommended that you change them to use a verified domain (like billa@contoso.com) in order to properly sync with your Office 365 domain.

What if I only have a .local on-premises domain?

The most recent tool you can use for synchronizing your Active Directory to Azure Active Directory is named Azure AD Connect. For more information, see Integrating your on-premises identities with Azure Active Directory.

Azure AD Connect synchronizes your users’ UPN and password so that users can sign in with the same credentials they use on-premises. However, Azure AD Connect only synchronizes users to domains that are verified by Office 365. This means that the domain also is verified by Azure Active Directory because Office 365 identities are managed by Azure Active Directory. In other words, the domain has to be a valid Internet domain (for example, .com, .org, .net, .us, etc.). If your internal Active Directory only uses a non-routable domain (for example, .local), this can’t possibly match the verified domain you have on Office 365. You can fix this issue by either changing your primary domain in your on premises Active Directory, or by adding one or more UPN suffixes.

Change your primary domain

Change your primary domain to a domain you have verified in Office 365, for example, contoso.com. Every user that has the domain contoso.local is then updated to contoso.com. For instructions, see How Domain Rename Works. This is a very involved process, however, and an easier solution is to add UPN suffixes, as shown in the following section.

Add UPN suffixes and update your users to them

You can solve the .local problem by registering new UPN suffix or suffixes in Active Directory to match the domain (or domains) you verified in Office 365. After you register the new suffix, you update the user UPNs to replace the .local with the new domain name for example so that a user account looks like billa@contoso.com.

After you have updated the UPNs to use the verified domain, you are ready to synchronize your on-premises Active Directory with Office 365.

Step 1: Add the new UPN suffix

1. On the server that Active Directory Domain Services (AD DS) runs on, in the Server Manager choose Tools >Active Directory Domains and Trusts.

   Or, if you don’t have Windows Server 2012

   Press Windows key + R to open the Run dialog, and then type in Domain.msc, and then choose OK.

   

2. On the Active Directory Domains and Trusts window, right-click Active Directory Domains and Trusts, and then choose Properties.

   

3. On the UPN Suffixes tab, in the Alternative UPN Suffixes box, type your new UPN suffix or suffixes, and then choose Add > Apply.

   Choose OK when you’re done adding suffixes.

Step 2: Change the UPN suffix for existing users

1. On the server that Active Directory Domain Services (AD DS) runs on, in the Server Manager choose Tools >Active Directory Active Directory Users and Computers.

   Or, if you don’t have Windows Server 2012

   Press Windows key + R to open the Run dialog, and then type in Dsa.msc, and then click OK

2. Select a user, right-click, and then choose Properties.
3. On the Account tab, in the UPN suffix drop-down list, choose the new UPN suffix, and then choose OK.

   

4. Complete these steps for every user.

   Alternately you can bulk update the UPN suffixes by using PowerShell.

You can also use Windows PowerShell to change the UPN suffix for all users

If you have a lot of users to update, it is easier to use Windows PowerShell. The following example uses the cmdlets Get-ADUser and Set-ADUser to change all contoso.local suffixes to contoso.com.

See Active Directory Windows PowerShell module to learn more about using Windows PowerShell in Active Directory.

• Run the following Windows PowerShell commands to update all contoso.local suffixes to contoso.com:

  $LocalUsers = Get-ADUser -Filter {UserPrincipalName -like *contoso.local'} -Properties userPrincipalName -ResultSize $null

  $LocalUsers | foreach {$newUpn = $_.UserPrincipalName.Replace("contoso.local","contoso.com") $_ | Set-ADUser -UserPrincipalName $newUpn}

Connect to Office365 Powershell

So you may have noticed the incredible new feature that Microsoft have rolled out to your Office 365 tenancy called “clutter”

Pain in the ass.

To disable it and to carry out many of useful admin tasks you can connect to your hosted exchange online using the following instructions – Note Im using Win10 on VMWARE Fusion

 

Open powershell as administrator

Connect PowerShell to Exchange Online

I always recommend running PowerShell as an administrator. To do that, right click on the PowerShell icon and select Run As Administrator from the context menu.

First we need to set the execution policy.

 C:\> Set-ExecutionPolicy RemoteSigned

Next we need to store our Office 365 credentials in a variable. Type the command below and hit enter.

 C:\> $UserCredential = Get-Credential

A dialog box will appear. Type in your Office 365 credentials and click Ok.

The account you use will need permissions to Exchange Online. By default only Global Administrators in Office 365 have Organization Management rights in Exchange Online.

Now let’s connect. In the command below we put our connection info into a variable. This results in less typing later.

 C:\> $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

Finally, let’s use that variable to connect to Exchange Online and import all Exchange cmdlets into our session.

 C:\> Import-PSSession $Session

To disable clutter for your whole tenancy run the following command;

Get-Mailbox -ResultSize Unlimited | Set-Clutter -Enable $false

Until next time

Sai

Excel 2016 freezes on Win 10 – FIX

[FIX] Microsoft Excel 2016 Has Stopped Working On Windows 10