When dealing with user sync issues sometimes you encounter with a user that has a directory sync error evident in the MSOLUser properties. How do you extract actual error details to understand what you may need to do to fix it? You can run this cmdlets:$user = "username@domain.com"Get-MsolUser -UserPrincipalName $user | Select-Object DisplayName,UserPrincipalName,ObjectId,@{Name="Error";Expression={($_.errors[0].ErrorDetail.objecterrors.errorrecord.ErrorDescription)}} | FLIf there are any errors with the user, you...
WID service was unable to log on as NT SERVICE\MSSQL$MICROSOFT while installing WID (ADFS)
You are installing/re-installing WID and receive the following error:The MSSQL$MICROSOFT##WID service was unable to log on as NT SERVICE\MSSQL$MICROSOFT##WID with the currently configured password due to the following error:Logon failure: the user has not been granted the requested logon type at this computer.Service: MSSQL$MICROSOFT##WIDDomain and account: NT SERVICE\MSSQL$MICROSOFT##WIDThis service account does not have the required...
Outlook's Credential Prompts when access exchange online archives
Have you ever encountered a frustrating issue while trying to access your in Outlook, where you are prompted to enter your credentials repeatedly? My team faced this issue recently across multiple Exchange online users, and it caused a lot of disruptions to work. After researching the problem, this issue occurs due to a specific Autodiscover call for the Archive Mailbox, which is going to the 'Root Domain.'A third-party server answers the 'Root Domain' call, and it should not be returning a 401 for Autodiscover calls. This...
Azure AD Connect Profile Sequence
What are the steps involved if you have many AD DS environments configured to sync via AAD Connect (of MIM for that matter) and you need to run just one of them manually?Run the profiles in the below sequence:Delta Import - ADDelta Import - WAADDelta Sync - ADDelta Sync - WAADExport - WAADExport - ...
Check if a computer is part of a domain or not (and which Active Directory Domain)
One of the quickest way of checking if a computer you are on is Workgroup joined or domain joined for admins is by Going to the Settings > System > About > Advanced System Settings> Computer Name Alternatively, you can also do a right click on the My Computer folder > Properties > Advanced.A quicker way of getting to the information (while also finding more helpful information about the computers is to use Get-ComputerInfo...
How to Force Active Directory replication between Domain Controllers
By Default, the domain controllers in an Active Directory Domain sync ~15 minutes. The time to finish the replication itself may be as short as a few seconds to several minutes depending on the size of the Forest, Number of Domain Controllers, their physical location, and the type of connectivity between the sites. Sometimes, you make a change in one of the DCs and then have to wait for it to synchronize to other domain controllers....
How to Export Microsoft 365 users to CSV by domains via PowerShell
This one is simple, yet something comes my way occasionally. So here's the simplest way of identifying all users using a domains in your Azure AD Tenant / Microsoft 365. You can get a report of all users using a domain using the
below cmdlets. You will be prompted to specify the domain name when you run.
Repeat the script if you have to search multiple domains.
# Find Users by domain (includes search in proxy
addresses)
Connect-msolservice
$domainname...
Bulk update ProxyAddresses in AD using UserPrincipalName | Set-Aduser
A colleague asked for help in updating proxy addresses for multiple users in the local AD. Easy to guess, PowerShell was the answer for bulk changes. Challenge was they only had UPNs or UserPrincipalName and ProxyAddresses available with them which made it slightly non-standard. Typically, the scripts you run in the AD use 'sAMAccountName' to identify the users uniquely. They didn't have it. And we did not want to run multiple other...
How to change UPNs in Active Directory and Office 365 in bulk with PowerShell Script
What is
UserPrincipalName?
The UserPrincipalName attribute value
is the Azure AD username for the user accounts.
A UPN consists of a UPN prefix (the
user account name) and a UPN suffix (a DNS domain name). The prefix is joined
with the suffix using the "@" symbol.
For example,
"someone@example.com". A UPN must be unique among all security
principal objects within a directory forest.
The UPN is used by Azure AD to allow
users to sign-in....
Skype for Business Online PowerShell connections are blocked
Issue: You as a Global Admin or Skype for business Admin or Teams Administrator cannot connect to Skype for Business PowerShell Module. The Error that appears is as follows:New-PSSession : [admin0a.online.lync.com] Processing data from remote server admin0a.online.lync.com failed with thefollowing error message: Skype for Business Online PowerShell connections are blocked.CauseMicrosoft has discontinued the Skype for Business Online...
