How to report on licensed Office 365 users with disabled Active Directory accounts

There may be times where you need to do some housekeeping on your Office 365 licenses.  Users may have left, for example, had their active directory accounts disabled, but are still consuming a license in Office 365.  Here is a simple powershell one-line that will output a report to CSV.

Connect powershell to Azure AD for your Office 365 subscription as described here and run the following read more

How to update a Dynamic Distribution Group Recipient Filter

During an Office 365 / Exchange Online migration, you may have a requirement to update the recipient filter of any dynamic distribution group.

In my case, I needed to do this because the dynamic distribution group used filters to include only mailboxes. But mailboxes that are migrated to Office 365 become mail-enabled users in the on-premises directory. This can cause issues with certain members of a dynamic distribution group not receiving email messages. The issue is described here read more

Azure AD Connect unable to sync built-in Administrator account

In a recent project I came across a scenario where there was a requirement to synchronize the built-in Administrator account from the on-premise Active Directory into Azure AD.  Reason being was the built-in Administrator account was mailbox enabled, and there was a requirement to migrate the mailbox to Exchange Online (Office 365) read more

Azure AD Connect fails – “The user name or password is incorrect” when adding a second Active Directory Forest

I came across this issue recently and wanted to shared my experience

Environment

The organization has the following configuration

  1. Office 365 tenant
  2. Azure AD Connect configured and synchronizing Active Directory Forest A

Requirement

  1. Synchronize Active Directory Forest B into the same Office 365 tenant

As per the supported topologies for Azure AD Connect here this can be achieved using the same instance of Azure AD Connect.  No forest trust required, but some pre-req’s are required as outlined here including Firewall ports (listed here) , DNS Name resolution (using a Conditional Forwarder -see discussion here) and an account in Forest B with Enterprise Admins permissions. read more

Office 365 Mailbox Migration Planning Script

Every user mailbox in Exchange Online requires an Office 365 license to be assigned to the user.  Often when migrating from Exchange On-premises, there are more user mailboxes than actual users, and more importantly, more user mailboxes than Office 365 licenses.  In this scenario, a number of options can be considered including: read more

How to enable, verify and test Litigation Hold in Office 365 – Step by Step

How to enable, verify and test Litigation Hold in Office 365 – Step by Step

In this blog post, I’ll demonstrate step by step how to enable, verify and test litigation hold in Office 365.  I’ll be focusing specifically on the Exchange Online workload.

  1.  Enabled Litigation Hold

You can enable litigation hold for a mailbox by running the following command from the Exchange Online shell (note:  steps to connect PowerShell to Exchange Online can be found here) read more

Troubleshooting the Office 365 Hybrid Configuration Wizard

In this blog post I want to share some tips for identifying issues when running the Office 365 Hybrid Configuration Wizard (HCW), available here .

Specifically,

  1. Where to find the Hybrid Configuration Wizard logs
  2. How to identify network related issues

In my experience, network relates issues are the most common cause of HCW failures, and that is where this blog post will focus.   Most corporate networks have firewall and / or proxy restrictions in place.  There are very specific network requirements for connectivity to Office 365 as detailed here . read more

Outlook client can’t connect to Exchange 2016 – continually prompts for login credentials

Problem

I came across this issue while working on an Exchange Hybrid deployment.  During the testing phase, I successfully migrated mailboxes from Exchange 2010 to Exchange Online.  However, when I migrated a mailbox from Exchange 2010 to Exchange 2016, my Outlook client could not connect to its mailbox and would continually prompt for login credentials read more

Azure AD Connect – The remote server returned an error: (407) Proxy Authentication Required

Azure AD Connect – The remote server returned an error: (407) Proxy Authentication Required

Problem

Get the following error running Azure Active Directory Connect

“The remote server returned an error: (407) Proxy Authentication Required”

1

Environment

Internet access via internet explorer is working on the server where I’m running Azure AD Connect

2

There is a proxy server in the environment (WebMarshal in this case), and a PAC file is used to configure the proxy settings read more

ADFS WAP Proxy – An error occurred when attempting to establish a trust relationship with the federation service.

Environment

  • Windows 2012 R2 server on the LAN with the Active Directory Federation Service Role installed
  • Windows 2012 R2 server in the DMZ with the Remote Access role and the Web Application Proxy (WAP) feature installed

Problem

Getting the following error running the Web Application Proxy Configuration Wizard

“An error occurred when attempting to establish a trust relationship with the federation service. Error:  The request was aborted:  Could not create SSL/TLS secure channel”

Event ID 393 was written to the event log read more