Testing AAD Connect Write-Back permissions on an OU

When installing and configuring AAD Connect with Exchange Hybrid and any of the other special features (Group Writeback, Password Writeback, Device Writeback), it’s necessary to delegate service account permissions in Active Directory to allow the features to work properly. Those permissions apply to features like : Exchange Hybrid Write-back, Password Write-back, Group Write-Back, Device Write-Back and…

0

Office 365 Administration Inside Out – Second Edition

Reposting from Aaron Guilmette’s blog post here : https://blogs.technet.microsoft.com/undocumentedfeatures/2017/11/27/office-365-administration-inside-out-2/ Hey! It’s finally here! After months of hard work (almost a year from when we started until a copy at my doorstep), we’ve finally made it to the finish line! You can read the press release here: https://blogs.msdn.microsoft.com/microsoft_press/2017/11/27/new-book-microsoft-office-365-administration-inside-out-includes-current-book-service-2nd-edition Or jump straight to Amazon and order it:…

0

DN value in AAD Sync AAD Connect – the NEW format

DirSync \ FIM used to use the Immutable ID value in the Azure connector space, making it somewhat straightforward to search for objects in the Azure CS using the ImmutableID (either copied from MSOL powershell or from the onprem AD ObjectGUID value converted to a Base64 string), however in AAD Sync and AAD Connect the…

4

IMCEAEX non-delivery report

When migrating from on-prem Exchange to Office 365, it's best to treat it like any other cross-forest move and populate each object's LegacyExchangeDN value as an X500 address, otherwise you'll get NDR errors replying to old messages or calendar entries once mailboxes start moving. When receiving IMCEAEX NDRs, you can use the contents of the…

0

msExchRemoteRecipientType

When dealing with attributes synced to O365 via FIM \ DirSync \ AAD Sync, you will frequently encounter the msExchRemoteRecipient type attribute, previously empty in on-prem Exchange (only msExchRecipientTypeDetails and msExchRecipientDisplayType had values) the msExchRemoteRecipientType will have the following values depending on the object type and how the mailbox and archive were enabled \ moved…

5

AD Attributes that are changed when a mailbox moves to Office 365

There’s not a lot of great documentation available on what values change when an on-prem mailbox moves to the cloud.   The full list is below, but it’s important to note the following values since they are most often missed \ overlooked.   msExchRemoteRecipientType, previously null, will be set to 4   msExchRecipientTypeDetails gets changed from…

4

Fattening up an Exchange mailbox

Sometimes when doing mailbox testing it's necessary to actually bloat a mailbox for the purposes of benchmarking the speed of a mailbox move to Office 365, rather than risk sending sensitive data, or wasting time trying to wrangle up enough PDF or other files, you can use the following PowerShell function and one-liner to create…

1

Office 365 Exchange Attribute migration between forests

Back in late 2012 / early 2013 I created a number of documents on advanced identity integration with Office 365 using FIM and the Windows Azure Active Directory (WAAD) Management agent.   That guidance is now available on TechNet Here : https://aka.ms/WAADFIMQuickStart https://aka.ms/WAADTechRef   One of the many advantages of the migration of a traditional account…

0

Auto-Licensing script for Office 365

You can use the following script with task scheduler to connect to your tenant via powershell, check for any unlicensed users and apply a license. It will alert via email when the number of free licenses in your tenant falls below a certain number. The script stores the credential password encrypted in a file, so…

5