Quantcast
Channel: Directory integration services - Recent Threads
Viewing all 6446 articles
Browse latest View live

RE: Migrating Exchange Online to on-prem

January 31, 2015, 6:05 am
$
0
0

Hi SafAdmin, 

Please refer to the following points:
1. A hybrid deployment requires Directory Synchronization (DirSync). In other words, if you choose deploying a hybrid environment before migrating the AD, DirSync must be enabled first.
2. After DirSync is enabled, as Vasil mentioned, the current AD accounts can be matched with the current Office 365 mailboxes via their SMTP addresses.
3. Then, after the AD is migrated, the link between the Office 365 mailboxes and the migrated AD accounts is the objectGUID attribute. If the migrated AD accounts’ objectGUID is the same as the pre-migrated accounts’, the Office 365 mailboxes will be matched with the migrated AD accounts.
4. You can also choose to deploy a hybrid environment after the AD migration to avoid potential issues about managing the objectGUID attribute. 

Thanks,
Claud

Search

RE: Changing subdomain for login purposes

January 31, 2015, 9:51 pm
$
0
0

Hi Nicolas,

According to our experience, after changing the UPN with the Set-MsolUserPrincipalName command, it won’t be changed back by the Dirsync process.

However, as I mentioned, it’s not Microsoft suggested that customers do this. And we’ll not be able to provide further support if there is any issue occurred due to the change.

Thanks,

David

Changing subdomain for login purposes

January 29, 2015, 7:27 am
$
0
0

Hi,

One of our customers uses "name@ABC.domain.com" as their UPN Address and "name@domain.com" as their email address domain. The customer wants to dirsync their AD, but they want that users using O365 services (lync and yammer for now) can log in into the service using their email address domain.

AFAIK, once we sync the AD, they can log in into O365 with name@abc.domain.com, so the question is: After syncing the users, can I change through powershell the "login domain" and allow them to use the @domain.com for login purposes?

Regards,

Nicolas

RE: Microsoft Azure Active directory sync tool cannot install and configure

February 1, 2015, 1:38 am
$
0
0

Hi Nerko,

Thanks for updates. I have read the previous message and I may have missed something.

If an old DirSync installation exists, another DirSync instance cannot be installed. Also, can you please capture a screenshot of the step in wizard that you are stuck? In addition, if any firewall is set up, 443 and 80 should be allowed as well.

Best Regards,
Bruce

Microsoft Azure Active directory sync tool cannot install and configure

January 23, 2015, 4:06 pm
$
0
0

Hi,

I am trying to install and configure AAD (New dirsync ) tool. I had the old one and it was working perfectly fine. Now when I uninstalled the old one and tried to install the new one I am not able to do it successfully. On a wizard I get following error:

System.Management.Automation.CmdletInvocationException: Failed even after 5 retries. Action: PingProvisioningServiceEndPoint, Exception: Unable to communicate with the Windows Azure Active Directory service. Tracking ID: 3dde0a30-9afe-4d48-9ae2-3d13e568f77d See the event log for more details.. ---> Microsoft.IdentityManagement.PowerShell.ObjectModel.SynchronizationConfigurationValidationException: Failed even after 5 retries. Action: PingProvisioningServiceEndPoint, Exception: Unable to communicate with the Windows Azure Active Directory service. Tracking ID: 3dde0a30-9afe-4d48-9ae2-3d13e568f77d See the event log for more details.. at Microsoft.DirectoryServices.MetadirectoryServices.UI.WebServices.MMSWebService.ValidateConfigurationParameters(Connector connector) at Microsoft.DirectoryServices.MetadirectoryServices.UI.WebServices.MMSWebService.CreateConnector(Connector connector, Boolean validate) at Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncConnectorCmdlet.ProcessRecord() --- End of inner exception stack trace --- at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input) at Microsoft.Azure.ActiveDirectory.Synchronization.PowerShellConfigAdapter.PowerShellAdapter.TypeDependencies.InvokePipeline(Pipeline pipeline) at Microsoft.Azure.ActiveDirectory.Synchronization.PowerShellConfigAdapter.PowerShellAdapter.InvokePowerShellCommand(String commandName, IDictionary`2 commandParameters, Boolean isScript) at Microsoft.Azure.ActiveDirectory.Synchronization.PowerShellConfigAdapter.ConnectorConfigAdapter.AddConnector(Connector connector) at Microsoft.Azure.ActiveDirectory.Synchronization.Config.ConnectorAdapterBase.CreateOrUpdateConnectorCore() at Microsoft.Azure.ActiveDirectory.Synchronization.Config.ConnectorAdapterBase.<>c__DisplayClass1.<CreateOrUpdateConnector>b__0() at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ActionExecutor.Execute(Action action, String description) at Microsoft.Azure.ActiveDirectory.Synchronization.Config.ConnectorAdapterBase.CreateOrUpdateConnector(IEnumerable`1 objectClassInclusions, IEnumerable`1 attributeNameInclusions, Boolean createRunProfile) at Microsoft.Azure.ActiveDirectory.Synchronization.UserInterface.UI.WizardPages.ADDSApplyConfigurationPageViewModel.UpdateConnector(HybridContext context, SynchronizationRuleTemplateEngine srTemplateEngine, BackgroundWorker backgroundWorker, String wizardPageName, String progressMsg, ConnectorAdapterBase connector, Boolean isNewConnector, Boolean updateInclusions, List`1 attributeExclusions) at Microsoft.Azure.ActiveDirectory.Synchronization.UserInterface.UI.WizardPages.ADDSApplyConfigurationPageViewModel.ApplyConfigurationCore(BackgroundWorker backgroundWorker) at Microsoft.Azure.ActiveDirectory.Synchronization.UserInterface.UI.Controls.Wizards.ProgressReportingTaskViewModel.ExecuteAction(Action action, Boolean isProgressIndeterminate)

When I try to install the old one I am not able to do it either. I get unable to establish connection error.

Anybody can help me lead to resolve this issue.

Nerko

RE: Hybrid Exchange

February 1, 2015, 4:54 am
$
0
0

Hi Jason,

Have you checked connectors? You can try to run the Hybrid Configuration Wizard again to re-create the connectors.
Any updates are appreciated.

Thanks,
Kid Yang

Hybrid Exchange

January 27, 2015, 6:38 am
$
0
0

Hi All

I have configured a hybrid exchange environment in the following scenario;

Exchange 2010 SP3 on a Windows 2008

ADFS on Windows 2012 R2

I can successfully migrate mailboxes to the cloud, autodiscover is working as expected, outlook configures correctly for both on-line and on-premise mailboxes.

However, on-line mailboxes cannot email on-premise mail accounts.

I have looked at accepted domains and have set the hybrid domain for relay within the on-line office 365 portal.

The messages after 1 day bounce with the following error;

DSN code 4.4.7 in Exchange Online

4.4.7smtp 550 4.4.7 QUEUE Expired, Message Expired.

Any ideas?

Many thanks

Jason

ADFS - ID error 246 LDAP not available

February 1, 2015, 9:14 am
$
0
0

Hi,

We have running ADFS SSO in our Office365 Tenant. My ADFS Server sometimes has the event ID 246. LDAP server not avaialble and appears in blank hostname of LDAP server, and error of the LDAP server.

Who I can check the ldap configured? The SSO validation works, but I want to avoid this error...

Thanks!

Search

RE: Is Self-Service Password Reset Available in a new Office 365 Tenant for users with E1 license?

February 1, 2015, 11:57 am
$
0
0

Ok, the information in this link says that Self service password reset for users is part of the Free, Basic and Premium Editions.  msdn.microsoft.com/.../dn532272.aspx. Is there a way to add this feature to an existing or a new Office 365 tenant without paying for the Azure Premium edition?

RE: Microsoft Azure Active directory sync tool cannot install and configure

February 1, 2015, 5:04 pm
$
0
0

Hi Nerko,

I wrote a post on install AADSync Beta 3.  I ran into several issues which I documented in my post here bnehyperv.wordpress.com/.../azure-active-directory-sync-aadsync

Have a quick read through this, perhaps something may standout that I did differently?

I would recommend you power off your DirSync server, then install AAD on a new server.  Then go back and delete the DirSync server.

Aaron @aaronw2003

RE: ADFS - ID error 246 LDAP not available

February 1, 2015, 6:10 pm
$
0
0

Hi Aitor,

I understand that you encounter the specific error (ADFS ID 246) while the ADFS service is working fine with Office 365.

I’d like to explain that this is a normal behavior since Office 365 doesn’t provide LDAP service. When clients try to connect to the service via ADFS/SSO, the specific error occurs. To avoid the error, you may want to check the settings in the end users’ side and let them disable the queries to the LDAP service in Office 365.

If you want to change the settings on the ADFS server, sorry that currently Office 365 doesn’t have any official documents about the steps. Since it’s a settings related to the on-premises server part, to get dedicated support, it’s recommended that you post a new thread with details in our Windows Server Forum, your understanding is appreciated. 

RE: Hybrid Exchange

February 2, 2015, 1:51 am
$
0
0

Hi All

Sorry for late reply, have been on a training course! The connectors look correctly configured.

Also i have stupidly failed to mention we are using a smathost to route our mail on the on-premise domain (fusemail). However i'm not sure if the mail from the online account would need to route via Fusemail. Does it not get delivered directly to the on premise accoutns via the connectors the hybrid config wizard produces??

RE: Is Self-Service Password Reset Available in a new Office 365 Tenant for users with E1 license?

February 2, 2015, 2:05 am
$
0
0

Hi Customer,

Regarding the article, I would like to explain that "Self-service password reset for cloud users" is Premium and Basic features included in paid editions, while it is "Self-service password change for cloud users" that is available in free and paid editions of Azure AD.

Therefore, to configure Self-service password reset, we need to upgrade to Azure AD Premium or Azure AD Basic.

And, you may turn to Microsoft Azure forum for further information regarding using Azure AD with Office 365. Since our forum mainly focuses on Office 365 for business services, we have limited resources on Azure AD.

Best Regards,
Rene

RE: Hybrid Exchange

February 2, 2015, 5:20 am
$
0
0

Hi Jason,

I have replied you in the PM. Please check it.
Any updates are appreciated.

Thanks,
Kid Yang

RE: The proxy address is already being used by the proxy addresses or LegacyExcahngeDN

February 2, 2015, 8:50 am
$
0
0

Its an Dirsync environment

Thanks

Search

The proxy address is already being used by the proxy addresses or LegacyExcahngeDN

January 30, 2015, 3:33 pm
$
0
0

The proxy address _____ is already being used by the proxy addressed or LegacyExchangeCN of ____.  Please chose another proxy address.

Searching through office 365 powershell by using:

get-mailbox | where {[string] $str = ($_.EmailAddresses); $str.tolower().Contains($proxyAddress().tolower())

and using Active Directory Users and Computer with the custom query command:

proxyAddresses=smtp:__@___.com

I also use Ldap and ADFind to search and nothing pops up

I cannot find the object where this particular proxy address resides, any ideas?

RE: Dirsync and Password Expiration

February 2, 2015, 8:59 am
$
0
0

Yes, that is correct.  You may also want to check out this article: "DirSync Password Sync - Did You Know?"

The situation that occurs is that the on-prem password is expired but the password still works in the cloud.  The passwords are never different.  If the user changes the on-prem password, it's synced to the cloud.

Given that password expiration is a calculated value, I would be surprised to see this end up being synchronized and it's not anything that's on the Office 365 Roadmap currently.

If the password expiration functionality is required, a script is a feasible option otherwise you may find that AD FS is more appropriate for your requirements.

RE: Dirsync and Password Expiration

February 2, 2015, 9:58 am
$
0
0

Yes, security policy states that passwords must expire on  given interval. These policies are there to help prevent unwarranted access to a user's resources. This opens up our users to the potential of password guessing attacks.

So if I pursue the scripted method to enforce this, would it be preferable to simply reset the user's cloud password to a random value, or set the change at logon flag? What would be the net effect of each? Thanks!

Dirsync and Password Expiration

February 2, 2015, 8:52 am
$
0
0

According to this article when you use Dirsync with Password Sync and a user's on-prem password expires, they will still be able to log in to cloud resources. Is this true? Will the user be able to log in using their on-prem synced password or one that is configured in the cloud? Are there any plans for Dirsync to sync the password expiry as well?

If not, are there any workarounds for this? I have considered creating a script that will scan for password expirations in my on-prem AD and if detected will change the password in the cloud. Alternatively, it could set the password to change at next logon. Would either of these be feasible approaches?

RE: Is Self-Service Password Reset Available in a new Office 365 Tenant for users with E1 license?

February 2, 2015, 10:12 am
$
0
0

Ok, thanks for the information.  

Viewing all 6446 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>