Environment:
In Cloud accounts for all local accounts.
Existing Exchange server
O365 tenant operating as EOP
AD and O365 tenant are different names (localcompany.com, cloudcompany.com)
Azure AD Connect on another domain (DNS entries so the servers can see eachother)
"cloudcompany.com" was added as a DNS suffix to localcompany.com AD
LogonName:
In AD Users and Computers, Account tab, User Logon Name.
In the drop down there will be an option for the O365 domain. In my case, the naming convention also changed from first initial last name to firstname.lastname. I changed the User Logon Name to match what was in Office 365, first.last@cloudcompany.com
Change Display name to match:
Another convention that changed was First Last on the local AD to Last, First in the cloud. I changed the Display Name to match what is going to be in Office 365.
NOTE:
All address fields and information in the local AD will overwrite anything you already have in Office 365, so make sure the local AD is clean and has the information you want in Office 365.
created a connection rule to forward all localcompany.com email to our local server, this was in addition to the regular connection rule.
Matched Primary SMTP of local account to Cloud account.
(this is what MS says to do, doing this fucks up the connection rule forward, adding the primary cloud SMTP as an alias is all you need.)
Went through the Azure AD connect Wizard to select the OUs that had the users I wanted to sync.
Previously synched office 365 accounts, like with OKTA for example, are fubared and won't sync.(fixed later) These accounts threw errors:
This object has been
updated in your Azure Active Directory, but with some modified properties,
because the following attributes are associated with another object
[UserPrincipalName
Also, I ended up needing the Host domain as the primary SMTP in the cloud to add to Outlook using the O365 connector in Outlook. I had originally planned to have both internal and O365 accounts in the outlook client, but the matching names messed everything up. Then I thought I'd create a new account for access to public folders, this also didn't work. It worked for the first few people, but as it scaled out it became unusable. This may be due to session limitations on individual users.
All synced users were hidden from the O365 GAL... msExchHideFromAddressLists was null, changed to False and they started showing up. This change took 24hours to complete.
Fuck this shit, never again. This migration almost made me quit.
Tips:
DO NOT do a staged migration this way. If you are going to migrate from an On Prem to the cloud, do it like a bandaid, fast and on 2. (1...2...pull...3)
Tuesday, July 25, 2017
Friday, July 14, 2017
Rebuilding or reconnecting Outlook autocomplete cache
either in exchange 2013+ or Office 365.
If you created a new outlook profile, I'm sure you've had complaints about 'contacts' missing. AKA the autocomplete cache.
This used to be stored in the NK2 file, stored in user\AppData\Roaming\Microsoft\Outlook\ rename as the current profile and you're done.
Microsoft holds this data on the server now, which is nice, BUT, what if you just migrated to Office365 like you have to? Because Microsoft is mother, Microsoft is father. Yes master Microsoft, I will do whatever you say. I don't need servers anymore, all must be cloud. Thank you.
Users\user\AppData\Local\Microsoft\Outlook\RoamCache\ holds a .dat file of your autocomplete
Its a super cool file name Stream_Autocomplete_absolutejibberish. It really makes it easy to find out what the new one is and what the old one was... Not.
Its easy enough to figure out which is the new autocomplete dat though, the one that's a KB and was made today, that's the new one. The old one is easy to find too. The one that wasn't made today, and has a lot of KB.
Close outlook, copy the old dat to a different folder (incase this all goes south and you have to try again, which I talk about below)
You'll want to change the old .dat filename to the new .datfile name. The file with the KBs will have the new file name. I hope that's clear... I'm reading it now and its not.
Copy the file name of the new dat, and delete new dat file. Den copy da new dat name to da old dat file and save dat shit.
Open outlook and take a look, all dat autocomplete is back.
Weird shit:
So I would do these steps, copy the new name, delete the new file, copy the new name to the old file, open outlook and watch as the Autocomplete file shrunk from 1000kb to 60kb... remember that step I said about copying the old autocomplete to a new file? Bet you wish you did that now, don't you. Close outlook, rename again and it should work. No idea why this is happening, but I seem to have to do the process twice.
Close outlook, rename, open outlook, close outlook, rename, done.
If you created a new outlook profile, I'm sure you've had complaints about 'contacts' missing. AKA the autocomplete cache.
This used to be stored in the NK2 file, stored in user\AppData\Roaming\Microsoft\Outlook\ rename as the current profile and you're done.
Microsoft holds this data on the server now, which is nice, BUT, what if you just migrated to Office365 like you have to? Because Microsoft is mother, Microsoft is father. Yes master Microsoft, I will do whatever you say. I don't need servers anymore, all must be cloud. Thank you.
Users\user\AppData\Local\Microsoft\Outlook\RoamCache\ holds a .dat file of your autocomplete
Its a super cool file name Stream_Autocomplete_absolutejibberish. It really makes it easy to find out what the new one is and what the old one was... Not.
Its easy enough to figure out which is the new autocomplete dat though, the one that's a KB and was made today, that's the new one. The old one is easy to find too. The one that wasn't made today, and has a lot of KB.
Close outlook, copy the old dat to a different folder (incase this all goes south and you have to try again, which I talk about below)
You'll want to change the old .dat filename to the new .datfile name. The file with the KBs will have the new file name. I hope that's clear... I'm reading it now and its not.
Copy the file name of the new dat, and delete new dat file. Den copy da new dat name to da old dat file and save dat shit.
Open outlook and take a look, all dat autocomplete is back.
Weird shit:
So I would do these steps, copy the new name, delete the new file, copy the new name to the old file, open outlook and watch as the Autocomplete file shrunk from 1000kb to 60kb... remember that step I said about copying the old autocomplete to a new file? Bet you wish you did that now, don't you. Close outlook, rename again and it should work. No idea why this is happening, but I seem to have to do the process twice.
Close outlook, rename, open outlook, close outlook, rename, done.
Wednesday, June 14, 2017
Xerox Workcentre 59xx scan to Office 365
I went on to update the other office scanners, and these were easier.
They were able to authenticate with a mail enabled office 365 account to send.
(These directions assume your scanner is already setup on the network and can scan to your local email server)
Log into your Xerox
decent site https://default-password.info/xerox/
default for the 59xx:
admin
1111
Once you're in go to Properties
Email
SMTP
Under Server, you can select Use DNS to select SMTP server, and it will give you the option to update the DNS servers. I added google (8.8.8.8) as the third DNS, the other two being internal servers. I read that the scanner might not find smtp.office365.com without an external DNS, (I didn't test without the external, if it works with just internal DNS let me know.)
Ok, so back to email (link at the top of the DNS page.)
I selected Hostname and entered smtp.office365.com
Device Email address I used the mail enabled account at my domain.
Save
SMTP auth, I used system and put in the mail enabled account. (User@emaildomain.com)
Go to the Connection Encryption tab and select STARTTLS
I tried SSL/TLS and it never connected, STARTTLS and the test went right away.
Test your configuration.
They were able to authenticate with a mail enabled office 365 account to send.
(These directions assume your scanner is already setup on the network and can scan to your local email server)
Log into your Xerox
decent site https://default-password.info/xerox/
default for the 59xx:
admin
1111
Once you're in go to Properties
SMTP
Under Server, you can select Use DNS to select SMTP server, and it will give you the option to update the DNS servers. I added google (8.8.8.8) as the third DNS, the other two being internal servers. I read that the scanner might not find smtp.office365.com without an external DNS, (I didn't test without the external, if it works with just internal DNS let me know.)
Ok, so back to email (link at the top of the DNS page.)
I selected Hostname and entered smtp.office365.com
Device Email address I used the mail enabled account at my domain.
Save
SMTP auth, I used system and put in the mail enabled account. (User@emaildomain.com)
Go to the Connection Encryption tab and select STARTTLS
I tried SSL/TLS and it never connected, STARTTLS and the test went right away.
Test your configuration.
Monday, June 12, 2017
Optiplex 3040 no boot devices found
I got a nice new Dell computer and shipped it out to a user. After a couple months
No boot devices found...
FML
So I had the user send it in to check it out. Data was on the drive. Swapped drive with a clean drive and loaded my windows 7 image to it.
It ran through the image, rebooted.
No boot devices found....
weird.
I took the drive out of my computer and put it in the 3040 case.
No boot devices found...
what the duck?
Put the drive back in my computer. Boots fine.
Double what the duck!
Talked with dell support and they sent me a new drive preloaded with one of their images. Popped that badboy in, boots like a charm. Issue fixed yay!
So I reimage the drive with the corporate image...
No boot devices found.
Time to throw it in the trash...
But there's more!
After farting around with it for a couple months, and the Dell tech going no contact, I finally figured it out.
I set BIOS boot setting to legacy instead of UEFI.
Imaged drive loads! Yay.
No boot devices found...
FML
So I had the user send it in to check it out. Data was on the drive. Swapped drive with a clean drive and loaded my windows 7 image to it.
It ran through the image, rebooted.
No boot devices found....
weird.
I took the drive out of my computer and put it in the 3040 case.
No boot devices found...
what the duck?
Put the drive back in my computer. Boots fine.
Double what the duck!
Talked with dell support and they sent me a new drive preloaded with one of their images. Popped that badboy in, boots like a charm. Issue fixed yay!
So I reimage the drive with the corporate image...
No boot devices found.
Time to throw it in the trash...
But there's more!
After farting around with it for a couple months, and the Dell tech going no contact, I finally figured it out.
I set BIOS boot setting to legacy instead of UEFI.
Imaged drive loads! Yay.
Option 3: Configure a connector to send mail using Office 365 SMTP relay
Creating the "Option 3" connector for multi function printer scanners to scan to email using Office 365. I am using a Ricoh Aficio MP2852
The SMTP server is your MX endpoint (domain-com.mail.protection.outlook.com)
Port 25
TLS enabled
Administrator email I used a mail enabled account.
Add a Mail Flow connector.
Name it what it does and give a description.
Example:
Office Scanner.
Makes it so the scanner can scan to Office 365.
Select "By verifying that the IP address of the sending server matches one of the IP addresses that belong to your organization"
Hit the Plus and put in your local IP (google/bing "what is my IP")
This was getting the mail to Office 365, but it was failing SPF, if you're not checking SPF (you madman) you won't have this issue.
If you are, the next step made it work:
Exchange admin center
Protection
Connection Filter
Add local IP (google/bing "what is my IP") to Allowed IP Address
The SMTP server is your MX endpoint (domain-com.mail.protection.outlook.com)
Port 25
TLS enabled
Administrator email I used a mail enabled account.
Add a Mail Flow connector.
Name it what it does and give a description.
Example:
Office Scanner.
Makes it so the scanner can scan to Office 365.
Select "By verifying that the IP address of the sending server matches one of the IP addresses that belong to your organization"
Hit the Plus and put in your local IP (google/bing "what is my IP")
This was getting the mail to Office 365, but it was failing SPF, if you're not checking SPF (you madman) you won't have this issue.
If you are, the next step made it work:
Exchange admin center
Protection
Connection Filter
Add local IP (google/bing "what is my IP") to Allowed IP Address
Disabling Azure AD connect
Disconnected and uninstalled Azure Active Directory Connect from the AD server, but still getting unhealthy synchronizations?
Log into portal.office.com, at the bottom, go to Admin centers, Azure AD
double click on your domain
Directory integration tab and deactivate
Log into portal.office.com, at the bottom, go to Admin centers, Azure AD
Directory integration tab and deactivate
Wednesday, April 19, 2017
Recovery partition blocking extend volume option
Situation: I had a 1000mb Recovery Partition that was separating the C drive from the unallocated space.
How I got here: I used windows backup and recover to copy a user's machine from a 250gb HD to a 500gb HD. Some users need to keep everything apparently...
Solution:
1.Right click the start icon and select the Command prompt(Admin).
2.Type Diskpart in the command prompt - Enter.
3. Type rescan at the prompt. - enter - This operation will take a few seconds.
4. Type list disk and press Enter
5.Select the disk, where the partition is sitting - in your case, probably 0, by typing Select disk 0
6. Type list partitions and enter.
7.Carefully select the partition that you wish to delete, by typing select partition x (substitute x)
8. Type delete partition override and enter.
Thanks to this forum post:
https://www.windows10forums.com/threads/recovery-partition-getting-in-the-way-of-extending-c-partition.7777/
Friday, December 23, 2016
Group policy no longer applying to groups only Authenticated Users
In my environment I have my office separated into OUs, some offices get all the drives, so the group policy for their drive mapping is simply linked to their OU with Authenticated Users in security filtering. All these drive maps work.
In one office, there are many departments that get different drives.
I had the office OU linked, and in security filtering I had the group they were in.
This worked fine for a while, until an update or something.
All drives gone, I freaked out... luckily I had my old kix scripts still, so I was able to bandage this.
And there it sat for months, bandaged and working.
Recently, I come to find out this is due to a security patch, and not only do you need the group in Security Filtering, you also need Authenticated Users.
http://superuser.com/questions/1106551/gpo-only-works-on-authenticated-users
I tested this on a few users, and it works.
And once again, I can take that logon script out of their AD properties.
In one office, there are many departments that get different drives.
I had the office OU linked, and in security filtering I had the group they were in.
This worked fine for a while, until an update or something.
All drives gone, I freaked out... luckily I had my old kix scripts still, so I was able to bandage this.
And there it sat for months, bandaged and working.
Recently, I come to find out this is due to a security patch, and not only do you need the group in Security Filtering, you also need Authenticated Users.
http://superuser.com/questions/1106551/gpo-only-works-on-authenticated-users
I tested this on a few users, and it works.
And once again, I can take that logon script out of their AD properties.
Wednesday, June 22, 2016
Unable to send from Adobe Acrobat. Default email application greyed out
Environment:
Windows 10
Outlook 2016
Acrobat XI Standard
Issue:
Unable to attach PDF from Acrobat using Send option. Default email application is greyed out.
Fix:
Make sure Outlook 2016 is set as the default program for mail.
This should remove the greyed out option, and bring you to issue number 2:
There is no email program associated to perform the requested action.
Fix:
Windows 10
Outlook 2016
Acrobat XI Standard
Issue:
Unable to attach PDF from Acrobat using Send option. Default email application is greyed out.
Fix:
Make sure Outlook 2016 is set as the default program for mail.
This should remove the greyed out option, and bring you to issue number 2:
There is no email program associated to perform the requested action.
Fix:
- Click Start, and then click Run.
- In the Open box, type regedit, and then press ENTER.
- In Registry Editor, locate the following subkey in the registry: HKEY_LOCAL_MACHINE\Software\Clients\Mail\Microsoft Outlook
- Select the subkey, and then press DELETE.
- Click Yes.
- Quit Registry Editor.
- Go to programs and features, repair office 2016
Thursday, May 12, 2016
Unable to expand the Folder Pane in Outlook 2016
Environment: Windows 7 64bit running Office 2016 apps.
Outlook 2016
Having trouble expanding the Folder Pane (the left pane) in Outlook 2016?
I was.
I was able to slide it to the left, making it smaller (minimized view) but wasn't able to expand it right so I could read everything.
If you're having this issue...
Try changing the Reading Pane to Bottom or Off. Can you adjust the Folder Pane now? I was able to. I put the Reading Pane back to the right and its allowing me to expand the Folder Pane still, weird.
Outlook 2016
Having trouble expanding the Folder Pane (the left pane) in Outlook 2016?
I was.
I was able to slide it to the left, making it smaller (minimized view) but wasn't able to expand it right so I could read everything.
If you're having this issue...
Try changing the Reading Pane to Bottom or Off. Can you adjust the Folder Pane now? I was able to. I put the Reading Pane back to the right and its allowing me to expand the Folder Pane still, weird.
Thursday, May 5, 2016
Configuring MDT for windows 10 deployment
In the technet article I ran into a problem pretty much right away.
https://technet.microsoft.com/en-us/itpro/windows/deploy/prepare-for-windows-deployment-with-mdt-2013
When creating the share, it wants you to powershell it with the following commands:
New-Item -Path E:\Logs -ItemType directory
New-SmbShare ?Name Logs$ ?Path E:\Logs -ChangeAccess EVERYONE
icacls E:\Logs /grant '"MDT_BA":(OI)(CI)(M)'
That second one doesn't work... unless you replace the ? with a -
New-SmbShare -Name Logs$ -Path E:\Logs -ChangeAccess EVERYONE
Then it creates it correctly.
Hope this helps, I'm new at powershell and this was incredibly frustrating.
https://technet.microsoft.com/en-us/itpro/windows/deploy/prepare-for-windows-deployment-with-mdt-2013
When creating the share, it wants you to powershell it with the following commands:
New-Item -Path E:\Logs -ItemType directory
New-SmbShare ?Name Logs$ ?Path E:\Logs -ChangeAccess EVERYONE
icacls E:\Logs /grant '"MDT_BA":(OI)(CI)(M)'
That second one doesn't work... unless you replace the ? with a -
New-SmbShare -Name Logs$ -Path E:\Logs -ChangeAccess EVERYONE
Then it creates it correctly.
Hope this helps, I'm new at powershell and this was incredibly frustrating.
Subscribe to:
Posts (Atom)
-
Situation: Vizio sound bar works. But all of a sudden, no sound. The movie is playing fine, but no sound. On the sound bar itself, two ind...
-
I have a customer that would like 3 monitors, for whatever reason. The Dell 9020 is capable of this, and this is how I got it to work. No ...