Skip Ribbon Commands
Skip to main content
Benoit s Corner

Benoit's corner

Jul 02
Office 365 - Skype for Business Preview

imageWant to be the first to see, test and use what will be coming with Skype for Business and Skype for Business Online??

Go to https://www.skypepreview.com/ to sign up for Skype Meeting Broadcast, PSTN Conferencing (US only at this time) and Cloud PBX with PSTN Calling (US only at this time too).

  • Skype Meeting Broadcast will allow you to host live meeting with up to 10 000 attendees with Yammer integration to allow dialog during the broadcast
  • PSTN Conferencing will allow you to host live meeting with Skype for Business Online and invite your participant to dial in to join the conference. As prerequisites, you must have an Office 365 Enterprise plan, or Skype for Business Online Plan 2 or 3 and being hosted in the US
  • Cloud PBX will deliver iPBX features based on Office 365/Skype for Business Online, meaning you will be able to make and receive traditional phone calls directly with your Skype for Business client without the pain of setting up telephony integration On Premises and integration with Online. As prerequisites you must have an Office 365 Enterprise plan or a Skype for Business Online Plan 2 or 3 and being hosted in the US
Jul 02
One more year as MVP

MVP_FullColor_ForScreenI have the great pleasure to announce that I have been renew for one more year as MVP on Office 365 Smile

One more year as part of this great program with lot of opportunity

Jun 27
Office 365 – Azure Active Directory Connect Installation

Following my previous post about the upgrade process from DirSync to AAD Connect (which failed), I decided to go ahead and uninstall DirSync to do a fresh install of AAD Connect.

So let start a fresh install by accepting the license agreement

image 

Then you have the choice to do an Express configuration – which synchronize identities, password and all attributes from the current directory (based on the domain membership of the server) – or do a Custom configuration which let you decide what do synchronize

image 

For the next steps, I choose to do a custom configuration

With the custom configuration you can choose to use a SQL instance (instead of using the SQL Express provided with the tool), define custom installation location, define your own FIN groups

If you choose to define your the service account (used to start the service not to synchronize your directory – even if you can use it for both it is always recommended to use dedicated account for each task) you have to use the following format domain\useraccount – UPN format is not accepted

I choose to define my own service account (to run the synchronization service) and use a SQL instance

imageimage 

Then when you start the installation, the wizard installs additional prerequisites like the sign-in assistant

As I choose to use SQL instance, it also creates the ADSync database on SQL and grants appropriate permission for the service account I defined

NOTE i f you uninstall AAD Connect and where using an SQL instance, the ADSync database will be also deleted

image 

At the next step, you can define which authentication methods you want to use between password synchronization, federation or nothing (meaning you need to define the user’s password on Azure AD/Office 365)

image 

I choose Password Synchronization – I already have ADFS configured and in use, so want to check what will happen there

Then you have to enter your global administrator credentials – as always it is recommended to have setup a dedicated account on your tenant with complex password which never expires

image 

Then it connects to the tenant, validates the credentials and the account role

At the next step you can select which On Premises AD Forest you want to synchronize – if you have only one, that’s easy, if you have more than one you can add them here; strangely you have to manually enter the other AD forest in the FOREST field while with beta/preview version you were able to select them directly using the drop-down menu

The account does not need anymore to be Enterprise Admin BUT need to have permission to manage user and groups objects

image 

Then it checks your directory schema and validates if it meets the prerequisites for synching with Azure Active Directory

If you are going to synchronize multiple AD Forest, you have to define the way to uniquely identity each identity against each directory services

image 

Then you can synchronize the entire directory or select filtering options based on AD groups – this option can be helpful if you are planning a pilot

Do not forget you will be still able to do filtering based on OU or attributes later using the FIM console

image 

Finally you can choose to enable additional features like Exchange Hybrid configuration, password write back…

image 

In my case I enabled Exchange Hybrid, password write back (which requires AAD Premium) and also the new (still in preview) user and group write back (will covers this later in this post)

Then once you have selected (and configured) the additional features, you can check which AD attributes will be synchronized – you can check them using a CSV export

You can even unselect some of them using the I want to further limit the attributes exported to Azure AD and then uncheck the attributes you want

NOTE you will not be able to uncheck mandatory attributes like userprincipalname, accountenabled…

image 

That’s it, you are ready to finalize the configuration. I would recommend to uncheck the Start synchronization if you want to configure OU based filtering

Unchecking this option will disable the scheduled task. Don’t forget to enable it after having configured your OU based filtering

image 

Also, you can enable the Staging option which will let you check what will be synched to Azure AD BUT will not export anything

This useful if you are planning a pilot or preparing the deployment of AAD Connect in parallel of other running instance (DirSync)

imageimageimage 

 To start a manual synchronization, there is no more any PowerShell command but a command line tool - see http://blog.hametbenoit.info/Lists/Posts/Post.aspx?ID=661

Console Location

With Azure AD Connect, the console which allows you to check the synchronization progress as well as to define OU based filtering is now located within the C:\Program Files\Microsoft Azure AD Sync\UIShell folder and you have to use miisclient.exe to start it

As usual you have to logoff after installing the tool to be able to use the console

imageimageimage 

 

Groups and Users Writeback

Groups and Users Writeback is new with ADD Connect and allows you to create groups and users object on your On Premises Active Directory based on objects initially created on Azure Active Directory

If you enable this feature, you have to define where this “written back” group and user objects have to be created on your AD. AAD User will have a randomly generated password set your on AD, so you will have to reset to a known password after their creation.

Password write back is not available for these objects, meaning their cloud password is not synchronized back on your AD.

image 

 

Device Writeback

If the device writeback is disabled this may be because you need to prepare your AD forest.
Also seems there is still some defect as this feature also comes with ADFS 3.0 and device registration; if you have setup ADFS 3.0 for device registration, you have nothing to do but the option is still unavailable

To prepare the forest, you need to run a PowerShell command prompt (still using Run As Administrator) and execute the AdSyncPrep.psm1 located within the default installation folder C:\Program Files\Microsoft Azure Active Directory Connect\AdPrep. Also you need to execute this command with an Enterprise Admin account

Then you have to execute the following command to enable device writeback Initialize-ADSyncDeviceWriteBack

You will be asked to enter the domain to be prepared and the AD connector account – the one you defined when you connect to your On Premises AD services

image 

NOTE seems there has been another change since the beta/preview builds as you have to reconfigure what you already have defined. This was not the case with the beta/preview builds

Bulk Deletion Prevention

By default, AAD Connect now has bulk deletion prevention enabled BUT with a high threshold set to 500 objects; meaning of less than 500 objects are deleted on AD, this will be synched back to Azure AD.

If you want to either disable – run the following command Disable-ADSyncExportDeletionThreshold – or change the threshold value – run this command Enable-ADSyncExportDeletionThreshold, you then will be asked to enter your Azure AD credentials and the new threshold value (or use the complete command Enable-ADSyncExportDeletionThreshold –DeletionThreshold <value>

Jun 27
Office 365 – Upgrade from DirSync to Azure AD Connect

Following the announcement of the new AAD Connect (Azure Active Directory Connect), I decided to upgrade my DirSync instance (version 1.0.7020).

So the first thing is off course to get the AAD Connect tool either from http://go.microsoft.com/fwlink/?LinkId=615771

Then let start the upgrade….

Some details about my current DirSync configuration:

  • Use OU’s filtering to define where the objects to synchronize are located
  • Device objects are also synchronized
  • Password synch and write back and Hybrid configuration options have been enabled

 Also I'm using ADFS to authenticate against Office 365 and Microsoft Azure services.

As usual, always run as administrator – best it to use a command prompt with the run as administrator option

The setup immediately starts installing all required binaries before starting the configuration wizard

image 

image 

After the classic acknowledgment of the license, you can start configuring

The wizard has detected my DirSync instance and is checking to propose me the best upgrade option

image 

And… it failed. The wizard told me that DirSync is configured with some options which can not be upgraded to Azure AD Connect.

image 

So I checked the Learn more link to try to know which options are involved here but it clearly does not help

Then I checked the TEMP directory on my user profile to check if there is any log file and if so trying to get more details but there is log, no need to check the Windows Event log, there is nothing here too.

So the upgrade process ended by uninstalling DirSync and start a fresh install….

Jun 25
Office 365 / SharePoint Online – External Sharing can now be accepted only by the original email address which invited

An update is currently being deployed on SharePoint which will allows IT administrator to restrict external sharing to be validated only by the original email which sent the invitation.

To enable this, you must connect to your SharePoint tenant using PowerShell and set the RequireAcceptingAccountMatchInvitedAccount to TRUE (by default this is set to FALSE)

To check if your tenant is already updated, run the Get-SPOTenant and check if the parameter is present or not

image

But stay tuned, more update is coming on SharePoint Online Smile

Jun 25
Office 365 – New “about me” page (Office 365 Profile)

You may be already aware – if not this now the case – every user on Office 365 has a profile page (different from the SharePoint Profile) accessible from the Gear\Office 365 Settings\Me menu. This page provide user details like your contact details or allows you to know more about the license assigned to your account

imageimage

This page has been updated to deliver a nicer interface Smile

image

This updated page is/will be available first to whom has the First Release enabled and in the few months to all other.

Jun 25
Office 365 / Azure – Azure AD Connect is now available

The long waited new version (and unique tool) to synchronize your On Premises Active Directory with Azure Active Directory (and so Office 365 too) is now available Smile

This new version offers more options for the synchronization such as multi AD Forest support, simpler attributes selection for synchronization, richer identity scenario…

And the icing on the cake, you can upgrade from the “old” DirSync

To know more go to http://blogs.technet.com/b/ad/archive/2015/06/23/azure-ad-connect-amp-connect-health-is-now-ga.aspx

By the way, in the meantime, Microsoft has also announced the availability of AD Connect Health which offers you a cloud monitoring for your identity infrastructure – as part of this first release, this applies to ADFS first (you must also have an AAD Premium)

Enjoy

Jun 24
Microsoft Azure – Azure Speed Test

In case of you missed it, Microsoft proposes a speed test for Azure too – as for Office 365.

image 

http://azurespeedtest.azurewebsites.net/

 

it will help you to determine which datacentre or CDN to use for your Azure services, and it getting updated live so you can see the evolution in real time too Smile

 

image 

Jun 12
Office 365 – New workload specific admin roles

It has been also a long requested and waited improvement: being able to granularly grant administration permission on Office 365 services (SharePoint, Lync/Skype for Business, Exchange) without granting global administrator.

Microsoft has announced this major improvement is going to be rolled out as part of the monthly update process. For those with the First Release option enabled, this should be already deployed (or will be very soon)

imageimage

To know more https://blogs.office.com/2015/06/11/more-control-over-data-access-with-workload-specific-admin-roles/

Jun 10
Office 365 / Exchange Online – A new version of ActiveSync is coming

Microsoft has announced that a new version of ActiveSync is coming. This v16 is introducing a long waited feature request: synching the draft folder Smile

Also part of this new version, calendar items with attachment will be synched with the attachment.

At this time, this new version is being rolled out only on Exchange Online on a per user basic, not per tenant. This means you may have a user already using the new EAS version while another one may still use the “old” version.

To check the version, just use the Remote connectivity test from https://testconnectivity.microsoft.com/ by selecting Office 365\Exchange ActiveSync and look for the MS-Server-ActiveSync value (in this screenshot this is still version 15.1)

imageimage

See http://blogs.msdn.com/b/exchangedev/archive/2015/06/08/announcing-exchange-activesync-v16.aspx

1 - 10Next

 ‭(Hidden)‬ Blog Tools

 Copyright

 About

Benoit is specialized on Microsoft infrastructure (Active Directory, Azure, ForeFront products, Hyper-V, Identity Management, System Center, Windows) and collaboration (BPOS, Exchange, Office 365, SharePoint) technologies.

He has been awarded as Microsoft Most Valuable Professional (MVP) since 2002 - on Windows, then SharePoint and finally Office 365. He has been recoginzed as Microsoft Community Contributor for his work on the Office 365 community in 2013 and 2014.

He has been involved in early stage of testing phase for many Microsoft products - from Windows to Office 365, including Exchange, SharePoint or Office client and WindowsUpdate.

He has participated as speaker or Ask The Expert (ATE) at many Microsoft or Quest events. He also participed in writing several books on SharePoint (2003 to 2010).

With more than 10 years of professional experience, he has a deep knowledge of the Microsoft market and his competitors.

​Privacy Information

This blog is using tracking code for analytics purpose.

No personal data are stored and maintained.

 Follow me on

 Share This

 Office365 Undercover by Arnaud ALCABEZ

Retrieving Data

 Certifications

Microsoft Certified Systems Administrator 
Microsoft Certified Systems Administrator - Messaging
Microsoft Certified Systems Engineer 
Microsoft Technology Specialist 
 Microsoft Certified IT Professional

 Translation Tool

Translate this page

 FaceBook Fan's Page

 Books I wrote

Le portail Microsoft SharePoint 
Microsoft Office SharePoint Portal Server 2003 et WSS au quotidien 
Microsoft Office SharePoint Server (MOSS) et Office 2007  
Microsoft Sharepoint 2010