Quantcast
Channel: Directory integration services - Recent Threads
Viewing all 3141 articles
Browse latest View live

Office 365 change AD Domain Name

October 10, 2014, 2:34 am
$
0
0

Hi,

I work for four schools who have very different setups at present and over the course of the year we are planning on merging each of their domains into one domain.

The first two schools are being looked at now, relatively small with only about 500 students in each and 60 or so staff. At present one of them is using o365 fully and the plan is to use that tenant for the other 3 schools, we're happy with the process of adding the other schools 'email' domains to this.

The problem is that the other small school currently has no email solution for students (I know!) and are now wanting to use o365, the problem is that we're not ready to merge their AD domains yet.

The question.... I'd like to use DIRSYNC to sync the users from their AD Domain into the o365 Tenant of the other school (obviously I'll need to deal with any duplicates but their shouldn't be many) I believe this should be fine, the problem is that within the next 6 months we'll probably be merging these users into a new AD Domain, how do we then make sure that the user in the new domain (probably been migrated from the old domain to the new one) is still assigned the correct mailbox in o365 and the password syncing still works without duplicating all the users again.

I think that makes sense! As I type I'm wondering whether this could be solved by using the new AADSYNC?

Thanks

Pauil

Search

Dirsync filter, adds and deletes

October 4, 2014, 11:28 am
$
0
0

Hi!

This question is more to settle my curiosity then an actual problem.

If I remove a user from my dirsync scope and run a manual sync, when it's complete and when I look at the MA for windows azure it says deletes "2". Why is the deleted user listed twice? This is not the case when I add a user to my scope, then under adds, it's only listed once?

Regards

UC

How a user can change a password of account when accounts are SyncDir enabled

October 9, 2014, 4:20 am
$
0
0

Hi,

With a SyncDir environment in Office 365 where the account credentials are sync from local to Office 365 how works the password change request?

I mean, with SyncDir the communications flow only in one way, from local to cloud. How this request are treated?

The user still have the option in the portal of change password?

Or for example in the following scenario, DirSync enabled and a policy in AD to refresh the passwords every 3 months and the user doesn't have a Windows desktop to refresh it so it has to be done from the Office 365 portal directly. How affects SyncDir in this environment?

This question is so particular, so any information will be great.

May be another approach like hybrid environment will be better.

Thanks

Cached user, can't sign out of different account

October 9, 2014, 10:42 am
$
0
0

For some reason I cannot log into another account. When I sign in I put in the email and hit tab, it says taking me to organization sign in page and never gives me a chance to actually sign into a seperate account but just throws me into the old one. Is there a place where these credentials are being stored where I would be able to change them? I have cleared my cache and history numerous times and have no idea what is causing this to happen.

Outlook popup for credentials whenever password changed

October 9, 2014, 8:43 am
$
0
0

We are running Windows 2003 domain and ADFS. We have migrated our mailboxes to Office 365. The problem we have is whenever a user changes his/her password, the Outlook popup for the credentials. Since DirSync runs every 3 hours, we need to run it to sync the password manually. Does someone have a better solution?

Missing "Conntections" tab in Outlook 2013

June 26, 2014, 9:46 am
$
0
0

Hello

I recently discovered that the connections tab in the outlook client is gone.  If i open outlook with a profile that points to my onprem 2013 server i can see the connections tab in the outlook client, however if i open a profile that points to O365 the connections tab is gone.

Cutover errors

September 29, 2014, 4:01 am
$
0
0

Hi,

We have got couple errors which got mailbox failed during migration,

1 tenant : 2 domain verified

mummy.in (on premise exchange server 2010) cutover migration has been completed

domain.in (already in cloud)

Error 1 : The operation couldn't be performed because object username@mummy.local' couldn't be found on 'HKNPR03B00235DH.APCPR04AP3.prod.outlook.com'.

Need answer for this.

 

Error 2 : A different type of Active Directory object already exists for "Mark.Nicolas@mummy.in" in the target forest. Please verify that the SMTP address is correct.

 

Need answer for this.

Error 3 : The name "James.Andrew" is already being used. Please try another name.


 We found that James.andrew was already in O365 portal with different domain eg : james.andrew@domain.in (we have 2 domains verified in single tenant domain.in and mummy.in). In this case what should I do? do I need to delete the user from the portal or any workaround?? can't we have a user who actually have 2 mail id in two different domain with same display name and email address??

 

Error 4 : AutoDiscover failed with a configuration error: The migration service failed to detect the migration endpoint using the Autodiscover service. Please enter the migration endpoint settings or go back to the first step and retry using the Autodiscover service. Consider using the Exchange Remote Connectivity Analyzer (https://testexchangeconnectivity.com) to diagnose the connectivity issues.

 

For the above error what should Needs to done? I can able to see the failed users in portal also?

 

Please help!!

 

Regards,
Sivaraman NR

Renewing token-signing and decrypting certs question

October 10, 2014, 3:03 pm
$
0
0

Hi,

I've got an AD FS 2.0 farm / proxies and a primary AD FS server with a 3rd party token-signing and token-decrypting certificate. Would people recommend renewing the certificates with self-signed certs which can then take advantage of auto-renewal or is the wiser choice to stay with 3rd party certificates?

If I change to self-signed will Office 365 consume this new certificate or will I need to configure something like the following?

https://gallery.technet.microsoft.com/scriptcenter/Office-365-Federation-27410bdc 

Suggests third party token signing certs aren't ideal:

http://blogs.technet.com/b/adfs/archive/2007/07/23/adfs-certificates-ssl-token-signing-and-client-authentication-certs.aspx

Thanks

Search

Password Administrator

October 11, 2014, 4:03 am
$
0
0

Hi Team,

We have single tenant with multiple domain verified, I have assigned password administrator role for one user Example : john@abc.com. But when the user from xyz.com requested for the password change the email is triggering to john@abc.com. I want to restrict that john@abc.com can do the password administrator task for only abc.com users. We want to allocate one user on each domain to do the password administrator role for their respective domain.

Password reset request from xyz.com shouldn't come to abc.com password adminstrator.

Pls suggest.

Regards,
Sivaraman NR

OWA keeps asking password on Chrome

October 4, 2014, 2:54 am
$
0
0

We are encountering a very strange issue when logging to Office 365 Outlook Web App in Google Chrome.

When opening OWA, Chrome keeps asking password however there is no such issue on Internet Explorer. Google Chrome is up to date (version 32.x) and internet explorer is also latest. 

Note:  ADFS Single Sign On is enabled and users are Synchronized from local active directory.

problems after office 365 migration

October 11, 2014, 11:56 pm
$
0
0

Hi,

I did 3 migrations to different clients, from exchange 2010 to office 365,

and in all 3 cases, even after i disconnected the exchange 2010 server, i still have issues configuring outlook and signing in to Lync,

to configure outlook and sign in to lync, i need to do one of the following, either connect to a different network or change the DNS on the machine itself.

i guess that its because of the AD, coz when i mentioned connecting to a diff network will fix it, it mean its not connected to the AD anymore, and when i change the DNS on the PC itself, i am removing the IP of the AD from the DNS and putting something else...

can you please help me to fix that issue

thank you

Hybrid configuration Autodiscover CNAM record

October 1, 2014, 9:48 am
$
0
0

Hello

We are currently running in a hybrid configuration with Dirsync . Currently we have two autodiscover records created in external DNS, they are below.  Our on-prem email address policy stamps user@mydomain.com and user@mydomainhc.onmicrosoft.com on all mailboxes. I understand the purpose of the two below DNS records, however according to the below link it says I need another CNAME record for autodiscover. Why do a cname record for autodiscover.mydomain.com pointing to autodiscover.outlook.com?  I noticed that if I create a mailbox directly in O365 (not migrated)  autodiscover does not work, is this because I am missing the second cname record?

http://technet.microsoft.com/en-us/library/hh852557.aspx

A = autodiscover.mydomain.com

CNAME= autodiscover.mydomainhc.onmicrosoft.com

Cutover and Then DirSync with Password Sync

October 12, 2014, 10:11 am
$
0
0

Hi,
I m in a middle of a cutover migration for about 700 mailboxes to Office 365.
We have Exchange 2007 Org on premise.

We are planning to run DirSync with password synchronization ,directly after completely stopping Cutover batch job.
No federation service is planned to be implemented , only DirSync + password Sync option only.

My question, do I need to convert the on-premise mailboxes to mail-enabled users before running DirSync.

Got confused , conversion the on promise mailboxes to mail enabled users is mentioned on this link (step 2) http://community.office365.com/en-us/w/exchange/835.cutover-exchange-migration-and-single-sign-on.aspx , however it provides steps required for Exchange 2007\2003 after a staged migration and not a cutover.

Thanks

Hybrid Exchange Environment -- Free/Busy info share problem.

October 2, 2014, 2:40 pm
$
0
0

On a recently configured Exchange 2010 hybrid environment, all functional aspects of the environment working correctly.  I can send mail in either direction between on-premises and Exchange Online users.  The synced users show up correctly in the address books.  I had no errors when I completed the hybrid configuration wizard.  I have run through the Microsoft Free/Busy troubleshooting tools and all looks to be working correctly.

However, when I run the Test-FederatedTrust on a user in either location the first five test complete successfully, but the last test fails.  Looks like this:

RunspaceId : 
Id : TokenRequest
Type : Error
Message : Failed to request delegation token.

I've tried to delete and recreate the federated trust and everything work fine following the recreation, but I continue to get this one error which I believe is the reason that the Free/Busy information is not being shared.  Any suggestions on further troubleshooting or a way to resolve this?

Sync of proxy addresses

October 7, 2014, 8:38 pm
$
0
0

I have a hybrid Exchange environment, and have successfully migrated some mailboxes, however we have one user which is failing with the error "The target mailbox doesn't have an SMTP proxy matching 'domain.mail.onmicrosoft.com'.

I have checked this mailbox, and it does have this address (set by email address policy).  I checked the 'Attribute Editor' tab of this users AD object, and the proxyAddresses attribute is correct.  I have forced a sync (Start-OnlineCoexistenceSync), and it have been trying for more than a day, but I still get this error.  Has anyone seen this behaviour before?

Search

Locked out of O365 admin and DirSync

October 9, 2014, 6:28 am
$
0
0

Hi,

I'm facing a problem similar to this thread: http://community.office365.com/en-us/f/613/t/177586.aspx?pi14176=1

I've locked myself out of an Office 365 admin account after setting up directory synchronization using DirSync on a server. AD FS is set up. The Office 365 admin account is not part of the AD.

During the DirSync set up, I set up single sign on. After a successful synchronization, I'm finding myself locked out of Office 365 admin account with the error "The user ID you entered does not exist. Please check that you have typed your user ID correctly."I also cannot complete any further DirSync as my Office 365 admin account can't connect to Azure AD Connector.

The worst is that there were accounts only available on Office 365 tenant that wasn't part of the AD. So there are multitude of people who are locked out of their Office 365 environment as a result.

According to the link above, it looks like my problem can be solved if the domain is temporarily set to un-federated and reset O365 admin password. Can that remediate my issue immediately? I can reset my password, but is there a way to do it so that it doesn't affect other O365 users so that they don't need to reset their password?

Faster response the better. Thanks.

The Integrated Windows authentication endpoint is missing on the internal metadata document.

September 11, 2014, 11:25 am
$
0
0

Connectivity Test Failed on https://testconnectivity.microsoft.com

Analyzing the ADFS metadata document for configuration problems.
 Errors were found while analyzing the ADFS metadata document.
 
Additional Details
 
The Integrated Windows authentication endpoint is missing on the internal metadata document.

ADFS SSO Not working

On testing sso on the remote connectivity analyzer I get this:

Single sign-on test failed. Everything passes except:Analyzing the ADFS metadata document for configuration problems.

Any insights would be greatly appreciated,

Cheers

Oliver

DirSynced user showed in O365 Admin Console but not showed in Exchange online GAL

October 13, 2014, 5:55 am
$
0
0

I have a hybrid environment. All on-prem users were synchronized to O365 and I can see all of them in O365 Admin Portal. But one specific on-prem user can't be found in Exchange online GAL and all Exchange Online users who send mail to his mailbox will get NDR. But everything is fine in on-prem environment (Ex2010 SP3 RU7). All on-prem users  can send and receive mail from him without problem and they can see this person in on-prem Exchange 2010 GAL...


Need help to troubleshoot this issue.

Office 365 Username Does Not Match On-Premise Active Directory UPN/SamAccountName

October 13, 2014, 6:48 am
$
0
0

Currently, we are in a Hybrid Configuration with Exchange 2010 SP3 on-premise using DirSync for same sign-on. For all of our other users, the UPN and SamAccountName are the same as the Office365 username created from DirSync. In this instance, it is not.  The UPN and SamAccountName in the on-premise AD are user1a@domain.org.  The username in Office365 is user1b@domain.org. I opened the user in the on-premise EMC and navigated to the user’s properties under the Office365 site.  Under the account tab, his UPN shows up as user1b@domain.org which is incorrect as well.

How do I go about changing this so that the Office 365 username is the same as the UPN/SamAccountName?

Note: I have previously went through the process of changing a username with a user that is already DirSynced. Do I just go through the same process of running the remote powershell below even though the user did not sync in the same fashion as all of the other users from the beginning?

Set-MSolUserPrincipalName –UserPrincipalName oldusername@domain.org–NewUserPrincipalName newusername@domain.org

Second ADFS server failure

October 13, 2014, 12:54 pm
$
0
0

Encountered error during federation passive request. Below is a screen shot my environment.  The issue is that on server ADFS B, is showing this error in the ADFS event log.  Once this kicks users are unable to authenticate through ADFS B.  Event id 364.

ADFS A and ADFS B are using Microsoft NLB as shown with Virtual IP xx.xx.4.4.  If I change the pa.contoso.com from xx.xx.4.4 to xx.xx.4.5 forcing the use of ADFS A instead of allowing for round robin users are able to login also the error on ADFS B resolves and event log is cleared up.  I test users forcing them to use ADFS B and they are able to authenticate with out error.  After reviewing this and troubleshooting for a bit I believe that the reason this is failing is that when ADFS B tries to resolve pa.contoso.com it resolves to xx.xx.4.4 but the NLB directs it back to xx.xx.4.6.  I engaged the network team on this and they are showing log errors showing that xx.xx.4.6 is trying to resolve to it self.

Configuration at this point is, change DNS entry for pa.contoso.com to point to xx.xx.4.5.  We have not had an error since I made this change in our DNS.

My questions are,

  • Do we need two ADFS servers?  ver 2.0 just fyi, according to Microsoft's ADFS calculator we only need one.
  • In the current configuration if ADFS A goes down will ADFS B allow for authentication?
  • Is there a way to stop NLB from pointing to itself?
  • Is there a way to change the ADFS B server from pointing to pa.contoso.com to the actual server name?

Thank you
Dana

Viewing all 3141 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>