Office 365 You cannot edit users outside your organisation synced user

A small tidbit, today I was unable to edit a user that was sourced from the local AD and synced to Office 365. The message displayed was that the user was outside my organisation, and thus not editable.

Closer inspection using powershell and Get-Msoluser showed that her UserType was set to ‘Guest’. I checked all her AD properties and the dirsync logs, but there was no explanation for this status.

I used Set-MsolUser -UserPrincipalName xxx@xxx.nl -UserType Member to make her account writable again. Successive dirsyncs did not reset the UserType property.

The HTTP request is unauthorized with client authentication scheme ‘Negotiate’. The authentication header received from the server was ‘Negotiate,NTLM’. –> The remote server returned an error: (401) Unauthorized

Today, while migrating to Exchange Online from an on premises 2010 Exchange Server the Exchange console on the onprem client access machine threw the following error when creating a new Remote MoveRequest:

Deserialization fails due to one SerializationException: System.Runtime.Serialization.SerializationException: Unable to find assembly 'Microsoft.Exchange.MailboxReplicationService.Common, Version=15.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'.
at System.Runtime.Serialization.Formatters.Binary.BinaryAssemblyInfo.GetAssembly()
at System.Runtime.Serialization.Formatters.Binary.ObjectReader.GetType(BinaryAssemblyInfo assemblyInfo, String name)
at System.Runtime.Serialization.Formatters.Binary.ObjectMap..ctor(String objectName, String[] memberNames, BinaryTypeEnum[] binaryTypeEnumA, Object[] typeInformationA, Int32[] memberAssemIds, ObjectReader objectReader, Int32 objectId, BinaryAssemblyInfo assemblyInfo, SizedArray assemIdToAssemblyTable)
at System.Runtime.Serialization.Formatters.Binary.__BinaryParser.ReadObjectWithMapTyped(BinaryObjectWithMapTyped record)
at System.Runtime.Serialization.Formatters.Binary.__BinaryParser.Run()
at System.Runtime.Serialization.Formatters.Binary.ObjectReader.Deserialize(HeaderHandler handler, __BinaryParser serParser, Boolean fCheck, Boolean isCrossAppDomain, IMethodCallMessage methodCallMessage)
at System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(Stream serializationStream, HeaderHandler handler, Boolean fCheck, Boolean isCrossAppDomain, IMethodCallMessage methodCallMessage)
at System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(Stream serializationStream, HeaderHandler handler, Boolean fCheck, IMethodCallMessage methodCallMessage)
at Microsoft.Exchange.Data.SerializationTypeConverter.<>c__DisplayClass3.<DeserializeObject>b__0()

Unable to find assembly 'Microsoft.Exchange.MailboxReplicationService.Common, Version=15.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'.

This didn’t tell me much, and restarting the Microsoft Exchange Replication Service didn’t help. So I tried Powershell (remote session to Exchange Online):

New-MoveRequest -Remote -Identity "xxx@xxx.nl" -TargetDeliveryDomain "xxx.onmicrosoft.com" -

RemoteHostName "mail.xxxx.nl" -remotecredential $cred

Another error:

The Mailbox Replication Service was unable to connect to the remote server using the credentials provided. Please
check the credentials and try again. The call to 'https://mail.xxx.nl/EWS/mrsproxy.svc' failed. Error details: The
HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from
the server was 'Negotiate,NTLM'. --> The remote server returned an error: (401) Unauthorized.. --> The HTTP request is
unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was
'Negotiate,NTLM'. --> The remote server returned an error: (401) Unauthorized.
+ CategoryInfo : NotSpecified: (:) [New-MoveRequest], RemotePermanentException
+ FullyQualifiedErrorId : [Server=AMSPR01MB134,RequestId=ac5193f2-0d87-437a-85f1-01da5b8208b6,TimeStamp=25/08/2015
10:16:41] [FailureCategory=Cmdlet-RemotePermanentException] 8C76D656,Microsoft.Exchange.Management.RecipientTasks
.NewMoveRequest
+ PSComputerName : outlook.office365.com

If you run into this issue, there can be two causes:

-your user has email addresses for domains Office 365 does not know

-more likely: the user account you’re using with Get-Credential has the wrong UPN suffix or permissionset

Get-CsPowerShellEndpoint : The remote server returned an error: (406) Not Acceptable

When you’re attempting to administer Skype for Business Online or Lync Online, you’re likely going to use the Lync Online Module for Windows Powershell, or the Skype for Business Online Windows Powershell Module.

When I ran this for a customer that has two federated domains, I received an error:


$env:PSModulePath += ";C:\Program Files\Common Files\Skype for Business Online\Modules"
ipmo SkypeOnlineConnector
$session = New-CsOnlineSession -credential $cred
Get-CsPowerShellEndpoint : The remote server returned an error: (406) Not Acceptable.
At C:\Program Files\Common Files\Skype for Business Online\Modules\SkypeOnlineConnector\SkypeOnlineConnectorStartup.psm1:94 char:26
+ ... $targetUri = Get-CsPowerShellEndpoint -TargetDomain $adminDomain
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-CsPowerShellEndpoint], WebException
+ FullyQualifiedErrorId : System.Net.WebException,Microsoft.Rtc.Management.OnlineConnector.GetPowerShellEndpointCmdlet

Messing around a bit, I discovered that it did work for another administrator, it ended up being the UPN suffix. When I changed the login domain (UPN) of the user that couldn’t log in to the DEFAULT domain in Office 365 instead of one of the extra domains and waited a while until it was propagated to Skype for Business Online, I could log in without issues.

Building media for Office 2013 Click to Run

When you have low bandwidth sites, but still wish to use the Office 365 version (Click to Run) of Office 2013, you don’t want your users to individually download the whole package over a 768k line.

The best method is using System Center Configuration Manager or another form of local distribution like branch caching on a local machine in the remote location. But sometimes those are not available, you’ll have to resort to good old DVD’s.

The CTR installer requires a full path for the configuration file, here’s how I fixed an installation DVD for that. Continue reading Building media for Office 2013 Click to Run

Setting administrative permissions on all your Onedrive for Business accounts

Managing permissions on your user’s Onedrive for Business storage is a chore, there is no direct interface to do this in bulk, nor is the interface very easy to find. Plenty of articles explain how to do this for ONE user through the GUI, but few explain how to do this in bulk for several users at once.

And when you’re migrating, for example, hundreds or thousands of homedirectories to Onedrive For Business, you’ll want to automate setting permissions on all these users in bulk.

Fortunately, this can be scripted using Powershell, probably after you’ve bulk-provisioned your users in Continue reading Setting administrative permissions on all your Onedrive for Business accounts

Provisioning Onedrive for Business for all your users

Since the inception of the OneDriveMapper script, I’ve often been asked if there is a way to pre-provision Onedrive for Business storage for users.

When a user signs into Office 365 for the first time and clicks Onedrive, their Onedrive for Business storage will be allocated and initialized, before that, it is not possible to map their OneDrive storage, or sometimes more importantly: to migrate data to it.

As a good consultant or IT admin, you don’t want to force your users to do this before they can map their drive or before you migrate their data because you like to automate things, repetitive or manual process tend to be unreliable.

Doing this the smart way, is Continue reading Provisioning Onedrive for Business for all your users