All posts by Jos

GroupSync v0.56 available!

Version 0.56 is out, changes since v0.50:

  • prevent running twice (if scheduled task hangs for some reason)
  • send email notification if logfile is locked
  • replace add-adgroupmember and remove-adgroupmember with set-adgroup because of a known bug in these commands
  • multi-delete protection
  • auto reconnect to Exchange Online when the connection times out + longer timeout
  • additional filtering method for groups: extensionAttribute2
    • If you want to use this instead of the displayName prefix filter, read up on how to switch

Get it here

OnedriveMapper v3.08 released!

Version 3.08 of OneDriveMapperĀ has beenĀ released!

  • Modified folder redirection into three seperate options (mydocs, favorites, desktop)
  • Fixed a onetime crash after the auto updater runs
  • redirectMyDocsTo renamed to redirectToSubfolderName
  • Minor bug/performance fixes

Get the new versionĀ here

Azure Active Directory Connect with Multiple Source Forests: The specified domain does not exist or cannot be contacted

Configuring a multi forest sync solution for a single Office 365 tenant is pretty straightforward, but there are a few small tiny gotcha’s:

1. DNS resolution is critical, adding a few host file entries won’t do the trick, use a (conditional) forwarder to a DC for each forest
2. Ensure the proper firewall ports are open
3. Ensure you type your login in the netbios format and include the suffix, e.g.: LIEBEN.NU\Admin, using LIEBEN\Admin will fail

If you don’t, you’ll probably run into this error:

[ERROR] Caught exception while validating the domain credentials and retrieving domain FQDN of the specified user XXXX.XXX\Admin.
Exception Data (Raw): System.DirectoryServices.ActiveDirectory.ActiveDirectoryObjectNotFoundException: The specified domain does not exist or cannot be contacted.
   at System.DirectoryServices.ActiveDirectory.Domain.GetDomain(DirectoryContext context)
   at Microsoft.Online.Deployment.Framework.Providers.ActiveDirectoryProvider.ValidateUserCredentials(String domainName, String username, SecureString password, String& domainFqdn)
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.ConfigSyncDirectoriesPageViewModel.ValidateADDirectoryConnection(DirectoryConnectionViewModel connection)

Onedrive Files On Demand is finally coming!

I’ve been ‘mentioning’ it a few times here and there, wasn’t allowed to say too much….but now it is finally public, coming before the end of the year Onedrive will have a sync on demand feature, no longer requiring local storage on your device!

It will allow all of us OnedriveMapper users to switch to a fully supported Microsoft solution for Windows 10 users.

Quirky thing is, Windows 7 and 2008 / 2012 R2 are not in scope. Possibly another good one to vote on at uservoice šŸ™‚

Azure Runbooks and Write-Progress

If you use Azure Runbooks, but develop scripts locally first…you may like to display progress indicators to yourself when handling large amounts of records / data with Write-Progress.

Be sure to parameterise this, because if you use Write-Progress in an Azure Runbook, it will seriously slow your runbook down, increasing the cost, and if there are over 4000 write-progress calls the runbook will hang and crash.

OnedriveMapper v3.07 released!

Version 3.07 of OneDriveMapperĀ has beenĀ released!

  • Azure AD PassThrough SSO now supported
  • Now defaults to TLS V1.2 instead of V1.0 (Powershell default)
  • Auto updater and MSI updates now support changing the config ID
  • Force IE auth mode on Powershell V2 or lower
  • Don’t process AzureADSSO regkeys when using native mode

Get the new versionĀ here

OnedriveMapper v3.06 released!

Version 3.06 of OneDriveMapperĀ has beenĀ released!

  • userLookupMode 6 added, which displays a full and customizable login form to the user which asks for username and password
  • added user login caching for userLookupMode 1 and 2, so the script won’t fail if the user is roaming away from a DC and the login is cached
  • fixed a reference to my test domain in Azure AD PassThrough (liebensraum.nl)
  • fixed a crash when ADFS denies the request in native mode (now properly falls back to IE auth mode if allowed)
  • first basic support for Azure AD SSO

Get the new versionĀ here

Enterprise Mobility Technical Checklist

Considering to move to an Anywhere, Anyplace, Anytime lightweight IT environment? Throwing out all local IT?

No more Domain Services, just AzureAD? Windows10, or any other mobile modern client? Here’s a short checklist I sometimes use for clients when assessing their intentions / plan:

  • Intune tenant created and policies have been set, including Conditional Access
  • All my non single MSI applications I want to deploy to my clients have been repackaged
  • All my application servers/services have been moved to SaaS or to RemoteApp or the like
  • My identities have been synchronized or copied to Azure AD
  • All users have an Intune or EMS license
  • I have enabled Azure AD automatic MDM enrollment
  • I have enabled Enterprise State Roaming in Azure AD
  • I have published my internal web sites using Azure Application Proxy and added these sites to Intune as Apps
  • DLP policies have been setup for any sensitive data types/locations in my company
  • Personal data has been migrated to Onedrive for Business
  • Group data has been moved to Office 365 Groups or Sharepoint Online

Just to get you started! šŸ™‚