O365

How to Remove Users From the Office 365 Deleted Users

And… its time to purge those 365 deleted users. Although we can wait for the retention policy to do it for us. I wanted to do this “now”.

I had wrote the following steps in the past and thought I would share here.

[Press Start]

To delete the account for one or more users

Sign in to Office 365 with your work or school account.

Go to the Office 365 admin center.

Go to Users > Active Users.

Choose the names of the users that you want to delete, and then select DELETE Delete.

In the confirmation box, select Yes.

Done!

[Pause]

Well, not so fast. The deleted users is not fully gone yet. It takes 30 days after you have deleted the user for it to purge from Office 365. However there is a way to do this faster

[Press Start]

Connect to Exchange Online using the Windows Azure Powershell module.

To connect you enter the following cmdlet’s:

  1. Store your credetials (this is stored in memory): $msolcred = get-credential
  2. Connection to Office 365: connect-msolservice -credential $msolcred

Once connected you can issue the following command to list deleted users:

get-msoluser –returndeletedusers -maxresults 100

To remove a deleted user permanently:

remove-msoluser –userprincipalname UID@UPN.com -RemoveFromRecyclebin

If you had multiple users, the following cmdlet would work to remove all deleted users recycle bin:

get-msoluser –returndeletedusers -maxresults 100 | remove-msoluser -removefromrecyclebin -force

That’s it… Your done. Good Luck

Original Post of mine can be found here

Quick How To Share a Document with OneDrive for Business


You can share file(s): Documents and such with Onedrive for Business

1.      In the file list, right-click a document, or select a document and then select Share.

2.      Select Get a link.

3.      Choose who to share with, and if they can view or edit the file.

4.      To share with people inside your organization, choose:

5.      View link – account required – people inside your organization can view, copy, or download the document.

6.      Edit link – account required – people inside your organization can edit, copy, or download the document.

7.      To share with people outside your organization, choose:

8.      View link – no sign-in required – people outside your organization can view, copy, and download the document.

9.      Edit link – no sign-in required – people outside your organization can edit, copy, and download the document.

10.  For external links, select SET EXPIRATION, and choose when you want the link to expire.

11.  Click Copy and paste the link in an email or post it.

Note: Links created that don’t require a sign-in can be opened by anyone, so make sure the content can be shared publicly. Consult your Corporate Information Security Policy and IT if needed.

Note: Sharing of folders is not possible at this time.

Office 365 IRM & Azure Rights Management

I recently configured IRM to protect documents and email communications as part of a security initiative.

Information Rights Management (IRM) in Exchange Online uses Active Directory Rights Management Services (AD RMS), an information protection technology service in Office 365. IRM protection is applied to email by applying an AD RMS rights policy template to an email message. Usage rights are attached to the message itself so that protection occurs online and offline and inside and outside of your organization’s firewall

Need to know info:

  • Time to complete this task: 30-60 minutes
  • You need to be assigned admin permissions to manage IRM
  • Knowledge of using Windows PowerShell to connect to Exchange Online

Steps Taken:

Step 1: Activating Azure Rights Management

  1. Log into the Office 365 admin center
  2. In the left pan expand the services settings
  3. Click Rights Management
  4. On the Rights Management page, click Manage
  5. On the Rights Management page, click Activate
  6. You will be prompted with the question: Do you want to activate Rights Management? click activate.

You should now see Rights Management is activated

Step 2: Using Exchange Management Shell to log into Office 365

Here I use PowerShell ISE to step through he process

# Login to the Office 365 Account

Set-ExecutionPolicy RemoteSigned

$UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

Import-PSSession $Session

Step 3: Use the Exchange Management Shell to configure the RMS Online key sharing location in Exchange Online

#Displaying the IRM Configuration

Get-IRMConfiguration

# List of Locaitons

#North America https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc

#European Union https://sp-rms.eu.aadrm.com/TenantManagement/ServicePartner.svc

#Asia https://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc

#South America https://sp-rms.sa.aadrm.com/TenantManagement/ServicePartner.svc

#Office 365 for Government (Government Community Cloud) https://sp-rms.govus.aadrm.com/TenantManagement/ServicePartner.svc

Set-IRMConfiguration -RMSOnlineKeySharingLocation “https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc”

#Checking that the configraiton was applied

Get-IRMConfiguration

Step 4: Importing Trusted Publishing Domain (TPD) from RMS Online

Import-RMSTrustedPublishingDomain -RMSOnline -name “RMS Online”

Test-IRMConfiguration -RMSOnline

Step5: Enabling IRM in Exchange Online

Set-IRMConfiguration -InternalLicensingEnabled $true

Step 5: Testing the IRM configuration

Get-IRMConfiguration

Test-IRMConfiguration -Sender jsmith@jermsmit.tld

Expected Results should show that each area verified has passed

Ref Links:

https://technet.microsoft.com/en-us/library/jj983436(v=exchg.150).aspx

https://support.office.com/en-us/article/Set-up-Information-Rights-Management-IRM-in-SharePoint-admin-center-239ce6eb-4e81-42db-bf86-a01362fed65c

Summery  image of my PowerShell ISE

 

Office 365: EX20870 – Restoring service

Incident and Reported Details

Incident ID: EX20870

Details:

Current Status: Engineers have found that a portion of the affected infrastructure did not upgrade to the latest version as was intended. The remaining server capacity is now being updated. Once this is complete, engineers will run additional tests to confirm the update resolves the underlying root cause.

User Experience: Affected users are intermittently unable to connect to voicemail. When attempting to connect, users will hear silence and the call will disconnect.

Customer Impact: A few customers are reporting that they are experiencing this issue. This event is affecting customers with on-premises Edge server deployments utilizing the Exchange Online Unified Messaging (UM) feature.

Incident Start Time: Wednesday, April 1, 2015, at 8:00 PM UTC

Preliminary Root Cause: As we continue to expand Office 365 services and onboard new customers, an issue with the way the infrastructure handles connections has been revealed. Under increased load, the service performed at a suboptimal level handing connection requests, which caused increased latency and disconnects.

Office 365: Self Service of Distribution Groups

The ability to self service the creation of distributions groups has been a feature for quite some time in my Exchange experiences.  Now that I am in Office 365 / Exchange Online this functionally is no longer available for synced groups. This now forces the enlistment of the support department to facilitate all mortification for the end user.

Looking into this to get an understanding as to why this is, I’ve learned that if you’re an Office 365 Exchange Online customer and currently utilizing Directory Synchronization (DirSync) between an on-premise Active Directory and Office 365’s Azure Active Directory you will face such incidents as the objects on the Office 365 are in read only mode and are updated via the synchronization that has been put in place

You are even given a a little message when you attempt to make modification to groups:  The action ‘Update-DistributionGroupMember’, ‘Identity,Members’, can’t be performed on the object ‘Group Name’ because the object is being synchronized from your on-premises organization. This action should be performed on the object in your on-premises organization.

Now aware of this limitation that exist around group modification due to them being read only how do I work like this? I have the following two ideas to work with.

One: 

One method is to go old school and use the Use the ‘Find Users, Contacts and Groups’ tool to allow group modification. However there is an issue regarding the fact that the computer used needs to be a member of the domain and at the time of change also connected to the on premise domain network (internal or via vpn).

Note: After changes have been made the condition of waiting for Directory Synchronization (DirSync) to complete its sync cycle must take place.  This can take up to 3 hours time.

 

Two:

The Second method is to change all Directory Synchronization (DirSync) Distribution Group Objects to the Azure Active Directory and make the On-Clound

Office 365: Initiate a full password sync using DirSync

Having a need to rapidly sync passwords to Office 365 using Directly Sync (DirSync) I come across the following method that seems to work with minimal effort.  By default the DirSync only kicks off ever 3-5 min’s.

To initiate a full password sync you can do the following:

  1. Open PowerShell, and then type:

     
  2.  Then Type:

     
  3. Press Enter
  4. Load Services.msc
  5. Restart the Forefront Identity Manager Synchronization Service Service. (FIMSynchronizationService)

In your application event logs you should notices multiple events  of 656 (Password Sync Requests) and Even 657 (Password Sync Results) indicating that your full password sync has kicked off.

 

Office 365: Directory Synchronization Isssues

Yes!  In Office 365 at last and now synchronizations are failing

The followin message is shown in the forefront identity manager: stopped-server-down

And with the event id of 655 the following message is shown:

Failed credential provisioning ping.

Error: Microsoft.MetadirectoryServices.ServerDownException: Failed even after 5 retries. Action: ProvisionCredentials, Exception: Unable to communicate with the Windows Azure Active Directory service. Tracking ID: *removed for privacy*

See the event log for more details.. —> Microsoft.Online.Coexistence.ProvisionRetryException: Unable to communicate with the Windows Azure Active Directory service. Tracking ID: *removed for privacy* See the event log for more details. —>

System.ServiceModel.ServerTooBusyException: The HTTP service located at https://adminwebservice.microsoftonline.com/provisioningservice.svc is unavailable. This could be because the service is too busy or because no endpoint was found listening at the specified address. Please ensure that the address is correct and try accessing the service again later. —> System.Net.WebException: The remote server returned an error: (503) Server Unavailable.
at System.Net.HttpWebRequest.GetResponse()
at System.ServiceModel.Channels.HttpChannelFactory1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
--- End of inner exception stack trace ---

Server stack trace:
at System.ServiceModel.Channels.HttpChannelUtilities.ProcessGetResponseWebException(WebException webException, HttpWebRequest request, HttpAbortReason abortReason)
at System.ServiceModel.Channels.HttpChannelFactory
1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Microsoft.Online.Coexistence.Schema.IProvisioningWebService.ProvisionCredentials(SyncCredentialsRequest request)
at Microsoft.Online.Coexistence.ProvisionHelper.InvokeAwsAPI[T](Func1 awsOperation, String opsLabel)
--- End of inner exception stack trace ---
at Microsoft.Online.Coexistence.ProvisionHelper.CommunicationExceptionHandler(CommunicationException ex)
at Microsoft.Online.Coexistence.ProvisionHelper.InvokeAwsAPI[T](Func
1 awsOperation, String opsLabel)
at Microsoft.Azure.ActiveDirectory.Connector.ProvisioningServiceAdapter.<>c__DisplayClassb.<ProvisionCredentials>b__a()
at Microsoft.Azure.ActiveDirectory.Connector.ProvisioningServiceAdapter.ExecuteWithRetry(String actionName, Action action)
— End of inner exception stack trace —
at Microsoft.Azure.ActiveDirectory.Connector.ProvisioningServiceAdapter.ExecuteWithRetry(String actionName, Action action)
at Microsoft.Azure.ActiveDirectory.Connector.ProvisioningServiceAdapter.ProvisionCredentials(SyncCredentialsRequest request)
at Microsoft.Azure.ActiveDirectory.Connector.PasswordChangeNotificationExtension.Ping(String state)

I haven’t changed anything on our end; and from what the Office 365 dash indicates is that there are various ongoing issues.
So far; from an Administration end this hasn’t been the best of experiences.

 

Office 365: MO17808 – Service degradation

Well this may be why I’ve had issues all day

Current Status: Engineers continue to perform tests on the affected networking capacity in order to develop a plan to remediate impact.

User Experience: End users are not directly affected by this issue.

Customer Impact: Customer impact appears to be limited at this time. Any users or mailboxes that are provisioned within Exchange may not synchronize properly to the Office 365 environment. This may result in mail flow or mailbox access issues for those users after DirSync attempts to perform an Active Directory synchronization.

Incident Start Time: Saturday, March 21, 2015

Office365: Using PowerShell to get Office365 license info

Working to apply bulk apply licenses I stumbled upon some useful commands to list the licenses assigned to my Office 365 Account.

The following command will list account Sku ID’s along with the active and consumed units. Best of all list them in a nice grid view

We can also pull the subset of information such as items include with pack we have.

The following command will list included service plans under our package

 

Office 365: Cutover Migration | Lost Delegation on Mailboxes

I am posting this to help any of you who are looking to be proactive in your approach to migrate into Office 365 / Exchange Online Services.

After migrating mailboxes info Office 365, you will noticed that under your recipient’s mailbox delegation all previous access levels have been removed. In fact they never came over with the migration in the first place.

But Why?

Because during the copy of the user account and mailbox data this info is not recorded as the migration tools are not designed to copy such info (at this time) “quoting Microsoft support on this one”

Right now I am in search of a method to script out my users and then import that via power-shell. I will post / share this as soon as I have a working solution.

This post is just to inform any of you searching this out that you may also face this same issue.

 

IMHO

In my humble opinion as a professional who has been working in Office 365 / Exchange Online – You are better off configuring a Hybrid migration path over the all in one cut-over-method. While the Hybrid may take some extra learning and understanding; its the path that will ensure your data is migrated with all attributes.

Another example of things not working properly in a cut-over migration: Office 365: Convert Mailbox to Shared Mailbox after Cutover Migration

 

Again note: that not all permissions are preserved when mailboxes are moved to Office 365 using a cutover migration. For example Send As permissions on mailboxes will be lost and administrators will need to reconfigure this once users are moved across into the cloud.