Synchronizing ProxyAddress to O365

Recently, due to client requirements we’re doing a series of tests about how to migrate a bunch of attributes to O365. But we found a simple (and silly) problem that stuck us for a couple of hours.

At first glance, we were able to migrate some users from OnPrem to Office 365, but then we started playing with some other AD attributes, one of them, was ProxyAddress.

We were trying to set the following proxyaddress onprem and try to synchronize it in O365: user@tenant.onmicrosoft.com. At first glance, everything seems ok, because we were able to see in the ADConnect client that this attribute was exported to O365, but when we tried to examine this attribute in O365, was impossible to sync it.

We did a lot of things, and we run a lot of tests, including full syncs, delta, etc… and finally we discovered that it is not possible to sync a proxyaddress from onprem to o365, which contains *.onmicrosoft.com.

So, sometimes we have to follow KISS procedure and try to no rebuild the wheel…

Hope that helps!

Office 365 URLs and IP address ranges

When I start a project with a customer, they ask me to asses them in order to evaluate which ports and IP’s are necessary to be opened in order to work with Office 365 services.

Whenever I can, I try to give them a complete solution, but in other cases I heard from them how complicated is to configure the firewalls due to the number of IP ranges and ports required for Office 365.

How customers are not sure which services will be used I give them the following URL: IP’s and Ports

So, by using the following link, will be very easy for them to configure the services and to use them in a proper way.

till next time!

Is your tenant name available?

When you are ready to go to O365, you have to take into account that you’ll have your own address space, denoted by .onmicrosoft.com. But it’s not possible that two companies share the same tenant name. Also it is necessary to keep in mind, that it’s not possible to change the tenant name once it has been created, the only solution it’s to delete it by MS and create a new one, with all the configurations that this implies.

Furthermore, it is necessary to keep in mind that not only you will use your tenant name to distinguish companies, for example, brandname.onmicrosoft.com it also will be used for sharepoint, for example, brandname.onmicrosoft.com. So think twice the name of the tenant before assign it 🙂

For those cases, it is possible to check if the tenant name is available or not, for example, using the web http://o365.rocks you will be able to check the availability of the tenant name.

capturacicloge

That’s all, hope this helps!

 

IDFix Errors

Hi again!

During an implementation of O365 I run the IdFix Tool to see if they were problems in the AD. When tool finished I was receiving like a 3000 errors, but all were referred more or less to the same:

“CN=asdasdsad,OU=Contacts,OU=adsad,OU=asdasda,DC=dom,DC=loc”,contact,proxyAddresses,topleveldomain,smtp:fake@adom.loc,smtp:fake@dom.loc,

At the beginning I was stuck but suddenly I remembered that the .local domain are the ones that are not possible to route, so I thought that this domain was .loc, was also not possible to be routable for Office365. I was in the right path, so the solution here is to change the UPN, SMTP of all this user accounts that have the .loc in the domain name.

AS Bonus, I keep posted the relation between the error that gave the IDFix with a short explanation:

  • Character: The Value contains a character which is invalid.
  • Format: The Value violates the format requirements for the attribute usage. If there are no invalid characters the Update and Value will appear the same. It is up to the user to determine what they really want in the Update.
  • TopLevelDomain:  If the top level domain is not internet routable then this will be identified as an error. For example a smtp address ending in .local is not internet routable and would cause this error.
  • DomainPart: If the domain portion of the value is invalid beyond the top level domain routing this will be generated.
  • LocalPart: If the local portion of the value is invalid this will be generated.
  • Length: This is most commonly encountered when the schema has been altered. The suggested Update will truncate the value to the attribute standard length.
  • Duplicate: The Value has a duplicate within the scope of the query. All duplicate values will be displayed as errors. The user can Edit or Remove values to eliminate duplication.
  • Blank: The Value violates the null restriction for attributes to be synchronized. Only a few values must contain a value. The suggested Update will leverage other attribute values in order to generate a likely substitute.

Hope it helps!

How to customize the O365 portal for your organization

If you want to personalise the Office 365 portal to reflect your company’s branding, this is your post.

Before you start, be sure that you have the admin role in the tenant, if not, won’t be possible to do the changes.

First enter to the Admin Center, choose configuration and then company profile (sorry for the spanish screenshots)

t1

And then, click on custom themingt2

All the options can be found on this page, so you can make some or all of the customisation offered here:

  • A Custom logo – Want your logo shown at the top of the portal? Select and upload it in JPG, PNG, or GIF format. It must be no larger than 10KB and have a resolution of 200 x 30 pixels. You can also make the logo clickable by adding a URL starting with http:// or https://. Once changed, your company logo will appear at the top of every page, as seen below.
  • A Background image – Select and upload the image you would like, in JPG, PNG, or GIF format, it can be no larger than 15KB.
  • An Accent colour – Select a colour to use for the app launcher icon, mouse over colour and other accents.
  • A Navigation bar background – You can change the colour for the bar background here. This will appear at the top of every page (as you can see above, we chose black).
  • Text and icon colour – Choose your text and icon colour for the top navigation bar.
  • App menu icon colour – Select a colour to use for the app launcher in the top left.

After you have made all the changes, make sure you click ‘Save’ so that they are applied.

You will be able to see your new theme on the Office 365 Admin Center immediately. After a short delay, you’ll see it throughout Office 365 including Outlook and SharePoint pages.

If you need to remove the customisation made, be aware there is a button inside the same box were we save all the changes.

Easy, isn’t it?

Office 365 URLs and IP Addresses

In the past, a company that uses Office 365 was required to restrict the access to the URL’s and IP’s addresses only to the datacenter where the O365 tenant was created, but nowadays this has changed (unless your company is using a special version of O365).

Currently, mots of the O365 services uses Geo-DNS, which means that if your company has users that travels between regions, so these users when request for a service will be connected to the closest datacenter. This process has be done to provide to the users a better experience while using O365 services.

But if you still need to filter the traffic, you can use the following url: https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US to filter IP Addresses in terms of services that your company needs

How to connect to O365 using PowerShell

PowerShell is a necessary tool  to connect to O365 administration, more than the 40% of the features of O365 are not visible in the administration panel, so the only way to manage them is via PowerShell code. To the vast majority of users the web portal will be more useful, but if you need to do repetitive tasks or very complex PowerShell is your tool.

So, how do we connect to the several services that offer O365? Let’s being:

Azure Active Directory

$credential = get-credential
Import-Module MsOnline

Connect-MsolService -Credential $credential

Exchange Online

$exchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $credential -Authentication “Basic” -AllowRedirection

Import-PSSession $exchangeSession

SharePoint Online

Import-Module Microsoft.Online.SharePoint.PowerShell

Connect-SPOService -Url https://<NombreDelTenant>-admin.sharepoint.com -credential $credential

Skype for Business

Import-Module LyncOnlineConnector

$lyncSession = New-CsOnlineSession -Credential $credential

Import-PSSession $lyncSession

BONUS: Microsoft Azure

Get-AzurePublishSettingsFile cmdlet

#opens a web page on the Windows Azure Management Portal, from which you can download the subscription information. The information is contained in a .publishsettings file.

Import-AzurePublishSettingsFile “Pathtopublishingfile”

Get-AzureAccount

Get-AzureSubscription
#the previous commands allow to view account and subscription details

Depending of which operations or services we are using, we will be able to connect to the service without problem