I have been recently working with a customer where we was experiencing issues with connectivity to relevant Microsoft urls. While looking at potential solutions I came across a PowerShell script which tested for the following URLs
The following post contains the new features and updated features from November 2019. This post enables you to quickly glance at the Microsoft Teams Roadmap based on the latest information provided by Microsoft.
Recently when working with a customer I was troubleshooting why their devices were showing up as Azure AD Registered in the Azure portal in Azure Active Directory when they should be Hybrid Azure AD joined. These were Windows 10 1809 devices.
When running “dsregcmd /status” on one of the machines, it would show as AzureAdJoined : NO. When it is Hybrid Azure AD joined, it should still say Yes.
If you run the command as admin, you will see there is Diagnostic Data section. On my devices, it said:
Client ErrorCode : 0x801c03f2 Server ErrorCode : DirectoryError Server Message: The device object by the given id (guid) is not found.
This is because the device(s) has not been synced to Azure AD by Azure AD Connect. Make sure that the OU’s that the computer objects are in is set to sync to Azure AD. In my customer’s configuration, they had additional filtering where the users and computer objects needed to be in a Security Group to be synced to Azure AD.
Once the Azure AD Connect sync had completed successfully, and the device registration task had run again on the client, the machine now shows as Hybrid Azure AD joined in the Azure portal.
When testing BitLocker encryption on the new Windows 10 1909 release using my VMWare environment. I ran into the following error;
This device cannot use a Trusted Platform Module. Your administrator must set the “Allow BitLocker without a compatible TPM” option in the “Require additional authentication at start-up” policy for OS volumes.
Go to your Local Group Policy
Locate the following setting under Computer Configuration –> Administrative Templates –> Windows Components –> BitLocker Drive Encryption –> Operating System Drives
Require additional authentication at startup
We will now need to edit this policy to enable the required settings, please use the below screenshot as your guide.
Once the policy has been enabled with the required settings, re-run BitLocker Drive Encryption and this time it’ll be more successful.
Recently, I was trying to use Install-Module cmdlet to install a required module for some testing on a client machine however I ran into the following error
Install-Module: The term ‘Install-Module’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:1Install-Module MSOnline. CategoryInfo : ObjectNotFound: (Install-Module:String) , CommandNotFoundException FullyQualifiedErrorId : CommandNotFoundException
The error looks like below:
Install-Module : The term ‘Install-Module’ is not recognized as the name of a cmdlet, function, script file, or operable program
The error usually comes, if your PowerShell is not upto date. The major version of PowerShell should be equal or greater than 5. You can run the below cmdlets to check the PowerShell version.
My PowerShell major version was 4.
To solve the error the following steps was taken to resolve the issue.
This post will explain how to merge an on-premise AD user objects with an already existing Azure AD user using hard-match with the sourceAnchor/immutableID property. I have recently experience this issue with a customer who was merging their contoso.com addresses to their fabikam.com Azure AD account.
As you can imagine this isnt a simple process but with the power of PowerShell and good old fashion “I can” attitude, this merger was a complete success.
Before we continue I would like to state that there are two methods that Azure AD Connect will use to match existing users; – Soft-Match – Hard-Match
When you install Azure AD Connect and you start synchronizing, the
Azure AD sync service (in Azure AD) does a check on every new object and
try to find an existing object to match. There are three attributes
used for this process: userPrincipalName, proxyAddresses, and sourceAnchor/immutableID.
Soft-Match will use the properties userPrincipalName and proxyAddresses to match existing users.
Hard-Match will use the property sourceAnchor/immutableID. You can only select which property is used as sourceAnchor during the installation of Azure AD Connect as described in their documentation.
If the selected sourceAnchor is not of type string, then Azure AD Connect Base64Encode the attribute value to ensure no special characters appear.
By default, Azure AD Connect (version 1.1.486.0 and older) uses objectGUID as the sourceAnchor attribute. ObjectGUID is system-generated.
So we only have to set the immutableID property of the existing user in our Azure AD to the Base64 encoded string of the ObjectId of the user in our on-premise AD. If you already synchronized your Active Directory then you probably have two users with the same name in your Azure AD. Just follow the following steps to finally merge these users:
You have to execute the following PowerShell commands on the machine with your on-premise AD and the Azure PowerShell commands via the Azure Cloud Shell.
In my scenario, I had a customer that the Email Address on the Active Directory Account didn’t match the PrimarySMTPAddress in Azure AD, however, the PrimarySMTPAddress in Exchange was correct. So I need to match both objects using the PrimarySMTPAddress from Exchange And Azure to set the ImmutableID. I create a PowerShell to gather PrimarySMTPAddress from Exchange along with the required information from Active Directory
If you have synced users and have duplicate accounts you will need to remove these before looking at continuing. A simple way of doing this changing the OU you have synced which has caused the duplicate or you can use the Azure Portal
But if you love PowerShell the following command is also possible as well.
Remove-AzureADUser -ObjectId <objectid>
3. Get Azure AD User ObjectID
One of the key requirements for this post is that we require the ObjectID of the Azure Active Directory account we are looking to match against. The following PowerShell command prints a list of all users with their ObjectId and exports to your desktop.
Set-AzureADUser -ObjectID $user.ObjectId -ImmutableID $user.ImmutableID
Write-Host $user.PrimarySMTPAddress,"with ObjectID"$user.ObjectId," has been set with ImmutableID",$user.ImmutableID
6. Start AD Sync
You can now resync the OUs which had all the user accounts and hard matching will be completed using the newly set ImmutableID.
The following post contains the new features and updated features from October 2019. This post enables you to quickly glance at the Microsoft Teams Roadmap based on the latest information provided by Microsoft.
One thing I have included in this month’s round-up is Microsoft Bookings as it now integrates with Skype and Teams.
The following post contains the new features and updated features from October 2019. This post enables you to quickly glance at the Office 365 Roadmap that directly targets Microsoft Intune based on the latest information provided from Microsoft.
Leveraging your Azure subscription for Microsoft Intune massively reduces the requirements for on-premises infrastructure. In this post I will show you how to use Azure Blob Storage to provide the Lock Screen and Desktop background all with the power of the Microsoft Cloud.
First up you will need to create a storage account within your Azure subscription.
Specify the following; – Resource Group – Storage Account Name – Location (Europe) UK South
Once the storage account has successful created, you will need to go to the resource
Go to “Containers” Create new “Container” Specify the name of the Container Specify the Public Access level as “Blob” Then click ok
Click on your new “Container”
Click Upload You will need to upload your required .jpg file
Click on the uploaded file and you will be provided a URL which can be used
Provide the URL into your required destination for example Lock Screen as shown below
As you can see from below my Lockscreen and Desktop backgrounds are what I have specifed.