User Profile
steve_elliott
Brass Contributor
Joined 7 years ago
User Widgets
Recent Discussions
Re: Migrate AD User and AADConnect to new Forest (Same O365 tenant)
LIT-RS - Yep. You just need to clear the immutable ID for the user. Then when you bring Forest C sync online (assuming it's going to be the same UPN) - matching will happen automatically. If you are keeping the same UPN's the approach I've personally take would be something like : Forest A - Disable AD Connect tenant wide using powershell - All accounts will convert to cloud only Disconnect / Uninstall AD Connect on Forest A Run MSOL command against all users in tenant, again using PS Bring AD Connect online in Forest C Sync - UPN's will match up and sync7KViews0likes0CommentsRe: Migrate AD User and AADConnect to new Forest (Same O365 tenant)
LIT-RS - I'm not sure the matching will work as each sync'd user account from Forest A will have an immutable ID on the Azure side. You'll need to clear that for each user in Azure before it'll connect to another on prem sync'd account.7.1KViews0likes2CommentsRe: Password expired issue
Grace Yin Cloud accounts sync'd from on prem via AD COnnect dont support password password expiration. If its used to expire contractors accounts for example, it's better to have the account disabled on a certain day which would stop user from logging into cloud services.1.4KViews1like1CommentRe: How to tell if user is ready to enable MFA
Jason Benway There is a report you can run from the Portal GUI which should give you the info you need From the Azure AD Blade , go to Password reset > Usage & Insights - here you will see how many users have registered for MFA and/or SSPR If you prefer the PowerShell route, there is some scripts on the Microsoft galary which will also let you pull this info using powershell2.6KViews1like0CommentsRe: What naming convention are you guys using for internal DLs?
The company I currently work in constantly struggle to agree on a naming standard, largely due to Central IT not being able to mandate any sort of naming convention as satellite IT dept's simply wouldn't adhere to it. Different countries, opinions, cultures etc - although we tried to gather everyones feedback and come up with a proposal every country / local IT Dept would agree on, it's been a challenge. In summary though our proposal was : DL's start with either a 'DG-' or simple a '-' Groups / Teams start with 'Grp - ' Shared / Resource mailboxes start with a '$' Thats the convention we're trying to get the business to adopt.1.2KViews0likes1CommentRe: Azure AD self-service password reset - Group (SSPR)?
For some reason I'm not able to reply to the private message I got asking how we did this so will post here : Hi Dave, Sure no worries. We use a dynamic security cloud only group. And then configured the advanced rule with the below. Once it was populating correctly we just assigned that user group permissions to do SSPR which would write back to our local AD. When we designed it this way it means we don't have to keep ontop of populating the security group who can do SSPR, as soon as one of our users are assigned the EMS licence, they become a member of the group and have permissions for SSPR / Writeback :) This was the code for the advanced rule scope: user.assignedPlans -any (assignedPlan.servicePlanId -eq "c1ec4a95-1f05-45b3-a911-aa3fa01094f5" -and assignedPlan.capabilityStatus -eq "Enabled") Hope this helps.12KViews1like0CommentsIdentifying all users who authenticate using Basic Auth via PowerShell?
Is it possible to run a PS script of some sort which would identify all users who are connecting to O365 services (Exchange) using basic auth. When we run the report via the GUI in Azure AD Sign-In's blade and filter by 'Client App' - this gives u the info we need but the export is limited to 5000 events. Is there a way to extract this info to a CSV via PowerShell?24KViews0likes2CommentsIdentify all users using Basic Authentication
Is it possible to run a PS script of some sort which would identify all users who are connecting to O365 services (Exchange) using basic auth. When we run the report via the GUI in Azure AD Sign-In's blade and filter by 'Client App' - this gives u the info we need but the export is limited to 5000 events. Is there a way to extract this info to a CSV via powershell?6.4KViews1like2Comments
Recent Blog Articles
No content to show