User Profile
Unnie
Iron Contributor
Joined 9 years ago
User Widgets
Recent Discussions
Exchange online retention policy affecting SharePoint & OneDrive
We have an exchange online retention policy applied to retain content forever. Strangely, this policy also affects SharePoint sites even though they are not part of the target locations in retention policy. Retention policy PowerShell outputs: I check the status of the policy via PowerShell and output shows that SharePointLocation field is blank. But when I try to delete a folder in SharePoint, it throws the error that all items inside folder should be deleted before you can delete the folder, which is common when there is a retention policy applied to that site. I contacted MS support and this is the reply I received: This answer does not make much sense to me and am not able to find any documentation on this side effect anywhere. Anyone has any tips or guidance on this?SharePoint Events webpart error "There may be too many sites selected or too many filters added."
Hello, In our Intranet (Hub site), we started getting below error in events webpart (view all page): "There may be too many sites selected or too many filters added. Try Selecting fewer sites or remove some filters to continue." The events webpart is configured to show events from all sites in the Hub. There are around 51 site collections associated to this hub. Anyone experienced same problem and have some tips on this?Azure AD Sign in issue: โThe account might not exist or it might not be synchronized"
Scenario: We have Azure AD tenant set up with user provisioning and federated authentication done via Okta. So, Okta was synchronizing users to Azure AD. Now, we installed Azure AD Connect and switched off Okta based user provisioning (Still keeping Okta for federated authentication). We have successfully matched existing users in Azure AD to their AD objects using hard matching based on ObjectGuid. The Azure AD connect based sync was run on all users and it worked for all except 2 users. These users had a mismatch between Azure AD immutableId and ObjectGuid in AD. Then we got sync errors for these 2 users and Azure AD created duplicate account for them with email format as : username-<somenumber>@<tenant>.onmicrosoft.com We have corrected those user's immutableId by running PowerShell commands to change the immutableId. Once, the immmutableId of those users were corrected the sync was run again and Azure AD connect now properly matches the Azure AD user with their correct AD object (we tested by changing some irrelevant Ad attributes and they are properly propagated). But, when the user tries to login they are first redirected to Okta for login and after Okta login, the tokens are forwarded to Azure AD and user get below error from Azure AD login page: โThe account might not exist or it might not be synchronized. Contact your administrator to add or synchronize the account" We do not have any major services provisioned in M 365 yet, so can live with user's Azure AD account being recreated. Some additional things tested out, but all leads to same sign in behavior: Change the immutable ID of the Azure AD account to match AD object and run sync =All props are synced but login failure. Delete the existing Azure AD account and run sync to create new account = New Azure AD account created but login fails as before. Create a cloud account, changed the immutable Id to match the AD objectGuid, changed the UPN to match the AD object email, run sync = The cloud account gets synced to AD object and properties are updated, but login fails The issue is only for the 2 user account which had this sync error in the beginning, for all other users login is working properly. Any ideas or pointers to check. What are we missing here?Labeling of physical archive
Hi there, We have a set of business process which generates few documents inside SharePoint. These documents are arranged inside a SharePoint Document Set, and all shared properties are kept in the document set metadata. We also have a physical archive, where we label and store all these documents. The physical archive currently uses a software called ColorBar Gold 3.5 which can create archive labels to help find theses physical documents easily. The software enables to print labels with some color coding based on the document metadata and archivist then later paste this label in to the physical folder. See sample below of how this physical paper label looks like. This software currently reads data from a database & has no support to read from SharePoint list/library. Has anyone done the same but usingSharePoint libraries to fetch the metadata?MS Teams Invitation redemption & Self service account sign up is disabled
Hi there, I am invited to join a MS Teams group from another organization. when I try to redeem the invitation , it asks me create a password and display name rather than allowing me to Sign in using my Microsoft Account (Since my organisation does not have a Azure AD yet). But when I try to go through by creating a password, then I get an error that: "We cannot create a self-service Azure AD account for you because has <orga name> disabled self-service account sign-up by email validation. Ask admin to enable EmailVerified users or create an account for you." My organisation does not have any Azure AD and I have a Microsoft Account created using my official email id. What is going on here?Any help is much appreciated ๐Azure Proxy Prerequisites
Hi, I amexploring usage of Azure AD Proxy to protect my on-premise web application. The prerequisites says : " AMicrosoft Azure AD basic or premium subscriptionand an Azure AD directory for which you are a global administrator." Source So if my tenant is Azure AD P1 and I have lot of guest accounts who do not have basic or premium licenses, will this Azure AD proxy work for them? AFAIK, the proxy should be per app rather than per user. Could someone guide me here?Azure AD App with wild card reply urls
Hi all, I have an Angular 5 app which is authenticated using Azure AD using AdalJs. The whole app is protected by azure ad and user needs to be logged in to be able to access any page. Now in my Azure Ad app I have added reply url as "https://app.domain.com". Scenario 1: In a fresh session User hitshttps://app.domain.com and gets authenticated by azure ad and returns to the web site. Scenario 2: In a fresh session User hitshttps://app.domain.com/page1and gets authenticated by Azure AD and Azure AD does not return the user back to my website with an error "https://app.domain.com/page1" is not registered as a reply url in the Azure AD app. Now if I go to my Azure AD app and make the reply URL as a wildcardURL like "https://app.domain.com/*" then the redirection flow after authentication works perfectly for all pages inside my website. I see this is one blog about this method So is the wildcard URL approach in reply URL safe to be used? The blog above says there is some security concerns but I cannot find out what those concerns are? Also, is the wildcard URL approach the correct approach here? Thanks
