User Profile
ch0wd0wn
Copper Contributor
Joined 6 years ago
User Widgets
Recent Discussions
AAD COnnect object not in metaverse
I have AAD Connect running and cannot sync this one user. Here are some facts 1. User is in an OU that's configured to Sync 2. User is found in the Connector Space for on prem AD 3. User is NOT found in the metaverse search 4. User has correct UPN suffix 5. in the CS I'm able to bring up the properties of the user and generated a full sync preview and even committed it successfully. So when I force a delta sync... I see nothing at all … no new object add or changes in the logs... I looked at this article but can't really understand regarding the scoping filters. Everything is default, there should be no filters. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-object-not-syncing Please help with some more detailed troubleshooting? Seems like this user is being skipped for some weird reason....Solved13KViews0likes10CommentsRe-Enable O365 Mailbox for a returning user
Hi Here is my situation please help 1. User left the company 9 months ago..... we removed O365 license and moved AD account to a NON-SYNCING OU (keep for 1 year) 2. User recently got rehired - we move the AD account back to SYNCING OU 3. User account Sync'd to O365 4. We applied license Its been a few days and no mailbox is showing in O365! We go to on-prem Exchange... we see the user in EAC as an O365 mailbox! How do we get this mailbox to show up in O365??? What are we missing from the re-enabling of this user?2.2KViews0likes2CommentsRe: AAD COnnect object not in metaverse
Gosh sorry to keep bugging you just wanted to give you an update... I found that this user object has isCriticalSystemObject set to "TRUE" which after reading 1000s I understand that because of this, he's not being sync'd. Conversely I looked at this attribute for other syncing users and its "NOT SET". So I am sure I found the issue... however I'm unable to modify this due to some SAM error, that may be another issue.13KViews0likes0CommentsRe: AAD COnnect object not in metaverse
Hi Vasil Also in the article it is stating the following - "Go to the CS Import attribute list and check which filter is blocking the object from moving to the MV. The Connector Space attribute list will show only non-null and non-empty attributes. For example, if isCriticalSystemObject doesn't show up in the list, the value of this attribute is null or empty." But I click on the link to the CS Import page and it still doesn't show HOW TO LOOK for which filter is blocking... it just goes into explaining the import and lineage tabs. Sorry I am just not getting this. Can you just tell me where exactly would it show what is blocking this object from being in the MV?13KViews0likes0CommentsRe: AAD COnnect object not in metaverse
VasilMichev Thanks for the article. I'm really trying to follow this but the verbiage is confusing: " In the following scoping filter, if the isCriticalSystemObject value is null or FALSE or empty, it's in scope." When I look at the "In from AD - User Join" and the scoping filter shows isCriticalSystemObject has a value of "TRUE" … so according to the statement above this rule is NOT in scope? the double negative is confusing me, also because User Join sounds like its something that SHOULD be in scope right?13KViews0likes1CommentRe: AAD COnnect object not in metaverse
VasilMichev When I click Generate Preview...all it says is successful. Then I click on the source object details...it shows whole bunch of stuff on the "NEW VALUE" column and "OLD VALUE" is empty...which is to be expected since this is not syncing yet. And that's all I see...I don't see rules or anything13KViews0likes5CommentsRe: Convert a SINGLE user from Federated to Managed Authentication and then BACK to Federated... HOW?
Hey Bryan Changing the UPN worked, however the user now can't get into Outlook and authenticate or his mobile device... he basically has to use OWA. The authentication keeps prompting over and over even if we created a new Outlook profile. I thought that this should authenticate the user regardless of the application he was using... any thoughts? Bryan Haslip13KViews0likes2CommentsRe: Convert a SINGLE user from Federated to Managed Authentication and then BACK to Federated... HOW?
Yes you are correct, on prem AD with AAD Connect with password sync turned on (eventhough we are using federated authentication through PingFederate) Ok the only change I'll make is to the UPN for the user. I just want to make sure this doesn't impact his day to day activities like logging into windows...etc which it shouldn't. Do I need to recreate Outlook profile or should I just let it prompt for updated credentials? Let me try this method first, its easy enough. Bryan Haslip13KViews0likes5CommentsRe: Convert a SINGLE user from Federated to Managed Authentication and then BACK to Federated... HOW?
Hi Bryan Yeah you're right, I believe the convert-msolfederateuser command is used to migrate 1 off users that didn't get successfully converted when you convert the entire domain from federation to standard. That being said, I'm just trying to remove federation authentication services for a single user, don't want to switch an entire domain. I know I can change their logon to onmicrosoft.com and then that will be local authentication … however that means I'd have to make the user's UPN to onmicrosoft.com as well right? Bryan Haslip13KViews0likes7CommentsConvert a SINGLE user from Federated to Managed Authentication and then BACK to Federated... HOW?
Hello! We are troubleshooting some account lockout issues. We have O365 with our domain in Federated Authentication (PingFed). We want to just change 1 user from federated to managed auth... I see the command for it Convert-MSOLFederatedUser … but I don't see any command to convert the user back to Federated?? Any suggestions??Solved14KViews0likes9Comments
Groups
Recent Blog Articles
No content to show