More about AAD Connect

  • Reduction in the sync interval to keep your Azure AD in sync with AD on-premises more quickly
  • Support for automatic upgrades
  • Ability to switch between sign-in methods through the wizard to enable faster pilots
  • Support for Domain and OU filtering within the wizard

In addition, we’re also announcing the General Availability the device write-back and schema extension support capabilities we announced before. Through the preview period of these features, we’ve gotten tremendous response and feedback and am thrilled to announce the GA of these features.

You can download the latest version of the Azure AD Connect tool here. I’ve asked Girish Chander to give you a run-down below of all the new capabilities in this release.


Tagged with:


To enable dynamic membership for a particular group, perform the following steps:

  1. In the Azure portal, under the Groups tab, select the group you want to edit, and then in this group’s Configure tab, set the Enable Dynamic Memberships switch to Yes.
  2. You can now set up a simple single rule for the group that will control how dynamic membership for this group functions. Make sure the Add users where option is selected, and then select a user property from the list (for example, department, jobTitle, etc.),
  3. Next, select a condition (Not Equals, Equals, Not Starts With, Starts With, Not Contains, Contains, Not Match, Match), and finally specify a value for the selected user property. For example, if a group is assigned to a SaaS application and you enable dynamic memberships for this group by setting a rule whereby Add users where is set to the jobTitle that Equals(-eq)Sales Rep, all users within your Azure AD directory whose job titles are set to Sales Rep will have access to this SaaS application.
  4. Note that you can set up a rule for dynamic membership on security groups or Office groups. Dynamic Memberships for Groups require an Azure AD Premium license to be assigned to the administrator who manages the rule on a group and to all users who are selected by the rule to be a member of the group.

Here you can learn more about complex rules for dynamic group membership:

These articles provide additional information on Azure Active Directory.

Tagged with:


Several factors may lead to the issue when the Office 365 users don’t receive any confirmation after you successfully schedule a meeting or an appointment for an on-premises room mailbox in either Outlook client or Outlook Web App in Office 365. To solve it, please check the following settings:

  1. If your on-premises room mailboxes are not hosted on Exchange 2010 or 2013, please move the room mailboxes to Exchange server 2010/2013 mailbox server first.
  2. Check if the room mailboxes are set to automatically accept the booking requests.
  3. Also, once the room mailboxes are hosted on Exchange server 2010/2013 mailbox server, please set the ProcessExternalMeetingMessages parameter to True by running the following cmdlet on the on-premises Exchange server:

Set-CalendarProcessing ”<Room Name>”  –ProcessExternalMeetingMessages $True


1. All on premise mailboxes are on Exchange 2010

2. All room mailboxes are set to automatically accept the booking requests

3. I checked the ProcessExternalMeetingMessages on all of the rooms and it was set to $false. I set them to true and then tried booking a room twice. I did not receive a response back either time. It was still set as Tentative. I’ll try again later to see if the problem takes some time to propagate through the system.

Tagged with:

Grant Full Access to all mailboxes in Office 365

On 2016-02-26, in Office 365, by Mattias Jönsson

Grant Full Access to all mailboxes in Office 365


Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox')} | Add-MailboxPermission -User -AccessRights FullAccess -InheritanceType all
Tagged with:


Useful commands:

Start the Welcome to OneDrive wizard for the user

defaults write DefaultToBusinessFRE -bool True

Enabling users to add additional work or school accounts

defaults write EnableAddAccounts -bool True

Block configuring and syncing of personal/consumer OneDrive accounts

defaults write DisablePersonalSync -bool True
Tagged with:

One drive business for OS X preview

On 2015-02-03, in O365, by Mattias Jönsson

You can download the iOS app from the app store, and the Mac sync client preview from the Microsoft Download Center. For further details on today’s releases check out the OneDrive blog.

If you want to see these apps in action plus more details of new features coming soon to OneDrive for Business then check out this Office Mechanics show.

Stay tuned for more OneDrive news in the coming months and you can also stay up to date with the full Office 365 roadmap here.

Tagged with:

Origin link:

This one liner will list all users who have both SMTP email addresses (which appear in the Windows Email Address filed on their AD account), and a SIP address, but they don’t match. This is helpful in identifying users who may be contractors with their  own email address at their respective company, but have SIP addresses on your system. It’s also helpful in locating users who have typos in one of the two, or who are inadvertently assigned an incorrect SIP domain.

Get-CsAdUser | Where-Object {($_.WindowsEmailAddress -and $_.SipAddress) -and ($_.WindowsEmailAddress -ne ($_.SipAddress -replace "sip:",""))} | Select-Object DisplayName,WindowsEmailAddress,SIPAddress

This yields results such as

DisplayName       WindowsEmailAddress                    SIPAddress                
-----------       -------------------                    ----------                
Laurie Lederhouse 
Eileen Alfini            
Mike McGrath       
Gavin Parmar          

In this example, we see that the first three have different SMTP domains than SIP domains. In the last user, we see that the username part of the addresses is different, but the domains are the same. If you want to strip out the “sip:” from the SIPaddress column, we can add a little formatting and come up with

Get-CsAdUser | Where-Object {($_.WindowsEmailAddress -and $_.SipAddress) -and ($_.WindowsEmailAddress -ne ($_.SipAddress -replace "sip:",""))} | Select-Object displayname,windowsemailaddress,@{Expression={$_.sipaddress -replace "sip:"};label="SipAddress"}
Tagged with:

From: Link

New poster and content roadmaps about Office identity, authentication, authorization, and security

16 Apr 2013 5:00 AM

We’re pleased to announce the publication of some new security-related deployment content on TechNet, including a poster and two Content Roadmaps for IT professionals.

Poster: Identity and Authentication in the cloud: Office 2013 and Office 365

This poster helps explain identity and authentication in Office 2013 and Office 365, whether you’re using Office ”all in the cloud” or deploying a hybrid of cloud and on-premises Office.

Thumbnail image of the Identity and Authentication poster.

The poster walks you through the new user-based authentication model that lets you use Office across multiple PCs and devices, while always having access to your files, settings, and personalization. See a zoomable version online, or download it to your computer for offline viewing. Take a look and let us know what you think.

Two new content roadmaps

Banner: Content Roadmap for IT Professionals.

We’ve restructured the table of contents for the Office 2013 Resource Kit on TechNet a bit, and to help you find your way around the Security area, we’ve published two content roadmaps:

Content roadmap for Office 2013 security
Content roadmap for Office 2013 identity, authentication, and authorization

Tagged with:

Automating User Provisioning in Office 365

On 2013-05-16, in Exchange 2013, O365, by Mattias Jönsson

The new Office Garage Series


Microsoft provides tools to import and synchronize user objects from an existing Active Directory environment, perform bulk CSV list imports or use custom PowerShell scripts to populate the identity store with User Principle Names and required directory attributes.

The final frontier from an automation perspective is really to set up ADFS and single sign-on as a way to ensure that your policies for password updates and the service authentication itself integrates with your existing tools and policies. The best place to go for all of this is the Office 365 deployment center on TechNet. It walks you through the right solution depending on your organization size and needs.

More Resources:

Office 365 deployment center

Manage Windows Azure Active Directory by using Windows PowerShell

Directory synchronization roadmap

Garage Series for IT Pros Archive of previous episodes

Office 365 ProPlus Trial

Office TechCenter on TechNet

Office 365 TechCenter on TechNet

Tagged with: