Office 365 – Why Your UPN Should Match Your Primary SMTP Address
More about AAD Connect
- Reduction in the sync interval to keep your Azure AD in sync with AD on-premises more quickly
- Support for automatic upgrades
- Ability to switch between sign-in methods through the wizard to enable faster pilots
- Support for Domain and OU filtering within the wizard
In addition, we’re also announcing the General Availability the device write-back and schema extension support capabilities we announced before. Through the preview period of these features, we’ve gotten tremendous response and feedback and am thrilled to announce the GA of these features.
You can download the latest version of the Azure AD Connect tool here. I’ve asked Girish Chander to give you a run-down below of all the new capabilities in this release.
Link: https://azure.microsoft.com/en-us/documentation/articles/active-directory-accessmanagement-simplerulegroup/
To enable dynamic membership for a particular group, perform the following steps:
- In the Azure portal, under the Groups tab, select the group you want to edit, and then in this group’s Configure tab, set the Enable Dynamic Memberships switch to Yes.
- You can now set up a simple single rule for the group that will control how dynamic membership for this group functions. Make sure the Add users where option is selected, and then select a user property from the list (for example, department, jobTitle, etc.),
- Next, select a condition (Not Equals, Equals, Not Starts With, Starts With, Not Contains, Contains, Not Match, Match), and finally specify a value for the selected user property. For example, if a group is assigned to a SaaS application and you enable dynamic memberships for this group by setting a rule whereby Add users where is set to the jobTitle that Equals(-eq)Sales Rep, all users within your Azure AD directory whose job titles are set to Sales Rep will have access to this SaaS application.
- Note that you can set up a rule for dynamic membership on security groups or Office groups. Dynamic Memberships for Groups require an Azure AD Premium license to be assigned to the administrator who manages the rule on a group and to all users who are selected by the rule to be a member of the group.
Here you can learn more about complex rules for dynamic group membership:
These articles provide additional information on Azure Active Directory.
Link: https://community.office365.com/en-us/f/158/t/286208
Several factors may lead to the issue when the Office 365 users don’t receive any confirmation after you successfully schedule a meeting or an appointment for an on-premises room mailbox in either Outlook client or Outlook Web App in Office 365. To solve it, please check the following settings:
- If your on-premises room mailboxes are not hosted on Exchange 2010 or 2013, please move the room mailboxes to Exchange server 2010/2013 mailbox server first.
- Check if the room mailboxes are set to automatically accept the booking requests.
- Also, once the room mailboxes are hosted on Exchange server 2010/2013 mailbox server, please set the ProcessExternalMeetingMessages parameter to True by running the following cmdlet on the on-premises Exchange server:
Set-CalendarProcessing ”<Room Name>” –ProcessExternalMeetingMessages $True
——————————————————————
1. All on premise mailboxes are on Exchange 2010
2. All room mailboxes are set to automatically accept the booking requests
3. I checked the ProcessExternalMeetingMessages on all of the rooms and it was set to $false. I set them to true and then tried booking a room twice. I did not receive a response back either time. It was still set as Tentative. I’ll try again later to see if the problem takes some time to propagate through the system.
Example:
Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox')} | Add-MailboxPermission -User tenant_admins@yourdomain.onmicrosoft.com -AccessRights FullAccess -InheritanceType all
Links:
https://support.office.com/en-us/article/Deploying-the-OneDrive-Next-Generation-Sync-Client-on-OS-X-and-configuring-work-or-school-accounts-eadddc4e-edc0-4982-9f50-2aef5038c307?ui=en-US&rs=en-US&ad=US
https://support.office.com/en-us/article/Get-started-with-the-OneDrive-for-Business-Next-Generation-Sync-Client-on-Mac-OS-X-d11b9f29-00bb-4172-be39-997da46f913f?ui=en-US&rs=en-US&ad=US
Useful commands:
Start the Welcome to OneDrive wizard for the user
defaults write com.microsoft.OneDrive-mac DefaultToBusinessFRE -bool True
Enabling users to add additional work or school accounts
defaults write com.microsoft.OneDrive-mac EnableAddAccounts -bool True
Block configuring and syncing of personal/consumer OneDrive accounts
defaults write com.microsoft.OneDrive-mac DisablePersonalSync -bool True
You can download the iOS app from the app store, and the Mac sync client preview from the Microsoft Download Center. For further details on today’s releases check out the OneDrive blog.
If you want to see these apps in action plus more details of new features coming soon to OneDrive for Business then check out this Office Mechanics show.
Stay tuned for more OneDrive news in the coming months and you can also stay up to date with the full Office 365 roadmap here.
Origin link: http://www.ehloworld.com/2314
This one liner will list all users who have both SMTP email addresses (which appear in the Windows Email Address filed on their AD account), and a SIP address, but they don’t match. This is helpful in identifying users who may be contractors with their own email address at their respective company, but have SIP addresses on your system. It’s also helpful in locating users who have typos in one of the two, or who are inadvertently assigned an incorrect SIP domain.
Get -CsAdUser | Where-Object {($_.WindowsEmailAddress -and $_.SipAddress) -and ($_.WindowsEmailAddress -ne ($_.SipAddress -replace "sip:" , "" ))} | Select-Object DisplayName,WindowsEmailAddress,SIPAddress |
This yields results such as
DisplayName WindowsEmailAddress SIPAddress |
----------- ------------------- ---------- |
Laurie Lederhouse llederhouse@fourthcoffee.com sip:llederhouse@contoso.com |
Eileen Alfini eileena@fabrikam.com sip:ealfini@contoso.com |
Mike McGrath mmcgrath@wingtiptoys.com sip:mmcgrath@contoso.com |
Gavin Parmar gparmar@contoso.com sip:goarmar@contoso.com |
In this example, we see that the first three have different SMTP domains than SIP domains. In the last user, we see that the username part of the addresses is different, but the domains are the same. If you want to strip out the “sip:” from the SIPaddress column, we can add a little formatting and come up with
Get -CsAdUser | Where-Object {($_.WindowsEmailAddress -and $_.SipAddress) -and ($_.WindowsEmailAddress -ne ($_.SipAddress -replace "sip:" , "" ))} | Select-Object displayname,windowsemailaddress,@{Expression={$_.sipaddress -replace "sip:" };label= "SipAddress" } |
From: Link
New poster and content roadmaps about Office identity, authentication, authorization, and security
We’re pleased to announce the publication of some new security-related deployment content on TechNet, including a poster and two Content Roadmaps for IT professionals.
Poster: Identity and Authentication in the cloud: Office 2013 and Office 365
This poster helps explain identity and authentication in Office 2013 and Office 365, whether you’re using Office ”all in the cloud” or deploying a hybrid of cloud and on-premises Office.
The poster walks you through the new user-based authentication model that lets you use Office across multiple PCs and devices, while always having access to your files, settings, and personalization. See a zoomable version online, or download it to your computer for offline viewing. Take a look and let us know what you think.
Two new content roadmaps
We’ve restructured the table of contents for the Office 2013 Resource Kit on TechNet a bit, and to help you find your way around the Security area, we’ve published two content roadmaps:
Content roadmap for Office 2013 security
Content roadmap for Office 2013 identity, authentication, and authorization
The new Office Garage Series
Microsoft provides tools to import and synchronize user objects from an existing Active Directory environment, perform bulk CSV list imports or use custom PowerShell scripts to populate the identity store with User Principle Names and required directory attributes.
The final frontier from an automation perspective is really to set up ADFS and single sign-on as a way to ensure that your policies for password updates and the service authentication itself integrates with your existing tools and policies. The best place to go for all of this is the Office 365 deployment center on TechNet. It walks you through the right solution depending on your organization size and needs.
More Resources:
Manage Windows Azure Active Directory by using Windows PowerShell
Directory synchronization roadmap
Garage Series for IT Pros Archive of previous episodes