Thursday 17 October 2019

Sharepoint Online - AD group permissions does not work

When you are syncing permissions from Active Directory to Office 365 and giving access to Sharepoint based on AD group, you can encounter a problem with permissions: members of this group does not have access to the site ! 
And when you are adding people directly to the Sharepoint group, then access is granted. Why is it so?

It's because group permissions needs to be updated, which can take a long time. To speed process up, you can run crawl, enforcing Sharepoint to read new permissions.

You need to go to Site options, Search and offline availability and run crawl.

Here is how to proceed:
https://docs.microsoft.com/en-us/sharepoint/crawl-site-content

Tuesday 16 July 2019

Teams - Cannot add room to the meeting

When you are trying to add a room to your Teams meeting using Teams application, you get an error saying that no rooms are available. However, in the Outlook all seems to be OK.

Solution is simple - you need to add a room list which consist of your room/rooms
New-DistributionGroup "ENTER YOUR ROOM LIST NAME LIKE BUILDING OR OFFICE HERE” -Roomlist
Add-DistributionGroupMember -Identity "PREVIOUSLY CHOSEN ROOM LIST NAME" -Member "YOUR ACTUAL ROOM NAME GOES HERE"

Friday 5 July 2019

Sharepoint Online: Cannot upload custom document template for

When you have created a Sharepoint site using new Sharepoint Online admin center, then you can see access deny when you need to upload new content type template for custom documents to the documents library.

New view:



It's because scripting on the new, created site is turned off.

You need to:

1.Turn on scripting on the root Sharepoint settings:


2. Execute from the Powershell to turn on scripting for the new site:
Connect-SPOService https://YOURTENANTNAMEHERE-admin.sharepoint.com
Set-SPOsite https://YOURTENANTNAMEHERE.sharepoint.com/sites/YOURSITENAMEHERE -DenyAddAndCustomizePages 0


Monday 27 May 2019

Office365: autologon credentials prompt


After enabling seamless sign on you can experience https://autologon.microsoftazuread-sso.com credential prompt.


Using registry adding method, described here:
https://www.blogger.com/blogger.g?blogID=2622078485295191193#editor/target=post;postID=7903981005079364156;onPublishedMenu=allposts;onClosedMenu=allposts;postNum=35;src=postname
I've added this entry:

Among with the others which were already existing


Thursday 9 May 2019

Azure AD - Roll over Kerberos keys

After enabling seamless SSO, you need to roll over Kerberos decryption key every month or so.
Process is desribed on this site:

https://docs.microsoft.com/pl-pl/powershell/azure/active-directory/install-adv2?view=azureadps-2.0

However, you can need to adjust your installation on the server to run AzureAD 2.0.
Here is the short tutorial:

http://windows.ittips.eu/2019/05/azuread-20-installing-on-windows-server.html

And here the effect:

Wednesday 13 February 2019

Password sync does not work ADConnect and Office365

You just configured your ADConnect and password sync doesn't work?
Or maybe it just stopped after some configuration changes?

If you are getting errors with ID 611, then you need to check AD permissions for sync account, or if you are not sure, run embedded cmdlet in ADSyncConfig module (it's included in AD Connect from 1.1.880.0 released in August 2018 according to Microsoft)

Import-Module "C:\Program Files\Microsoft Azure Active Directory Connect\AdSyncConfig\AdSyncConfig.psm1"
Set-ADSyncPasswordHashSyncPermissions -ADConnectorAccountName YOUR_ADSYNC_ACCOUNTHERE -ADConnectorAccountDomain YOUR_LOCALDOMAIN_HERE

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-configure-ad-ds-connector-account


Wednesday 3 October 2018

msExchHiddernFromAddressList is not synced to Office365

Situation:
You need to hide Exchange Online mailbox from address list and have AD synchronization in place, but no local Exchange.
You then extend Active Directory schema by using local Exchange installation with setup.exe /prepareschema switch.
Next, you are fire up refresh directory schema in AD Connect, and do full AD sync, and...
No, msExchHiddenFromAddressList attribute is not syncing, even if it is set in AD account attributes and seen on AD Connect connector.

Solution:
If you have made all the previous steps, then probably your AD account has mailnickname attribute not set


After fill it with proper data (alias), and do another AD Connect AD sync , you can  see your msExchHiddenFromAddressList synced at last.