When you are syncing permissions from Active Directory to Office 365 and giving access to Sharepoint based on AD group, you can encounter a problem with permissions: members of this group does not have access to the site !
And when you are adding people directly to the Sharepoint group, then access is granted. Why is it so?
It's because group permissions needs to be updated, which can take a long time. To speed process up, you can run crawl, enforcing Sharepoint to read new permissions.
You need to go to Site options, Search and offline availability and run crawl.
Here is how to proceed:
https://docs.microsoft.com/en-us/sharepoint/crawl-site-content
Cloud Admin Notebook Blog created to save time and nerves for Office365 and Azure admins. cloud.ittips.eu
Thursday, 17 October 2019
Tuesday, 16 July 2019
Teams - Cannot add room to the meeting
When you are trying to add a room to your Teams meeting using Teams application, you get an error saying that no rooms are available. However, in the Outlook all seems to be OK.
Solution is simple - you need to add a room list which consist of your room/rooms
Solution is simple - you need to add a room list which consist of your room/rooms
New-DistributionGroup "ENTER YOUR ROOM LIST NAME LIKE BUILDING OR OFFICE HERE” -Roomlist
Add-DistributionGroupMember -Identity "PREVIOUSLY CHOSEN ROOM LIST NAME" -Member "YOUR ACTUAL ROOM NAME GOES HERE"
Friday, 5 July 2019
Sharepoint Online: Cannot upload custom document template for
When you have created a Sharepoint site using new Sharepoint Online admin center, then you can see access deny when you need to upload new content type template for custom documents to the documents library.
New view:
It's because scripting on the new, created site is turned off.
You need to:
1.Turn on scripting on the root Sharepoint settings:
2. Execute from the Powershell to turn on scripting for the new site:
Connect-SPOService https://YOURTENANTNAMEHERE-admin.sharepoint.com
Set-SPOsite https://YOURTENANTNAMEHERE.sharepoint.com/sites/YOURSITENAMEHERE -DenyAddAndCustomizePages 0
New view:
It's because scripting on the new, created site is turned off.
You need to:
1.Turn on scripting on the root Sharepoint settings:
2. Execute from the Powershell to turn on scripting for the new site:
Connect-SPOService https://YOURTENANTNAMEHERE-admin.sharepoint.com
Set-SPOsite https://YOURTENANTNAMEHERE.sharepoint.com/sites/YOURSITENAMEHERE -DenyAddAndCustomizePages 0
Monday, 27 May 2019
Office365: autologon credentials prompt
After enabling seamless sign on you can experience https://autologon.microsoftazuread-sso.com credential prompt.
Using registry adding method, described here:
https://www.blogger.com/blogger.g?blogID=2622078485295191193#editor/target=post;postID=7903981005079364156;onPublishedMenu=allposts;onClosedMenu=allposts;postNum=35;src=postname
I've added this entry:
Among with the others which were already existing
Thursday, 9 May 2019
Azure AD - Roll over Kerberos keys
After enabling seamless SSO, you need to roll over Kerberos decryption key every month or so.
Process is desribed on this site:
https://docs.microsoft.com/pl-pl/powershell/azure/active-directory/install-adv2?view=azureadps-2.0
However, you can need to adjust your installation on the server to run AzureAD 2.0.
Here is the short tutorial:
http://windows.ittips.eu/2019/05/azuread-20-installing-on-windows-server.html
And here the effect:
Process is desribed on this site:
https://docs.microsoft.com/pl-pl/powershell/azure/active-directory/install-adv2?view=azureadps-2.0
However, you can need to adjust your installation on the server to run AzureAD 2.0.
Here is the short tutorial:
http://windows.ittips.eu/2019/05/azuread-20-installing-on-windows-server.html
And here the effect:
Wednesday, 13 February 2019
Password sync does not work ADConnect and Office365
You just configured your ADConnect and password sync doesn't work?
Or maybe it just stopped after some configuration changes?
If you are getting errors with ID 611, then you need to check AD permissions for sync account, or if you are not sure, run embedded cmdlet in ADSyncConfig module (it's included in AD Connect from 1.1.880.0 released in August 2018 according to Microsoft)
Import-Module "C:\Program Files\Microsoft Azure Active Directory Connect\AdSyncConfig\AdSyncConfig.psm1"
Set-ADSyncPasswordHashSyncPermissions -ADConnectorAccountName YOUR_ADSYNC_ACCOUNTHERE -ADConnectorAccountDomain YOUR_LOCALDOMAIN_HERE
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-configure-ad-ds-connector-account
Or maybe it just stopped after some configuration changes?
If you are getting errors with ID 611, then you need to check AD permissions for sync account, or if you are not sure, run embedded cmdlet in ADSyncConfig module (it's included in AD Connect from 1.1.880.0 released in August 2018 according to Microsoft)
Import-Module "C:\Program Files\Microsoft Azure Active Directory Connect\AdSyncConfig\AdSyncConfig.psm1"
Set-ADSyncPasswordHashSyncPermissions -ADConnectorAccountName YOUR_ADSYNC_ACCOUNTHERE -ADConnectorAccountDomain YOUR_LOCALDOMAIN_HERE
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-configure-ad-ds-connector-account
Wednesday, 3 October 2018
msExchHiddernFromAddressList is not synced to Office365
Situation:
You need to hide Exchange Online mailbox from address list and have AD synchronization in place, but no local Exchange.
You then extend Active Directory schema by using local Exchange installation with setup.exe /prepareschema switch.
Next, you are fire up refresh directory schema in AD Connect, and do full AD sync, and...
No, msExchHiddenFromAddressList attribute is not syncing, even if it is set in AD account attributes and seen on AD Connect connector.
Solution:
If you have made all the previous steps, then probably your AD account has mailnickname attribute not set
After fill it with proper data (alias), and do another AD Connect AD sync , you can see your msExchHiddenFromAddressList synced at last.
Subscribe to:
Posts (Atom)