Sunday, 28 August 2016

Office 365–Update users UPN

Catching up on the latest updates in the Office 365 for IT Pros, there was an update to the behaviour of licensed synchronised users User Principal Name (UPN). If this book isn’t part of your library I fully recommend adding it. This change means that licensed synchronised users will have their UPN updated upon change.

Note: In a change, Microsoft made to its synchronization service, tenants created after 15th June 2016, automatically update the UPN of a synchronized account in Office 365 through the directory synchronization process –even if it's licensed. Tenants created before that date must enable the feature. This update does not apply to federated identities.

Like any change/feature I test in my test Office 365 Tenant, here are my notes on the change, using Windows Azure Active Directory Module for Windows PowerShell, run the following cmdlet:

[PS] Get-MsolDirSyncFeatures

image

To update this setting run the following cmdlet:

[PS] Set-MsolDirSyncFeature -Feature SynchronizeUpnForManagedUsers -Enable $true

image

Checking the Metaverse for my test user Lisa Simpson we can see the UPN is currently set to simpsonl@skitttech.co.uk

image

Looking in Active Directory Users and Computers (ADUC) you can see this is how the account was setup:

image

Note: When making any changes to Active Directory, ensure you know what you’re changing and the reason for the change. In my lab and with clients I only change the UPN and not the Windows 2000 name, as users tend to login to Domain joined workstations with this identity.

Simply changing the UPN:

image

Will result in the Metaverse being updating the UPN to lisa.simpson@skitttech.co.uk:

image

Which in turn after the Azure AD Connect server has synchronised to Azure AD will update the UPN within Office 365:

image

Summary

After making these changes to the Office 365 Tenant will enable changes to the UPN to be updated; From my tests, I found that any changes that were been made prior to the configuration change the UPN will not be updated. Just update the AD object again will result in the UPN being updated in the Metaverse and synchronised to Azure AD.

This will not result in any changes to the user’s email address as these should be controlled by the Email Address Policy from Exchange, but I did find that this change did result in a change the users SIP address for Skype for Business Online.

Pre-Change:

image

Post Change:

image

I’m not a Skype for Business Online expert and will double check this change with one of my colleagues on the impact to the Skype for Business Online services.

Disclaimer: All scripts and other PowerShell references on this blog are offered "as is" with no warranty.  While these scripts are tested and working in my test environment, it is recommended that you test these scripts in your own test environment before using in any production environment.

Posted by at 1 comment:
Labels: ,

Sunday, 5 June 2016

Mailbox Migration to Exchange Online, Strange error…

Recently I tried to do some mailbox migration tests between my on-premises Exchange infrastructure and Exchange Online in Office 365. The mailbox move/migration should be the simple part on any migration project as you spend all the time ensuring the other parts of the solution are correct. However I queued a new move request recently as I needed a new mailbox in Exchange Online to test some settings in SharePoint Online… The move started, but it failed with the following:

Move1

After a number of checks and trying the migrations again still with no joy, I thought I’d remove the user/object from Office 365. Prior to removing the object I connected to Exchange Online via PowerShell and ran:

Get-MailUser –Identity “Affected user email” | FL *GUID*, Ident*

clip_image002

I then moved the users AD Object in my local Active Directory to an OU that was not being synchronised to Azure AD, and performed a full sync. Once the sync had completed I confirmed the user object was no longer in Azure AD, then moved the AD Object back to synchronised OU and perform another sync. After the sync had completed I re-ran the previous PowerShell cmdlet:

clip_image002[5]

So by performing these actions I can see that I managed to get a new object GUID for the this mail user. I then performed a new mailbox migration to Exchange Online which completed successfully.

clip_image002[7]

I will add that my home lab does get a load of abuse, where I test different exchange scenarios, but I do this so I know how to fix issues etc. its very possible I caused this error within my lab when I was doing previous disaster recovery tests. So there is a very good chance that you may never see this error.

I know that this process can be very long especially if your Directory Synchronisation has a lot of objects, so I’ll continue to look if there is another way to resolve this.

Disclaimer: All scripts and other PowerShell references on this blog are offered "as is" with no warranty.  While these scripts are tested and working in my test environment, it is recommended that you test these scripts in your own test environment before using in any production environment.

Posted by at No comments:
Labels: , , , , , , , , ,

Exchange Server 2016 Certification

Back in March last year I passed the final Exchange 2013 exam to earn my MCSE: Messaging 2013 certification, I spent a lot of time reading websites, blogs, and watching videos all covered in the previous post. So little did I think in under a year I would be doing another Exchange exam! but I did…

I saw on the Born To Learn website in January that Microsoft Learning were offering free Beta Exam 345: Designing and Deploying Microsoft Exchange Server 2016 exams (Offer now expired), So I thought what's is the harm in doing a free exam, at the very least I’d get exam simulation experience and get an idea what Microsoft was going to be looking for. I booked for the last possible day in February the offer would allow me to book, because even thou I’ve played with the install and read the Exchange Team Blog post I’d not looked into Exchange 2016 to the same level as 2013…

Little did I appreciate that the material I used for 2013 was not there for 2016… So most of my learning material came from TechNet: Exchange 2016 Site, whilst there was other Exchange resource blogs that had started to post about 2016, it wasn’t the same level of material I used for 2013.

This was the first Microsoft Beta exam I’ve taken, so this was a new experience for me. All Microsoft exams are about taking your time, understand the questions and give the answer Microsoft are looking for, but this I can say this the first time I’ve used the full time allocated to an exam… all 180 minutes of the time. As everyone that has taken a Microsoft exam will know there is that feeling at the end of the exam where you “End the exam?” where you wait for the “Pass or Fail” message on screen… but this time as the exam was a beta I confirmed to end the exam I just got a message of “…Thanks for taking the exam…” or something like that, can’t fully remember the exact text on screen, whilst I knew I wasn’t going to get the result straight away I still got that strange feeling at the end of the exam. I just had the long 8 week wait for the results…

So in April by chance I longed into Microsoft Learning site and saw a banner at the top of the page…

Capture

Which obviously was really happy and surprised about as I’d not had any notification from Microsoft or Pearson VUE about the results. For an MCSE: Messaging you now only need the single 70-345 exam on top of you MCSA qualification.

Learning material is slowly being published now:

Pluralsight Course – Migrating to Exchange Server 2016
Exam Ref. 70-345 Designing and Deploying Microsoft Exchange Server 2016

Microsoft later emailed me to confirm the qualification and that I was a Charter Member for Exchange Server 2016

Cert

Posted by at 3 comments:
Labels: ,
Subscribe to: Posts (Atom)