Jorge's Quest For Knowledge!

All About Identity And Security On-Premises And In The Cloud – It's Just Like An Addiction, The More You Have, The More You Want To Have!

Archive for the ‘Office 365’ Category

(2016-01-19) Free AD Tool For The IT Pro (4)

Posted by Jorge on 2016-01-19


While browsing the internet I found the following AD related tools that might be worth checking out. Have fun!

REMARK: I do not own and do not support these tools. These tools are also not specifically recommended by me, this post is just a "FYI only!" It is your responsibility to test and check out these tools to see if these meet your requirements.

Z-Hire/Z-Term Active Directory, Exchange, Lync, Office 365 User Creation Tool

Z-Hire automates the IT account creation process for Exchange mailbox, Active Directory, Lync accounts, Office 365 cloud and SalesForce cloud deployments. With just a click of the button, your Exchange mailbox, and Active directory user and Lync accounts will be created simultaneousy. This tool can also create and set custom settings for Office 365 accounts using templates. Z-Hire serves as the platform for new hire accounts by allowing auto-creation of major IT user accounts with the option for custom scripts. Z-hire will decrease your new hire user account deployment time by 600%, without the need for complicated and expensive identity management solutions. This Active Directory User Creation Tool makes creating Active Directory users a breeze. Some of the features include:

  • Environment Auto detection/discovery (AD/Exchange/Lync/Office 365/SalesForce)
  • Copy existing Active Directory User to Z-Hire Template
  • Support for Active Directory user, Exchange Mailbox, Lync 2010, Lync 2013, Office 365 user and SalesForce user account
  • Template based deployment (allows consistency for all user accounts)
  • Office 365 account creation with major attributes
  • Office 365 license only mode (assign license only, when using DirSync)
  • Office 365 Hybrid mode ( for organizations running Office 365 in Hybrid mode)
  • Active Directory user account creation with major attributes
  • Active Directory group selection
  • Active Directory user duplicate SamAccountName verification
  • Lync 2010 account creation supporting all policies
  • SalesForce user creation support all major attributes
  • Faster performance (compared to previous version)
  • Bulk import from CSV / Text to provision Active Directory, Exchange, Lync and Office 365 users (version 5.3)
  • HRIS / WorkDay driven user provisioning (Automatically provision users from WorkDay and other HRIS Systems)
  • HRIS / WorkDay driven data sync (Automatically sync user data such as Title, Department from WorkDay and other HRIS systems)

Click HERE for more information

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

Advertisements

Posted in Active Directory Domain Services (ADDS), Exchange Server, IT Pro Tools, OCS/Lync Server, Office 365, Windows Azure Active Directory | Leave a Comment »

(2014-11-21) Troubleshooting SSO Issues In Azure AD, Office 365 Or Windows Intune

Posted by Jorge on 2014-11-21


The following resources can help you troubleshoot with SSO issues:

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

Posted in Office 365, SSO, SSO, Troubleshoot, Troubleshoot, Windows Azure Active Directory | Leave a Comment »

(2014-10-01) TroubleShooting Federation/SSO To Windows Azure AD And Office 365

Posted by Jorge on 2014-10-01


When setting up DirSync And Federation between your on-premise AD and Windows Azure AD to support identity sync and SSO, the most important attribute to make sure everything works are the immutableID and the userPrincipalName.

Paul Williams from msresource.net has written a great number of blog posts about this, touching all kinds of related stuff. See the following blog posts:

With regards to the implementation I used the string version of the objectGUID (AD) as the immutableID (sourceAnchor in AAD)) and the UPN as the userPrincipalName (AAD). I achieved that by leveraging FIM with the AAD connector. Because of that I also had to implement slighty different claims rules in ADFS for Azure AD/Office 365. The rules in my ADFS v2.0 looked like:

@RuleName = "Identity Claims – objectGUID (Base64) To objectGUID (String)"
c:[Type == "
http://temp.org/identity/claims/adObjectGuidBase64org"]
=> add(store = "String Processing Store", types = ("http://temp.org/identity/claims/adObjectGuidString"), query = "fromBase64GuidtoStringGuid", param = c.Value);

@RuleName = "Identity Claims – upn To UPN"
c:[Type == "
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"]
=> issue(Type = "http://schemas.xmlsoap.org/claims/UPN", Value = c.Value);

@RuleName = "Identity Claims – objectGUID (String) To ImmutableID"
c:[Type == "
http://temp.org/identity/claims/adObjectGuidString"]
=> issue(Type = "http://schemas.microsoft.com/LiveID/Federation/2008/05/ImmutableID", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType);

@RuleName = "Identity Claims – ImmutableID To Name ID"
c:[Type == "
http://schemas.xmlsoap.org/claims/UPN"]
=> issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Value = c.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");

I swear everything was working, until some day I started to get the following errors:

….when navigating to: https://outlook.office365.com/owa/

image

Figure 1: Error When Using Federated Logon And Navigating To Office 365 Portal

….when navigating to: https://manage.windowsazure.com/default.aspx

image

Figure 2: Error When Using Federated Logon And Navigating To Azure AD Management Portal

….when navigating to: https://portal.office.com/

image

Figure 3: Error When Using Federated Logon And Navigating To Office 365 Management Portal

By giving the correlation ID to someone at Microsoft that is able to check it in the system logs, they most likely will be able to tell you what would be wrong. In this case unfortunately I as not able to do that. The logs on my system did not given me any clue!

As I have another ADFS v3.0 system in my environment, I therefore decided to configure that ADFS instance with all default values for DirSync and federation. After configuring all this, I was able to access Azure AD and Office 365 through federated logon on my ADFS v3.0 box, but still not on my ADFS v2.0.

After comparing the federation trusts between  ADFS v2.0 and Azure AD, and between ADFS v3.0 and Azure AD I saw the following difference:

image

Figure 4: Signature Hash Algorithm On The RP Trust On ADFS v3.0 For Azure AD/Office 365 (Default Config) – WORKING

image

Figure 5: Signature Hash Algorithm On The RP Trust On ADFS v2.0 For Azure AD/Office 365 (Custom Config) – NOT WORKING

For whatever reason, in the past I had changed the signature hash algorithm on the RP Trust On ADFS v2.0 For Azure AD/Office 365 AND I had forgotten about it. It took me some time to find this one, but by just changing the signature hash algorithm on the RP Trust On ADFS v2.0 For Azure AD/Office 365 from SHA-256 to SHA-1, everything started to work again! Yiiihhaaaaaa!

PS: this has NOTHING to do between the usage of ADFS v2.0 and ADFS v3.0. This was a configuration mistaken I made when playing around in the test/demo environment

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

Posted in Active Directory Federation Services (ADFS), Azure AD Sync, DirSync, DirSync, Federation Trusts, Office 365, SSO, Transform Rules, Windows Azure Active Directory | 1 Comment »

(2014-03-21) GALSync, DIRSync And SSO With Office 365 Blog Posts From MSResource.NET

Posted by Jorge on 2014-03-21


Paul Williams from MSResource.net has done an excellent job on writing about several topics regarding FIM and ADFS related to Office 365. Find those interesting blog posts below

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

Posted in DirSync, DirSync, Forefront Identity Manager (FIM) Sync, GAL Sync, Office 365, SSO, Windows Azure Active Directory | Leave a Comment »

(2014-01-03) Missing E-mails In Outlook 2013 With Office 365 Or Outlook.com

Posted by Jorge on 2014-01-03


Are you using Office 365 or Outlook.com and do you see a difference in the number of e-mails when using the web based version compared to when using Outlook 2013? Or are you able to find an e-mail using the web based version, but not in Outlook? If yes, have a look at the following thread. This is more than a year old and until now, besides promises, no solutions yet.

http://social.technet.microsoft.com/Forums/office/en-US/ecbde6d4-614d-476c-a5f3-490b183b4d66/outlook-2013-missing-email-in-inbox-compared-to-outlookcom

It is so annoying waiting for an e-mail, having received it, but not knowing about it.

MSFT, PLEASE FIX THIS!!!

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

Posted in Office 365, Outlook.com | Leave a Comment »

 
%d bloggers like this: