markwilson.it

Short takes: checking your IP in Google; writing to a text file in PowerShell; and confirming which IE security zone a website uses in Internet Explorer

Posted on Friday 18 September 2015Sunday 13 September 2015 By Mark Wilson

This content is 10 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Another eclectic mix of snippets merged into a single blog post…

What’s my IP address?

Ever want to check the IP address of the connection you’re using? There are lots of websites out there that will tell you, or you can just type what is my IP into Google (other search engines are available… but they won’t directly return this information).

Writing output to a text file in PowerShell

Sometimes, when working in PowerShell, it’s useful to pipe the output to a file, for example to send to someone else for analysis. For this, the Out-File cmdlet comes in useful (| Out-File filename.txt) , as described on StackOverflow.

Internet Explorer status bar no longer shows security zone for a site

Last week, I was trying to work out which security zone a site was in last week (because I wanted to see if it was in the Intranet zone, whilst tracking down some spurious authentication prompts) but recent versions of Internet Explorer don’t show this information in the status bar. The workaround is to right click any black space in the website and select Properties. Alternatively, use Alt + F + R.

Check the security zone in Internet Explorer

Can’t add a domain to Office 365 because it’s already in use

Posted on Thursday 17 September 2015Saturday 12 September 2015 By Mark Wilson

Adding a domain name to Office 365 is usually pretty straightforward. That is unless it’s already been used for another tenant that you don’t have access to – perhaps a trial that’s expired? Or someone signed up for some Microsoft Online services using their work email address but doesn’t have administration rights?

Sorry, you can't add domainname.tld here because it's already in use

I came across exactly this scenario with a customer last week – although luckily we managed to extract ourselves from the situation. Actually, there’s some pretty good documentation from Microsoft on the topic: “How to manage a domain already in use by people in your organization who signed up with their work or school email address“.

What we did was to:

Sign up for a Power BI trial (we couldn’t sign up for Office Online at work as it said it wasn’t available in our region, and Office 365 for education was not an option for us either) using an email address at the domain name we wanted to reclaim.
Once the new trial was in place, logon to the portal and click the Admin tile in the App Launcher, which starts a wizard to become the administrator for the associated Office 365 tenant.
Create a DNS entry to prove ownership of the domain.
Change any account using the domain name that is to be reclaimed over to their tenantname.onmicrosoft.com address for logon.
Log off/on.
Remove the domain from the tenant (and then leave it to expire in time…).
Add the domain to the tenant where it should be used.

Pick the primary domain when activating Yammer on an Office 365 tenant

Posted on Wednesday 16 September 2015Friday 11 September 2015 By Mark Wilson

One of the challenges with working with Office 365 for a living is that it now offers a pretty broad range of services. I work in a unified communications and messaging team (think Skype for Business and Exchange) but I also need to know about:

Windows identity topics including Active Directory (AD), Azure Active Directory (AAD), Active Directory Federation Services (ADFS).
Windows server roles/features like Web Application Proxy as well as the obvious infrastructure services candidates (DNS, etc.).
SharePoint – if not to set up site collections etc. then at least to manage OneDrive for Business.
Office – integration of office apps – desktop and mobile.
Yammer

(…and the list goes on)

Yammer can be challenging, partly because it’s still fairly loosely-coupled to Office 365, but also because it keeps changing (as do all of the Office 365 services, I guess). Last week I was working with a customer who had several domain names on their Office 365 tenant and who wanted to bring them together in Yammer. Unfortunately I’d already activated Yammer Enterprise on their Office 365 tenant, using the domain name for one of their subsidiary companies and you only get one shot at the initial activation.

After raising a service request, we were directed to a Microsoft Office support page on consolidating multiple Yammer networks… but any subsequent moves will result in data loss – which is why it’s important to pick the primary network when activating Yammer (you can export the data, but often the Yammer networks are unmanaged, informal networks created by employees outside the control of the IT department). I’m hopeful that Microsoft will be able to switch the primary network for us before merging the networks.

Default site collections in SharePoint Online

Posted on Tuesday 15 September 2015Saturday 12 September 2015 By Mark Wilson

When an Office 365 tenant is created with SharePoint Online, several site collections are created. It can be confusing to work out what each is for, so here’s a quick reference, based on the SharePoint 2013 sites – I guess this may change as SharePoint 2016 is rolled out.

https://tenantname.sharepoint.com – team site for the company – you can always create more, but this is the “top of the tree”.
https://tenantname.sharepoint.com/portals/community – not sure about the purpose of this one, although I suspect it’s a SharePoint 2013 community forum.
https://tenantname.sharepoint.com/portals/hub – Office 365 Video.
https://tenantname.sharepoint.com/search – the search site for the tenant
https://tenantname-my.sharepoint.com – the site collection for all of the users’ OneDrive for Business sites, each one named https://tenantname-my.sharepoint.com/personal/UPN (with the .s replaced by _s).
- It’s worth noting that the contents here don’t count towards the storage quota – the OneDrive for Business quotas are not visible in the SharePoint admin center (but can be queried using PowerShell).

Note that the SharePoint URL is one of the few places where the Office 365 tenant name is exposed to users.

Connected accounts in Office 365 (Exchange Online)

Posted on Monday 14 September 2015Friday 11 September 2015 By Mark Wilson

I have a customer who is adopting Office 365 – but in a targeted manner for certain parts of his business. The business case just doesn’t stack up for a total deployment but he does want to make the most of the features and functionality that are available, to showcase how it really can be used to those who are on the platform.

Because his email is still on the corporate mail platform (where the MX records point), and there is no Exchange hybrid connectivity configured, we’ve been looking at the use of connected accounts in Office 365 – so that certain key members of staff can use Exchange Online mailboxes without actually migrating their email service.

It’s an unusual scenario, and generally only mentioned as a quick and dirty solution to get people using Office 365 in pilot. Even so, there’s no reason why it shouldn’t work for a more permanent solution – provided that the on-premises mail server can be reached from the Internet using POP3 or IMAP4 (preferably secured with SSL) and that it’s well-understood that Exchange Online will poll for new mail less frequently than a direct connection from Outlook to the source mail server would. It’s also useful for pulling email from third party mail platforms into your Exchange Online mailbox (I use it for Hotmail).

The latest advice from Microsoft on using the feature can be found in the connect email accounts in Outlook on the web Office support page and there’s also some useful information on connected accounts in the Office 365 community.

Using the Lenovo B50 all-in-one PC as an external monitor

Posted on Sunday 13 September 2015Saturday 12 September 2015 By Mark Wilson

A few weeks back, Microsoft asked if I’d be interested in writing some Windows 10 blog posts if they could arrange a demo machine for me for a few months. I thought it seemed like a good idea, signed the paperwork when it came through, and promptly forgot about it whilst I immersed myself in work!

Then, earlier this week, I got a text from my wife that said:

“[…] We have a mystery parcel from Lenovo here… [my son] is speculating… what time will you be home this evening? […]”

At first I had to think “what have I bought from Lenovo?” (funnily enough, that’s what Mrs W was thinking too…) but then I remembered the PC that Microsoft were sending…

I got home to find my two geeks apprentices, aged nearly-9 and nearly-11, desperate to see what was in the box and help me set it up. Within minutes, the Lenovo B50 all-in-one PC was taking up a sizable chunk of my desk and, over the next few months I’m hoping to write at least one Windows 10 post each week.

Having an all-in one PC has another use though: I’ve been considering buying a new monitor for a while, to use with my company-supplied Surface Pro 3 when I’m working at home and I wondered if the B50 would do the job for the next few months. As it happens, yes it will – the tech-specs include both HDMI output (to a second monitor) and input – but I couldn’t work out how to get it working (and both ports are labelled as output). I knew it was possible though as Brian Fagioli’s Betanews review mentions using the all-in-one as a display.

Eventually I found Lon Siedman’s video review which showed how to do it – pressing a tiny button on the lower-right side of the screen, just above the power button, to accept input on the HDMI port closest to the left-side of the screen. It’s still amazing though that the Surface Pro 3’s 12″ display runs at a higher resolution than this 23.8″ beast!

Marketing for small businesses

Posted on Saturday 12 September 2015Sunday 13 September 2015 By Mark Wilson

I’ve blogged about Milton Keynes Geek Night many times over the last 3 and a half years – and it’s still just as good as ever. Last Thursday’s geek night (number 14) had possibly the most eclectic mix of talks I’ve seen in a while though – with a talk about Life on Mars as well as the usual collection of web design/developer topics. And then there was Chloe Briggs’ 5-minute talk about marketing for freelancers.

Although Chloe (@clever_cloggs) called it marketing for freelancers, I recognise a lot of this being applied in small-medium businesses too. Indeed, it’s only the large enterprises I’ve worked for that don’t seem to “get it”. Even so, Chloe gave what I consider to be some very good advice, so I’m blogging it here!

Stand out from the crowd:
- Use blogging as a tool
- Know your audience
  - Think about who your existing clients are and what type of clients would you like to work with?
  - Target your content to this audience
Look after existing clients:
- It’s good to keep in touch
  - Send a well-crafted newsletter every month/quarter
    - Click-throughs from email outperform social media
- Clients often appreciate a call every few months to check in
  - They will increase their loyalty to you and make them feel supported
  - You will pick up extra work
Productise your services:
- Tiered packages make it easy to compare services
- Packages provide a jumping off point to start a discussion
Be a specialist
- Create your own niche
- You can easily become knowledgeable about a particular product or service
- Creates trust and authority
- Increases your value
Create residual income
- Sell after-sales support for maintenance etc.
- This can be a package including other services, e.g. hosting, analytics reports, etc.
- Retaining your services on a monthly basis creates loyalty

Hopefully these tips can help others to build their businesses and attract/retain the right clients.

Troubleshooting missing objects in Azure AD sync

Posted on Friday 11 September 2015Friday 11 September 2015 By Mark Wilson

I have a half-written blog post about Microsoft Azure Active Directory (AAD) Connect – the latest incarnation of the directory synchronisation engine used to populate a cloud directory for Office 365 and other online services. That post will stay half-written for a while longer as it needs a bit more work but, yesterday, I was working with a customer whose AAD sync was missing some users. I’d set it up a couple of months previously and it had been working well, but clearly something had gone awry.

Microsoft knowledge base article 2643629 describes why one or more objects don’t sync when using the Azure Active Directory Sync tool but my problem turned out to be a lot more fundamental.

I checked the Synchronisation Service Manager (miisclient.exe) and found that there hadn’t been a sync for over three weeks. Then I looked in the Task Scheduler on the AAD Sync server; the Scheduled Task was still there and it had last run a couple of hours previously. Digging a little deeper and looking at the history though, showed that the task had been failing for a few weeks (every 3 hours), because a previous task was still running.

So, I restarted the server (to clear out long-running processes) and ran the sync, then watched in the Synchronisation Service Manager to check that it started logging the synchronisation events again. Once the sync was completed (with lots of changes, as expected), I changed the timeout on the scheduled task to 2 hours so it should always end before the next begins.

A delta sync sorted most of the issues, but I did need to force a full sync to get all of the missing users up to the cloud, by running directorysyncclientcmd.exe initial.

Incidentally, we’re all used to running idfix.exe before implementing directory synchronisation but occasionally admins create problem objects afterwards too… somehow an account had crept into scope that had a space in the username and no UPN. Predictably, AAD sync didn’t like that and my customer was being emailed after each sync with a notification that AAD Sync was:

Unable to update this object in Azure Active Directory, because the attribute [Username], is not valid. Update the value in your local directory services.

As Joran Markx explains, you can control who the identity synchronisation error reports are sent to by editing the technical contact for the tenant.

Resources

Moving mailboxes to/from Exchange Online using the EAC

Posted on Thursday 10 September 2015Monday 14 September 2015 By Mark Wilson

One of the advantages with deploying Exchange Online in a hybrid configuration (i.e. Exchange on-premises and Office 365 Exchange Online in the cloud) is that you can easily move mailboxes back and forth.

It can be done with PowerShell but one of the straightforward methods is from the Exchange Admin Center (EAC), where there’s an option (to the bottom right of the mailbox panel, under recipients in the Enterprise tab) to move a mailbox to Exchange Online, or to another database (locally), with most of the settings pre-populated for you (like the target mail domain or tenantname.mail.onmicrosoft.com).

Moving back requires a slightly different process though and needs to be performed from the migration panel in the Office 365 tab of EAC.

You’ll also need to know the name of the database you want to move the mailbox to on-premises, and the mail domain name.

One of the challenges I found with moving mailboxes to/from Exchange Online using the EAC was that I sometimes see a migration batch marked as “Completed” but with 0 of 0 synced, 0 of 0 finalized, 0 failed. This seems to happen if a previous mailbox move had failed; deleting the failed migration batch before re-attempting seems to allow the mailbox move to run successfully.

Configuring Lync hybrid (split domain) with Lync 2013 and Skype for Business Online

Posted on Wednesday 9 September 2015Saturday 12 September 2015 By Mark Wilson

Lync (now Skype for Business) is a bit of a mystery to me. Occasionally I get close enough to mess around the edges, but never to truly understand how it works. And when it dives off into telephony well, that’s another world…

I did recently have to configure a Lync/Skype for Business Online hybrid (split domain) for a customer though, as part of their Office 365 project. It brought up a few challenges, but MVP Adam Jacobs has a really good step-by-step guide to enabling split-domain within Office 365 Lync Online.

I described Lync Hybrid (split-domain) in a post for TechNet UK earlier this year – and I’ll stress again here that it’s not to be confused with Hybrid Voice… although there is plenty happening about Skype for Business and voice…

Some people say ADFS is required but we had it working with Azure AD Sync (with password sync), so maybe not. The test system I was working on threw up its own set of challenges though so if you do follow what I found (with help from various colleagues including Martin Boam, Kevin Beacon and Mark Vale), your mileage may vary.

The basic steps for configuring Lync hybrid (split domain) are:

Make sure Office 365 is working, your directory is syncing and users have licenses assigned.
Also, make sure that Skype for Business Online and Lync have the same configuration – i.e.:
- Domain matching (if partner discovery is enabled on the on-premises deployment, then open federation must be configured for the online tenant; if partner discovery is not enabled, then closed federation must be configured for the online tenant).
- Blocked domains.
- Allowed domains.
On the Lync Front End server (I was using Lync 2013 but you can use 2010 with the March 2013 update or later and the Lync 2013 administration tools deployed), configure the Edge server Set-CsAccessEdgeConfiguration -UseDnsSrvRouting -AllowOutsideUsers $true -AllowFederatedUsers $true -EnablePartnerDiscovery $true (you may need to adjust the setting for partner discovery, based on the domain matching above).
Set up the hosting provider with New-CSHostingProvider -Identity LyncOnline -ProxyFqdn "sipfed.online.lync.com" -Enabled $true -EnabledSharedAddressSpace $true -HostsOCSUsers $true -VerificationLevel UseSourceVerification -IsLocal $false -AutodiscoverUrl https://webdir.online.lync.com/Autodiscover/AutodiscoverService.svc/root.
Make sure you have the Skype for Business Online Windows PowerShell Module and also the Microsoft Office Online Sign In Assistant (MOS SIA) installed.
Connect to Skype for Business Online.
- If prompted for a target server, the URL is the same as when you access the Skype for Business Online Admin Center from the Office 365 portal. For me that was admin1e.online.lync.com.
- You may also need the -AllowClobber switch when importing the session.
- You may also find that you need to Import-Module SkypeOnlineConnector.
Set up the shared namespace with: Set-CsTenantFederationConfiguration -SharedSipAddressSpace $true.

To move users to Skype for Business Online, all that’s needed is a single PowerShell command:

Move-CsUser -Identity sip:alias@domainname.tld -Target sipfed.online.lync.com -Credential $creds -HostedMigrationOverrideUrl https://admin1e.online.lync.com/hostedmigration/hostedmigrationservice.svc -Confirm:$false

(again, admin1e.online.lync.com works for me but might not for all tenants).

To check for a successful move, either type Get-CsUser -Identity alias@domainname.tld or look in the Lync Control Panel. Office 365 users will show the home pool as LyncOnline and when you click though to the details, Lync will flag that the user is homed in Office 365:

Configuring Lync hybrid (split domain): user homed in Office 365