markwilson.it

Default site collections in SharePoint Online

Posted on Tuesday 15 September 2015Saturday 12 September 2015 By Mark Wilson

This content is 9 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

When an Office 365 tenant is created with SharePoint Online, several site collections are created. It can be confusing to work out what each is for, so here’s a quick reference, based on the SharePoint 2013 sites – I guess this may change as SharePoint 2016 is rolled out.

https://tenantname.sharepoint.com – team site for the company – you can always create more, but this is the “top of the tree”.
https://tenantname.sharepoint.com/portals/community – not sure about the purpose of this one, although I suspect it’s a SharePoint 2013 community forum.
https://tenantname.sharepoint.com/portals/hub – Office 365 Video.
https://tenantname.sharepoint.com/search – the search site for the tenant
https://tenantname-my.sharepoint.com – the site collection for all of the users’ OneDrive for Business sites, each one named https://tenantname-my.sharepoint.com/personal/UPN (with the .s replaced by _s).
- It’s worth noting that the contents here don’t count towards the storage quota – the OneDrive for Business quotas are not visible in the SharePoint admin center (but can be queried using PowerShell).

Note that the SharePoint URL is one of the few places where the Office 365 tenant name is exposed to users.

Connected accounts in Office 365 (Exchange Online)

Posted on Monday 14 September 2015Friday 11 September 2015 By Mark Wilson

I have a customer who is adopting Office 365 – but in a targeted manner for certain parts of his business. The business case just doesn’t stack up for a total deployment but he does want to make the most of the features and functionality that are available, to showcase how it really can be used to those who are on the platform.

Because his email is still on the corporate mail platform (where the MX records point), and there is no Exchange hybrid connectivity configured, we’ve been looking at the use of connected accounts in Office 365 – so that certain key members of staff can use Exchange Online mailboxes without actually migrating their email service.

It’s an unusual scenario, and generally only mentioned as a quick and dirty solution to get people using Office 365 in pilot. Even so, there’s no reason why it shouldn’t work for a more permanent solution – provided that the on-premises mail server can be reached from the Internet using POP3 or IMAP4 (preferably secured with SSL) and that it’s well-understood that Exchange Online will poll for new mail less frequently than a direct connection from Outlook to the source mail server would. It’s also useful for pulling email from third party mail platforms into your Exchange Online mailbox (I use it for Hotmail).

The latest advice from Microsoft on using the feature can be found in the connect email accounts in Outlook on the web Office support page and there’s also some useful information on connected accounts in the Office 365 community.

Using the Lenovo B50 all-in-one PC as an external monitor

Posted on Sunday 13 September 2015Saturday 12 September 2015 By Mark Wilson

A few weeks back, Microsoft asked if I’d be interested in writing some Windows 10 blog posts if they could arrange a demo machine for me for a few months. I thought it seemed like a good idea, signed the paperwork when it came through, and promptly forgot about it whilst I immersed myself in work!

Then, earlier this week, I got a text from my wife that said:

“[…] We have a mystery parcel from Lenovo here… [my son] is speculating… what time will you be home this evening? […]”

At first I had to think “what have I bought from Lenovo?” (funnily enough, that’s what Mrs W was thinking too…) but then I remembered the PC that Microsoft were sending…

I got home to find my two geeks apprentices, aged nearly-9 and nearly-11, desperate to see what was in the box and help me set it up. Within minutes, the Lenovo B50 all-in-one PC was taking up a sizable chunk of my desk and, over the next few months I’m hoping to write at least one Windows 10 post each week.

Having an all-in one PC has another use though: I’ve been considering buying a new monitor for a while, to use with my company-supplied Surface Pro 3 when I’m working at home and I wondered if the B50 would do the job for the next few months. As it happens, yes it will – the tech-specs include both HDMI output (to a second monitor) and input – but I couldn’t work out how to get it working (and both ports are labelled as output). I knew it was possible though as Brian Fagioli’s Betanews review mentions using the all-in-one as a display.

Eventually I found Lon Siedman’s video review which showed how to do it – pressing a tiny button on the lower-right side of the screen, just above the power button, to accept input on the HDMI port closest to the left-side of the screen. It’s still amazing though that the Surface Pro 3’s 12″ display runs at a higher resolution than this 23.8″ beast!

Marketing for small businesses

Posted on Saturday 12 September 2015Sunday 13 September 2015 By Mark Wilson

I’ve blogged about Milton Keynes Geek Night many times over the last 3 and a half years – and it’s still just as good as ever. Last Thursday’s geek night (number 14) had possibly the most eclectic mix of talks I’ve seen in a while though – with a talk about Life on Mars as well as the usual collection of web design/developer topics. And then there was Chloe Briggs’ 5-minute talk about marketing for freelancers.

Although Chloe (@clever_cloggs) called it marketing for freelancers, I recognise a lot of this being applied in small-medium businesses too. Indeed, it’s only the large enterprises I’ve worked for that don’t seem to “get it”. Even so, Chloe gave what I consider to be some very good advice, so I’m blogging it here!

Stand out from the crowd:
- Use blogging as a tool
- Know your audience
  - Think about who your existing clients are and what type of clients would you like to work with?
  - Target your content to this audience
Look after existing clients:
- It’s good to keep in touch
  - Send a well-crafted newsletter every month/quarter
    - Click-throughs from email outperform social media
- Clients often appreciate a call every few months to check in
  - They will increase their loyalty to you and make them feel supported
  - You will pick up extra work
Productise your services:
- Tiered packages make it easy to compare services
- Packages provide a jumping off point to start a discussion
Be a specialist
- Create your own niche
- You can easily become knowledgeable about a particular product or service
- Creates trust and authority
- Increases your value
Create residual income
- Sell after-sales support for maintenance etc.
- This can be a package including other services, e.g. hosting, analytics reports, etc.
- Retaining your services on a monthly basis creates loyalty

Hopefully these tips can help others to build their businesses and attract/retain the right clients.

Troubleshooting missing objects in Azure AD sync

Posted on Friday 11 September 2015Friday 11 September 2015 By Mark Wilson

I have a half-written blog post about Microsoft Azure Active Directory (AAD) Connect – the latest incarnation of the directory synchronisation engine used to populate a cloud directory for Office 365 and other online services. That post will stay half-written for a while longer as it needs a bit more work but, yesterday, I was working with a customer whose AAD sync was missing some users. I’d set it up a couple of months previously and it had been working well, but clearly something had gone awry.

Microsoft knowledge base article 2643629 describes why one or more objects don’t sync when using the Azure Active Directory Sync tool but my problem turned out to be a lot more fundamental.

I checked the Synchronisation Service Manager (miisclient.exe) and found that there hadn’t been a sync for over three weeks. Then I looked in the Task Scheduler on the AAD Sync server; the Scheduled Task was still there and it had last run a couple of hours previously. Digging a little deeper and looking at the history though, showed that the task had been failing for a few weeks (every 3 hours), because a previous task was still running.

So, I restarted the server (to clear out long-running processes) and ran the sync, then watched in the Synchronisation Service Manager to check that it started logging the synchronisation events again. Once the sync was completed (with lots of changes, as expected), I changed the timeout on the scheduled task to 2 hours so it should always end before the next begins.

A delta sync sorted most of the issues, but I did need to force a full sync to get all of the missing users up to the cloud, by running directorysyncclientcmd.exe initial.

Incidentally, we’re all used to running idfix.exe before implementing directory synchronisation but occasionally admins create problem objects afterwards too… somehow an account had crept into scope that had a space in the username and no UPN. Predictably, AAD sync didn’t like that and my customer was being emailed after each sync with a notification that AAD Sync was:

Unable to update this object in Azure Active Directory, because the attribute [Username], is not valid. Update the value in your local directory services.

As Joran Markx explains, you can control who the identity synchronisation error reports are sent to by editing the technical contact for the tenant.

Resources

Moving mailboxes to/from Exchange Online using the EAC

Posted on Thursday 10 September 2015Monday 14 September 2015 By Mark Wilson

One of the advantages with deploying Exchange Online in a hybrid configuration (i.e. Exchange on-premises and Office 365 Exchange Online in the cloud) is that you can easily move mailboxes back and forth.

It can be done with PowerShell but one of the straightforward methods is from the Exchange Admin Center (EAC), where there’s an option (to the bottom right of the mailbox panel, under recipients in the Enterprise tab) to move a mailbox to Exchange Online, or to another database (locally), with most of the settings pre-populated for you (like the target mail domain or tenantname.mail.onmicrosoft.com).

Moving back requires a slightly different process though and needs to be performed from the migration panel in the Office 365 tab of EAC.

You’ll also need to know the name of the database you want to move the mailbox to on-premises, and the mail domain name.

One of the challenges I found with moving mailboxes to/from Exchange Online using the EAC was that I sometimes see a migration batch marked as “Completed” but with 0 of 0 synced, 0 of 0 finalized, 0 failed. This seems to happen if a previous mailbox move had failed; deleting the failed migration batch before re-attempting seems to allow the mailbox move to run successfully.

Configuring Lync hybrid (split domain) with Lync 2013 and Skype for Business Online

Posted on Wednesday 9 September 2015Saturday 12 September 2015 By Mark Wilson

Lync (now Skype for Business) is a bit of a mystery to me. Occasionally I get close enough to mess around the edges, but never to truly understand how it works. And when it dives off into telephony well, that’s another world…

I did recently have to configure a Lync/Skype for Business Online hybrid (split domain) for a customer though, as part of their Office 365 project. It brought up a few challenges, but MVP Adam Jacobs has a really good step-by-step guide to enabling split-domain within Office 365 Lync Online.

I described Lync Hybrid (split-domain) in a post for TechNet UK earlier this year – and I’ll stress again here that it’s not to be confused with Hybrid Voice… although there is plenty happening about Skype for Business and voice…

Some people say ADFS is required but we had it working with Azure AD Sync (with password sync), so maybe not. The test system I was working on threw up its own set of challenges though so if you do follow what I found (with help from various colleagues including Martin Boam, Kevin Beacon and Mark Vale), your mileage may vary.

The basic steps for configuring Lync hybrid (split domain) are:

Make sure Office 365 is working, your directory is syncing and users have licenses assigned.
Also, make sure that Skype for Business Online and Lync have the same configuration – i.e.:
- Domain matching (if partner discovery is enabled on the on-premises deployment, then open federation must be configured for the online tenant; if partner discovery is not enabled, then closed federation must be configured for the online tenant).
- Blocked domains.
- Allowed domains.
On the Lync Front End server (I was using Lync 2013 but you can use 2010 with the March 2013 update or later and the Lync 2013 administration tools deployed), configure the Edge server Set-CsAccessEdgeConfiguration -UseDnsSrvRouting -AllowOutsideUsers $true -AllowFederatedUsers $true -EnablePartnerDiscovery $true (you may need to adjust the setting for partner discovery, based on the domain matching above).
Set up the hosting provider with New-CSHostingProvider -Identity LyncOnline -ProxyFqdn "sipfed.online.lync.com" -Enabled $true -EnabledSharedAddressSpace $true -HostsOCSUsers $true -VerificationLevel UseSourceVerification -IsLocal $false -AutodiscoverUrl https://webdir.online.lync.com/Autodiscover/AutodiscoverService.svc/root.
Make sure you have the Skype for Business Online Windows PowerShell Module and also the Microsoft Office Online Sign In Assistant (MOS SIA) installed.
Connect to Skype for Business Online.
- If prompted for a target server, the URL is the same as when you access the Skype for Business Online Admin Center from the Office 365 portal. For me that was admin1e.online.lync.com.
- You may also need the -AllowClobber switch when importing the session.
- You may also find that you need to Import-Module SkypeOnlineConnector.
Set up the shared namespace with: Set-CsTenantFederationConfiguration -SharedSipAddressSpace $true.

To move users to Skype for Business Online, all that’s needed is a single PowerShell command:

Move-CsUser -Identity sip:alias@domainname.tld -Target sipfed.online.lync.com -Credential $creds -HostedMigrationOverrideUrl https://admin1e.online.lync.com/hostedmigration/hostedmigrationservice.svc -Confirm:$false

(again, admin1e.online.lync.com works for me but might not for all tenants).

To check for a successful move, either type Get-CsUser -Identity alias@domainname.tld or look in the Lync Control Panel. Office 365 users will show the home pool as LyncOnline and when you click though to the details, Lync will flag that the user is homed in Office 365:

Configuring Lync hybrid (split domain): user homed in Office 365

Viewing Active Directory object updates with RepAdmin

Posted on Tuesday 8 September 2015Saturday 5 September 2015 By Mark Wilson

A couple of weeks back, I found myself having to investigate what had caused an Active Directory user account to be updated. We could see the last modified time on the Object tab for a user account in Active Directory Users and Computers (dsa.msc) and it’s also available using PowerShell.

What I really wanted to know though, was what attribute(s) on the object had changed.

It turns out that viewing Active Directory object updates is remarkably simple – even as a normal (non-admin) user. First of all you need to know the distinguished name (DN) for the object. If you don’t have access to any administrative tools then the following script might be useful (taken from the “Hey, Scripting Guy!” blog):

Set objSysInfo = CreateObject("ADSystemInfo")
strUserName = objSysInfo.UserName

Set objUser = GetObject("LDAP://" & strUserName)
strOUName = objUser.Parent

Set objOU = GetObject(strOUName)
Wscript.Echo objOU.distinguishedName

If you run this script, it will display something like:

OU=Users,OU=companyname,DC=domainname,DC=tld

I also needed to know the name of a domain controller – that’s easy as the %logonserver% environment variable will provide the information.

Armed with that information, I could then use the repadmin.exe command to find out some more information about the user object. I did need to install the Remote Server Administration Tools (RSAT) for Windows 8.1 to get repadmin on a client machine (there are similar RSAT packages for Windows 7 and Windows 10 too). Specifically, the command I used was repadmin.exe /showobjmeta servername "CN=Mark Wilson,OU=Users,OU=companyname,DC=domainname,DC=tld"

The resulting output contains all sorts of information, including which domain controller made the update for each attribute, at what date/time, to which version, and with which unique serial number (USN). So, for example, I can see the date when my password was last set (from unicodePwd, ntPwdHistory, and pwdLastSet) and that it was version 6. There’s more information in Rick Bergman’s Ask Premier Field Engineering (PFE) post on how to track the who, what, when and where of Active Directory attribute changes.

Looping on the authentication prompt for the ECP virtual directory in Exchange 2013

Posted on Monday 7 September 2015Tuesday 13 October 2015 By Mark Wilson

I had an “interesting” problem on an Exchange server last week… I could access the Exchange Control Panel using https://localhost/ecp but it I tried to use its externally-accessible namespace (which I needed to in order to run the Exchange Hybrid Configuration Wizard), it kept looping on the authentication prompt. The password was correct but it just came straight back to a prompt again…

It turned out to be an issue with HTTP redirection in IIS and, following the MSExchangeGuru post on HTTP redirection issues with the ECP virtual directory I set up HTTP redirection on the Default Website but turned it off for OWA, ECP and the various other virtual directories. I also checked that SSL was not required for the PowerShell virtual directory.

Bipin Giri’s post on configuring URL redirection in Exchange 2013 suggests I need to repeat the same steps for the Exchange Backend Server website too but I didn’t find that necessary (and I’m sure I’ve also read to leave that alone!).

There’s a useful table in the MSExchangeGuru post that summarises the need for an HTTP redirect and whether SSL should be enabled for the website and for each virtual directory but it’s also worth knowing that Morten Nielsen has listed the default virtual directory settings for Exchange 2013 in great detail.

Windows 10 licence activation – make sure you use the correct installation media

Posted on Sunday 6 September 2015 By Mark Wilson

Yesterday, I wrote about the SSD upgrade I carried out for my family’s PC. The PC was originally supplied with a Windows 8 OEM licence, upgraded to 8.1, then to 10 and was correctly licenced and activated. Everything I’d read suggested that, as the machine signature was registered with Microsoft, changing the hard drive shouldn’t affect the licensing situation and it should activate after a clean install (skipping the opportunity to enter a product key during installation). For that reason, I was a little alarmed when it didn’t work.

Windows 10 was installed, but activation failed, and it seemed the only option was to go to the Store and pay almost two-hundred pounds for a copy of Windows 10 Pro. That got me thinking… “Pro” – but this was a Windows 8.1 PC (not 8.1 Pro)…

I then downloaded the correct media (Windows 10 Home), reinstalled, and it activated automatically with no problems at all. So, the moral of that little story is to make sure that you install Windows using the correct media, in order for Windows 10 licence activation to work.

Just to be clear, you can only install Windows 10 cleanly from media if the PC has previously been upgraded from a qualifying operating system (or if you purchased a Windows 10 licence). The version you will get is covered in Microsoft’s Windows 10 FAQ: