Saturday, April 9, 2016

Azure AD Connect - object not sync a single or more objects because of linked mailbox

 

clip_image002

 

I was at client site configuring Azure AD Connect sync to Office 365 and noticed a few user not synced. I’ve checked the filtering options like OU filtering, object filtering, security permissions etc and they all seems fine. There are no duplicate UPN or proxyaddress attribute and idfix tool doesn’t reveal anything major. From the Azure AD Connect, https://azure.microsoft.com/en-gb/documentation/articles/active-directory-aadconnectsync-understanding-users-and-contacts/


An account with a linked mailbox will never be used for userPrincipalName and sourceAnchor. It is assumed that an active account will be found later.

Looking at the Synchornization Service Manager, ("C:\Program Files\Microsoft Azure AD Sync\UIShell\miisclient.exe"). Go to metaverse search, find the user and double click, under the “connector tab”, you’ll see there is only 1 connectors. Compare with another user, they are 2 connectors.

clip_image003

 

Issue:
An account with a linked mailbox will never be used for userPrincipalName and sourceAnchor. It is assumed that an active account will be found later.

 

 

Workaround:

 

It is normally safe to convert a linked mailbox to user mailbox. You must do it from Exchange management shell.

To see the LinkedMasterAccount run this command

Get-User -Identity “user” | FL LinkedMasterAccount

To convert to user mailbox, run the following command

Set-User -Identity “user” -LinkedMasterAccount $null”

Once converted to user mailbox, you can either wait for the next sync or force run a sync from Synchornization Service Manager by following this link, https://blogs.technet.microsoft.com/rmilne/2014/10/01/how-to-run-manual-dirsync-azure-active-directory-sync-updates/

Saturday, March 12, 2016

Retrieve BIOS embedded Windows product key

Image result for Windows 10 product key

 

New PC shipped with windows OEM version from vendor no loner comes with Certificate of Authenticity attached, instead, PC manufacture embedded the windows key into BIOS or EFI.

 

Please read the link below carefully to understand your downgrade rights, https://www.microsoft.com/OEM/en/licensing/sblicensing/Pages/downgrade_rights.aspx#fbid=OtIyotJ5rw5

 

So, I just ordered a new PC that comes with windows 10 but due to some application compatibility, the software only support windows 8.1. So i have to downgrade and format the PC to windows 8.1.

I need a product key but it is embedded with the BIOS. I downloaded this tool to get they key, https://neosmart.net/OemKey/ . This product key can be used to re-install window 10 or downgrade to 8.1 with a clean windows setup CD.

 

 

Image result for Windows 10 product key

Wednesday, March 9, 2016

AWS Simple AD–change subnet

image_thumb[3]

i was working on a AWS project and setting up a workspace (desktop on the cloud) and 1 of the pre-requisite is active directories. I am using AWS in Sydney region. I setup my active directories (Simple AD)and realized AWS workspace does not support Sydney region on availability zone b and c, only availability Zone A is supported. I get error message like below when i tried to register workspace using my simple AD directories on availability zone b and c,

Unsupported Subnet

The selected directory was created in a subnet that is not supported by the WorkSpaces service, and cannot be registered. Please try with a different directory or contact the AWS Support Team on the community forums and via AWS Premium Support.

image_thumb[1]

Workaround:

I've logged a support call with AWS support but the answer i get back is not possible to change the directories subnet. The workaround is to create a new AD connector. Make sure the AD connector is on the correct subnet (availability zone A)

make sure

- connected directory DNS is the same as simple AD

- NETBIOS name is the same as simple AD

- username and password – which is the user with domain admins rights in simple AD

- DNS must matched. you can get DNS by going into workspace – directories and expand the directories,

image_thumb[7]

image_thumb[5]

Once the AD connector is configured, you can now register the workspace with the new AD connector and start workspace.

 

It is an additional monthly charges but since my workspace also required MFA, which only support AD connector, hence this is ok for me.