Adding SSO to Edge browser on ADFS 3.0

Hi all,

By default ADFS 3.0 doesn’t accept SSO on Edge browsers (and others modern browsers). To do that you need to configure it thru Powershell.

To list which browsers your ADFS are accepting you need to execute the following syntaxis:

Get-ADFSProperties | Select -ExpandProperty WIASupportedUserAgents

On the below image is showed the default config on ADFS 3.0. It has a few Microsoft platforms and browsers accepted.

https://technet.microsoft.com/windows-server-docs/identity/ad-fs/operations/configure-intranet-forms-based-authentication-for-devices-that-do-not-support-wia

If you want to enable other Microsoft browsers execute the below command:

Set-AdfsProperties -WIASupportedUserAgents @(«MSIE 6.0», «MSIE 7.0; Windows NT», «MSIE 8.0», «MSIE 9.0», «MSIE 10.0; Windows NT 6», «Windows NT 6.3; Trident/7.0», «Windows NT 6.3; Win64; x64; Trident/7.0», «Windows NT 6.3; WOW64; Trident/7.0», «Windows NT 6.2; Trident/7.0», «Windows NT 6.2; Win64; x64; Trident/7.0», «Windows NT 6.2; WOW64; Trident/7.0», «Windows NT 6.1; Trident/7.0», «Windows NT 6.1; Win64; x64; Trident/7.0», «Windows NT 6.1; WOW64; Trident/7.0», «MSIPC», «Windows Rights Management Client»)

Execute now Get-ADFSProperties | Select -ExpandProperty WIASupportedUserAgents command to see if the new config was applied successfully:

 

Use the below instructions to add Edge browsers:

$Props=Get-ADFSProperties | Select -ExpandProperty WIASupportedUserAgents
$Props=$Props+ “Edge/14”
$Props=$Props+ “Edge/12”
$Props
Set-ADFSProperties -WIASupportedUserAgents $Props

https://blogs.msdn.microsoft.com/asiatech/2016/09/06/single-sign-on-feature-not-working-with-microsoft-edge-on-window-10/

Regards!

 

 

Reset NTP configuration on Domain Controllers

Hi all,

Not’s the first time I write talking about how to configure time service on Domain Controllers. With the below actions, you can reset time service settings and configure it to find the NTP Server (PDC is the best practice to configure as corporate NTP Server).

So let’s reset the time service on the non-PDCs back to their default:

net stop w32time
w32tm /unregister
w32tm /register
net start w32time

Then set the non-PDCs to sync to the default time hierarchy:

w32tm /config /syncfromflags:domhier /update
net stop w32time
net start w32time

To check the status use:

w32tm /query /status

Regards

Changing user password from Office 365 portal

Hi all,

If you have configured Password write back on your AD Connect server or your users are cloud users, users are enabled to change their corporate password from Office 365 portal. To change the password from Office 365 follow the below steps:

Go to office 365 portal and login with your user account. Once done, push on Settings -> Password.

On Security and privacy push on Password.

On the new windows insert your actual password and the new password twice. Push on Send.

Once donde, you can use the new password where you want, on-premise and cloud.

Regards!

 

 

Common commands to report info of mailboxes

Hi all,

Here are several useful reports for mailbox management:

With the following command we can obtain the size of each mailbox in the organization.

Get-mailbox | Get-Mailboxstatistics | select displayname,TotalItemSize

With the following command we can get the information exported to a csv file.

Get-mailbox | Get-Mailboxstatistics | select displayname,TotalItemSize | export-csv “c:\temp\mailboxsize.csv”

With the following command we can obtain the total of items in each mailbox.

Get-Mailbox | Get-MailboxStatistics | ft DisplayName,TotalItemSize,ItemCount

With the following command we can get the primary SMTP addresses and exported to csv.

Get-Mailbox -ResultSize Unlimited | Select-Object DisplayName,PrimarySmtpAddress | Export-CSV “c:\temp\PrimarySmtpAddress.csv”

With the following command we can obtain the statistics of the mailboxes in Mega Bytes and exported to csv.

Get-mailbox | Get-Mailboxstatistics | select displayname,TotalItemSize,ItemCount, @{expression={$_.totalitemsize.value.ToMB()};label=”Size(MB)”} | Export-CSV “c:\temp\Total_MB.csv”

With the following command we can obtain the statistics of the mailboxes in Mega Bytes and exported to Html

Get-mailbox | Get-Mailboxstatistics |Sort-Object TotalItemSize -Descending | convertto-html DisplayName, @{label=”TotalItemSize(MB)”;expression={$_.TotalItemSize.Value.ToMB()}} | set-content c:\temp\Total_MB.html

With the following command we can obtain the statistics of the mailboxes in Mega Bytes and in descending order.

Get-mailbox | Get-MailboxStatistics | where {$_.ObjectClass –eq “Mailbox”} | Sort-Object TotalItemSize –Descending | ft @{label=”User”;expression={$_.DisplayName}},@{label=”Total Size (MB)”;expression={$_.TotalItemSize.Value.ToMB()}},@{label=”Items”;expression={$_.ItemCount}},@{label=”Storage Limit”;expression={$_.StorageLimitStatus}} -auto

With the following command we can obtain the size and quota of mailboxes that are larger than their specified quota.

Get-Mailbox -ResultSize Unlimited | Get-MailboxStatistics | where {$_.StorageLimitStatus -notlike “BelowLimit*”} | Select DisplayName,StorageLimitStatus,@{name=”TotalItemSize (MB)”;expression={[math]::Round((($_.TotalItemSize.Value.ToString()).Split(“(“)[1].Split(” “)[0].Replace(“,”,””)/1MB),2)}},@{name=”TotalDeletedItemSize (MB)”;expression={[math]::Round((($_.TotalDeletedItemSize.Value.ToString()).Split(“(“)[1].Split(” “)[0].Replace(“,”,””)/1MB),2)}},ItemCount,DeletedItemCount | Sort “TotalItemSize (MB)” -Descending | Export-CSV “C:\temp\quotas_excedidas.csv” -NoTypeInformation

With the following command we can obtain which permissions are granted on the mailboxes of the organization.

Get-Mailbox | Get-MailboxPermission | where {$_.user.tostring() -ne «NT AUTHORITYSELF» -and $_.IsInherited -eq $false} | Select Identity,User,@{Name=’Access Rights’;Expression={[string]::join(‘, ‘, $_.AccessRights)}} | Export-Csv -NoTypeInformation c:\temp\mailboxpermissions.csv

Regards!

Force AD Connect to sync with powershell

Hi all,

To force a syncronization of all identities with powershell use the below command:

1. Open PowerShell with elevated rights.
2. Execute Import-module ADSync.
3. Execute Start-ADSyncSyncCycle –PolicyType Delta
4. Check thru MIIS console it’s syncing.

Regards!

Obtaining App Password on Office 365 to use Outlook or Skype for business rich client

Hi all,

If you have Multifactor Authentication configured on Office 365, when you want to use Outlook or Skype for business client, user need to insert that password and not his corporate password to use it.

Below I show you how to obtain App Password.

Log in O365 with your corporate user account and push on Settings -> Office 365.

Push on Security and privacy section -> Additional Security Check

Push on Update the phone numbers you use for account security.

On the new window, go to App Password section and push on Create button.

On the windows indicate a reference and push on Next.

Will appear the App Password. Copy it an push on close button.

Whe ypou configure an Outlook profile or want to access to Skype for business, paste that App Password.

Regards!

 

Searching mailbox items on Exchange Online

Hi all,

If you need to find email items on a mailbox in your Exchange Online environment and export to a pst file follow the below steps.

Go to Ofice 365 and push on Security and Compliance tile.

In Content search push on + icon.

On the new window push a reference name and select:

• Custom location selection
• Choose specific mailboxes to search
• Push on +

Push on + Add condition and indicate Participants -> contains any of -> and indicate email addressess.

If you need more conditions like date push on +Add condition and select Date -> after -> and date like in the image.

Push on Search.

In Content search you will see the new search generated. In the right pane you can see the options and the total items obtained. Push on Preview search results to check if it is what you are looking for.

That’s is:

Coming back to Content search area y0u are ready to download to a pst file the email items. Will appear a new window asking how you want to save it.

Once selected your preferences, push on Start export.

Copy to clipboard the key.

Will appear a new window, push on Install.

Wait the download.

On the new window, paste the key and select where to save the file. Push on Start.

Will start the download and after a few minutes, depending the weight, it will finish.

Regards!

Upgrading AD Connect to v1.1.443.0

Hi all!

If you want to upgrade AD Connect v1.1.380.0 to the latest version (1.1.443.0) follow the below steps:

Open Azure AD Connect

Will apear the wizard where you need to accept EULA. Push on Continue.

Wizard will notify you that you will upgrade AD Connect. Push on upgrade button.

On the Connect to Azure AD step insert a Global Admin user an push on Next.

On the Connect to AD DS section indicate a Domain Admin and push Next.

Once on the Configure Step select Start the sync process when configuration completes and push Upgrade.

A few minutes the upgrade will finish. Push Exit.

Regards!

Force Online Archive when main mailbox is full

Hi!

These days I am migrating from GMail to Exchange Online and I have found that if the user fills his main mailbox and you enable archiving this does not go into action at same moment, yo noeed to wait for 30-60 minutes.

For this you have to force it from powershell with the following command:

Start-ManagedFolderAssistant –Identity <mailbox>

Regards

 

Windows Server 2016 Published!

Hello!

This week Microsoft has published the last version of Windows Server, Windows Server 2016 and with a lot of improvements.

On the below link you can read more about!

https://technet.microsoft.com/en-us/windows-server-docs/get-started/what-s-new-in-windows-server-2016-technical-preview-5

And here a link to a free book.

https://blogs.msdn.microsoft.com/microsoft_press/2016/09/26/free-ebook-introducing-windows-server-2016/

Regards!