Adding SSO to Edge browser on ADFS 3.0

Hi all,

By default ADFS 3.0 doesn’t accept SSO on Edge browsers (and others modern browsers). To do that you need to configure it thru Powershell.

To list which browsers your ADFS are accepting you need to execute the following syntaxis:

Get-ADFSProperties | Select -ExpandProperty WIASupportedUserAgents

On the below image is showed the default config on ADFS 3.0. It has a few Microsoft platforms and browsers accepted.

https://technet.microsoft.com/windows-server-docs/identity/ad-fs/operations/configure-intranet-forms-based-authentication-for-devices-that-do-not-support-wia

edge_01

If you want to enable other Microsoft browsers execute the below command:

Set-AdfsProperties -WIASupportedUserAgents @(“MSIE 6.0”, “MSIE 7.0; Windows NT”, “MSIE 8.0”, “MSIE 9.0”, “MSIE 10.0; Windows NT 6”, “Windows NT 6.3; Trident/7.0”, “Windows NT 6.3; Win64; x64; Trident/7.0”, “Windows NT 6.3; WOW64; Trident/7.0”, “Windows NT 6.2; Trident/7.0”, “Windows NT 6.2; Win64; x64; Trident/7.0”, “Windows NT 6.2; WOW64; Trident/7.0”, “Windows NT 6.1; Trident/7.0”, “Windows NT 6.1; Win64; x64; Trident/7.0”, “Windows NT 6.1; WOW64; Trident/7.0”, “MSIPC”, “Windows Rights Management Client”)

Execute now Get-ADFSProperties | Select -ExpandProperty WIASupportedUserAgents command to see if the new config was applied successfully:

edge_02

 

Use the below instructions to add Edge browsers:

$Props=Get-ADFSProperties | Select -ExpandProperty WIASupportedUserAgents
$Props=$Props+ “Edge/14”
$Props=$Props+ “Edge/12”
$Props
Set-ADFSProperties -WIASupportedUserAgents $Props

https://blogs.msdn.microsoft.com/asiatech/2016/09/06/single-sign-on-feature-not-working-with-microsoft-edge-on-window-10/

Regards!

 

 

Reset NTP configuration on Domain Controllers

Hi all,

Not’s the first time I write talking about how to configure time service on Domain Controllers. With the below actions, you can reset time service settings and configure it to find the NTP Server (PDC is the best practice to configure as corporate NTP Server).

So let’s reset the time service on the non-PDCs back to their default:

net stop w32time
w32tm /unregister
w32tm /register
net start w32time

Then set the non-PDCs to sync to the default time hierarchy:

w32tm /config /syncfromflags:domhier /update
net stop w32time
net start w32time

To check the status use:

w32tm /query /status

Regards

Changing user password from Office 365 portal

Hi all,

If you have configured Password write back on your AD Connect server or your users are cloud users, users are enabled to change their corporate password from Office 365 portal. To change the password from Office 365 follow the below steps:

Go to office 365 portal and login with your user account. Once done, push on Settings -> Password.

change_pwd01

On Security and privacy push on Password.

change_pwd02

On the new windows insert your actual password and the new password twice. Push on Send.

change_pwd03

Once donde, you can use the new password where you want, on-premise and cloud.

Regards!

 

 

Common commands to report info of mailboxes

Hi all,

Here are several useful reports for mailbox management:

With the following command we can obtain the size of each mailbox in the organization.

Get-mailbox | Get-Mailboxstatistics | select displayname,TotalItemSize

With the following command we can get the information exported to a csv file.

Get-mailbox | Get-Mailboxstatistics | select displayname,TotalItemSize | export-csv “c:\temp\mailboxsize.csv”

With the following command we can obtain the total of items in each mailbox.

Get-Mailbox | Get-MailboxStatistics | ft DisplayName,TotalItemSize,ItemCount

With the following command we can get the primary SMTP addresses and exported to csv.

Get-Mailbox -ResultSize Unlimited | Select-Object DisplayName,PrimarySmtpAddress | Export-CSV “c:\temp\PrimarySmtpAddress.csv”

With the following command we can obtain the statistics of the mailboxes in Mega Bytes and exported to csv.

Get-mailbox | Get-Mailboxstatistics | select displayname,TotalItemSize,ItemCount, @{expression={$_.totalitemsize.value.ToMB()};label=”Size(MB)”} | Export-CSV “c:\temp\Total_MB.csv”

With the following command we can obtain the statistics of the mailboxes in Mega Bytes and exported to Html

Get-mailbox | Get-Mailboxstatistics |Sort-Object TotalItemSize -Descending | convertto-html DisplayName, @{label=”TotalItemSize(MB)”;expression={$_.TotalItemSize.Value.ToMB()}} | set-content c:\temp\Total_MB.html

With the following command we can obtain the statistics of the mailboxes in Mega Bytes and in descending order.

Get-mailbox | Get-MailboxStatistics | where {$_.ObjectClass –eq “Mailbox”} | Sort-Object TotalItemSize –Descending | ft @{label=”User”;expression={$_.DisplayName}},@{label=”Total Size (MB)”;expression={$_.TotalItemSize.Value.ToMB()}},@{label=”Items”;expression={$_.ItemCount}},@{label=”Storage Limit”;expression={$_.StorageLimitStatus}} -auto

With the following command we can obtain the size and quota of mailboxes that are larger than their specified quota.

Get-Mailbox -ResultSize Unlimited | Get-MailboxStatistics | where {$_.StorageLimitStatus -notlike “BelowLimit*”} | Select DisplayName,StorageLimitStatus,@{name=”TotalItemSize (MB)”;expression={[math]::Round((($_.TotalItemSize.Value.ToString()).Split(“(“)[1].Split(” “)[0].Replace(“,”,””)/1MB),2)}},@{name=”TotalDeletedItemSize (MB)”;expression={[math]::Round((($_.TotalDeletedItemSize.Value.ToString()).Split(“(“)[1].Split(” “)[0].Replace(“,”,””)/1MB),2)}},ItemCount,DeletedItemCount | Sort “TotalItemSize (MB)” -Descending | Export-CSV “C:\temp\quotas_excedidas.csv” -NoTypeInformation

With the following command we can obtain which permissions are granted on the mailboxes of the organization.

Get-Mailbox | Get-MailboxPermission | where {$_.user.tostring() -ne “NT AUTHORITYSELF” -and $_.IsInherited -eq $false} | Select Identity,User,@{Name=’Access Rights’;Expression={[string]::join(‘, ‘, $_.AccessRights)}} | Export-Csv -NoTypeInformation c:\temp\mailboxpermissions.csv

Regards!

Obtaining App Password on Office 365 to use Outlook or Skype for business rich client

Hi all,

If you have Multifactor Authentication configured on Office 365, when you want to use Outlook or Skype for business client, user need to insert that password and not his corporate password to use it.

Below I show you how to obtain App Password.

Log in O365 with your corporate user account and push on Settings -> Office 365.

App_Password01

Push on Security and privacy section -> Additional Security Check

App_Password02

Push on Update the phone numbers you use for account security.

app_Password03

On the new window, go to App Password section and push on Create button.

app_Password04

On the windows indicate a reference and push on Next.

app_Password05

Will appear the App Password. Copy it an push on close button.

app_Password06

Whe ypou configure an Outlook profile or want to access to Skype for business, paste that App Password.

Regards!

 

Searching mailbox items on Exchange Online

Hi all,

If you need to find email items on a mailbox in your Exchange Online environment and export to a pst file follow the below steps.

Go to Ofice 365 and push on Security and Compliance tile.

search_items01

In Content search push on + icon.

search_items02

On the new window push a reference name and select:

  • Custom location selection
  • Choose specific mailboxes to search
  • Push on +

search_items03

Push on + Add condition and indicate Participants -> contains any of -> and indicate email addressess.

If you need more conditions like date push on +Add condition and select Date -> after -> and date like in the image.

Push on Search.

search_items04

In Content search you will see the new search generated. In the right pane you can see the options and the total items obtained. Push on Preview search results to check if it is what you are looking for.

search_items05

That’s is:

search_items06

Coming back to Content search area y0u are ready to download to a pst file the email items. Will appear a new window asking how you want to save it.

Once selected your preferences, push on Start export.

search_items07

Copy to clipboard the key.

search_items08

Will appear a new window, push on Install.

search_items09

Wait the download.

search_items010

On the new window, paste the key and select where to save the file. Push on Start.

search_items011

Will start the download and after a few minutes, depending the weight, it will finish.

search_items012

Regards!