Tous les articles par nutcracker

Azure AD connect

probleme syncro upn/alternative id sur compte azure ad

HARD Match upn
Set-MsolDirSyncFeature -Feature SynchronizeUpnForManagedUsers-Enable $True

SOFT match (alternative ID : SMTP…)
Set-MsolDirSyncFeature -Feature EnableSoftMatchOnUpn -Enable $True

Ne pas syncroniser le compte avant la creation  SMTP sur exchange online et verifier activation soft match

Configuring Alternate Login ID

https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-get-started-custom#connect-to-azure-ad

Unverified domains
UPN
https://support.microsoft.com/en-us/help/2523192/user-names-in-office-365-azure-or-intune-don-t-match-the-on-premises-u

ou

How to use SMTP matching to match an on-premises user to a cloud identity

To use SMTP matching to match an on-premises user to an Office 365 user account for directory synchronization, follow these steps:

  1. Obtain the primary SMTP address of the target Office 365 user account. To do this, follow these steps:
    1. Sign in to the Office 365 portal as a global admin.
    2. Click Admin, and then click Exchange to open the Exchange admin center.
    3. In the Exchange admin center, locate and then double-click the user account that you want.
    4. Click email address, and then note the primary SMTP address of the user account.
  2. Start Active Directory Users and Computers, and then create a user account in the on-premises domain that matches the target Office 365 user account. For more information about how to do this, go to the following Microsoft TechNet website:
    Create a User Account in Active Directory Users and Computers
  3. Set the primary SMTP address of the new user account to match the primary SMTP address that you noted in step 1D.To do this by using Exchange Management tools, go to the following Microsoft websites:

    If Exchange isn’t installed on-premises, you can manage the SMTP address value by using Active Directory Users and Computers:

    1. Right-click the user object, and then click Properties.
    2. On the general tab, update the E-mail field, and then click OK.
  4. Force directory synchronization. For more information about how to do this, go to the following Microsoft website:
    Force directory synchronization

SMTP matching limitations

The SMTP matching process has the following technical limitations:

  • SMTP matching can be run on user accounts that have a Microsoft Exchange Online email address. For mail-enabled groups and contacts, SMTP matching (Soft match) is supported based on proxy addresses. For detailed information, refer to the « Hard-match vs Soft-match » section of the following Microsoft Azure article:Azure AD Connect: When you have an existent tenantNote This doesn’t mean the user must be licensed for Exchange Online. This means that a mailbox that has a primary email address must exist in Exchange Online for SMTP matching to work correctly.
  • SMTP matching can be used only one time for user accounts that were originally authored by using Office 365 management tools. After that, the Office 365 user account is bound to the on-premises user by an immutable identity value instead of a primary SMTP address.
  • The cloud user’s primary SMTP address can’t be updated during the SMTP matching process because the primary SMTP address is the value that is used to link the on-premises user to the cloud user.
  • SMTP addresses are considered unique values. Make sure that no two users have the same SMTP address. Otherwise, the sync will fail and you may receive an error message that resembles the following
POWERSHELL Office365

Gestion groupe ADazure

cmdlet gestion des groupes

https://msdn.microsoft.com/en-us/library/321d532e-407d-4e29-a00a-8afbe23008dd#BKMK_ManageGroups

Integrer des utilisateurs au groupe

http://msoffice365exo.blogspot.com/p/add-members-to-security-group-through.html

restreindre l’envoi uniquement de mails en interne pour un groupe office365 /ajouter des infos courrier

https://support.office.com/fr-fr/article/utiliser-powershell-pour-g%C3%A9rer-les-groupes-office-365-aeb669aa-1770-4537-9de2-a82ac11b0540

 

gouvernance et securite

type de groupes office365 dans GAL

powershell cacher les groupes 365 dans GAL

Set-UnifiedGroup <group> -HiddenFromAddressListsEnabled $true
Hiding a Group from the GAL will only removes the availability of group in address list from external users, but it does not prevent other users to send email to the Group if they already know the address. If you want to restrict other users (other than group members) from sending message to the group, you need to set one more property – AcceptMessagesOnlyFromSendersOrMembers.
1
Set-UnifiedGroup <group> -AcceptMessagesOnlyFromSendersOrMembers <group

If you want a group to accept messages from more than one group (multiple groups), you can give the group names as comma separated values in the above command.

1
Set-UnifiedGroup <group> -AcceptMessagesOnlyFromSendersOrMembers <group>,<group2>
Masquer les groupes de distribution a extension de messagerie
Set-DistributionGroup "Group Name" -HiddenFromAddressListsEnabled:$true

ou via AD

SOLUTION

https://support.microsoft.com/en-in/help/3205648/mail-enabled-security-group-isn-t-hidden-from-the-gal-after-directory

To resolve this problem, follow these steps:

  1. Set the msExchHideFromAddressLists attribute of the security group to True. To do this, follow these steps:
    1. Open Active Directory Users and Computers.
    2. Locate and then right-click the group object, click Properties, and then click the Attribute Editor tab.
    3. Locate the msExchHideFromAddressLists attribute, click Edit, and then change the value from <Not set> to True.
  2. Wait for directory synchronization to occur. Or, force directory synchronization.

 

gouvernance et securite, SHAREPOINT

Office 365 Groups vs Azure AD Security Groups

Office 365 Groups vs Azure AD Security Groups

probleme d’acces via groupe office365, recherche de site, hung workflow

https://threewill.com/office-365-groups-vs-azure-ad-security-groups/

mail enabled security group or not
https://www.imanami.com/mail-enable-an-active-directory-security-group-or-not/

best practise:
Do not add AD group directly to the site! Create a SharePoint group and add an AD group inside of a SharePoint group.

Azure AD connect

update et Azure AD Connect

High CPU usage issue in Azure AD Connect Health for Sync

https://support.microsoft.com/en-gb/help/4346822/high-cpu-issue-in-azure-active-directory-connect-health-for-sync

About Azure AD Connect Health agent

https://dirteam.com/sander/2018/06/18/knowledgebase-high-cpu-usage-for-azure-ad-connect-health-sync-monitor-with-net-framework-4-7-2-installed/

installation Azure AD Connect Health

voir les versions Azure AD Connect a upgrader US
https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-version-history#118800
version french
https://docs.microsoft.com/fr-fr/azure/active-directory/connect/active-directory-aadconnect-version-history

https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/active-directory/connect/active-directory-aadconnect-version-history.md

version us 1.1.880.0
https://www.microsoft.com/en-us/download/details.aspx?id=47594

The following .NET framework update would cause the high CPU issue of monitoring agent:

.Net framework update

OS version

KB4338420

Windows Server 2008

KB4338606

Windows Server 2008 R2

KB4054542

Windows Server 2012

KB4054566

Windows Server 2012 R2

KB4054590

KB4338814

KB4338419

KB4338605

KB4345418

General