Category Archives: Office365

CSP access to tenants using powershell. Part 3

In this part 3 of CSP and powershell I will show how you can connect to azureAD of a customer tenant using your CSP app credentials and refreshtoken. This is almost the same procedure as we use to connect to az. We will start with the same variables as in part 2. Remember to keep your credential and secure, as it will give access to all your tenants.

$app=get-credential # Get AppID and Key for out partnecenter app. (created in part 1)
$refreshtoken = 'refreshtoken' # From part 1 or whenever we get a new one.
$CustomerTenantID= 'Azure directory object id'

Struggled for a while to get this to work. The important thing is the endpoints and when to use the customer tenant ID.

$azureToken = New-PartnerAccessToken -Resource "" -Credential $app -RefreshToken $refreshtoken -TenantId $CustomerTenantID
$graphToken = New-PartnerAccessToken -RefreshToken $refreshToken -Resource "" -Credential $app -TenantId $CustomerTenantID  

Connect-Azuread -aadAccessToken $graphToken.AccessToken -msAccessToken $azureToken.AccessToken -TenantId $CustomerTenantID  -AccountId $app.username

So now you can use get-azureaduser to get users from this customer tenant.

You could also use the MS online module msol to query for users, this module requires you to use tenantid as an argument.

In part 4 I will wrap this up in a simple script allowing you to select customer tenant.

List Exchange mailboxes with forwarding rules

Simple list of all mailboxes and rules. Displays more info if one of them contains a forwarding rule:

$mb=Get-Mailbox | Sort-Object -Property displayname
$t2=0;$t=($mb).count;$mb| ForEach-Object {write-host $t2"\"$t " " $_.displayname;$t2++;get-inboxrule -mailbox $_.alias| ForEach-Object {if($_.description -like "*forward*"){write-host $_.description -foregroundcolor red}}}

Unable to create a new Skype meeting from Outlook.

When trying to create a new Skype meeting from Outlook we get the message “The request failed. Please try again. Make sure that you are signed in to Skype for Business.” skype

First solution was to clear outlook name cache. This solves the problem for a short while.

A better workaround is to disable outlook the use of UCAddin.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Lync\AddinPreference]

Then close and restart Lync/S4B. This is a “bug” in a windows update to the Skype client.


Lync Licensed user is not showing up in Lync Admin Center

Some users was missing in Office 365 Skype admin center. I verified that they had a Skype license plan assigned. Tried to remove and readd – did not help. These users are replicated from on premise to cloud using Azure AD sync. Turned out these users had previously been Lync enabled on on premise Lync server. Compared all ActiveDirectory attributes, and the only one that make any sense was msRTCSIP-DeploymentLocator. msrtcdeployment

The attribute did not have any value that I reacted to when I first saw it, But I cleared the value and ran a sync to O365.

msrtcdeployment2Cleared it by opening the Attribute and pressed Clear button.

After the sync to Azure the user finally appeared in O365 Skype Admin Center.


Outlook : Flagged messages does not show in tasklist

OutlookFlagsOnce upon a time there was several on premise mailboxes. The follow up flags were working flawlessly from Outlook running in “online mode” on a RDS server. Someone installed hybrid mode and moved the mailboxes to O365. Now the user was really disappointed with the response from Outlook still running in Online Mode. One of the users got archive mailbox enabled. The primary mailbox was moved to on premise. We now got a new issue : It was possible to tag messages with flags, but they never appeared on the task list. Where do you start to troubleshoot this? Our first check is to see use OWA. Usually this will give us a hint if it is client or server side error. And …  it looked faulty in owa. So this seems to be a mailbox error. What to do next? We tried to run Outlook with command line parameters – in this case /resettodotab . And….. that did not help. Next we tried to create new outlook mapi profile, but that did not help either. Then a more drastic approach – we did a export and import of the entire mailbox from Outlook. During the import we did select to overwrite existing elements. We also selected to start Outlook using the same command line /resettodotab. This time it worked out fine. This was a time consuming approach so now we tried to move another mailbox, with the same problem, to another mailboxdatabase and that also worked fine. Conclusion for us was to move the troublesom mailbox to another mailbox database and start Outlook with command line /resettodotab, We did not try to uninstall any office patch , since we had this problem on both Outlook 2010 and Outlook 2013. This worked fine for small mailboxes (>500 MB) but not for larger ones.

Ended up creating a supportcase with Microsoft and the result of this is that this is an issue.  Senario is when a Exchange 2010 mailbox is moved to O365 (Exchange 2016) Legacy attributes are removed from the mailbox. These attributes does not exist when the mailbox is moved back to onprem (Exchange 2010) and there for issues like this will emerge.

Why does it help to move a small mailbox to a new database? According to MS support : when a small mailbox( less than 500 Mb) is moved to a new database a new content table is created,  this is not the case when you move a larger mailbox.