Are we really free?

I originally wrote this blog in October 2013 and have only now decided to publish it.

It has been some time since I blogged – mostly it’s about technical stuff that ultimately is useful for only a set amount of time before progress leaves behind my painstakingly detailed posts about clustering or Active Directory. This one is a little different and speaks to the recent security leaks and revelations about how our “security” services monitor our every move online.

There’s those people that insist on saying “Well, if you have nothing to hide, you have nothing to fear!” – my response usually takes some reasoned seconds to bubble to the top but it goes something like this. “Do you fart in public when you know you’re being watched by a pretty girl/ good looking boy?” Continue reading Are we really free?

Editing SharePoint Online User Profiles with PowerShell

Borrowing heavily from these TechNet contributors, I cobbled the following PowerShell script to enable editing of User Profile properties in SharePoint Online. Don’t just run the script blindly, it updates the AboutMe property for anyone with an email address – you’ll need to adapt what properties you want to update of course and also, this script does not update MultiValue properties but it probably isn’t too much of a leap to get to that from this either.

# Import the required DLL
# Download and install this: http://www.microsoft.com/en-us/download/details.aspx?id=42038
Import-Module 'C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.UserProfiles.dll'
Import-Module 'C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll'

#Mysite URL
$site = 'https://mysite-admin.sharepoint.com/' # This needs to be the "admin" site.

#Admin User Principal Name
$admin = 'lewis@mysite.onmicrosoft.com'

#Get Password as secure String
$password = Read-Host 'Enter Password' -AsSecureString

#Get the Client Context and Bind the Site Collection
$context = New-Object Microsoft.SharePoint.Client.ClientContext($site)

#Authenticate
$credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($admin , $password)
$context.Credentials = $credentials

#Fetch the users in Site Collection
$users = $context.Web.SiteUsers
$context.Load($users)
$context.ExecuteQuery()

#Create an Object [People Manager] to retrieve profile information
$people = New-Object Microsoft.SharePoint.Client.UserProfiles.PeopleManager($context)

ForEach($user in $users)
{
    $userprofile = $people.GetPropertiesFor($user.LoginName)
    $context.Load($userprofile)
    $context.ExecuteQuery()

    If($userprofile.Email -ne $null) { # do something a little more intelligent here.
        $people.SetSingleValueProfileProperty($userprofile.AccountName, "AboutMe", "Updated by CSOM")
        $context.ExecuteQuery()
    }
}

Addendum: Getting started with Azure Active Directory Sync – UPN Suffix

Addendum: Getting started with Azure Active Directory Sync – UPN Suffix

In this post we’ll explore briefly using UPN (UserPrincipalName) suffix matching when configuring Azure Active Directory Sync Services. This particular configuration may seem like the golden bullet to getting our users synchronised in to the Azure AD correctly but it could also give you more problems if you don’t consider the rest of your infrastructure and how it may rely on that UPN suffix. I’d ask that you read this entry through before actually making any changes to your on-premises AD infrastructure.

Continue reading Addendum: Getting started with Azure Active Directory Sync – UPN Suffix

Getting started with Azure Active Directory Sync Part 3

Part 3: Getting started with Azure Active Directory Sync – Mopping up

Part 1: Getting started with Azure Active Directory Sync – Tools

Part 2: Getting started with Azure Active Directory Sync – Actually doing it

So, after completing the last mammoth post, we now have synchronisation working (for the most part) but we do have one user called Outside Azure that has picked up the default Azure AD domain suffix, which isn’t what we want, so we’ll explore a couple of ways of remedying this.

During the set up process, we also created a couple of user accounts; one on each of our on-premises AD and Azure AD. Both are the accounts involved in the synchronisation process. Now, best practice suggests we should change the passwords every 30 days but the reality is; we live in the real world. I’d like to think we all enjoy the luxury of waiting for our passwords to expire so we can reset them to keep our systems safe from information disclosure but most of us will likely want to know how to prevent these passwords expiring. This isn’t recommended per se but I’m going to tell you how to do it nonetheless.
Continue reading Getting started with Azure Active Directory Sync Part 3

Getting started with Azure Active Directory Sync Part 2

Part 2: Getting started with Azure Active Directory Sync – Actually doing it

Part 1: Getting started with Azure Active Directory Sync – Tools

Part 3: Getting started with Azure Active Directory Sync – Mopping up

In order to do this part, I have to make certain assumptions about your environment. If this isn’t exactly true for you, sorry but hopefully you can adapt the information here to assist.

The PRIMARY assumption here is that you want your users to log on to Azure AD using their externally routable primary email address. This will be the same as the mail attribute of their on-premises AD user object. My on-premises AD users log in using a format like this: lroberts@transishun.local but their primary email address is lewis.roberts@transishun.co.uk. I want them to log in to Azure AD using their external email address. The screenshots below might explain this better.

So, what if you don’t want to sync with the users’ primary email address and you’re happy to use the users’ normal username with the external domain? Well, the other option is to add a UPN suffix to your forest for the external domain but then users would need to log on to Azure AD using username@[thenewUPN] instead of using their, presumably more memorable, email address. You can add a new UPN in Active Directory Domains and Trusts – Google it. ;-). If I were adding a new UPN in the following examples, instead of using the mail attribute for Azure AD usernames, I would add the transishun.co.uk UPN in my on-premises AD and configure the Azure AD Sync Services program to use the UserPrincipalName attribute instead of mail. If this doesn’t make sense now, do the following steps in a test environment first then read my series addendum post.

Continue reading Getting started with Azure Active Directory Sync Part 2

Getting started with Azure Active Directory Sync Part 1

Part 1: Getting started with Azure Active Directory Sync – Tools

Part 2: Getting started with Azure Active Directory Sync – Actually doing it

Part 3: Getting started with Azure Active Directory Sync – Mopping up

I’ve recently been involved in setting up an Azure Active Directory service and syncing it with an on-premises AD. The process is made to seem straightforward in Microsoft’s documentation but the management tools you need to download and install before you can successfully manage it are not well documented and in some cases, buggy too!

In order to administer your Microsoft Azure Active Directory, you’ll need to obtain these downloads.
Continue reading Getting started with Azure Active Directory Sync Part 1

PowerShell .NET and GUI Interfaces

I’ve been grabbing a bit of software from Technet (you know, that thing that Microsoft are shutting down! <_ <) and with their download links, they provide SHA1 hashes of the ISOs. I had a quick look around the web for something that allowed you to get SHA1 hashes of files and while I found a few, I didn't find any that would allow you to provide a hash and compare the resultant hash with the one you're given by the provider so I decided to write one myself and as with any opportunity, I decided to use PowerShell and .NET with Windows Forms to create a GUI interface as opposed to it all being text based. Sacrilege to those PowerShell purists but it's a limited feature tool and I wanted to learn something new so here's the code.
Continue reading PowerShell .NET and GUI Interfaces

me, on scripting, trance and other subjects i enjoy