Monday, August 16, 2021

How to convert a mailbox to be a shared mailbox, and remove their AD (Active Directory) account

 If you want to convert a mailbox to shared to preserve it, but you want to disable or delete the AD account, do the following-


 - Go into mailboxes in Exchange Admin Center, click "Convert to Shared" on the right.

 - To to the users in Microsoft 365, remove the users license.

 - Disable or delete the AD account, wait for Azure AD to sync.

 - Under Admin Centers, click Azure Active Directory, Users, Deleted Users.  Select the users and click "Restore Users."  This will move them to a "Cloud User" which will need to be maintained to prevent the mailbox from being deleted.  This account will not be able to log into the mailbox, however, so it presents a pretty minimal risk.  You can set a complex password and enable MFA.

Posted by at No comments:

Tuesday, August 10, 2021

Enable Modern Authentication (ModernAuth, OAuth) in Office 365, resolve Outlook Clients not using modern auth.

 First- Ensure Office 365 is set for Modern Auth-

    - Log in to the Office 365 portal, Edge seems to work the best.
    - Admin Centers, Exchange, Classic Exchange Admin Center.   
    - Hybrid, click "Configure" under Exchange Online Powershell Module.
    - Type "Connect-EXOPSSession -UserPrincipalName <your UPN>"
    - Get-OrganizationConfig | ft OAuth*
        - If it's set to "True", you're good to go, modern auth is enabled.
    - If it's set to false- Set-OrganizationConfig -OAuth2ClientProfileEnabled $True
    - Give it a couple of hours.

If a user is still getting the basic prompt in outlook-

    - Go into control panel, credential manager, delete everything related
    - In regedit, go to HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Identity. 
    - Create a new DWORD named "EnableADAL" and give it a value 1

If that doesn't work-

    - Create a new DWORD named "DisableAADWAM" and give it a value 1
    - Create a new DWORD named "DisableADALatopWAMOverride" and give it a value 1








Posted by at No comments:

Wednesday, July 28, 2021

Cisco ASDM "This app can't run on your PC" error message."

 

  1. Choose Start > Cisco ASDM-IDM Launcher, and right-click the Cisco ASDM-IDM Launcher application.

  2. Choose More > Open file location.

    Windows opens the directory with the shortcut icon.

  3. Right click the shortcut icon, and choose Properties.

  4. Change the Target to:

    C:\Windows\System32\wscript.exe invisible.vbs run.bat

  5. Click OK.

Posted by at No comments:

Tuesday, July 13, 2021

How to Hard Match a user on Office 365

  • Move the user to an OU that is not monitored by AD sync, perform an export, go to Azure AD and permanently delete the user.
    • Connect-MsolService -Credential $credential
    • Install-Module MSOnline
    • import-module adsync 

  • [system.convert]::ToBase64String((Get-Aduser dfcoughlin).objectGUid.ToByteArray())
  • Set-MsolUser -UserPrincipalName user@abc.com -ImmutableId <INSERT B64 ID HERE>

  • Move the AD user back to the monitored OU.


Other way to get GUID-
  • Get-ADUser -Identity “<username>” 

  • Convert the GUID to Base 64
    • $guid = "3ab39606-c642-489b-84b6-58c038d3ef39"
    • $base64 = [system.convert]::ToBase64String(([GUID]$guid).ToByteArray())
    • $base64
How to unlink a cloud Azure AD account with the corresponding On Prem User (DeletingCloudOnlyObjectNotAllowed)
# Change UPN to "onmicrosoft"
set-MsolUserPrincipalName -UserPrincipalName user@domain.com -NewUserPrincipalName user@yourcompany.onmicrosoft.com
# Setting a new Random Immutable ID
set-MsolUser –UserPrincipalName user@yourcompany.onmicrosoft.com -ImmutableId "Z/-XGv2W4kWPM1mR/ddSdn!)"
# Changing it back to the original UPN
set-MsolUserPrincipalName -UserPrincipalName user@yourcompany.onmicrosoft.com -NewUserPrincipalName user@domain.com

Posted by at No comments:

Friday, July 9, 2021

Reset default users and computers folder so you can rename or delete SBSUsers OU

 ReDirUsr "CN=Users,DC=domain,DC=com"

ReDirCmp "CN=Computers,DC=domain,DC=com"

Posted by at No comments:

Wednesday, July 7, 2021

No drivers will install, you get "The Data is Invalid"

 Check to make sure the following services are NOT disabled, and start them-

Device Install Service
Device Setup Manager
Device Association Service


Posted by at No comments:

Tuesday, June 22, 2021

ASDM Certificate Authentication

  - Open up powershell-

$rootcert = New-SelfSignedCertificate -Type Custom  `
-Subject "CN=ASARoot" `
-KeyExportPolicy Exportable `
-KeySpec Signature `
-HashAlgorithm sha256 `
-KeyLength 2048 `
-CertStoreLocation "Cert:\CurrentUser\My" `
-KeyUsageProperty Sign `
-KeyUsage CertSign

 - Run MMC, add Certficiates, User, go to personal, Export, no to private key, pick Base-64 encoded, save file.

 - Log into ASA- 

MyASA(config)# crypto ca trustpoint ASACERT
MyASA(config-ca-trustpoint)# no ca-check
MyASA(config-ca-trustpoint)# enrollment terminal
MyASA(config-ca-trustpoint)# no id-usage
MyASA(config-ca-trustpoint)# exit
MyASA(config)# crypto ca authenticate ASACERT

 - Log into ASDM, Network Client Access, Anyconnect Connection Profiles, select profile and click Edit, set authentication to certificate only.

Posted by at No comments:
Subscribe to: Posts (Atom)