Provisioning Home Directories for Active Directory Users with FIM / MIM using the Granfeldt PowerShell Management Agent

29th of January, 2016 / / 1 Comment

Forefront / Microsoft Identity Manager contains numerous Management Agents (MA’s) out of the box. However an MA for creating user home directories and setting the associated permissions isn’t one of them.

Over the years I’ve accomplished home directory provisioning and permissioning in Active Directory / Windows File Services and Novell eDirectory / Novell File Services using methods that aren’t strictly best practice / supported (e.g. calling native libraries from within a Management Agent Extension to create/manage/delete etc).… [Keep reading] “Provisioning Home Directories for Active Directory Users with FIM / MIM using the Granfeldt PowerShell Management Agent”

Provisioning Users for Lync / Skype for Business with FIM / MIM using the Granfeldt PowerShell Management Agent

28th of January, 2016 / / No Comments

Forefront / Microsoft Identity Manager contains numerous Management Agents (MA’s) out of the box. However, a MA for Lync / Skype for Business isn’t one of them.

Over the years I’ve accomplished lifecycle management for users in Lync via FIM using methods that aren’t strictly best practice / supported (e.g. calling PowerShell from within a Management Agent Extension to enable/disable/manage policies). Whilst this functionally works the ability for end customers to maintain the implementation for changes is limited.… [Keep reading] “Provisioning Users for Lync / Skype for Business with FIM / MIM using the Granfeldt PowerShell Management Agent”

Provision Users for Exchange with FIM/MIM 2016 using the Granfeldt PowerShell MA, avoiding the AD MA (no-start-ma) error

27th of January, 2016 / / 6 Comments

Forefront / Microsoft Identity Manager provides Exchange Mailbox provisioning out of the box on the Active Directory Management Agent. I’ve used it in many many implementations over the years. However, in my first MIM 2016 implementation in late 2015 I ran into issues with something I’d done successfully many times before.

I was getting “no-start-ma” on the AD MA on export to AD. The point at which the MA sets up its connection to the Exchange environment.… [Keep reading] “Provision Users for Exchange with FIM/MIM 2016 using the Granfeldt PowerShell MA, avoiding the AD MA (no-start-ma) error”

Resource Manager Cmdlets in Azure PowerShell 1.0

24th of November, 2015 / / 5 Comments

Azure recently launched the 1.0 version of PowerShell cmdlets. The changes are huge, including new Azure Resource Manager (ARM), which resulted in deprecating Azure-SwitchMode between ASM and ARM. In this post, we only have a brief look at how new PowerShell cmdlets for ARM have been introduced, especially for managing resource groups and templates.

Installation

In order to get the newest Azure PowerShell, using MS Web Platform Installer is the quickest and easiest way.

Note: At the moment of writing, the released date of Azure PowerShell is Nov.

[Keep reading] “Resource Manager Cmdlets in Azure PowerShell 1.0”

Using PowerShell to remove users from an Exchange Online in-place hold policy

20th of November, 2015 / / No Comments

Originally blogged @ Lucian.Blog. Follow Lucian on Twitter @lucianfrango.

In-place hold, legal hold, compliance hold, journaling and/or select “D”: all of the above, when it’s simplified down to its simplest form is storing emails for X amount of time in case there’s a problem and these need to be reviewed. What’s great about Office 365 Exchange Online is that there is the ability to store those emails in the cloud for 2,555 days (or roughly speaking 7 years).

Let’s fast forward to having in-place hold enabled for an Exchange Online tenant. In my reference case I have roughly 10,500 users in the tenant and numerous in-place hold policies, with the largest containing 7,500 or so users. I’ve run into a small problem with this Hybrid based environment whereby I need to move a mailbox that is covered by an in-place hold policy (let’s call it “Lucians Mailbox Search Policy”) back to on-premises for a couple of reasons.

The following blog post outlines how to remove users from an in-place hold via PowerShell as the Office 365 / Exchange Online Control Panel may not let you do that when you have thousands of users in a single hold policy.
Read More

Programmatically interacting with Yammer via PowerShell – Part 2

14th of August, 2015 / / 15 Comments

In my last post I foolishly said that part 2 would be ‘coming in the next few days’. This of course didn’t happen, but I guess it’s better late than never!

In part 1 which is available here, I wrote how it was possible to post to a Yammer group via a *.ps1 using a ‘Yammer Verified Admin’ account. While this worked a treat, it soon became apparent that this approach had limited productivity rewards.… [Keep reading] “Programmatically interacting with Yammer via PowerShell – Part 2”

Azure Active Directory Connect Export profile error: stopped-server-down.

5th of August, 2015 / / 14 Comments

Follow Lucian on Twitter @LucianFrango.

A couple of weeks ago I deployed Azure AD Connect in production. It was a relatively smooth process. The wizard did most of the work which was great. There was a few hiccups (blog post) along the way, which, in most cases is expected if the problems are not so serious.

Fast forward to my second install of the latest and greatest sync service for Azure AD and Office 365 cloud identities and we have problem no. 2. This time, though, I can say that the process ran through allot smoother. There was no real errors. Things were looking straight great and I was looking at my next task with some enthusiasm.

However, come 8.30ish this morning and going over the AADConnect server once more for peace of mind, I had noticed that the “Export” profile task that runs as the last task in the scheduled hourly run for AADConnect synchronisation (I’ve set it to 60min), unfortunately had a nice little error for me:

2015-08-05--AADC-Error--01

Read More

Programmatically interacting with Yammer via PowerShell – Part 1

26th of June, 2015 / / 5 Comments

For my latest project I was asked to automate some Yammer activity. I’m first to concede that I don’t have much of a Dev background, but I instantly fired up PowerShell ISE in tandem with Google only to find…well not a lot! After a couple of weeks fighting with a steep learning curve, I thought it best to blog my findings, it’s good to share ‘n all that!

    It’s worth mentioning at the outset, if you want to test this out you’ll need an E3 Office 365 Trial and a custom domain.
[Keep reading] “Programmatically interacting with Yammer via PowerShell – Part 1”

FIM 2010 R2 and the Missing Log File

16th of June, 2015 / / No Comments

Anyone who has had anything to do with FIM will probably have experienced moments where you question what is taking place and ask yourself if you really understand what FIM is doing at a specific point in time. This is partly due to FIM’s extraordinarily unpredictable error handling and logging.

While working on a long running FIM 2010 R2 project where we chose to make heavy use of PowerShell within action and authorisation workflows. We chose to make use of some of the PowerShell extensions for FIM 2010 R2 at Codplex.… [Keep reading] “FIM 2010 R2 and the Missing Log File”

Hands Free VM Management with Azure Automation and Resource Manager – Part 2

17th of March, 2015 / / 3 Comments

In this two part series, I am looking at how we can leverage Azure Automation and Azure Resource Manager to schedule the shutting down of tagged Virtual Machines in Microsoft Azure.

  • In Part 1 we walked through tagging resources using the Azure Resource Manager PowerShell module
  • In Part 2 we will setup Azure Automation to schedule a runbook to execute nightly and shutdown tagged resources.

Azure Automation Runbook

At the time of writing, the tooling support around Azure Automation can be politely described as a hybrid one.… [Keep reading] “Hands Free VM Management with Azure Automation and Resource Manager – Part 2”