Tuesday, April 19, 2022

Disable Azure AD Sync and Federated Authentication ( ADFS ) in O365

Applies To : Microsoft Office 365

                    ADFS and AD Sync Tool.


Objective / Scenario :

we want to transfer the custom domain "abc.org" from O365 Tennent "A" to Office 365 Tennent "B".

But, "abc.org" is configured with On-Premise Active Directory and ADFS Authorization tool, moreover, we have deleted the ADFS Server prior to disabling it in O365 Tennent, Due to this Users were not able to authenticate with ADFS.

To Authenticate users, the authentication method must change and make the default "onmicrosoft.com" domain to all users to remove the custom domain from Tennent "A".

The below steps demonstrate how to remove ADFS Federated authentication without ADFS accessibility.


Step 1: Open Window PowerShell with "Administrative" rights.

Step 2 : Install MSOnline Module if not installed already " Install-Module MSOnline "

Step 3 : "Connect - MsolService" and Give Username and Password.

Step 4 : "Get-MsolDomain" command to get the Custom domain and Authentication Methods used.




Step 5 : you can see the Custom domain "abc.org" is using "federated" Authentication.

Step 6 : in this step we will disable ADFS "federated" authentication to "managed". 

    Command : "Set-MsolDomainAuthentication - DomainName abc.com -Authentication Managed"

Step 7 : now check once again with "Get-MsolDomain"  custom domain now converted with "Managed


Step 8: Still you will not able to do modification in users' primary e-mail due to AD Sync, needs to disable AD Sync with O365.

Step 9 : "Set-MsolDirSyncEnabled -EnableDirSync $false" and Confirm "Y"



Step 10 : Wait for 15 to 30 min to reflect changes.

Step 11 : Now you can change All users' Primary E-mail IDs from Custom Domain to Default Onmicrosoft.com domain.

Step 12 : After successfully changing of primary E-mail id then remove Custom Domain and add it to the new Tennent.
Posted by at No comments:
Labels: , , , , , , ,

Thursday, April 14, 2022

Failed to open mailbox abc@abc.onmicrosoft.com" "failed to access mailbox" " Mailbox does not exist"

 

Applies to : Veeam Backup for O365, Exchange Server 2013, 2016, 2019

Problem:  Cross Tennent Veeam backup restore error " Failed to open mailbox abc@abc.onmicrosoft.com" "failed to access mailbox" " Mailbox does not exist"

Scenario: I have Two Office 365 Tennent "A" and "B", I want to migrate all mailbox data from Tennent "A" to Tennent "B" ( Cross Tennent Migration ).

I Used the Veeam O365 backup tool to backup of all mailbox,Sharepoint, One Drive data from Tennent "A" and Create Restore Task to Tennent "B".



Diagnose : 

1) Download Backup Logs from Veeam Console. https://helpcenter.veeam.com/docs/vbo365/guide/vbo_exporting_logs.html?ver=60 

2) Found below error in log file.



Resolution : 

1. Login to the Office 365 Exchange Admin Portal.

2. Go to Permissions, then under Admin Roles click the '+' symbol to add a new role and enter the Name and Description 'CloudMigratorImpersonation'.



3. Click the '+' symbol under 'Roles:', select ApplicationImpersonation, click 'add →' then 'OK'



4. Click the '+' symbol under 'Members:' and select your Admin User, click 'add →' then 'OK'



5. Click 'Save' in the 'Role Group' window and you will then see the Impersonation role listed in Admin Roles. 

You can now use application impersonation with your admin user in CloudMigrator.



Reference : 
https://answers.microsoft.com/en-us/msoffice/forum/all/exchange-impersonation-error-unable-to-open-user/834c4ea9-6cb5-4df4-9011-433ba501f6d2

https://www.techieshelp.com/exchange-2013-configuring-impersonation-applications/




Posted by at No comments:
Labels: , , , , ,

Microsoft Exchange Active Sync "HTTP error 500.24 - Internal Server Error" and "An HTTP 500 response was returned from IIS7"

 Applies to  : Microsoft Exchange Server 2016

Problem: Mails on Mobile Devices are not synching, from internal/external networks.

further, diagnose open https://testconnectivity.microsoft.com and got below error " An HTTP 500 response was returned from IIS7"



I tried to access Microsoft Active Sync Virtual directory from web browser "https://example.contoso.com/Microsoft-Server-ActiveSync" and got the below error " HTTP Error 500.24 - Internal Server Error"




RESOLUTION :

1) Open IIS Management console

2) Select, Default Website, and Navigate to the Active Sync virtual directory.

3) Open Advance Settings and Copy Path of the Virtual Directory.

4) Go to the Virtual Directory path and Find "Web.config" file. ( Example Path : %Exchange Server Installation Directory%\ClientAccess\Sync\web.config"

5) Open "web.config" file in Text Editor and Find "impersonate". ( Make Copy of the original file prior to editing )

6) Setup value, impersonate=True to False.

7) Save File and Restart IIS Server.

References : 

https://social.technet.microsoft.com/Forums/en-US/e60ebbf2-f8d2-403f-8d20-aada110bfd72/activesync-problem-http-500-response?forum=exchangesvr3rdpartyappslegacy 

https://helpcenter.gsx.com/hc/en-us/articles/115006225328-Exchange-2010-CAS-Check-ActiveSync-500-Internal-Server-Error

https://www.azure365pro.com/exchange-activesync-returned-an-http-500-response-internal-server-error/

Posted by at No comments:
Labels: , , , ,
Subscribe to: Posts (Atom)