Category Archives: Administration

Connect to SharePoint Online with the SharePoint Online Management Shell

Most administrators are looking to manage their SharePoint Online service from PowerShell. Here is how you connect to SharePoint online with PowerShell

 

Make sure that the following software is installed

Windows Management Framework 3.0

SharePoint Online Management Shell

 

Connect to SharePoint Online

  1. Open SharePoint Online Management Shella.    Click Startb.    Click All Programs

    c.    Click SharePoint Online Management Shell

       d.    Right Click SharePoint Online Management Shell and run as Administrator

2.    Run the following command, modified for your own tenant

 Connect-SPOService -Url https://customerdomain-admin.sharepoint.com -credential admin@customerdomain.com

-Url is the URL of the SharePoint Online Admin Centre

-Credential is the user that has admin access to the SharePoint Online service

 

Check out the following link for all the wonderful things that you can do with SharePoint online and PowerShell.

Introduction to the SharePoint Online management shell

 

Thanks for visiting and reading my posts. I am always looking for more ideas. Please comment or email me with what you would like to see.

Kelsey Epps

Office 365 MVP

Email Me Follow me on Twitter Connect with me on LinkedIN Facebook Me

 

Activating and Licensing a Synchronized User in the NEW Office 365

In the last step we setup directory synchronization, which will allow us to synchronize our local Active Directory users to our Office 365 tenant account. Now that we have the users in our tenant account, we need to license them. Licensing them is what activates and provisions their services (Exchange, Lync, SharePoint and Office)

One thing that we notice in our Office 365 Admin Center is that the users are categorized as to where their account is. You’ll notice ‘In cloud’ and ‘Synced with Active Directory’.

As we saw in this blog post, when you create cloud users, you can assign them a license at that time. Since Directory Synchronization creates the users for us, we have to go back and license the users. You can activate and license one or many users at the same time. This can also be done via script through PowerShell; but that’s not covered in this post.

 

  1.  

  2. Find the user or users that you wish to activate

     

  3. Select the user or users

     

  4. Click Activate Synced User

     

  5. Select the user location

     

  6. Select the license and services you want to assign to the user (based on license type)

     

  7. Click Next

     

  8. Choose if you want the results to be emailed

     

  9. Click Activate

     

  10. Click Finish

     

One thing to note is that there is no password assigned to the user. This is because the password is keep and authenticated on premise through AD FS.

 

Getting to know the NEW Office 365

  1. Does Microsoft have FREE training for the NEW Office 365?
  2. Signing up for the NEW Office 365
  3. Adding and Verifying a Domain for the NEW Office 365
  4. Creating Cloud Users for the NEW Office 365
  5. Configuring Desktops for the NEW Office 365
  6. Exchange 2003 Cutover Migration to the NEW Office 365
  7. Exchange 2007 Cutover Migration to the NEW Office 365
  8. Setting up AD FS and Enabling Single Sign-On to the NEW Office 365
  9. Setting up AD FS Proxy Servers for Single Sign-On to the NEW Office 365
  10. Setting up Directory Synchronization with the NEW Office 365
  11. Activating and Licensing a Synchronized User in the NEW Office 365
  12. Testing Single Sign-on to the NEW Office 365
  13. Making the Single Sign-On Solution Highly Available
  14. Exchange Hybrid Deployment with the NEW Office 365

Thanks for visiting and reading my posts. I am always looking for more ideas. Please comment or email me with what you would like to see.

Kelsey Epps

Office 365 MVP

Email Me Follow me on Twitter Connect with me on LinkedIN Facebook Me

Part 1 – Prepare the Local AD FS Server

Before we can federate with Office 365, we need to prepare and install the prerequisite accounts and software.

 

Create Service Account

Best practices state that AD FS should be installed with a service account. This prevents the AD FS service from running under another user account. This eliminates a number of potential issues

 

  1. Login to your Domain Controller with an Administrator Account

     

  2. Open Active Directory Users and Computers

     

  3. Create a Service Account for AD FS

     

     

     

  4. Add Service Account to local Administrator Group on the AD FS Server

 

Install AD FS Server Role

 

  1. Login to the AD FS server with the AD FS service account

     

  2. Open Server Manager

     

  3. Click Manage

     

  4. Click Add Roles and Features

     

  5. Click Next

     

  6. Select Role-based or feature-based installation

     

  7. Click Next

     

  8. Select the local server

     

  9. Click Next

     

  10. Select Active Directory Federation Services

     

  11. Click Add Features, this will install the required features for AD FS

     

  12. Click Next

     

  13. Select .NET Framework 3.5 Features

     

  14. Click Next

     

  15. Click Next

     

  16. Select Federation Service (selected by default)

     

  17. Click Next

     

  18. Click Next

     

  19. Leave default selections for the Web Server Role (IIS)

     

  20. Click Next

     

  21. Click Install

     

  22. Install begins. You can close this window or leave it open to view the progress

     

    Installation completed

     

  23. Click Close

 

Install Sign-in Assistant

 

  1. Open Internet Explorer

     

  2.  

  3. Click Download
    Software

     

  4. Click Desktop Setup

     

  5. Click Set up to start the Desktop Applications install

     

  6. Click Run

     

  7. Desktop Assistant is downloaded

     

  8. Click Run

     

  9. Sign in with a Global Administrator account for Office 365.

     

    I create a shared service account for use with AD FS and Directory Sync. This account does not need a license assigned and should be a tenant account (@domain.onmicrosoft.com). Assign the account the Global Administrator role. Use this BLOG post for setting up the user.

     

     

  10. Desktop Applications setup starts

     

  11. Uncheck (if checked) Microsoft Outlook, Microsoft SharePoint and Microsoft Lync

     

  12. Click Continue

     

  13. Click Run

     

  14. Click I Accept

     

  15. Installing Microsoft Online Sign-In Assistant

     

  16. Click Finish

 

Install the Windows Azure Active Directory Module for Windows PowerShell

 

  1.  

  2. Click Users and Groups

     

  3. Click Set up link beside Single Sign-On

     

  4. Chose Windows 64-bit Version

     

  5. Click Download

     

  6. Click Run

     

  7. Click Next

     

  8. Accept the License Agreement

     

  9. Click Next

     

  10. Choose and install path

     

  11. Click Next

     

  12. Click Install

     

  13. Click Finish

 

This completes setting up all the pre-required software for the AD FS server.

 

Complete Series:

Getting to know the NEW Office 365

  1. Does Microsoft have FREE training for the NEW Office 365?
  2. Signing up for the NEW Office 365
  3. Adding and Verifying a Domain for the NEW Office 365
  4. Creating Cloud Users for the NEW Office 365
  5. Configuring Desktops for the NEW Office 365
  6. Exchange 2003 Cutover Migration to the NEW Office 365
  7. Exchange 2007 Cutover Migration to the NEW Office 365
  8. Setting up AD FS and Enabling Single Sign-On to the NEW Office 365
  9. Setting up AD FS Proxy Servers for Single Sign-On to the NEW Office 365
  10. Setting up Directory Synchronization with the NEW Office 365
  11. Activating and Licensing a Synchronized User in the NEW Office 365
  12. Testing Single Sign-on to the NEW Office 365
  13. Making the Single Sign-On Solution Highly Available
  14. Exchange Hybrid Deployment with the NEW Office 365

Thanks for visiting and reading my posts. I am always looking for more ideas. Please comment or email me with what you would like to see.

Kelsey Epps

Office 365 MVP

Email Me Follow me on Twitter Connect with me on LinkedIN Facebook Me

Office 365 Deployment – Tools and Guides

tools

 

Proper planning is everything when deploying Office 365. Microsoft has documented the process for multiple paths and they have released free whitepapers and tools for you to use.

 

Office 365 Deployment Guides – The white papers for basic and advanced deployments of Office 365

Exchange Deployment Assistant – Exchange Hybrid Planning tool. This is a web based tool that allows you to plan your Exchange migration to Office 365.

Office 365 Deployment Tools – Powershell scripts and tools to help with migration from Lotus Notes to Office 365

 

Thanks for reading. Comments are always welcome.

Kelsey Epps

kelsey.epps@office365support.ca

 

  

REPLAY – Back to Basics: Setting Up Office 365 – Lync and Learn

Thank you to everyone who attended my Lync and Learn Session. In case you missed it, you can view the Lync recording here or watch the video below. Look for more Office 365 webcast sessions by following the Office 365 Technical blog.

http://community.office365.com/en-us/blogs/office_365_technical_blog/archive/2012/12/12/back-to-basics-setting-up-office-365-lync-and-learn.aspx

Back to Basics: Setting Up Office 365 – Lync and Learn

 

Thanks for visiting and reading my posts. I am always looking for more ideas. Please comment or email me with what you would like to see.

Kelsey Epps

Office 365 MVP

Email Me Follow me on Twitter Connect with me on LinkedIN Facebook Me


Back to Basics: Setting Up Office 365 – Lync and Learn

I am excited to announce that I am going to be doing a Lync and Learn session for the Microsoft Office 365 User Community.

 http://community.office365.com/en-us/blogs/office_365_technical_blog/archive/2012/12/12/back-to-basics-setting-up-office-365-lync-and-learn.aspx

 Audience:

Office 365 for professionals and small businesses
Office 365 for enterprises

Lync and Learn is an online session led by Office 365 Product Managers and Community Grid members. Lync and Learn sessions address different Office 365 subjects and scenarios and is beneficial to anyone who wants to learn more and expand their knowledge of the Office 365 suite. View past Lync and Learn sessions here.


Office 365 provides convenience in the cloud through a great set of productivity and collaboration tools. In this Lync and Learn session, Kelsey Epps will provide some convenience of his own through helping us set up Office 365. We’ll get back to the basics and dive into setting up Office 365. In this Lync and Learn Webcast we will cover the following:

  • Sign-up for the trial
  • Adding a domain and verifying it
  • DNS records
  • Create Users and Assign licenses
  • Setup Desktop PC for User
  • Accessing Office 365 Services from the Desktop and Internet
  • Purchasing Additional Licenses
  • Open a service request

Kelsey Epps is a Senior Systems Engineer with a background in Microsoft Clustering, Exchange Server, Lync Server and Windows Server.

Download the calendar invite below and join us on December 20th at 10:00 AM Pacific Time for this great session.

Interested in being our next Lync and Learn presenter? Learn how to join the Office 365 Grid and become an Office 365 Lync and Learn presenter.

———————————————————————————————————————————————————

Presenter: Kelsey Epps, Technology Consultant with HP and Concepps Group, and Office 365 Grid member.

Date/Time: Thursday December 20th, at 10:00 AM Pacific Time. (1 Hour presentation)

Live Meeting Information:
Join online meeting
https://join.microsoft.com/meet/v-joshto/F00T8BQY
Join by Phone
+18883203585
Find a local number

Conference ID: 27579341
Forgot your dial-in PIN? |
First online meeting?
[

Publishing ADFS 2.0 using Threat Management Gateway 2010

Another option for publishing ADFS 2.0 to the internet is to use TMG 2010 as a proxy. This method will replace an ADFS 2.0 Proxy server.

ADFS Proxy services are used for external users to authenticate with their domain credentials and are essential for user access to Office 365 while not having access to the local domain controller.

The process below guides you through setting up TMG 2010 to publish/proxy ADFS traffic from the internet to the local ADFS 2.0 server. This assumes that you have your internal ADFS infrastructure setup and connected to Office 365 already.

  1. Open TMG Management Console

     

  2. Expand Forefront TMG

     

  3. Right Click Firewall Policy

     

  4. Click New

     

  5. Click Web Site Publishing Rule…


     

  6. Add a descriptive name for your rule

     

  7. Click Next

     

  8. Select Allow, on Actions to take when rule conditions are met

     

  9. Click Next

     

  10. Select Publish a single Web site or load balancer

    This option will work for a single ADFS server and an ADFS Farm that is load balanced

     

  11. Click Next

     

  12. Select User SSL to connect to the published Web server or server farm

     

  13. Click Next

     

  14. Enter your internal ADFS Server Farm name.


     

  15. Click Next

     

  16. Enter the path for ADFS

    /adfs/*

     

  17. Check Forward the original host header instead…


     

  18. Click Next

     

  19. Enter your publicly resolvable name for the ADFS site.


     

  20. Click Next

     

  21. Select Web Listener, click New…

     

  22. Add a descriptive name for your web listener


     

  23. Click Next

     

  24. Select Require SSL secured connections with clients


     

  25. Click Next

     

  26. Select your External Network, or Select the IP address on which you want to listen for the ADFS traffic.


     

  27. Click Next

     

  28. Click Select Certificate


     

  29. Select the public certificate

    This is the same certificate that we used on the internal ADFS servers. I exported the certificate and imported it onto the TMG server

     

  30. Click Select


     

  31. Click Next

     

  32. Select HTML Form Authentication

     

  33. Select Windows (Active Directory) to validate client credentials


     

  34. Click Next

     

  35. Uncheck Enable SSO for Web sites published with this Web listener


     

  36. Click Next

     

  37. Click Finish

     

  38. Now that the Web listener is setup, Click Next

     

  39. Select NTLM authentication


     

  40. Click Next

     

  41. Remove All Authenticated Users

     

  42. Add All Users


     

  43. Click Next

     

  44. Click Finish

     

Now that the Rule and Web Listener are setup, we need to make some modifications.

  1. Right click the ADFS rule and select Configure HTTP

     

  2. Uncheck Verify normalization

     

  3. Uncheck Block high bit characters


     

  4. Click OK

     

  5. One handy option that we can use with TMG is password changes and password expiry notifications. To enable this we need to edit the web listener

     

  6. Right click the ADFS rule and select properties

     

  7. Click the Listener tab

     

  8. Click Properties

     

  9. Click Forms Tab

     

  10. Check Allow users to change their passwords

     

  11. Check Remind users that their passwords will expire…


     

  12. Click OK

     

  13. Click OK

     

  14. Apply the changes to TMG and allow some time for the configuration to update


 

Test the logon process

  1.  

  2. Enter your credentials

     

  3. Click sign in at….


     

  4. Enter the UPN account name and password


     

  5. Click Log On

 

This is how the users will see a password change notification

Thanks for visiting and reading my posts. I am always looking for more ideas. Please comment or email me with what you would like to see.

Kelsey Epps

Office 365 MVP

Email Me Follow me on Twitter Connect with me on LinkedIN Facebook Me