Thursday, October 15, 2015

Office 365 - Set user password to not never expire

It is as easy as
1. Connnect-MSOLService
2. Get-MSOLUser -UserPrincipalName | Select PasswordNeverExpires
3. Set-MSOL -UserPrincipalName -PasswordNeverExpires $true
4. Get-MSOLUser -UserPrincipalName | Select PasswordNeverExpires


If all the above statements do not make any sense to you, read on...
  
I was asked by my SDM to create an Global Administrator for one of our clients and set the password expiry to be set to Never. This is what we expect with system accounts when passwords don't change normally.

I created a new account and unchecked "Make this person change their password the next time they sign in"
That's all I though was involved in setting up an account as there was no "Password Policy" that I saw and of course my assumption was not right.

Solution

If you want to apply such a policy for a specific user, PowerShell is your friend. We will see in the end what it takes to apply different password related policies for all users in an organization.

Download each of them separately (64 bit) and install one after the other.

Once all is setup, look for Windows Azure Active Directory Module for Windows PowerShell and right click and run as administrator

Type following command
Connnect-MSOLService
and connect using admin account on your tenant
First thing you need to do is verify if user password is already set to expire or not. We will run this commend again when we have applied the policy to set if it is set correctly.
Get-MSOLUser -UserPrincipalName | Select PasswordNeverExpires
This command will return you a value of True or False depending on user settings. 

To apply the password never expire policy on your user run the following command
Set-MSOL -UserPrincipalName -PasswordNeverExpires $true

Rerun
Get-MSOLUser -UserPrincipalName | Select PasswordNeverExpires 
to verify if your changes are applied or not.

Office 365 Interface

You must have realized by now that its too much work to be done if you need to apply it to the all users. Fear not my friend and continue reading.
Once you are on your Office 365 admin center click Service Settings and then select Passwords. This is where you administrate organization wide password policy. 

Happy administrating Office 365.

Tuesday, July 21, 2015

Onboarding Office 365 Series

I am working on a project for one of my clients where I am asked to onboard them to Office 365.

I have decided to write a series on Onboarding Office 365
There will a series of articles which I will write and share as I go along.

1. Add and configure domains
2. Activate Active Directory synchronization

Onboarding Office 365 Series: Add and configure domains

Page under construction. Please visit following useful links to get you started.


Domains
Video: Add your domain to Office 365
Video: Verify your domain in Office 365
Confirm ownership of your custom domain name

Monday, May 18, 2015

How to send Ctrl+Alt+Del on Remote Desktop

I was connected to a remote box using Windows Remote Desktop and wanted to change my password. Easiest way to do this is to press Ctrl + Alt +Delete key sequences but on the remote computer you cannot because your local client will pick this key combination and give you options on your local box.

The way to do it on remote client is to press CTRL + ALT + END and that should solve your problem.

Tuesday, January 27, 2015

Migrate OneDrive for Business SharePoint Online

I am working for a client who needs to migrate their existing tenant say https://existingtenant.sharepoint.com to a new tenant say https://newtenant.sharepoint.com

Migration is not a problem partly because I am using a very easy to use tool ShareGate and partly because my client has a very standard out of the box kind of SharePoint implementation.

One of the very important tasks is to migrate all the One Drive for Business data of over 200 existing users. I didnt know that it could get so tricky. I was under the impression that it will be as simple as migrating other site collections using the tool.

Before we proceed

There are a few things that you need to know about OneDrive for Business for SharePoint Online
1. Its My Site which enables user to store and share documents just like any other document storage and sharing tool out there for example DropBox but of course with much more features and flexibility that comes with SharePoint.
2. Its a users site collection and only users have access to their my.sharepoint.com site.
3. Even tenant administrators dont have access to users' OneDrive. Users are sole site administrators of their OneDrive
4. OneDrive is not like your emails which is available as soon as a new user gets created. It needs to be first provisioned before it can be used.
5. You cannot migrate OneDrive from a "existingtenant" to a "newtenant" unless you have administrative rights on each of OneDrive on users on both the tenants.

As you can see I have following problems to solve
1. Pre-provision all the users (200+) on the new tenant.
2. Get administrative rights on all the users on both the tenants.
3. Migrate all the users' OneDrive

ShareGate helped me fair bit by letting me become administrator of all the users on both the tenants with just a few click. But this does not solve my problem because the original problem of provisioning the sites and bulk migration was still outstanding.

1. Pre-provision all the users

After a bit of googling I got hold of a very useful script by Microsoft which helped me provision all my users. Details and all the required explanation here. Keep following in mind



1. webUrl should be your -admin.sharepoint.com
2. Your user should have Global Administrator rights
3. Run Windows PowerShell as Administrator.
4. Microsoft.SharePoint.Client, Microsoft.SharePoint.Client.Runtime and Microsoft.SharePoint.Client.UserProfiles can be found here.
5. I didnt setup SharePoint Online Management Shell.

Once I got all the users provisioned I had to find a way to verify if the script ran successfully and I found a useful link which helped me verify that all my OneDrive for Business are provisioned. I also randomly accessed a few users' OneDrive to verify the case.

2. Get administrative rights

I got my first problem solved. My next step was to be able give my Administrator full access to each users' OneDrive. I am assuming that you dont have access to ShareGate and you have to do it yourself.
Following is what I see when I log in as one of the users and access OneDrive.
Click on Site Settings> Site collection administrators under Users and Permissions and you will see that current logged in user is the only administrator of her OneDrive (which we have already talked about)
To give yourself administrative rights on each of the OneDrive sites you need to perform the following actions
1. Get SharePoint Online Management Shell. There are a lot of things that you need to take care of as suggested by Microsoft. Get yourself accustomed before trying any of this all. Download SharePoint Management Shell from here.
2. Run Shell as administrator and connect to your tenant using the command
Connect-SPOService
Make sure you put it -admin.sharepoint.com part when prompted for Url.
3. Put in your admin user and password and asked.
 4. Create a new .ps1 file using the following script
 5. Run the script using SharePoint Online Management Shell by first pointing to the destination folder where you have stored this file.
I have named my script file AccessRights.ps1

As you know that I had 4 users I see four times the message that my administrator is added to each users site.
Your administrator is now a Site Collection Administrator on all the users on your newtenant.sharepoint.com. Make sure you repeat this process on existingtenant.sharepoint.com

3. Migrate all the users' OneDrive
I am planning to use ShareGate to migrate user's OneDrive. If I get a script to do it for me I will post it here.

Happy migrating.