Azure AD Connect (AADC): How to resolve Stopped-extension-dll-exception?

Usually this error will not have any effect to Office 365 Dirsync, but it is indeed annoying to see error in our Azure AD Connect Sync Client Interface. Is best to resolve this error.

There are only 4 possible causes;

  1. AADC is OUTDATED ()
    • Check for AADC version
    • If it is outdated than update it, run the sync again
    • Reference: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-upgrade-previous-version
  2. AADC’s schema crashes
    • Run the AADC application and restart the schema
    • Reference: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-installation-wizard
  3. Azure AD account Sync password is not set to “Password Never Expired”
    • *Note: By default, when you setup AADC this is already turn on
    • If you had turn this feature off,you have to update the password and enable the feature back on.
    • Run Azure PowerShell Module command
      • Connect-MsolService
      • #Set new password
        Set-MsolUserPassword
        -UserPrincipalName “XXXXXXX” -NewPassword “pa$$word
      • Set-MsolUser -UserPrincipalName "XXXXXXXXX" -PasswordNeverExpires $true
      • Restart the AADC service
      • #After restart runs finish, type this command
        Start-ADSyncSyncCycle -PolicyType Initial
  4. Server itself is having problem
    • Restart the server
  5. Permission missing
    • If you enable single sign-on, remember its minimum requirement of the permission rights for service account is domain admin
  6. DNS routing issue
    • If you notice that you are having trouble resolving “login.windows.net” this is due to your DNS settings in your DNS server/AADC server network settings
    • Most likely is DNS server settings, is configure wrongly
    • Try to run nslookup to identify the return result
    • If there is a forwarder in place, remove it.

The above causes are also the steps-by-steps investigation, and to resolve this error it is best to follow the above category and resolving them.

*Note: This error may occurs after few hours and it is best to monitor for 24 hours or 48 hours.

Office 365: Synchronized/Migrated user showing wrong UPN in Office 365

Oh no! I forgot to change/set the user’s UPN correctly before migration! Even a simple job we could get it wrongly. Thus, this will lead you to panic. Well, if you are panic, just take a deep breath.

Usually, such problem we resolve it by breaking/disable the DirSync so that the user’s status change from “Sync from on prem” to “cloud”. So that if we could make the changes at the Office 365, without interrupting the on-prem. However, this kind of solution is troublesome because it takes hours for the DirSync to complete disable and waiting for the user’s status to change. When I mean by hours, depends of the amount of users you have at Office 365. The larger the amount the longer it takes for the time taken for the DirSync to complete disable and for the user’s status to change.

Here are the problems we faced:

  1. Forgot to set the email policy
  2. Forgot how to set email policy
  3. Set the wrong email policy
  4. Highly confident and doesn’t double check
  5. Doesn’t do enough research about preparation of migration

Lucky for me that I have found a way to solve this kind of clumsiness, please refer to the reference given below.

Note: This solution is only for clumsy situation. Don’t put it into your planing of migration, because this will make you feel like a total blockhead in front of your customers. Please do not take it in as a habit.

Reference:

  1. http://www.codenutz.com/office365-changing-the-main-login-name-for-upn-for-a-user-via-powershell/

Office 356: How to export list with licenses details and smtp details via PowerShell?

I know I am not the best coder but I always like to find the simplest coding way so it is easier for beginners to not feel frustrated.

I do find it confusing when you got an error in your exported csv file of the list.

System.Collections.Generic.List`1[System.String]

*Note: This is basically only for attributes which contain more characters/words or more than a word (means there are “:” or “;” as a divider), such as the value in accountskuid attribute is {contoso:enterprisepackage}.

For example;

  1. If you try to export a list of user from office 365, as a logical thinker you would probably type such code;

    Get-MsolUser -All | Select userprincipalname, proxyaddresses, licenses.accountskuid | Export-csv list.csv

However, this code will not get you what you want, instead it will give you the error.

The proper code should be:

Get-MsolUser -All | Select userprincipalname, {$_.proxyaddresses}, {$_.licenses.accountskuid} | export-csv list.csv

The “licenses.accountskuid” means a class named licenses in office 365 system, inside it has an attribute name, “accountskuid”. You have to do it this way to get/call/pull out the attribute you wish to be propagated in your csv file.

If you wish to test out my code whether it works, then it is best for you to replace “-All” with “-MaxResults”(Means display max result among the list of users).
Example;

#This will only display 1 user with license assigned

Get-MsolUser -MaxResults 1 | Select userprincipalname, {$_.proxyaddresses}, {$_.licenses.accountskuid} | where {$_.islicensed -eq $true} | export-csv list.csv

There are lots of ways to do so. You could use the fancy way that is using the “-expandproperty” or “-properties” and etc.
Coding is up to your comfortably and understandable.

References:

  1. https://mymicrosoftexchange.wordpress.com/2015/03/23/office-365-script-to-get-detailed-report-of-assigned-licenses/

Office 365: How to assign license to Specific Users with all service plans included

Tired of assigning license one by one to the user? With this script you can assign to all or only specific users. But first you need to know what are your License ID in the Azure AD.

*Make sure you have the Azure Power Shell installed to your computer

*Scripts below are modifiable 

Here are the steps below;
1. Open Azure Power Shell > Connect to your Office 365 Azure

Connect-MsolService

2. Getting the type of subscriptions

Get-MsolAccountSku

02.PNG

 

3. Now with the view of subscriptions you have on your office 365, you can now identify which subscription you want to enable for your users. To know which subscription is their actual display name, you could compare it on your Office 365 portal > Subscription details

4. For now we will take AccountSkuID: domain:ENTERPRISEPACK (E3 package) as our example;

*Note: This script will only Add License and it wont remove other existing license that had assigned to the user(with multiple license)

a. This is the method of using the csv file to assign license for the user OR convert users from license A to License B, where the csv file contain columns of UPN, UsageLocation and License that you want to enable for your users

#Get .csv file of users
$users = import-csv .\userList.csv -delimiter ","
#Loop
foreach ($user in $users)
{
$upn=$user.EmailAddress
$usagelocation=$user.UsageLocation
$SKU=$user.SKU
Set-MsolUser -UserPrincipalName $upn -UsageLocation $usagelocation
Set-MsolUserLicense -UserPrincipalName $upn -AddLicenses $SKU
}

This is how inside of the csv looks like;

UPN: User principal Name

Usage Location: Location of country

SKU: License type

01.PNG

b. Or if you want unlicensed users to be assign with license, you could run

Get-MsolUser | where {$_.isLicensed -eq $false} | Set-MsolUser -AddLicenses "domain:ENTERPRISEPACK"

5. To know whether the script works, you could try the below type of reassurance;

a. Get Command, to view whether the once unlicensed user now is already licensed is appearing in the unlicensed list

Get-MsolUser | where {$_.isLicensed -eq $false}

b. You could check in the Office 365 portal by creating a custom view > specific license type

c. You could check in the Office 365 portal by choosing > Unlicensed. To view whether the “Just only licensed user” is in the unlicensed list.