Managing Distribution Lists on-premises in hybrid Office 365

A simple way for your users to manage distribution list membership with hybrid Office 365 environments with Active Directory on-premises, Azure AD Connect synced to Azure AD and Exchange Online.

With Exchange on-premises, users may be used to managing Distribution Lists (DLs), using Outlook to open the DL and edit the group membership that they are the owners of. However, once you move to Exchange Online, these can no longer be managed using Outlook, since the DL is synced from your on-premises AD, and cannot be edited in Azure AD. So, the DL has to be managed in your on-premises AD. Your help desk can do this with Exchange Admin tools, however, it is not very convenient for users to have to call the help desk every time that they want to edit DL membership.

The issue is documented here: https://support.microsoft.com/en-gb/help/2417592/owners-of-an-on-premises-distribution-group-that-s-synced-to-office-36, however, Microsoft do not offer any solutions. This is a workaround we use to enable your users to manage DL membership with no special tools, in a manner which is easy to use.

Edit your DLs to make them manageable

First, you need to make sure that your DLs are editable by the owners. Check the box below, or do this using PowerShell e.g. https://blogs.technet.microsoft.com/blur-lines_-powershell_-author_shirleym/2013/10/07/manager-can-update-membership-list-part-1/

Create a shortcut to Search Active Directory

This works on any Windows machine, and you do not need any AD tools installed.

  • Right click on your desktop or in a folder
  • Choose Create new shortcut
  • Enter rundll32.exe dsquery,OpenQueryWindow as the location

Now just run your shortcut, and if you are the owner you can edit the DL membership. You could also deploy the shortcut via SCCM or GPO to make this easy for users. You can also find this via the

Note that you can also do this as follows, but this is less than ideal and will usually result in an error when selecting the Network in Windows Explorer:

· Open Windows Explorer.
· Click Network in the bottom left, and press OK to the error message that pops up
· Click Search Active Directory at the top

Recipient Type Values in Active Directory

Recipient Type Values

Technical Level : Intermediate

Summary

Both mailbox creation and deletion failure scenarios heavily involve verifying the current recipient type values across all directories – especially in a directory synchronised environment. For example; if a user is listed on-prem as a remote mailbox with a cloud archive, then you should expect EXO to have a primary and an archive mailbox for this user. If it doesn’t, then troubleshoot for a synchronisation failure somewhere between on-prem and EXO.

The three attributes you will be dealing with are the following, and there are many possible values for each:

  1. msExchRemoteRecipientType
  2. msExchRecipientDisplayType
  3. msExchRecipientTypeDetails

Details

  • msExchRemoteRecipientType

RemoteRecipientType (in PowerShell)

Note: You should only see the above value populated if the customer has a directory sync’d environment, and they either migrated a mailbox to the cloud or if they used new-remotemailbox to provision a cloud mailbox.

1 ProvisionMailbox
2 ProvisionArchive (On-Prem Mailbox)
3 ProvisionMailbox, ProvisionArchive
4 Migrated (UserMailbox)
6 ProvisionArchive, Migrated
8 DeprovisionMailbox
10 ProvisionArchive, DeprovisionMailbox
16 DeprovisionArchive (On-Prem Mailbox)
17 ProvisionMailbox, DeprovisionArchive
20 Migrated, DeprovisionArchive
24 DeprovisionMailbox, DeprovisionArchive
33 ProvisionMailbox, RoomMailbox
35 ProvisionMailbox, ProvisionArchive, RoomMailbox
36 Migrated, RoomMailbox
38 ProvisionArchive, Migrated, RoomMailbox
49 ProvisionMailbox, DeprovisionArchive, RoomMailbox
52 Migrated, DeprovisionArchive, RoomMailbox
65 ProvisionMailbox, EquipmentMailbox
67 ProvisionMailbox, ProvisionArchive, EquipmentMailbox
68 Migrated, EquipmentMailbox
70 ProvisionArchive, Migrated, EquipmentMailbox
81 ProvisionMailbox, DeprovisionArchive, EquipmentMailbox
84 Migrated, DeprovisionArchive, EquipmentMailbox
100 Migrated, SharedMailbox
102 ProvisionArchive, Migrated, SharedMailbox
116 Migrated, DeprovisionArchive, SharedMailbox
  • msExchRecipientDisplayType

RecipientType (In PowerShell)

-2147483642 MailUser (RemoteUserMailbox)
-2147481850 MailUser (RemoteRoomMailbox)
-2147481594 MailUser (RemoteEquipmentMailbox)
0 UserMailbox (shared)
1 MailUniversalDistributionGroup
6 MailContact
7 UserMailbox (room)
8 UserMailbox (equipment)
1073741824 UserMailbox
1073741833 MailUniversalSecurityGroup
  • msExchRecipientTypeDetails

RecipientTypeDetails (In PowerShell)

1 UserMailbox
2 LinkedMailbox
4 SharedMailbox
16 RoomMailbox
32 EquipmentMailbox
128 MailUser
2147483648 RemoteUserMailbox
8589934592 RemoteRoomMailbox
17179869184 RemoteEquipmentMailbox
34359738368 RemoteSharedMailbox

The following tables list what the attribute values should be across on-premises and Exchange Online for the various possible recipient types. These are taken from normal examples;

Mail Objects

Mail-Enabled User
New-MailUser 
Enable-Mailuser
Get-MailUser Get-MailUser
objectClass: top;person;organizationalPerson; user
msExchRecipientDisplayType: 6 RecipientType: MailUser RecipientTypeDetails: MailUser
msExchRecipientTypeDetails: 128 RecipientType: MailUser RecipientTypeDetails: MailUser
Mail-Enabled Contact
New-MailContact 
Enable-MailContact
Get-MailContact Get-MailContact
objectClass: top;person’organizationlaPerson;contact
msExchRecipientDisplayType: 6 RecipientType: MailContact RecipientTypeDetails: MailContact
RecipientType: MailContact RecipientTypeDetails: MailContact
Mail-Enabled Distribution Group
New-DistributionGroup 
Enable-DistributionGroup
Get-DistributionGroup Get-DistributionGroup
objectClass: top;group
sAMAccountType: 268435457
groupType: 8 GroupType: Universal GroupType: Universal
msExchRecipientDisplayType: 1 RecipientType: MailUniversalDistributionGroup RecipientType: MailUniversalDistributionGroup
RecipientTypeDetails: MailUniversalDistributionGroup RecipientTypeDetails: MailUniversalDistributionGroup
Mail-Enabled Security Group
New-DistributionGroup -Type Security 
Enable-DistributionGroup
Get-DistributionGroup Get-DistributionGroup
objectClass: top;group
sAMAccountType: 268435456
groupType: -2147483640 GroupType: Universal, SecurityEnabled GroupType: Universal, SecurityEnabled
msExchRecipientDisplayType: 1073741833 RecipientType: MailUniversalSecurityGroup RecipientType: MailUniversalSecurityGroup
RecipientTypeDetails: MailUniversalSecurityGroup RecipientTypeDetails: MailUniversalSecurityGroup

Mail Users

Mail-Enabled User
New-MailUser 
Enable-Mailuser
Get-MailUser Get-MailUser
objectClass: top;person;organizationalPerson;user
msExchRecipientDisplayType: 6 RecipientType: MailUser RecipientTypeDetails: MailUser
msExchRecipientTypeDetails: 128 RecipientType: MailUser RecipientTypeDetails: MailUser
If Licensed
Get-Mailbox
RecipientType: MailBox
RecipientTypeDetails: MailBox

On-Premises Mailbox Objects

Mailbox (User)
New-MailBox 
Enable-MailBox
Get-MailBox Get-MailUser
objectClass: top;person;organizationalPerson;user
RemoteRecipientType: None
msExchRecipientDisplayType: 1073741824 RecipientType: UserMailbox RecipientType: MailUser
msExchRecipientTypeDetails: 1 RecipientTypeDetails: UserMailbox RecipientTypeDetails: MailUser
Mailbox (Shared)
New-Mailbox -Shared 
Enable-Mailbox -Shared
Get-Mailbox | Where {$_.RecipientTypeDetails -eq "SharedMailbox"} Get-MailUser
objectClass: top;person;organizationalPerson;user
RemoteRecipientType: None
msExchRecipientDisplayType: 0 RecipientType: UserMailbox RecipientType: MailUser
msExchRecipientTypeDetails: 4 RecipientTypeDetails: SharedMailbox RecipientTypeDetails: MailUser
Mailbox (Room)
New-Mailbox -Room 
Enable-Mailbox -Room
Get-Mailbox | Where {$_.RecipientTypeDetails -eq "RoomMailbox"} Get-Recipient| Where {$_.ResourceType -eq "Room" -and $_.RecipientType -eq "Mailuser"}
objectClass: top;person;organizationalPerson;user
msExchResourceMetaData: ResourceType:Room ResourceType: Room ResourceType: Room
RemoteRecipientType: None
msExchRecipientDisplayType: 7 RecipientType: UserMailbox RecipientType: MailUser
msExchRecipientTypeDetails: 16 RecipientTypeDetails: RoomMailbox RecipientTypeDetails: MailUser
Mailbox (Equipment)
New-Mailbox -Equipment 
Enable-Mailbox -Equipment
Get-Mailbox | Where {$_.RecipientTypeDetails -eq "EquipmentMailbox"} Get-Recipient| Where {$_.ResourceType -eq "Equipment" -and $_.RecipientType -eq "MailUser"}
objectClass: top;person;organizationalPerson;user
msExchResourceMetaData: ResourceType:Equipment ResourceType: Equipment ResourceType: Equipment
RemoteRecipientType: None
msExchRecipientDisplayType: 8 RecipientType: UserMailbox RecipientType: MailUser
msExchRecipientTypeDetails: 32 RecipientTypeDetails: EquipmentMailbox RecipientTypeDetails: MailUser

Remote Mailbox

Remote Mailbox (User) – Provision
New-RemoteMailbox 
Enable-RemoteMailbox
Get-RemoteMailbox Get-Mailbox
objectClass: top;person;organizationalPerson;user
msExchRemoteRecipientType: 1 RemoteRecipientType: ProvisionMailbox
msExchRecipientDisplayType: -2147483642 RecipientType: MailUser RecipientType: UserMailbox
msExchRecipientTypeDetails: 2147483648 RecipientTypeDetails: RemoteUserMailbox RecipientTypeDetails: UserMailbox
Remote Mailbox (Shared) – Provision Not Available
RemoteMailbox (Room) – Provision
New-RemoteMailbox -Room 
Enable-RemoteMailbox -Room
Get-RemoteMailbox | Where {$_.RecipientTypeDetails -eq "RemoteRoomMailbox"} Get-Mailbox | Where {$_.ResourceType -eq "Room"}
objectClass: top;person;organizationalPerson;user
msExchRemoteRecipientType: 33 RemoteRecipientType: ProvisionMailbox, RoomMailbox
ResourceType: Room
msExchRecipientDisplayType: -2147481850 RecipientType: MailUser RecipientType: UserMailbox
msExchRecipientTypeDetails: 8589934592 RecipientTypeDetails: RemoteRoomMailbox RecipientTypeDetails: RoomMailbox
Remote Mailbox (Equipment) – Provision
New-RemoteMailbox -Equipment 
Enable-RemoteMailbox -Equipment
Get-RemoteMailbox | Where {$_.RecipientTypeDetails -eq "RemoteEquipmentMailbox"} Get-Mailbox | Where {$_.ResourceType -eq "Equipment"}
objectClass: top;person;organizationalPerson;user
ResourceType: Equipment
msExchRemoteRecipientType: 65 RemoteRecipientType: ProvisionMailbox, EquipmentMailbox
msExchRecipientDisplayType: -2147481594 RecipientType: MailUser RecipientTypeDetails: RemoteEquipmentMailbox
msExchRecipientTypeDetails: 17179869184 RecipientType: UserMailbox RecipientTypeDetails: EquipmentMailbox

Migrated Mailboxes

Remote Mailbox (User) – Migrated Get-RemoteMailbox Get-Mailbox | Where {$_.RecipientTypeDetails -eq "UserMailbox" -and $_.RemoteRecipientType -eq "Migrated"}
objectClass: top;person;organizationalPerson;user
msExchRemoteRecipientType: 4 RemoteRecipientType: Migrated RemoteRecipientType: Migrated
msExchRecipientDisplayType: -2147483642 RecipientType: MailUser RecipientType: UserMailbox
msExchRecipientTypeDetails: 2147483648 RecipientTypeDetails: RemoteUserMailbox RecipientTypeDetails: UserMailbox
Remote Mailbox (Shared)- Migrated Get-RemoteMailbox | Where {$_.RecipientTypeDetails -eq "RemoteSharedMailbox"} Get-Mailbox | Where {$_.RecipientTypeDetails -eq "SharedMailbox" -and $_.RemoteRecipientType -match "Migrated"}
objectClass: top;person;organizationalPerson;user
msExchRemoteRecipientType: 100 RemoteRecipientType: Migrated, SharedMailbox RemoteRecipientType: Migrated, SharedMailbox
msExchRecipientDisplayType: -2147483642 RecipientType: MailUser RecipientType: UserMailbox
msExchRecipientTypeDetails: 34359738368 RecipientTypeDetails: RemoteSharedMailbox RecipientTypeDetails : SharedMailbox
Remote Mailbox (Room) – Migrated Get-RemoteMailbox | Where {$_.RecipientTypeDetails -eq "RemoteRoomMailbox"} Get-Mailbox | Where {$_.RecipientTypeDetails -eq "RoomMailbox" -and $_.RemoteRecipientType -match "Migrated"}
objectClass: top;person;organizationalPerson;user
ResourceType: Room
msExchRemoteRecipientType: 36 RemoteRecipientType: Migrated, RoomMailbox RemoteRecipientType: Migrated, RoomMailbox
msExchRecipientDisplayType: -2147481850 RecipientType: MailUser RecipientType: UserMailbox
msExchRecipientTypeDetails: 8589934592 RecipientTypeDetails: RemoteRoomMailbox RecipientTypeDetails: RoomMailbox
Remote Mailbox (Equipment) – Migrated Get-RemoteMailbox | Where {$_.RecipientTypeDetails -eq "RemoteEquipmentMailbox"} Get-Mailbox | Where {$_.RecipientTypeDetails -eq "EquipmentMailbox" -and $_.RemoteRecipientType -match "Migrated"}
objectClass: top;person;organizationalPerson;user
ResourceType: Equipment
msExchRemoteRecipientType: 68 RemoteRecipientType: Migrated, EquipmentMailbox RemoteRecipientType: Migrated, EquipmentMailbox
msExchRecipientDisplayType: -2147481594 RecipientType: MailUser RecipientType: UserMailbox
msExchRecipientTypeDetails: 17179869184 RecipientTypeDetails: RemoteEquipmentMailbox RecipientTypeDetails: EquipmentMailbox

I take no credit for this, I am just saving this for posterity since it is incredibly useful, original source here: https://answers.microsoft.com/en-us/msoffice/forum/msoffice_o365admin-mso_exchon-mso_o365b/recipient-type-values/7c2620e5-9870-48ba-b5c2-7772c739c651

Outlook Autocomplete when migrating to Office 365

During a recent Office365 migration, one of the questions that arose was what would happen to Outlook Autocomplete entries (also known as the Nickname cache) when migrating users from on-premise Exchange, to Office365. Many users rely on this list, and a common complaint when this goes missing is ‘my contacts have disappeared’. In fact users just often don’t use contacts because it requires manual steps to save someone’s details, they just rely on the fact that once they have emailed a user, Outlook remembers the name and they just have to start typing it and Outlook completes the address for them.

The answer, as with many things in IT, is ‘it depends’. Largely it depends on the Outlook client version.

Microsoft Office Outlook 2007 and earlier versions store the AutoComplete list in a nickname (.nk2) file on the disk. This is local to the PC, so if users login to a new PC, the cache won’t be there. Luckily you just need to find the nk2 file, copy it to the new PC, and then import it into Outlook. See https://support.office.com/en-gb/article/Import-or-copy-the-Auto-Complete-List-to-another-computer-83558574-20dc-4c94-a531-25a42ec8e8f0?pid=CH100776981033&CorrelationId=f2cb4593-2782-4f5c-9928-dc0c7d5a76e3&ui=en-US&rs=en-GB&ad=GB&ocmsassetID=HA010097887 for details on how to do this.

Outlook 2010 and later store the autocomplete list in a hidden folder in the user’s mailbox. The great thing about this is that when setting up a new PC if the user opens the same mailbox then the list will be there already as soon as the mailbox is opened. So when migrated to Office365, this hidden folder is migrated along with the user’s email. When they  login to their mailbox through Outlook, it should be available.

 

Also note that Outlook Web App uses its own auto complete list, this is not the same as the one used by Outlook.

 

One final thing to note, is that if users autocomplete list is lost or accidentally deleted, one way of repopulating it is to draft an email with all of the users contacts in, and save it (but do NOT send!). This adds all of the addresses to the cache.

 

See ‘Information about the Outlook AutoComplete list’

https://support.microsoft.com/en-us/help/2199226 for more details.

Office 365 – fix shared mailboxes that are not synchronising from Exchange Online

How to fix issues synchronising and displaying emails in secondary or shared mailboxes in Exchange Online.

When migrating from Exchange on-premise to Office 365, users can experience issues displaying emails in secondary or shared mailboxes. When their mailboxes were hosted on-premise, users didn’t have this problem, since the Exchange servers were nearer to the users and Outlook could operate in online mode without experiencing the cached mode limitations.

The issue arises when users have access to multiple mailboxes, or mailboxes with many folders, which have been auto-mapped through mailbox permissions. This issue is described in the following Microsoft article, and is due to the 500 folder limit in Outlook .ost files: https://support.microsoft.com/en-gb/help/3115602/performance-and-synchronization-problems-when-you-work-with-folders-in

Microsoft recommends 3 potential fixes for this issue:

  1. Delete folders to reduce the folder count. This is often not possible since data needs to be retained, or needs to be separated into folders. Or there may just be so many additional mailboxes that it is not practical to have less than 500 folders across all of them.
  2. Turn off cached mode for shared folders as below. However. since you Exchange servers are now in the cloud, whilst changing this setting will show all of the emails, not only will you be unable to access the emails when offline, but performance will be heavily dependent on network conditions. Frequently this will cause performance problems with Outlook; whilst these shared mailboxes were hosted on an on-premise Exchange server, moving them to the internet can make it too slow to access them in Online mode.  

The solution is, therefore, the third recommendation by Microsoft. We recommend that clients skip the first 2 workarounds, and implement this from the start for any power email users who access a number of shared mailboxes. Unfortunately, this will require manual configuration by the end user, so a combination of automapping and manual configuration may be a good compromise.

  1. Disable automapping for each secondary mailbox as per 2646504 – ‘How to remove automapping for a shared mailbox in Office 365’.
  2. Add the account as a secondary account into Outlook via the Add New Account dialog box in Outlook. Simply add the email address of the account, as long as you have full access then it will allow you to add the profile.

Note that when diagnosing this issue it is very useful to use the Get-MailboxFolderStatistics cmdlet, which you can use to calculate if the user is near or over the 500 folder limit across all of their mailboxes.

Office 365 Online resources

This is a collection of useful resources for Office 365 deployments:

Porting phone numbers to Skype for Business

We had an interesting Skype migration, where we needed to migrate 10,000 numbers from BT to Microsoft Phone System for Skype for Business.

With BT you have to port the entire block in one go, so we had no way of porting numbers in batches as users migrated over to Skype for Business. So, we needed a way for users to continue to be able to receive calls as they migrated onto S4B, but whilst the numbers were still with BT. Since calls were still coming into an old PBX, the initial thought was to program the PBX to forward numbers as and when users were migrated. However, since we were migrating about 100 users a day, this would basically be a full time job to program all the forwarders on the PBX, and would also be very prone to error, since the old PBX had to be programmed via a terminal application with no scripting support.

However, we realised that users were already used to forwarding their own numbers to their mobile phones, so they can forward their own calls in this way using their desk phone (a feature of the old PBX). What we therefore did was allocate 10,000 temporary local numbers in Skype for Business, and then ask each user to forward on their old desk phone to their temporary number as they get migrated. Once this is done, users receive all their calls on their old number using S4B (either client or Polycom desk phone), and can make outbound calls (which doesn’t show their number anyway). This made the whole migration process a lot easier, and placed the onus on the user to set up a simple call forward, less prone to error and easy for them to correct if they make a mistake.

The final job will be one off number port, at which point we will map all the ported numbers to the users using a PowerShell script, and job done!

 

Configuring PowerShell to work behind a proxy server

 

PowerShell won’t update help, or let you connect to online repositories, without configuring it to work with your corporate web proxy servers. Unfortunately it does not use the system settings, so you have to do this manually.

If you try and use an online command such as update-help, you will get an error like this:

PS C:\WINDOWS\system32> update-help
update-help : Failed to update Help for the module(s) 'ActiveDirectory, AppBackgroundTask, AppLocker, AppvClient,
Appx, AssignedAccess, BestPractices, BitLocker, BitsTransfer, BranchCache, CimCmdlets, ClusterAwareUpdating, ….Unable to
connect to Help content. The server on which Help content is stored might not be available. Verify that the server is
available, or wait until the server is back online, and then try the command again.

At line:1 char:1
+ update-help
+ ~~~~~~~~~~~
+ CategoryInfo          : InvalidOperation: (:) [Update-Help], Exception
+ FullyQualifiedErrorId : UnableToConnect,Microsoft.PowerShell.Commands.UpdateHelpCommand

To fix this, you need to configure your proxy settings in your PowerShell profile as follows (note that this requires local administrator rights):

  • Open an administrator-level PowerShell command prompt
  • Run the following command to register the PSGallery Repository
Register-PSRepository -Default -Verbose

  • Then you will be able to edit your profile:
notepad $PROFILE

Note: it will prompt you to create this if it does not exist. Then add the following lines, modifying as you see fit for your environment:

[system.net.webrequest]::defaultwebproxy = new-object system.net.webproxy('http://proxyname:port')

[system.net.webrequest]::defaultwebproxy.credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials

[system.net.webrequest]::defaultwebproxy.BypassProxyOnLocal = $true

 

Restart PowerShell. Note that you will need to have scripts enabled in order to load the profile.

Now, you can run update-help again and it should have no issues.

You can also now connect to Office365 using PowerShell, see https://www.msdonkey.com/office365/connecting-to-office-365-using-powershell/

Special characters in UPN and email addresses in Office 365 migrations

This is a workaround in order to migrate mailboxes to Office 365 which have special characters.

You may run into an issue migrating from on premise Exchange to Office 365, where some accounts fail due to illegal characters in email addresses or UPNs. Having spoken to Microsoft about this, the official line is that no special characters are supported, therefore you should remove them if at all possible. However, we found during a large migration that in some cases they can be retained.

Note that the Microsoft article linked below does not mention UPNs, however we found that special characters in UPNs will cause users and shared mailbox migrations to fail.

The result of our testing was as follows:

  • Distribution Lists don’t require any changes and will still work
  • User accounts and shared mailboxes need any illegal characters removing from UPN, mail and primary SMTP address in proxyaddresses attribute, but these can be added back in as SMTP aliases, and should then be retained once the account is migrated.

Note: I would suggest that special characters are simply removed, rather than replaced with anything else. There are different types of characters, so removing them works for anything. It is not required to change the Display Name in the GAL, only the email address and whilst that is what people will see if they reply to an email, and they will still receive emails on the old address. This will be very difficult to manage if we have different rules for different areas of the business, different characters etc.

You can follow the process below to make changes to affected accounts in your on premise Active Directory before they can be migrated. To be clear, the process is as follows (for users and shared mailboxes):

  1. Remove any special characters from UPN, mail, and primary SMTP address
  2. Add back the primary SMTP address as an alias (if still required)
  3. All other aliases and attributes can remain as-is, including display name.

Example:

Display name: R&D Team Mailbox – leave as-is

UPN: Change R&DTeamMailbox to RDTeamMailbox

Change Primary SMTP: From R&DTeamMailbox.com to RDTeamMailbox@domain.com (remove &)

Add back the primary address as an alias: R&DTeamMailbox.com

Note that the full list of special characters is as below, from https://support.microsoft.com/en-us/help/2001616/a-user-s-office-365-email-address-unexpectedly-contains-an-underscore

 

space character
` apostrophe
( opening parenthesis
) closing parenthesis
single quotation mark
& ampersand
\ pipe
= equal sign
? question mark
/ forward slash
% percent

Connecting to Office 365 using PowerShell

A brief set of instructions to connect to Office 365 online services using PowerShell, including Azure AD, Exchange Online, and Skype for Business Online.

Note: If you are behind a proxy server, you will need to follow this in order for this to work: https://www.msdonkey.com/powershell/configuring-powershell-to-work-behind-a-proxy-server/

1. Install the 64-bit version of the Microsoft Online Services Sign-in Assistant: Microsoft Online Services Sign-in Assistant for IT Professionals RTW.
2. Install the Microsoft Azure Active Directory Module for Windows PowerShell with these steps:
○ Open an administrator-level PowerShell command prompt
○ Run the command:

Install-Module MSOnline

Get your credentials and connect:

$creds = Get-Credential
Connect-MsolService -Credential $creds
Get-MsolUser (to test)

Note: If your account is 2FA enabled, just use the command: Connect-MsolService and then enter your credentials and 2FA authentication.

I would also highly recommend changing the window title, especially if you connect to multiple tenants. This reduces the chances of making a change on the wrong tenant!

$host.ui.RawUI.WindowTitle = "CustomerX: Production"

If you also want to manage Skype Online:

Download and install the Skype for Business Online Connector module.

To connect to Skype Online:

Import-Module SkypeOnlineConnector
$SkypeSession = New-CsOnlineSession -Credential $creds
Import-PSSession $SkypeSession
Get-CsExternalUserCommunicationPolicy (to test)

To connect to Exchange Online:

$ExchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $creds -Authentication Basic -AllowRedirection
Import-PSSession $ExchangeSession
get-mailbox (to test)
Get-Organizationconfig (useful)

Note: If you have MFA enabled you need to install the old Exchange PowerShell module, see here: https://docs.microsoft.com/en-us/powershell/exchange/exchange-online/connect-to-exchange-online-powershell/mfa-connect-to-exchange-online-powershell?view=exchange-ps

See https://docs.microsoft.com/en-us/office365/enterprise/powershell/connect-to-office-365-powershell and https://docs.microsoft.com/en-us/office365/enterprise/powershell/manage-skype-for-business-online-with-office-365-powershell for more information.

Also https://docs.microsoft.com/en-us/office365/enterprise/powershell/connect-to-all-office-365-services-in-a-single-windows-powershell-window

Lenovo Miix 720 business hybrid review

The Lenovo Miix 720 is Lenovo’s latest attempt at creating a business class hybrid device in the mould of the Microsoft Surface Pro 4. Lenovo gets a lot of things right with this version, however there are some nagging issues which you may need to consider before rolling these out in your business, or even buying one for home.

This review is written primarily from the perspective of a business implementation, since that is the target audience for these machines, however many points would equally apply to the home user.

Specs

The units we tested came with a Core i5-7200U CPU, 8GB of RAM, and a 256GB NVMe SSD. Al units come with a 12.0″QHD+ 2880×1920 screen with Gorilla Glass, which is perfectly adequate. The CPU is a dual core Kaby Lake chip, and combined with the RAM and speedy SSD, performance was generally excellent. We suspect this configuration may the sweet spot for many organisations, offering a good balance of cost and performance.

The spec tops out at an i7-7500U with 16GB of RAM, however from the service manual it appears that the RAM is not upgradable, i.e. it is soldered to the motherboard.

For those into numbers, the SSD is a Samsung MZVLV256, unfortunately CyrstalDiskMark did not detect the disk so we were unable to test the performance.

Screen

The unit itself is very similar to the Surface Pro 4 in terms of size and weight. However the screen is slightly smaller (12″ vs 12.3″ on the SP4) due to a wider bezel, which is a little disappointing. The screen is also a fingerprint magnet, and even after using a screen wipe it still had smudges all over it, so much so that someone walking past commented on it even after I had just cleaned it. This is only really apparent when the screen is off however, using in docked mode. It should be noted that any laptop with a very high DPI display will have issues if you want to use the built in display with an external monitor that is not also very high res, you will encounter issues with display scaling. The problem is that different displays will require different scaling settings to appear a comfortable size, however Windows (or to be precise, some applications) do not handle this well. This can result in strange effects, such as:
– Connecting the device to e.g. an HD screen after booting it up when not docked, will result in blurry text in many applications, including Office.
– If you booted up when docked, and then undock the device, some applications will appear tiny. For example the IE11 will be so small as to be unusable. Chrome or Edge are fine.
The solution is to log off and on again whenever docking or undocking, and also using only the external display when docked, otherwise you will have mixed scaling settings and one of the screens will look blurry in some applications.

Kickstand

The kickstand uses Lenovo’s intricate watch band hinge similar to the Yoga 900 and 910, however it only has a hinge present on each side unlike those other models. It works well enough, however it is quite easy to push the device down and the hinge slides backwards. In fact on a smooth table it can slide down to near horizontal when slightly dropped on the table, or when prodded. So it doesn’t provide as much resistance as you might like, certainly less than the SP4 which is more solid.

Reparability

The great thing about Lenovo machines it that the Hardware Maintenance Manuals (HMM) are freely available. The HMM for the Miix 720 (https://download.lenovo.com/consumer/mobiles_pub/miix720-12ikb_hmm_201611.pdf) lists all of the parts which are replaceable, and how to disassemble the device. That Lenovo can achieve this level of reparability in the device the same form factor as the Surface Pro 4 is quite an achievement, and refreshing change from machines that are getting to be neigh on impossible to attempt to upgrade or repair yourself (or indeed, at all – I am looking at you Surface Laptop!).

Ports

The Lenovo has a good selection of ports, with 2 x USB A and 1 USB Type-C. The included power supply provides power over USB-C, which makes for a neat docking solution if using something like the Lenovo USB-C dock, since only a single able is needed for power, video, data and network. However because there is only one USB-C port, this does present a small problem at home or on the move, since if you want to use a USB-C dongle (e.g. to connect HDMI when working from home) then you cannot charge the device at the same time. The Lenovo USB-C travel hub

Keyboard

The keyboard is as good as can be expected from a unit like this. The typing experience is fine, however the right shift key is tiny, a single key wide as opposed to about 2.5 keys wide on most keyboards. This makes touch typing very annoying if you are used to using the right shift key with your little finger, you will hit the wrong key every time and end up doing cursor up instead of shift. This is incredibly irritating and I don’t know why Lenovo decided to change the standard keyboard layout. There are many users commenting on this design in the forum https://forums.lenovo.com/t5/Lenovo-Yoga-Series-Notebooks/Lenovo-Yoga-710-how-to-remap-reassign-Right-Shift-and-PgUp-keys/td-p/3353608 however it is possible to use Keytweak to change the up arrow to function as shift instead.

The keyboard is also backlit with two levels of brightness, and enabled via the usual FN + Space combination, this is nice in a low light environment.

The other benefit of a device like this, is that if a user spills a drink on the keyboard, instead of writing off the whole machine, you simply swap out the keyboard. So this should balance the potential number of increased breakages due to fragility in other areas compared to a normal clamshell laptop.

Stylus

3 Styli (from bottom to top): Surface Pro 4, Lenovo Active Pen, Lenovo Active Pen 2

The Lenovo 720 comes with the newer Lenovo Active Pen 2, at least in most countries. Some people are reporting on the forum that they have received them with the Active Pen 1, which has no button on the top or Bluetooth functionality, so you should check with your Lenovo rep depending on which country you are in.

Otherwise the Active Pen 2 feels like a nice upgrade from the previous model. In addition to the single AAAA battery that the previous model took, this stylus unscrews in the middle and 2 more tiny watch batteries (319 SR527SW) go in the other end. Somewhat fiddly to replace but they should last a good amount of time. These power the Bluetooth functionality and the button on the top, in fact the button still works even if the pen is in half.

Button batteries for Bluetooth and the top button.

The new stylus is longer than the previous generation, and the additional button at the top is very useful as a PowerPoint remote, functionality it supports out of the box, and it can also be configured to open any app you like. OneNote is the obvious candidate as that is often used for taking hand written notes. The 2 buttons on the bottom are also larger and easier to use, by default the top one is for right click, the bottom one for erase, although this is also configurable. There is a Wacom Pen application for some of the more advanced settings which are not present in the default Windows 10 control panel settings. It is also worth noting that both of these work find in the LTSB version of Windows 10 Enterprise.

The new stylus also supports Wacom’s new Active ES standard, with Windows Ink support and supports up to 4,096 pressure levels compared to 1024 on the Surface Pro 4, so this should be a good tablet for drawing. It does not however support tilt

It is completely spherical as you can see from the photos. This means it rolls exceptionally well, which means it is more likely to get lost by rolling off a table or desk. This issue is largely caused by the fact that Lenovo dropped the pen clip from the pen, in fact if you look at the product pages e.g. at http://www3.lenovo.com/gb/en/laptops/ideapad/miix-series/Lenovo-MIIX-720-12IKB/p/88IPMX70799 you can clearly see the clip on the pen, as per the image below. Some users even reported buying a pen with the clip, however our Lenovo rep said that it was dropped due to quality control issues. There is no pen loop, just an awful plastic dongle which goes into a USB port (and feels like it will break it). This sticks out so much you would not want to put it into a bag with it attached. So with no clip, and no decent pen storage, these things are going to get lost like nobody’s business.

Where’s the pen clip?

Performance

Performance is generally very good. Running the Excel benchmark from http://exceltrader.net/984/benchmark_et-xls-an-excel-benchmark-for-traders/, the 720 performed better than the previous generation Surface Pro 4 and Miix 510, which you would expect from the new Intel chips. Whilst the fan spins up under load, performance was generally good across the board. Below are the test results from a few devices which we had to hand.

Model Fujitsu P702 (i3 2nd gen) Lenovo X240 (i5 4th gen) Microsoft Surface Pro 4 (i5 6th gen) Lenovo Miix 510 (i5 6th gen) Lenovo Miix 720 (i5 7th gen)
CPU i3-2370M i5-4300U i5-6300U i5-6200U i5-7200U
RAM 4GB 8GB 8GB 8GB 8GB
Average 17.25 49.76 71.15 72.99 77.27

Pros

– USB-C port, plus 2 normal USB 3.0 Type-A
– Light, yet sturdy
– Improved pen

Cons

– Noisy fan, hot
– That pen will get lost. A lot.
– Keyboard has a tiny shift key making typing annoying

Overall

What Lenovo have managed to create is a hybrid laptop/tablet, almost identical to the Surface Pro 4, however with more up to date connectivity with USB-C, mil-spec tested, and serviceable parts. That is certainly an engineering achievement. However there are comprises with a smaller screen, poor cooling, noisy fan, and a stylus with a mysterious missing clip. Performance is good however, and all in this would make a decent choice for enabling more flexible working within a business, and it is recommended as long as you don’t mind having a large stock of spare pens. Hopefully in the next iteration Lenovo can iron out some of the issues with this generation, they are certainly close to a perfect business hybrid but not quite there yet. I hope that the next version will have a slightly larger screen with less bezel, a better pen with storage, will be silent, and have sorted out the shift key size. Then I’m sold.