Salesforce – Rebranding Tenants
Ongoing documentation for this process and gotchas.
API Scripts (Python):
Ongoing documentation for this process and gotchas.
API Scripts (Python):
Check here for the official Okta article.
More updates are on the way!
Scripts (PS):
Update Email – Single User (Testing)
Update Email/Login – All Users (Execution)
Issue: Rebranding in an existing Office365 tenant is a process that requires a lot of testing and mapping out dependencies. We’ve done this several times and are building a repository of scripts and helpful tips to guide you through the user experience and admin impacts on the back end.
Overview:
Scripts (PS):
O365 – Change Single User (Testing)
O365 – Change All Users (Execution)
Issue: On January 17th, users on Dell XPS 9300/9310/9320/9370 using both Windows 10/11 laptops started complaining of multiple errors from Office365 applications. This would happen if they clicked a link to a SharePoint file or location but not manually pasting the same URL to that location in a browser.
One error was, “The server you are trying to access is using an authentication protocol not supported by this version of Office,” and the other was, “We’re having trouble connecting to the server. Please try again later.” finally, “An internet connection is required to open this file. Try again after connecting.”
Solution: No amount of reinstalling Office, updating drivers, disabling DNSFilter, or other actions fixed this issue for my users. What did work? Disabling IPv6 on the Wireless interface immediately fixed the problem. So, I pushed this PowerShell script below using an RMM tool:
Disable-NetAdapterBinding -Name ‘Wireless’ -ComponentID ‘ms_tcpip6’
Disable-NetAdapterBinding -Name ‘Wi-Fi’ -ComponentID ‘ms_tcpip6’
Anyone find the root-cause, or see this issue on non-Dell XPS devices?
Ad: FixFinder – Self-Help Automation platform that lowers your Tier-1 volume with a user empowering Desktop interface. FixFinder hooks into your existing MSP and IT tools to provide Unified Knowledge, Custom Wizards, Status Pages, Full Ticketing, and an Application library. Check it out!
Issue: Devices not joined to Active Directory may not have Group Policies or other settings applied to enforce password complexity. For example, they may be managed by Okta, Datto RMM, and other tools. In this case, auditing for weak or blank passwords on local accounts can be challenging.
Solution: WeakPassword.ps1 (below) + your custom passwordlist.txt in the same directory will produce output with the lousy password if there’s a match on the local host. It’s also configured to test for blank passwords, which would immediately drop the user at the desktop:
(Datto RMM with custom Post-Conditions)
Note: A custom rule I had in my NGAV Firewall blocking inbound TCP/445 broke the script by displaying this error: Exception calling “Validate Credentials” with “2” arguement(s): The network path was not found. (Script location). I temporarily turned that off for long enough to let the script execute and promptly enabled the policy.
I haven’t included a password list right now. I’d recommend starting with the classic ‘password’ ‘letmein’ ‘123456…’ and others versus loading an entire dictionary, though a large list doesn’t appear to slow the process down by much, so it’s extensible.
Ad: FixFinder – Self-Help Automation platform that lowers your Tier-1 volume with a user empowering Desktop interface. FixFinder hooks into your existing MSP and IT tools to provide Unified Knowledge, Custom Wizards, Status Pages, Full Ticketing, and an Application library. Check it out!
Issue: As part of a Box migration, tools like ShareGate, and Kernel Migrator can miscopy files at 0KB or have other problems. Admins may also need a lean way to migrate lists of Box files into SharePoint without using third-party tools.
Solution: Custom script to migrate from Box API to SharePoint. It uses a source/destination list of files from Box to the SharePoint site collection. Note that files with ‘[ ]’ have issues with this method due to API/script limitations.
Download the Script – BoxAPI_to_SharePoint
Create folder structure:
a. Logs – to keep the logs created by the PowerShell script.
b. Scan – to keep all CSV files from where the PowerShell script will read the file path.
c. Temp – A folder to temporarily keep the downloaded files from Box API. Those files will be uploaded to SharePoint.
Access Token:
Copy the Access Token and use in PowerShell script. This token is valid for next 60 minutes. You should follow the steps again to generate a new token.
CSV Format:
SiteCollectinURL FilePath
Ad: FixFinder – Self-Help Automation platform that lowers your Tier-1 volume with a user empowering Desktop interface. FixFinder hooks into your existing MSP and IT tools to provide Unified Knowledge, Custom Wizards, Status Pages, Full Ticketing, and an Application library. Check it out!
Issue: Opening a 0KB file in Excel produces the error “The workbook cannot be opened” via Web. On Desktop, it says, “Excel cannot open the file X because the file format or file extension is not valid,” Other files like Docx and PPTx appear blank when opened for the first time and don’t throw errors but will save the file and update the size.
The file Size in SharePoint is blank for these files:
Solution: In our scenario, the problem was caused by copying with ShareGate. Every piece of file migration software has some issues, some worse than others, but you should never fully trust this kind of software without testing the results. Unfortunately, this copy job in ‘Insane’ mode seems to have created 0KB empty files, and since the file now exists, and the timestamps align, other copy jobs aren’t looking at the hash or size of the files and skipping them. This is a nightmare, given there are many files and sub-folders to go through, so I’ve devised an amateur scripting solution to recursively identify these 0KB files within all Document Libraries in a Site Collection.
Download: Scan0KBFiles (PowerShell)
You’ll end up with a randomly named CSV file with all of the 0KB files listed when the scan completes. Ignore what’s on the console unless you want to keep an eye on things, but capturing that data won’t be necessary as it scrolls in PowerShell.
If you get errors, make sure you have done Install-Module MSOnline, AzureAD, and Microsoft.Online.SharePoint.PowerShell, SharePointPnPPowerShellOnline, and all modules are on the latest versions if they already exist on the box.
How to Install the PnP PowerShell Module
If you’re seeing Throttling, I do have a version of this script that works as an AzureAD registered app, versus using credential authentication.
I tried testing other migration tools, all the ones you’d find on Google, and it’s pretty bad out there right now. If they can even hook into your tenant, the UIs are wonky, and you get none of the visibility or configurability in other tools. But, now, amongst many other bugs, you can see that in the case of ShareGate, that 5k gets you problems like this one, which admittedly, are a nightmare considering there are over 1/4 million files to search through looking for these 0KB stubs that have replaced valid data due to the bug.
Ad: FixFinder – Self-Help Automation platform that lowers your Tier-1 volume with a user empowering Desktop interface. FixFinder hooks into your existing MSP and IT tools to provide Unified Knowledge, Custom Wizards, Status Pages, Full Ticketing, and an Application library. Check it out!
Issue: By default, SharePoint Online document libraries don’t float up the ‘Last Modified’ time when you make changes within a folder hierarchy. This will bring hate mail from your users, especially if they’ve moved from Box.com, where it works this way for any changes deep in the structure. Many old online articles try to cover this, but the solution has been evasive until I spent the better half of a day trying to figure it out in PowerApp while on my honeymoon in Hawaii. *flips Cray hat backward*
Solution: Screenshots of the PowerApp are below. I’ll work to write out the steps soon and go into depth. The one major limitation of this solution is that if you put an empty folder within a folder structure, it doesn’t trigger the update but instead shows a failed run, which isn’t actually a problem. Only files within folders will successfully start and run the job. That applies to folder -> folder -> folder -> folder -> folder -> file or as deep as you need to go, and it works very quickly, usually within a minute.
2. ‘CFileName‘
{
"inputs": "@{triggerOutputs()?['body/{FilenameWithExtension}']}[email protected]{equals(triggerOutputs()?['body/IsFolder'],false)}",
"metadata": {
"operationMetadataId": "c697bc2a-8bcd-44ad-80bf-87f29e9b4455"
}
3. ‘CFolderPath‘
{
"inputs": "@triggerOutputs()?['body/{Path}']",
"metadata": {
"operationMetadataId": "ebace1b1-1fa1-4f76-8e97-4344ffe8c11b"
}
}
{
"inputs": {
"variables": [
{
"name": "VArrFolderPath",
"type": "array",
"value": "@split(outputs('CFolderPath'),'/')"
}
]
},
"metadata": {
"operationMetadataId": "c4aa6183-5a4c-4451-b045-97a8c020a83f"
}
}
{
"inputs": {
"variables": [
{
"name": "VPath",
"type": "string"
}
]
},
"metadata": {
"operationMetadataId": "9f50d26d-5624-4ef0-b02a-b98a41957d54"
}
}
{
"inputs": [
{
"Key": "@{triggerOutputs()?['body/Editor/Claims']}"
}
],
"metadata": {
"operationMetadataId": "e80df3fb-feec-4ea5-a683-ad7a5d9b5c65"
}
}
{
"inputs": "@formatDateTime(triggerOutputs()?['body/Modified'],'g')",
"metadata": {
"operationMetadataId": "beb03772-baf0-4615-bc04-7fd5650f46f9"
}
}
{
"inputs": [
{
"FieldName": "Editor",
"FieldValue": "@{string(outputs('CUser'))}"
}
],
"metadata": {
"operationMetadataId": "178a3d12-1338-456d-ab40-c9d1f4214bea"
}
}
'
{
"inputs": {
"from": "@variables('VArrFolderPath')",
"where": "@equals(empty(item()), false)"
},
"metadata": {
"operationMetadataId": "4a001a83-8073-4ff1-9e81-5e3a7073b027"
}
}
{
"inputs": {
"host": {
"connectionName": "shared_sharepointonline_1",
"operationId": "HttpRequest",
"apiId": "/providers/Microsoft.PowerApps/apis/shared_sharepointonline"
},
"parameters": {
"dataset": "https://yoursite.sharepoint.com/sites/SITE",
"parameters/method": "POST",
"parameters/uri": "_api/web/lists/getbytitle('Documents')/items(@{outputs('IGFPath')?['body/ItemId']})/validateUpdateListItem",
"parameters/body": "{\n\"formValues\": @{outputs('CProperties')},\n\"bNewDocumentUpdate\": false\n}"
},
"authentication": "@parameters('$authentication')"
},
"metadata": {
"operationMetadataId": "5c59f1f4-cd00-4bd9-aa59-bde4deaa317d"
}
}
getbytitle('Documents') refers to the name of the Document Library. '/Shared Documents/ (Default) = Documents', or your 'Custom Name' for it.
***
Issue: O365 may produce an error ‘Create Contact failed. Please enter a unique email address for the Contact.’ when you create a contact that does not exist in the ‘Contacts’ window.
Solution: You have this user listed as a ‘Guest’ in AzureAD. You CAN have a Guest and Contact match, but you have to create the Contact FIRST and then invite them to AzureAD afterward, in that exact order. Delete the Azure invite and rerun it by doing the Contact in O365 user management first.
Ad: FixFinder – Self-Help Automation platform that lowers your Tier-1 volume with a user empowering Desktop interface. FixFinder hooks into your existing MSP and IT tools to provide Unified Knowledge, Custom Wizards, Status Pages, Full Ticketing, and an Application library. Check it out!
Problem: Outlook will hang when the client is first opened, saying “Connecting to server…” and then “Can’t connect to the server.”, finally recovering all on its own and working fine. In the Connection Status window with my situation, there was an Authn error ‘ERROR‘ that seems to be blocking the connection.
Solution: None of the traditional rip & replace steps worked to fix this problem. Current, Semi-Annual, Repairs, Clean Wipes, FixIT, and the kitchen sink. Turned off IPv6, and this problem went away instantly.
(Using DNSFilter on Lenovo E14 Laptop.)
Ad: FixFinder – Self-Help Automation platform that lowers your Tier-1 volume with a user empowering Desktop interface. FixFinder hooks into your existing MSP and IT tools to provide Unified Knowledge, Custom Wizards, Status Pages, Full Ticketing, and an Application library. Check it out!
Problem: Windows Azure may prompt a user to provide an ‘Access Pass’ when it’s not been configured in O365 settings. This will trigger after MOBO replacements from on-site techs when the device comes back up.
Solution: Login as an O365 Admin using RMM tools or accessing the console. AzureAD should start to rejoin automatically, but if it doesn’t, go ahead and do that now. If you reboot, the user should be able to log in to the device with no other changes needed. PS: The correct C:\Users\ folder was used when getting back into the user profile, and it did not create a new one.
Ad: FixFinder – Self-Help Automation platform that lowers your Tier-1 volume with a user empowering Desktop interface. FixFinder hooks into your existing MSP and IT tools to provide Unified Knowledge, Custom Wizards, Status Pages, Full Ticketing, and an Application library. Check it out!
Issue: Teams version 1.5.0.17656 was installed using an exe file from the Teams Download site. No matter how often you update, uninstall, or reinstall, there seems to be no change in the behavior at launch. Teams 1.2.x is present on the machine and keeps looping.
Solution: The device originally came with ‘Teams System-Wide Installer,’ which was removed manually from add/remove as bloatware in past years. Reintroducing the ‘ Teams Machine-Wide Installer‘ fixed it instantly with no other changes to the machine.
Reboot the device now.
Have you run into any other fixes for this issue? Let me know. I threw the kitchen sink at it and could only get this to work by reintroducing the baseline installer in the image.
Ad: FixFinder – Self-Help Automation platform that lowers your Tier-1 volume with a user empowering Desktop interface. FixFinder hooks into your existing MSP and IT tools to provide Unified Knowledge, Custom Wizards, Status Pages, Full Ticketing, and an Application library. Check it out!
Issue: OneDrive right-clicks context menus may fail to appear in Windows File Explorer if UAC is disabled or WinRAR is installed.
At times these icons weren’t showing correctly in the Win32 Explorer.exe Shell:
Solution #1: If installed, go into WinRAR and turn off ‘Integrate WinRAR into Shell‘ via the ‘Integration‘ options. Otherwise, try to identify other applications in the context menu that could be causing a similar issue.
Solution #2: UAC may be turned off on this machine. You will never see these options if you don’t enable them again, even under the local administrator account.
Ad: FixFinder – Self-Help Automation platform that lowers your Tier-1 volume with a user empowering Desktop interface. FixFinder hooks into your existing MSP and IT tools to provide Unified Knowledge, Custom Wizards, Status Pages, Full Ticketing, and an Application library. Check it out!