Salesforce – Rebranding Tenants
Ongoing documentation for this process and gotchas.
API Scripts (Python):
Okta – Rebranding Tenants
Okta – Rebranding Tenants
Check here for the official Okta article.
More updates are on the way!
Scripts (PS):
Update Email – Single User (Testing)
Update Email/Login – All Users (Execution)
Office365 – Rebranding Tenants
Office365 – Rebranding Tenants
Issue: Rebranding in an existing Office365 tenant is a process that requires a lot of testing and mapping out dependencies. We’ve done this several times and are building a repository of scripts and helpful tips to guide you through the user experience and admin impacts on the back end.
Overview:
- Renaming the user’s primary login name (UPN) in a pure O365 environment with no AD sync or on-prem isn’t all that bad. When you make the change, it does not force you to create a new Outlook profile or reconfigure mobile devices, nor does it break activation on joined/non-joined machines. Outbound emails almost immediately start coming from the new domain. Outlook will continue to show @olddomain.com at the top of the mailbox tree unless a new profile is generated to handle the aesthetic elements.
- OneDrive breaks on Desktop/Mobile, and it’s not very obvious. In some cases, we saw an infinite ‘Signing In,’ but otherwise, the device would say, ‘All files are synced,’ unless you uploaded a file and watched it get stuck in the queue, there aren’t any indicators there is a problem. Logging out/in fixes the issue, but the concern is that it doesn’t kick them out. See the script below for ‘Reset OneDrive’ you can publish this to the end user’s Desktop, and tools like Datto RMM can run it in the user’s profile which helped our efforts to automate the fix.
- OneDrive links take around ~15 minutes to change but once they do it breaks all previous shared links. Check the HTML file below that converts those links from the old domain to the new one. It’s simple, and we put it on the user’s desktops to help them work through shared file linking issues.
- OneNote users will see syncing issues that don’t recover until they log out/back into Office365 local application. For some reason it doesn’t seem to grab the new file locations that move with OneDrive’s location.
- Updates are ongoing!
Scripts (PS):
O365 – Change Single User (Testing)
O365 – Change All Users (Execution)
Errors when clicking SharePoint links in Outlook
Errors when clicking SharePoint links in Outlook
Issue: On January 17th, users on Dell XPS 9300/9310/9320/9370 using both Windows 10/11 laptops started complaining of multiple errors from Office365 applications. This would happen if they clicked a link to a SharePoint file or location but not manually pasting the same URL to that location in a browser.
One error was, “The server you are trying to access is using an authentication protocol not supported by this version of Office,” and the other was, “We’re having trouble connecting to the server. Please try again later.” finally, “An internet connection is required to open this file. Try again after connecting.”
Solution: No amount of reinstalling Office, updating drivers, disabling DNSFilter, or other actions fixed this issue for my users. What did work? Disabling IPv6 on the Wireless interface immediately fixed the problem. So, I pushed this PowerShell script below using an RMM tool:
Disable-NetAdapterBinding -Name ‘Wireless’ -ComponentID ‘ms_tcpip6’
Disable-NetAdapterBinding -Name ‘Wi-Fi’ -ComponentID ‘ms_tcpip6’
Anyone find the root-cause, or see this issue on non-Dell XPS devices?
Ad: FixFinder – Self-Help Automation platform that lowers your Tier-1 volume with a user empowering Desktop interface. FixFinder hooks into your existing MSP and IT tools to provide Unified Knowledge, Custom Wizards, Status Pages, Full Ticketing, and an Application library. Check it out!
Audit Weak Local Passwords in Windows using PowerShell
Audit Weak Local Passwords in Windows using PowerShell
Issue: Devices not joined to Active Directory may not have Group Policies or other settings applied to enforce password complexity. For example, they may be managed by Okta, Datto RMM, and other tools. In this case, auditing for weak or blank passwords on local accounts can be challenging.
Solution: WeakPassword.ps1 (below) + your custom passwordlist.txt in the same directory will produce output with the lousy password if there’s a match on the local host. It’s also configured to test for blank passwords, which would immediately drop the user at the desktop:
(Datto RMM with custom Post-Conditions)
Note: A custom rule I had in my NGAV Firewall blocking inbound TCP/445 broke the script by displaying this error: Exception calling “Validate Credentials” with “2” arguement(s): The network path was not found. (Script location). I temporarily turned that off for long enough to let the script execute and promptly enabled the policy.
I haven’t included a password list right now. I’d recommend starting with the classic ‘password’ ‘letmein’ ‘123456…’ and others versus loading an entire dictionary, though a large list doesn’t appear to slow the process down by much, so it’s extensible.
View the Script
Ad: FixFinder – Self-Help Automation platform that lowers your Tier-1 volume with a user empowering Desktop interface. FixFinder hooks into your existing MSP and IT tools to provide Unified Knowledge, Custom Wizards, Status Pages, Full Ticketing, and an Application library. Check it out!
Migrate Box via API to SharePoint
Migrate Box via API to SharePoint
Issue: As part of a Box migration, tools like ShareGate, and Kernel Migrator can miscopy files at 0KB or have other problems. Admins may also need a lean way to migrate lists of Box files into SharePoint without using third-party tools.
Solution: Custom script to migrate from Box API to SharePoint. It uses a source/destination list of files from Box to the SharePoint site collection. Note that files with ‘[ ]’ have issues with this method due to API/script limitations.
Download the Script – BoxAPI_to_SharePoint
Create folder structure:
a. Logs – to keep the logs created by the PowerShell script.
b. Scan – to keep all CSV files from where the PowerShell script will read the file path.
c. Temp – A folder to temporarily keep the downloaded files from Box API. Those files will be uploaded to SharePoint.
Access Token:
Copy the Access Token and use in PowerShell script. This token is valid for next 60 minutes. You should follow the steps again to generate a new token.
CSV Format:
SiteCollectinURL FilePath
Ad: FixFinder – Self-Help Automation platform that lowers your Tier-1 volume with a user empowering Desktop interface. FixFinder hooks into your existing MSP and IT tools to provide Unified Knowledge, Custom Wizards, Status Pages, Full Ticketing, and an Application library. Check it out!
0KB Files in SharePoint Online – ShareGate Migration
0KB Files in SharePoint Online – ShareGate Migration
Issue: Opening a 0KB file in Excel produces the error “The workbook cannot be opened” via Web. On Desktop, it says, “Excel cannot open the file X because the file format or file extension is not valid,” Other files like Docx and PPTx appear blank when opened for the first time and don’t throw errors but will save the file and update the size.
The file Size in SharePoint is blank for these files:
Solution: In our scenario, the problem was caused by copying with ShareGate. Every piece of file migration software has some issues, some worse than others, but you should never fully trust this kind of software without testing the results. Unfortunately, this copy job in ‘Insane’ mode seems to have created 0KB empty files, and since the file now exists, and the timestamps align, other copy jobs aren’t looking at the hash or size of the files and skipping them. This is a nightmare, given there are many files and sub-folders to go through, so I’ve devised an amateur scripting solution to recursively identify these 0KB files within all Document Libraries in a Site Collection.
Download: Scan0KBFiles (PowerShell)
You’ll end up with a randomly named CSV file with all of the 0KB files listed when the scan completes. Ignore what’s on the console unless you want to keep an eye on things, but capturing that data won’t be necessary as it scrolls in PowerShell.
If you get errors, make sure you have done Install-Module MSOnline, AzureAD, and Microsoft.Online.SharePoint.PowerShell, SharePointPnPPowerShellOnline, and all modules are on the latest versions if they already exist on the box.
How to Install the PnP PowerShell Module
If you’re seeing Throttling, I do have a version of this script that works as an AzureAD registered app, versus using credential authentication.
I tried testing other migration tools, all the ones you’d find on Google, and it’s pretty bad out there right now. If they can even hook into your tenant, the UIs are wonky, and you get none of the visibility or configurability in other tools. But, now, amongst many other bugs, you can see that in the case of ShareGate, that 5k gets you problems like this one, which admittedly, are a nightmare considering there are over 1/4 million files to search through looking for these 0KB stubs that have replaced valid data due to the bug.
Ad: FixFinder – Self-Help Automation platform that lowers your Tier-1 volume with a user empowering Desktop interface. FixFinder hooks into your existing MSP and IT tools to provide Unified Knowledge, Custom Wizards, Status Pages, Full Ticketing, and an Application library. Check it out!
SharePoint Online – Last Modified
SharePoint Online – Last Modified
Issue: By default, SharePoint Online document libraries don’t float up the ‘Last Modified’ time when you make changes within a folder hierarchy. This will bring hate mail from your users, especially if they’ve moved from Box.com, where it works this way for any changes deep in the structure. Many old online articles try to cover this, but the solution has been evasive until I spent the better half of a day trying to figure it out in PowerApp while on my honeymoon in Hawaii. *flips Cray hat backward*
Solution: Screenshots of the PowerApp are below. I’ll work to write out the steps soon and go into depth. The one major limitation of this solution is that if you put an empty folder within a folder structure, it doesn’t trigger the update but instead shows a failed run, which isn’t actually a problem. Only files within folders will successfully start and run the job. That applies to folder -> folder -> folder -> folder -> folder -> file or as deep as you need to go, and it works very quickly, usually within a minute.
-
- Create a new automated app named ‘FolderModified.‘
When a file is created or modified (properties only)
2. ‘CFileName‘
{ "inputs": "@{triggerOutputs()?['body/{FilenameWithExtension}']}[email protected]{equals(triggerOutputs()?['body/IsFolder'],false)}", "metadata": { "operationMetadataId": "c697bc2a-8bcd-44ad-80bf-87f29e9b4455" }
3. ‘CFolderPath‘
{ "inputs": "@triggerOutputs()?['body/{Path}']", "metadata": { "operationMetadataId": "ebace1b1-1fa1-4f76-8e97-4344ffe8c11b" }}
4. ‘VArrFolderPath‘
{ "inputs": { "variables": [ { "name": "VArrFolderPath", "type": "array", "value": "@split(outputs('CFolderPath'),'/')" } ] }, "metadata": { "operationMetadataId": "c4aa6183-5a4c-4451-b045-97a8c020a83f" }}
5. ‘VPath‘
{ "inputs": { "variables": [ { "name": "VPath", "type": "string" } ] }, "metadata": { "operationMetadataId": "9f50d26d-5624-4ef0-b02a-b98a41957d54" }}
6. ‘CUser‘
{ "inputs": [ { "Key": "@{triggerOutputs()?['body/Editor/Claims']}" } ], "metadata": { "operationMetadataId": "e80df3fb-feec-4ea5-a683-ad7a5d9b5c65" }}
7. ‘CModified‘
{ "inputs": "@formatDateTime(triggerOutputs()?['body/Modified'],'g')", "metadata": { "operationMetadataId": "beb03772-baf0-4615-bc04-7fd5650f46f9" }}
8. ‘CProperties’
{ "inputs": [ { "FieldName": "Editor", "FieldValue": "@{string(outputs('CUser'))}" } ], "metadata": { "operationMetadataId": "178a3d12-1338-456d-ab40-c9d1f4214bea" }}'
9. ‘VFilterFolderPath‘
{ "inputs": { "from": "@variables('VArrFolderPath')", "where": "@equals(empty(item()), false)" }, "metadata": { "operationMetadataId": "4a001a83-8073-4ff1-9e81-5e3a7073b027" }}
10. ‘IFolders‘
10.1. ‘Append to VPath’
10.2. ‘IGFPath’
10.3. ‘CValid’
Now edit the ‘HTTP‘ request to SharePoint:
{ "inputs": { "host": { "connectionName": "shared_sharepointonline_1", "operationId": "HttpRequest", "apiId": "/providers/Microsoft.PowerApps/apis/shared_sharepointonline" }, "parameters": { "dataset": "https://yoursite.sharepoint.com/sites/SITE", "parameters/method": "POST", "parameters/uri": "_api/web/lists/getbytitle('Documents')/items(@{outputs('IGFPath')?['body/ItemId']})/validateUpdateListItem", "parameters/body": "{\n\"formValues\": @{outputs('CProperties')},\n\"bNewDocumentUpdate\": false\n}" }, "authentication": "@parameters('$authentication')" }, "metadata": { "operationMetadataId": "5c59f1f4-cd00-4bd9-aa59-bde4deaa317d" }}
*** Note:
getbytitle('Documents') refers to the name of the Document Library. '/Shared Documents/ (Default) = Documents', or your 'Custom Name' for it.***
Success!
- Top Folder:
- Objects within or within the sub-folders shown in the Last Modified above:
- Short runtimes:
Note: You should DISABLE this before migrating large amounts of data. The jobs tend to trigger 422 throttling errors in bulk and jam up with performance issues in the queue that hangs up jobs. This forces you to recreate the object or copy it to a new version and delete the old one to flush the job queue.
Note #2: I’ve also noticed that copying files as the same user that the PowerApp is running under can create a loop that says the account keeps touching files/folders long after you’ve completed the job.
Note #3: The easiest way to duplicate this is by creating a template and using the ‘Save As’ feature to clone another copy. You’ll have to run these on each Document Library and if you’ve got a large Intranet that can be quite a few jobs. Note you have to edit 2-3 locations within the job to tune it for the new destination.
Note #4: You may receive ‘Failed’ notifications about these Apps from Microsoft. These are from folders being created, and expected behavior, not an indication that the app itself is broken or not functioning correctly. I have it running on 35+ sites with minimal overhead, or issues, other than a job that doesn’t run for a certain period can be automatically disabled by Microsoft but you get an email warning about it.
Have a better way to do this? Let me know!
Ad: FixFinder – Self-Help Automation platform that lowers your Tier-1 volume with a user empowering Desktop interface. FixFinder hooks into your existing MSP and IT tools to provide Unified Knowledge, Custom Wizards, Status Pages, Full Ticketing, and an Application library. Check it out!
Create contact failed. Please enter unique email address for the Contact.
Create contact failed. Please enter unique email address for the Contact.
Issue: O365 may produce an error ‘Create Contact failed. Please enter a unique email address for the Contact.’ when you create a contact that does not exist in the ‘Contacts’ window.
Solution: You have this user listed as a ‘Guest’ in AzureAD. You CAN have a Guest and Contact match, but you have to create the Contact FIRST and then invite them to AzureAD afterward, in that exact order. Delete the Azure invite and rerun it by doing the Contact in O365 user management first.
Ad: FixFinder – Self-Help Automation platform that lowers your Tier-1 volume with a user empowering Desktop interface. FixFinder hooks into your existing MSP and IT tools to provide Unified Knowledge, Custom Wizards, Status Pages, Full Ticketing, and an Application library. Check it out!
Outlook Authn Error – Can’t connect to the server then recovers itself
Outlook Authn Error – Can’t connect to the server then recovers itself
Problem: Outlook will hang when the client is first opened, saying “Connecting to server…” and then “Can’t connect to the server.”, finally recovering all on its own and working fine. In the Connection Status window with my situation, there was an Authn error ‘ERROR‘ that seems to be blocking the connection.
Solution: None of the traditional rip & replace steps worked to fix this problem. Current, Semi-Annual, Repairs, Clean Wipes, FixIT, and the kitchen sink. Turned off IPv6, and this problem went away instantly.
(Using DNSFilter on Lenovo E14 Laptop.)
Ad: FixFinder – Self-Help Automation platform that lowers your Tier-1 volume with a user empowering Desktop interface. FixFinder hooks into your existing MSP and IT tools to provide Unified Knowledge, Custom Wizards, Status Pages, Full Ticketing, and an Application library. Check it out!
Windows Login asking for Temporary Access Pass
Windows Login asking for Temporary Access Pass
Problem: Windows Azure may prompt a user to provide an ‘Access Pass’ when it’s not been configured in O365 settings. This will trigger after MOBO replacements from on-site techs when the device comes back up.
Solution: Login as an O365 Admin using RMM tools or accessing the console. AzureAD should start to rejoin automatically, but if it doesn’t, go ahead and do that now. If you reboot, the user should be able to log in to the device with no other changes needed. PS: The correct C:\Users\ folder was used when getting back into the user profile, and it did not create a new one.
Ad: FixFinder – Self-Help Automation platform that lowers your Tier-1 volume with a user empowering Desktop interface. FixFinder hooks into your existing MSP and IT tools to provide Unified Knowledge, Custom Wizards, Status Pages, Full Ticketing, and an Application library. Check it out!
Teams Needs an Update Loop
Teams Needs an Update Loop
Issue: Teams version 1.5.0.17656 was installed using an exe file from the Teams Download site. No matter how often you update, uninstall, or reinstall, there seems to be no change in the behavior at launch. Teams 1.2.x is present on the machine and keeps looping.
- Tried to remove it using RevoUninstaller, and all artifacts
- Manually scavenged any temporary folders and blew them away
Solution: The device originally came with ‘Teams System-Wide Installer,’ which was removed manually from add/remove as bloatware in past years. Reintroducing the ‘ Teams Machine-Wide Installer‘ fixed it instantly with no other changes to the machine.
Reboot the device now.
Have you run into any other fixes for this issue? Let me know. I threw the kitchen sink at it and could only get this to work by reintroducing the baseline installer in the image.
Ad: FixFinder – Self-Help Automation platform that lowers your Tier-1 volume with a user empowering Desktop interface. FixFinder hooks into your existing MSP and IT tools to provide Unified Knowledge, Custom Wizards, Status Pages, Full Ticketing, and an Application library. Check it out!
OneDrive Right-Click Options Not Showing
OneDrive Right-Click Options Not Showing
Issue: OneDrive right-clicks context menus may fail to appear in Windows File Explorer if UAC is disabled or WinRAR is installed.
At times these icons weren’t showing correctly in the Win32 Explorer.exe Shell:
Solution #1: If installed, go into WinRAR and turn off ‘Integrate WinRAR into Shell‘ via the ‘Integration‘ options. Otherwise, try to identify other applications in the context menu that could be causing a similar issue.
Solution #2: UAC may be turned off on this machine. You will never see these options if you don’t enable them again, even under the local administrator account.
Ad: FixFinder – Self-Help Automation platform that lowers your Tier-1 volume with a user empowering Desktop interface. FixFinder hooks into your existing MSP and IT tools to provide Unified Knowledge, Custom Wizards, Status Pages, Full Ticketing, and an Application library. Check it out!