Wednesday, July 13, 2016

Office 2013 Cannot Sign Into Office 365 with Functional ADFS Federated Domain

You deployed ADFS. You converted your Office 365 verified domain into federated domain. Single Sign On works on Internet Explorer inside the corporate network.

You sit back and relax and pat your back for a good job.

Then someone rings in saying that they:


  1. Cannot open a document from SharePoint Online using "Open with Word" option
  2. Cannot sign into Office 365 from Microsoft Word (or any other Office programs). The sign in screen sits there, and complains that it does not recognise your username or password, although the user swears on the life of all their children that they have entered the correct credentials
  3. It was working fine before (or maybe not).

The fix is to blow away everything under the following registry key:

[HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\Identity\Identities\]


You might want to back it up, but it's pretty harmless (for me anyway).

Restart your computer, and try signing into Office 365 in Office programs - it should work now.
Posted by at No comments:
Labels: , ,

Friday, July 08, 2016

Azure Active Directory Connect - OU Filtering not working as intended

I have recently encountered an Azure AD Connect sync engine that refuses to respect the recent changes to exclude an OU that was previously included.

Azure AD Connect version in question is 1.1.130.0 - April 2016

If you are wondering how to exclude OUs, go to Synchronization Service > Connectors > pick your Active Directory connector > Properties > Configure Directory Partitions > Containers button > enter your Azure AD Connect service account password:


You then wait for the next sync cycle or manually force the sync cycle, and yet you noticed that the objects are not being disconnected from the metaverse, and continue to sync to Azure AD.

To fix this, simply restart the "Microsoft Azure AD Sync" service and wait for the next sync cycle.

Bonus tip:

A grey box with a tick = objects in that OU (not the sub OU) will be synced:



A grey box (without a tick) = objects in that OU will not be synced, but some sub-OUs are selected for sync.



Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)