Active Directory Schema Extension for Directory Synchronization - ADFS 3.0, Office 365

Similar Messages

• Active Directory schema extensions

  Hi
  We are in a process of implementing SAP LDAP sync to manage users from MS Active Directory. SAP requires schema extension generated by RSLDAPSCHEMAEXT program to be applied to Active Directory so that report RSLDAPSYNC_USER can be identify SAP users in MS AD.
  The MS AD team says that any non miscrosoft schema extensions are not supported as OIDs of the schema might conflict with other applications / patches.
  Are the MS AD schema extensions generated by SAP program RSLDAPSCHEMAEXT supported / certified by Microsoft.
  Harsh

  Hi Harsh,
  I would like to point you also to SAP Note 888848 - Notes on schema enhancement with RSLDAPSCHEMAEXT.
  It especially states that:
  ..."The text document generated by RSLDAPSCHEMAEXT was supplied and validate as part of a certification process by the directory vendor."...
  that means in this case by Microsoft.
  If you decide not to use the schema extension that has been supplied by Microsoft you can use attributes that are already existing in your Active Directory as Juergen already pointed out.
  As an example Microsoft Exchange Server creates several additional attributes such as extensionattribute1, ... , extensionattribute15 as part of the installation process. These attributes might be an option for you if you do not want to use the schema extension suggested by RSLDAPSCHEMAEXT.
  Please have in mind that the filter attribute that you will use to determine the SAP username should be indexed since this will reduce the synchronization time.
  Best Regards,
  André

• AD schema extension for ESSO

  Friends,
  Because it is necessary to extend the schema in Active Directory when you install the Logon Manager ESSO.
  Thanks.

  As I understand it, the main roadblock is that the Active Directory connector (essentially a directory service plug-in that translates AD-speak to Apple's internal format) doesn't computer groups, just computer lists. This could be added in future versions of the AD connector (I have no idea if there are any plans for this), but even then if you built computer groups in AD, they'd only work with Mac clients that had the newer version of the connector...
  BTW, I've never seen much difference between computer groups vs. lists (probably because I don't use either one very much). What extra flexibility are you wishing for?

• I use a PC for work and link it to Office 365. I also have an iphone and ipad. How do I synchronise these devices to Outlook without creating multiple copies of calendars?

  I use my PC for work (MS Office and Outlook). I also use Office 365. I also have an iPhone and iPad. I'm having difficulty getting Outlook to synchronise with Apple devices. I keep getting multiple copies of calendars and not being able to see contacts. Is there a process anywhere which describes the best way to manage these devices together? Or should I just give up on the PC and buy a MacBook or Air.

  Excellent. These guides got me as far as installing my preferred language pack, which gets added to the add-ons automatically (assuming the user says yes to the appearing question when Firefox is started).
  However, the GUI does not change unless the user enters "about:config" and changes the locale.
  Is there a way to do this from the command line? I mean, changing the locale settings.
  And preferrably for all users. So even when new users get added and they start Firefox the first time, they see it appearing with the preferred locale and not in English.

• Skype (personal account) cannot add Skype for business user who is on office 365

  Dear Sir, I able to search contact on office 365 users, but I cannot add them to my skype. As a workaround, I ask my friend who is using office 365 able to add my skype (personal account). Could you help to check and fix this problem? Thank you. B

  Hi,
  As mentioned the Lync Server is not up-to-date, based on my knowledge this is why the issue occurs.
  Please refer to this article below:
  https://technet.microsoft.com/library/dn954919.aspx
  You can configure the client experience only if you are running Lync Server 2013 with the December 2014 Cumulative Update (5.0.8308.857) or later installed. The latest one is:
  KB 3036869 February 2015 Cumulative Update 5.0.8308.871 for Lync Server 2013 Core Management Server.
  You can specify the client experience the users in your organization will see by using the
  Set-CSClientPolicy cmdlet with the EnableSkypeUI parameter:
  Set-CsClientPolicy -Identity Global -EnableSkypeUI $true
  Regards,
  Melon Chen
  TechNet Community Support
  It's recommended to download and install
  Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
  programs. Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
  [email protected]

• I want to know how to setup password expiry notification for outlook 2013 and 2010 in office 365

  On cloud mailbox non federated how set password expiry notification for all users which is created on cloud for accepted domain mail box only configure outlook, 
  any other option on exchange admin center for the same,
  I want to know how to setup Outlook 2013 and 2010  to receive PASSWORD EXPIRY NOTIFICATION without log  in domain,

  Hi
  As per the information and details provided by you, to set up password expiry notification, please follow these steps: -
  I suggest you run Office 365 desktop apps reffering to the steps below: -
  Step1: - Login to Office 365 Portals.
  Step 2: - In the right pane, click
  Downloads under Resources.
  Step 3: - Click Set up under
  Set up and configure your Office desktop apps.
  Moreover, please confirm the password policy by the
  PowerShell cmdlet.
  Step 1: - Install Micrsoft Online Services Module and connect to Office 365.
  Step 2: - Run Connect-Msolservice command.
  Step 3: - Get a password policy by the following PowerShell cmdlet:
                  Get-MsolPasswordPolicy –DomainName yourdomain.com
  I hope this information will be helpful for you.
  Thanks and regards
  Shweta@G 

• SCCM 2012 AD schema extension

  Hi all,
  we were in the process of installing SCCM 2012 R2 in our lab, we have extended the schema & schema extension creates classes & attributes we just wanted to know where we can find these Classes & attributes in AD. where we can see it being created
  in AD.
  We have seen the successful schema extension in the log files but we also wanted to get the details from AD side.
  Please suggest.
  Thanks,
  Pranay.

  This has all the details
  But in summary:
  Attributes and Classes Added by the Configuration Manager Schema Extensions
  When you extend the Active Directory schema for ConfigMgr 2012, the following attributes and classes are added to Active Directory Domain Services:
  Attributes:
  cn=mS-SMS-Assignment-Site-Code
  cn=mS-SMS-Capabilities
  cn=MS-SMS-Default-MP
  cn=mS-SMS-Device-Management-Point
  cn=mS-SMS-Health-State
  cn=MS-SMS-MP-Address
  cn=MS-SMS-MP-Name
  cn=MS-SMS-Ranged-IP-High
  cn=MS-SMS-Ranged-IP-Low
  cn=MS-SMS-Roaming-Boundaries
  cn=MS-SMS-Site-Boundaries
  cn=MS-SMS-Site-Code
  cn=mS-SMS-Source-Forest
  cn=mS-SMS-Version
  Classes:
  cn=MS-SMS-Management-Point
  cn=MS-SMS-Roaming-Boundary-Range
  cn=MS-SMS-Server-Locator-Point
  cn=MS-SMS-Site
  The Active Directory schema extensions might include attributes and classes that are carried forward from previous versions of the product but not used by ConfigMgr 2012. For example:
  o Attribute: cn=MS-SMS-Site-Boundaries
  o Class: cn=MS-SMS-Server-Locator-Point

• MMC for schema extentions for OSX and AD

  hi all
  i'm aware that there are 30+/- active directory schema extensions that should allow AD to directly manage OSX.
  is anyone aware of an MMC that can take advantage of the extensions ? i'd hate to need a OSX just so i can run workgroup manager

  You will want to read this:
  http://www.afp548.com/article.php?story=20051202151540574

• Can Mac 10.5 OD Server support AD schema neccesary for Microsoft Exchange

  Does anyone know if the Active Directory schema in Open Directory 10.5 is sufficent to support a bound Microsoft exchange server running 2003 or 2007?
  By that I mean could I utilize user accounts on a 10.5 Mac OD server on an internal exchange server in the same domain, so that the Mac Server authenticates the user and the exchange can deliver the mail?
  All comments gratefully received
  Philip

  Thanks for the quick read and response. Do you feel the issue might lie with the fact that it is a Mac Mini? And possibly just not powerful enough to run Leopard Server? I have to say in our trials with MacPro it was like night and day as to how they performed. And if you could elaborate on this "Many VPNs don't play well with NAT so your VPN server should have a direct connection to the public network (preferably firewalled, of course, but not NATted)." Most every SoHo and for that matter uses simple NAT translation for security even our multi thousand dollar Cisco PIX and ASA's are basic NAT devices to start with. How would you put the VPN on public net while keeping the attack surface low for the rest of the services like file, web, mail and print?
  Don't get me wrong I want this to work more than you can imagine. We are so tired of supporting MSFT technologies that cost thousands a year in antivirus, antispyware, antispam and other malware protection for the enterprise. We know that Leopard has great potential but for an integrator, getting this system up and functional is not an easy task. And the worst part of it is every time we have called for support the tech always lets out a sigh when they hear we have run standard setup because they are not allowed to walk us thru the server console to make repairs. And have been told by 3 techs so far that this is a new product and the support avenues are not there for standard since it just supposed to work out of the box. But when it doesn't then ohh well. Which is sorta sad...
  DM

• Ldap schema extension to control which users / group are imported

  Hello,
  would like to have your opinion:
  would it be a good idea to implement ldap schema extensions to control
  which users / group are imported and controlled from ldap in a ldap
  mastered installation?
  e.g. we could implement the following schema extension for users:
  attributetype ( 1.3.6.1.4.1.<iana-org-id>.1.1 NAME ( 'BogusisBeehiveUser' )
       DESC ''
  EQUALITY booleanMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
  SINGLE-VALUE )
  # BogusinetOrgPerson
  # The BogusinetOrgPerson is derived from inetOrgPerson
  objectclass     ( 1.3.6.1.4.1.<iana-org-id>.1
  NAME 'BogusinetOrgPerson'
       DESC 'RFC2798: Internet Organizational Person, plus Bogus Extensions'
  SUP inetOrgPerson
  STRUCTURAL
       MAY (
            BogusisBeehiveUser )
  Then we could control the inclusion in beehive by simply switching
  BogusisBeehiveUser on or off.

  sure; that's pretty much what is talked about in the Install Guide for LDAP Integration under the "inclusion and exclusion" section, about here:
  http://download.oracle.com/docs/cd/E14897_01/bh.100/e14830/ldap.htm#CHDEFFJF
  that doesn't go into the specifics of how you might want to design your objectClass schemas, though, as beehive is agnostic to that.
  If you don't want to provision all users that match a certain existing rule (like everyone under dn=foo, or everyone where userType=employee), then adding a new attribute and building the profile inclusion rule around it is a valid thing to do.
  richard

• I need to export the mailbox (archive) for pst by powershell (Office 365 azure)

  I opened a support request with MS for: Move After 14 days all items in the folder "deleted items" to the archive. 
  - But after two days I noticed that the emails were moved "after 14 days" of the "all folders", moving approximately 90% of the emails from all users (roughly 2GB each user). 
  - How do I export a mailbox (with sub folders) to pst file (by powershell)? 
  - After, i can to import this pst file by powershell to mailbox?! 
  - Or I can undo what has been done and return the emails to the main box?
  Thanks.
  - - My system:
  Office 365 
  Módulo Windows Azure Active Directory para Windows PowerShell
  All users are in the office 365 (I have no local exchange)
  Dirsync, ADFS, DC in cloud (azure)

  Hi,
  You may try to run the following command:
  New-MailboxExportRequest -Mailbox JSmith -FilePath "\\SERVER01\PSTFileShare\Jsmith.pst" -IsArchive
  For more information, please refer:
  Mailbox import and export requests
  http://technet.microsoft.com/en-us/library/ee633455(v=exchg.150).aspx
  If you need further assitance about the powershell command, you can post a question in Exchange forum:
  https://social.technet.microsoft.com/Forums/office/en-US/home?category=exchangeserver
  Regards,
  Steve Fan
  TechNet Community Support
  It's recommended to download and install
  Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
  programs.

• Implications of changing UPN suffix in preparation for Office 365 & DirSync

  Hi,
  I hoping someone can add their experience and recommendations for implementing DirSync with a new Office 365 installation. My client's current UPN suffix is xxx.local. We need to change this to their routable internet address of xxx.com. I've read how
  to add the suffix to the domain and I've seen some posts about how to script this conversion.
  http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/4e4cc3d7-8774-4978-8d52-04a5b5994923
  Is it as simple as this above thread describes? Any gotchas to watch out for? Thanks!

  Hello,
  for Office365 there is a specific forum
  http://community.office365.com/en-us/forums/default.aspx
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://msmvps.com/blogs/mweber/
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

• Office 365 support for KMS

  Hi,
  Does Office 365 support KMS and/or will there be added support for this in the future? I know this is not
  supported if your read the TechNet article; http://technet.microsoft.com/en-us/library/ee624357.aspx.
  However I want to ask if anyone knows otherwise.
  Marius A. Skovli | MCP/MCTS/MCITP | Twitter: @mariusskovli

  Hi,
  Office 365 don’t support Volume Activation (KMS/MAK).
  http://technet.microsoft.com/en-us/library/office-365-enterprise-value-service-description.aspx#bkmk_VolumeActivation
  Note:
  Volume activation for Office 365 Enterprise E3, Office 365 Enterprise E4, and Office 365 ProPlus are limited to installations on Microsoft Windows Server 2008 R2 and newer with the RDS role enabled or Windows To Go installations. In either
  case, users accessing these installations need to be licensed users of Office 365 Enterprise E3, Office 365 Enterprise E4, or Office 365 ProPlus.
  As the admin for your organization, you can
  set up Office 365 for everyone in your organization. This is an example of Office 365 Small Business admin.
  http://office.microsoft.com/en-001/office365-suite-help/set-up-your-organization-on-office-365-small-business-HA102818317.aspx

• Can't activate Office 2011 for mac (downloaded from office 365 portal)

  Hello All,
  I've installed Office 2011 for mac which was downloaded from office 365 Portal. However, during installation process there was not a windows for activation (key or sign in method).
  Is there a way to force activation on Office 2011 for mac?
  Note: I've deleted office 365 com.microsoft.office.plist but i didn't get a windows for activation.
  MacbookPro Version 10.10.2
  Regards
  JO

  Hi,
  If you downloaded Office 2011 for Mac, you may not need a product key to activate it. Office 365 uses a new mechanism that the activation is based on your Office 365 Account instead of a product key.
  Anyway, in this forum we mainly discuss questions and feedbacks about Office for Windows, as your question is about Office for Mac, I suggest you post the question in Office for Mac forum:
  http://answers.microsoft.com/en-us/mac
  I've also noticed this question is actually more related to the activation, you may need to contact the local customer service to get more dedicated assistance:
  https://support.microsoft.com/gp/customer-service-phone-numbers/en-us?wa=wsignin1.0
  Regards,
  Melon Chen
  Forum Support
  Come back and mark the replies as answers if they help and unmark them if they provide no help.
  If you have any feedback on our support, please click
  here

• Office 365 support with VB6 based application for example Mail Merge

  Hi Development team,
  Could i know how to use office 365 in our project step by step ? is it free available as trial version which work successfully
  As our project is currently using Microsoft Office 2003/2007. for we example we run Mail Merge module and it opened in MS word Office 2007 by default as it is installed in our local Machine.
  Currently i don't have office 365 licence software, does it require?
  My point of contact is one of client is asking for why not we are using office 365 which is on cloud version.
  Thanks 
  Anuj kumar
  India 
  91+9582890489

  Hi,
  Welcome to MSDN.
  I am afraid that issues related to VB6 are not supported in these forums, you could check that thread :
  Where to post your VB 6 questions
  In addition, you could post issues related to Office 365 which are not related to VB6
  in http://answers.microsoft.com/en-us/office?auth=1 to get supports.
  Thanks for your understanding.
  Regards.
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.