Get All AIP encrypted files - SharePoint Online

One of the recent project merger and acquisition.  Technology - M365 tenant to Tenant migration Areas of consolidation 1. Mailboxes  2. SharePoint online data 3. OneDrive for Business data 4. Teams data migration 5. Security and Compliance Migration  Area of concern from security and compliance side was the encrypted files within EXO, SPO, Teams, ODB. Issue with encrypted data migration - end users will not be able to access the documents once the Source tenant is decommissioned.   Solution available -  Ask end users to unencrypt the data before migration  Alternet Solution - 1. Decrypt the files, mails using eDiscovery - This will give us output in PST format will is available for offline access, but the data in source will still be encrypted.  Decryption in eDiscovery - Microsoft Purview (compliance) | Microsoft Docs   2. Use Get-AIPfileLabel and Get-AIPFileLabel but in order to use this you must be aware of all the files paths.  Challenges -  1. We do not want end user intervention

Error - AttributeValueMustBeUnique in Azure AD connect sync



My customer had already created accounts in office 365 and managing them in Azure, however due to some changes in business they wanted to sync AD with Azure to sync Password and Manage Identity form AD.


Solution - Deploy Azure AD connect on ADDC, and post that it will do a Soft Match.


However there were error with some users, their identities did not sync and their status still reflected as Azure AD.


Error - 


Unable to update this object because the following attributes associated with this object have values that may already be associated with another object in your local directory services: [ProxyAddresses SMTP:user@domain.com;].  Correct or remove the duplicate values in your local directory.  Please refer to http://support.microsoft.com/kb/2647098 for more information on identifying objects with duplicate attribute values.


Tracking Id: b8367c95-ae67-46e1-xxxx-xxxxxxxxxx

ExtraErrorDetails:
[{"Key":"ObjectId","Value":["cd088468-bb6a-40f9-xxxx-xxxxxxxxxx"]},{"Key":"ObjectIdInConflict","Value":["d7e8405c-54d5-41c6-xxxx-xxxxxxxxxxx"]},{"Key":"AttributeConflictName","Value":["ProxyAddresses"]},{"Key":"AttributeConflictValues","Value":["SMTP:user@domain.com"]}]


I tried to do a Hard match following the article - https://blogs.technet.microsoft.com/praveenkumar/2014/04/11/how-to-do-hard-match-in-dirsync/ 


This did not helped 


From the Azure AD connect health wizard took Object ID of On-Prim AD  and tried to Map it against the Azure user 


Set-MsolUser -UserPrincipalName user@domain.com -objectId "1xxxxxxxxxxxxxxxxx=="


Ran the Azure AD connect sync - Did not helped



From the same place (AAD connect health page took Source Anchor
of AD object and Tried to map it 

Set-MsolUser -UserPrincipalName user@domain.com -ImmutableId "1xxxxxxxxxxxxxxxxx=="


This time it was successful 


Comments

Post a Comment

Popular posts from this blog

Error - QuarantinedAttributeValueMustBeUnique

Add members to office 365 Security Group Using PowerShell and CSV

Analyze Office 365 Message headers

Enforce MFA using CSV