SS Technology Forum

SS Technology Forum

Computer Migration - Things to Consider

Here are a few points which you can consider while doing computer migration. These points are applicable to all migrations irrespective of the migration tool (ADMT, NetIQ, Quest etc)

Active Directory User Migration

Here is a graphical representation of the high level steps involved in an Active Directory migration using ADMT

User Migration and Merging Using Quest Migration Manager

Pre-creating user account in the target domain is a common scenario these days due to single-sign-on solution, HR management procedure etc

Microsoft Right Management Service (RMS)

Rights Management Service (RMS) is an add-on to many RMS aware applications. In this article my main focus is to explain how we can utilize RMS technology with Exchange 2003 and how we can take advantage of RMS technology to increase the email security

Microsoft ISA Server

I am sure we have all either encountered or heard of this "problem" one time or another if the ISA Server is part of the Active Directory Domain. Is it a problem?

Tuesday, June 2, 2015

Extracting Microsoft Azure AD Connection Tool

As you aware, the Azure Directory Sync supports custom installation.  For custom installation and configuration you need to extract the Microsoft Azure AD Connection Tool (MicrosoftAzureADConnectionTool.exe)  installation medial first.  There are few command line options supported as shown in the following screenshot:


To exact the Microsoft Azure AD Connection Tool installation media to a specific folder, you can run the  MicrosoftAzureADConnectionTool.exe /T:C:\DirectorySync /C command. All the extracted files will be in the C:\DirectorySync  folder.

Tuesday, May 26, 2015

Azure AD and Manual UPN Update

In Azure AD, the UserPrincipalName (UPN) can be manually updated using Set-MsolUserPrincipalName Power Shell cmdlet.  The details and syntax are explained here -

One of the common issues you experience during this process is the “Access Denied”  error message. 

 Set-MsolUserPrincipalName : Access Denied. You do not have permissions to call this cmdlet

If you are using Global Administrator account, you should have permission to update user properties. This error message can be little misleading.  Most of the time, you will see this error message because of an non-existent UPN name in the “-UserPrincipalName” parameter.

Set-MsolUserPrincipalName -UserPrincipalName -NewUserPrincipalName

Here are some examples:

As you can see in the following screenshot, I am getting the Set-MsolUserPrincipalName : Access Denied. You do not have permissions to call this cmdlet message here.  


I am using a Global Administrator account here.  This is because of the non-existent UPN (current UPN of the user from Azure).  If you run Get-MsolUser cmdlet, you will see the real error message :)   “Get-MsolUser : User Not Found.  User:” error message. 


You need to verify current Azure UPN before you the Set-MsolUserPrincipalName or you can combine Get-MsolUser and  Set-MsolUserPrincipalName cmdlets to include this validation check to get some more meaningful error message. 

Get-MsolUser -UserPrincipalName | Set-MsolUserPrincipalName -NewUserPrincipalName


Also, make sure to verify the Custom Domain in Azure if you are planning to use a custom domain name as UPN.

image image

Tuesday, May 5, 2015

SCCM Integrated Intune – iOS and Android Store App Deployment

SCCM Integrated Intune  - iOS and Android Store App Deployment

You have two deployment options (Available and Required) when deploying applications though SCCM as shown in the following screenshot:


Currently, the App Store (from Apple or Android) “"deployment using “Required” (push deployment) option is not supported (doesn't work) by Microsoft.  The “Available” applications will show up on end user devices.  The “Required” applications won’t show up.   This is a limitation of SCCM integrated Intune.  The standalone Intune deployment supports both options. 

According , “Required” install is supported only for sideloaded app.


In a standalone Intune deployment, these options are little different.  If you deploy application to devices you only see the “Required” option .  If you deploy applications to users, you will see “Required” and “Available” options. 

 Device Deployment:


User deployment:


Monday, April 27, 2015

Microsoft Intune and Device Registration Error

The device registration errors in Microsoft Intune can be misleading.  Here are some common errors you may encounter during the device registration and enrollment process. 

Error #1

Device not added

This service is not supported

Error: MdmAuthorityNotDefined



This service is not supported, MdmAuthorityNotDefined, A connection to the server could not be established etc errors during an Apple device enrollment.  In my case, it was a test device. I have used this device with different user account, Intune subscription etc. 

Possible solution / workaround

  1. In my case, this was due to duplicate/already enrolled device information in Intune.  Everything started working once I removed the existing device entry from Intune. 
  2. You will get the same error message, if you have an existing Management Profile in your device.  


Error #2

Profile Installation Failed

A connection to the server could not be established



Possible solution / workaround

  1. Remove existing device from Intune
  2. Remove existing Management Profile


Error #3:

Service not supported

This Service is not supported

Error: MdmAuthorityNotDefniend



Possible issue / Workgroup

  1. Make sure this user is part of the Intune collection.  You can see the current configuration from SCCM->Intune subscription properties.





Error #4

Profile Installation Failed

The new MDM payload does not match the old payload.




Possible solution / workaround

  1. Remove existing Management Profile the device


Error #5

Profile Installation Failed

A connection to the server could not be established. 


Possible solution / workaround

  1. Remove existing Management Profile the device



Error #6

Device Failed to enroll

We encountered an error while attempting to add your device.  this can happen because one or more of the management profiles were not accepted, or we encountered an issue processing the request.  If a retry does not solve the issue, contact your IT department for assistance. 


Possible solution / workaround

  1. Remove existing Management Profile the device



Error #7

Could not sign in. You will need to sign in again. If you need this message again, please contact your IT admin.


Possible solution / workaround

  1. Device is currently enrolled using another Intune authority. See Error #8 also. 

Error #8

This app is a device administrator and must be deactivated before uninstalling.  


Possible solution / workaround

  1. Go to Settings –> Security –> Phone Administrator and uncheck the Company Portal application.


Tuesday, April 14, 2015

Microsoft Intune – Service Status Dashboard

I am not sure you are aware of this, you can check the Microsoft Intune service status using the following URL:



If you are you logged in, it will display your service instance name as shown in the following screenshot:



Tuesday, April 7, 2015

Microsoft Azure - Service Status Dashboard

Here is a great way to identify any maintenance or service related issues with Microsoft Azure service.  The  portal gives you a real time update on Azure services.  You can even subscribe to a feed.



Tuesday, March 10, 2015

Azure Management Portal – You have signed out elsewhere


The Azure management portal ( generates a “You have signed out elsewhere. Click OK to log out from the management portal”   error message during the sign in process. 




  1. Clear Cache and Cookies from your browser. 
  2. Press Escape (ESC) key as a workaround to clear this annoying message. 

Thursday, February 26, 2015

F5 VPN Plug-in and NPuroamHost.dll Issue

By default, the F5 VPN plug-in (F5 Networks Firepass Host Plugin) doesn't install from Internet Explorer 11 browser.  If you try the manual installation option, you will get only the NPuroamHost.dll file. Copying and pasting this DLL doesn’t work and also, you won’t be able to find a plug-in directory. 



You can resolve this issue by adding your VPN URL or company URL to Compatibility View Settings in IE.

image image

Thursday, February 12, 2015

PowerShell TTUC #117 - $FormatEnumerationLimit – Displaying Complete Text

PowweShell Tips, Tricks and Useful Commands #17

Some PowerShell commands don’t display the complete text in the output even if you use Format-List or Format-Table etc command with specific width information.   The result displays with … ellipsis. The $FormatEnumerationLimit variable can be used to control this behavior. Default value is 16. You can set the value to –1 to remove this limitation or set the value to unlimited characters.



Monday, December 1, 2014

Group Managed Service Account (gMSA) – Access Denied

I have seen a lot of questions on TechNet forums about Access Denied error when installing Group Managed Service Account (gMSA) using Install-ADServiceAccount PowerShell cmdlet. 

Install-ADServiceAccount : Cannot Install service account.  Error Message: ‘{Access Denied}



This error message can be little misleading if you are using proper administrative credentials.  If you are using a security group for your host servers (PrincipalsAllowedToRetrieveManagedPassword), you need ensure that this particular server is part of that security group.  If you have recently added this server to the group, you need to restart the server to get the updated group membership.  The service account cannot be installed on the server before verifying the group membership.

Popular Posts


Twitter Delicious Facebook Digg Stumbleupon Favorites More