About the Author
Author

stoff

Vacationing In Sweden

Since I’ve worked for a charter company for a while now we’ve gone abroad to Spain, Greece or Turkey for the past decade or so. But given the current situation that wasn’t possible so we looked at around at some place to go in Sweden together with some friends. And we ended up with Daftö Resort – a camping resort on the west coast of Sweden which we hardly ever go to. So we booked a cabin from Thursday to Sunday and packed the car for a 6 hour road trip and off we went!

We made a quick stop in Mariestad to eat lunch and were happily surprised by the local restaurant “Kingfisher”, that Google suggested. Then some ice cream and off we went again.

Me and the wife in StrömstadWhen we arrived and tried checking in they looked at me like I was the town idiot. Which of course I was because we had booked Friday -> Monday! So there we were, outside Strömstad on the west coast with nowhere to stay! 4 calls later we had 2 rooms booked at a local “spa resort” which was a pretty damn good hotel. But they clearly didn’t care for the covid restrictions like “no hanging around the bars” so I wasn’t too comfortable there.

After spending the night there we went into Strömstad to explore what this coastal city had to offer. And there were some nice vistas and atmosphere and we even started fishing for some crabs down in the harbor. Not to eat though, just for fun!

PoolThen back to Daftö resort and we were allowed to checking and get comfortable in our rather large 8 person cabin. Unfortunately they had some covid restrictions here that mostly applied to how many people could be in the pool area at any given time but we managed to get a spot to get some pool action but you can clearly see that people weren’t too concerned about covid here. Safe to say I wasn’t jumping in when it looked like this!

Another covid thing was that they had shut down their little ammusement park which was really sad for our kids. Even though we had told them it was closed so they didn’t mind much but we knew how much more fun they would have had with there. But I fully support them not having it open given the current situation.

Crazy golfWhat was open was their crazy golf course. And it was really, really good. Nice designs and themes, well maintained and if it wasn’t for the queuing I’d say it was perfect. I wait, we were at the front of the queue all the time! Unfortunately the restaurants at Daftö left a bit to be desired but I guess for a camping site it’s ok – we all got something to eat and it wasn’t horrible but it wasn’t up to our standards of “going out”.

MirrorWe also got some time bathing in the sea and just kicking back in the cabin enjoying a few beers and I have to say that cabin was awesome – it had everything we needed and more (didn’t expect wifi!). We also tried some more restaurants in Strömstad and I can recommend the tapas restaurant “Il Toro” – but stick to the tapas. Not only was the tapas really good but the waiter even made a movie reference based off my wifes T-shirt that even I didn’t get, so kudos for that!

Then on Sunday it was time to pack up the cars and go back home. 6 hour drive back then unpacking and settling in to try to enjoy the F1 race from Silverstone. Which is hard since the Mercs are 1 sec faster than anyone else.

So that sums up our vacation for this year. Which was fun but also sad we didn’t do it more because our son really had fun without a computer!

When It Rains It Pours

I’m unfortunately not talking about that episode of Star Trek DS9 – it’s life in general right now. Not only is there a global pandemic that is crippling society and tanking our company and already caused my wife to lose her grandmother and her job.. now we got cancer in the family as well.

So now I’m gonna be one of those people who say – FUCK CANCER! Fuck it hard!!! Statistically it’s kind of amazing my family has been spared this long and I always assumed it would hit me because… well, not only am I the most expendable of the lot (in my opinion), I also live my life the least healthiest with all the chemical stuff I put in my body not to mention the red meat and then some lack of physical activities on top of that and sitting in front of a computer all day long, I thought it was a given! This fear is why I’m going to our local doctor so much and why I’ve have had two MRI scans in the past year. Both came back negative. But our luck had to run out.

We’re thinking of you and hoping for the best and let me know if there’s anything I can do!

This Corona Thing

So how are you handling this Corona thing?

Back in January even I thought China would manage to contain it. Neither the previous outbreaks had any major impact on life as I knew it. Even in the middle of the SARS outbreak I flew to Singapore without much hesitation because I had a job to do. But when we saw them building a hospital in what can only be described as panic I realised this would get out of hand. And boy did it ever!

But it didn’t take long for our CDC (“Folkhälsomyndigheten”, or “FOHM” for short) to tell people to work from home if possible. Which I gladly did and I’ve been to the office maybe four times in as many months. And working from home definitely has its challenges that I’ll make a separate post about. But I was still hoping it’d blow over rather quickly so we could all go back to normal but “little did I know” right…

In the middle of March my wife’s grandmother fell victim to our society’s failure to protect the elderly and she passed away which was a big shock to everyone because she was quite the iron lady and we thought that after a week of not getting worse that she’d pull through but unfortunately not.

So we, as in our family unit of 3, started doing our best to minimize the exposure. Not seeing as many people, not going out on many trips or excursions and staying home as much as possible. But the cabin fever of being home this much, especially when working from home, is rather intense and I’m so thankful that FOHM hasn’t instituted a lockdown in Sweden!

But by early April everyone realised how bad this situation was and all companies that were effected by this were allowed to give their employees a paid furlough – working from 20, 40, 60 or even 80% while retaining most of the salary. I wasn’t effected by this as I’m apparently that vital to our IT ops but most of my colleagues went down to 40% or less. And it also effected my wife’s work since people aren’t going out for coffee that much and B2B sales got hurt by everyone working from home so she went from working 5 days per week to 2. Which meant that for 3 days she was home while I was working from home which made it even more interesting.

In early June we finally got tested for antibodies which was negative so as it turns out, we just had the normal flu back in February.

Unfortunately that wasn’t sustainable and eventually there had to be downsizing. I survived the first round of layoffs but my wife didn’t so she’s soon out of a job. That sucks, not only because she’s unemployed but because this was a job where she worked with a product she loves – coffee.

But so far we’re in good health. Well more or less anyway, we’re not suffering from Covid at least. But I know 6 people that have had it and 3 of them are still suffering from fatigue, shortness of breath and heart arrhythmia, scary stuff to say the least so I’d rather sit this one out.

So right now we’re still doing the best we can in little family unit, limiting our exposure, shopping as much online as possible and trying not to go out unless we have to.

The Big Tenant-to-Tenant Migration

As you may know, I worked for the Nordic part of the Thomas Cook Group. I was the O365 admin for a tenant with over 30,000 user accounts. And we ran the Azure AD Connect service for the entire group and had just moved to pass-through authentication with Seamless SSO. Although it was a royal pain sometimes to work in such a large company where even a minor change could take weeks to implement and get approval for from everywhere.

As you may also know, Thomas Cook Group filed for bankruptcy in October last year. And there was no advanced warning or anything about what was going to happen next. But for our part, we realised that we would (if the company survived) most likely be moving our Nordic business to a new O365 tenant so we began planning for that. Over the next few months a lot of stuff happened. The Nordic part of the group was sold off and started their own company NLTG and the old group was shutting down all parts of their business. Except the German part because they were backed by their government so they survived (more on that later).

When we got back after the Christmas break we were given a clear order to evacuate the tenant before end of February. Since we were a separate company and legal entity we were no longer entitled to share the old tenant which, even though it makes sense, pretty much lit a torch under our asses to get this done now. And we realised it wouldn’t be a pretty or a smooth operation, as I recall saying, “this is going to take a sledgehammer, not a scalpel!”. Fortunately I’m very used to sledgehammer my way to getting results. Yeap, thinking back to that SharePoint upgrade that was all over the place!

So there we were, less than 8 weeks to pull off a migration with 3,000 users, 5,500 mailboxes, 10TB of SharePoint data, 8TB of OneDrive data and 12TB of Exchange data. And this is how it went…

Identities : The building block of any good tenant is the identities. When we first planned for the migration our plan was to have a new on-prem AD that would be fed by.. well that’s irrelevant since there was no time for that. The only way forward was to use our existing on-prem AD. But the problem was that MSFT doesn’t support syncing your on-prem identities to two tenants. Why? I have no idea – I fully get how you wouldn’t want that in a production environment (since the UPN domain can only be valid in one tenant) but for a migration like this it would have solved a lot of headaches if we were allowed to do it like that. But nope, we really wanted to have Microsoft support for this. And we also had to retain our e-mail domains since we’re heavily dependant on the brand which is almost as Swedish as Ikea, at least in Sweden. So that presented us with the first big problem – pre-populating the new tenant with 3,000 user objects so we could start copying the data and when it was time to migrate and then play around with the UPN domains so the matching would work. But the first step was creating the 3,000 users as cloud only “onmicrosoft” accounts. This was done using powershell to export as much info on the users as possible (including “usagelocation” and “preferredlanguages” since we’re an org with offices from Thailand to Mexico!) and then powershell to recreate the users as closely as possible. Another step we had to take here was setting up a filter in Azure AD Connect that would only sync users to each tenant depending on the value of an extensionattribute. That way we could make sure no user was synced to both tenants at any time, although it did take alot of tinkering to get that logic working but fortunately Microsoft have documented how to do attribute filtering, so thanks for that.

Authentication: Remember how I said we’d just gone over to PTA for the old tenant? Well this little thing meant that as long as users were logging in to the old tenant (which we knew the Germany company would) we couldn’t use PTA for our users since it’s all based around a computer object in the AD forest with a Kerberos encryption key that’s tied to the tenant! So if we set up PTA for our new tenant that would change the key on the computer object and they wouldn’t be able to login anymore! So to solve this we did a “quick and dirty” setup of a temporary AD FS for our users to use based on domain. This was a surprisingly easy thing to do in Windows Server 2019 but it was an added “gotcha!” of this entire scenario!

SharePoint : The first problem with SharePoint was to determine which sites were relevant to keep and which weren’t. Our entire SharePoint was well over 20TB so we had to make sure to only copy over sites we knew were relevant to the Nordics business. But there’s no way of determining that without going through all the underlying permissions and groups to determine if “our” users are working on the site or not. It’s not like you can ask SharePoint to “give me all the sites that any user with the UPN domain @domain.se is working on”. Or maybe there is, I just didn’t have the knowledge to write that powershell at the time. Once that was done we used ShareGate to migrate all the SharePoint data. The biggest fear was that it wouldn’t be able to match the old identities with the new ones – which it did! I’m pretty sure it went by “DisplayName” to match them but we’re just very very thankful it did because that would have been a mess to sort out. The biggest issue I had with ShareGate was how unpredictable it was when it came to doing incremental copies, which was done through powershell. We split it up on 4 different servers with about 80 sites per server. Sometimes it could complete them all in 2 hours, sometimes it took 8 hours for one server, sometimes longer. During the weekend of the actual move it took well over 12 hours to complete which caused me a bit of unnecessary stress.

OneDrive : Since we already had a pretty nice “masterlist” of users that we would be migrating it was pretty easy to setup a CSV file to map “Old OneDrive -> New OneDrive” that we then used ShareGate to copy. That went pretty nicely although there were some instances of data not being copied over so we had to sort that our after the switch and people were missing a few files. Other than that the issue was the same as above – it was very unpredictable and I had to mess around with the queues on the weekend of the switch. We had one incident of a users OneDrive being almost empty but looking back at the old OneDrive is was empty too. So our theory there is that his OneDrive client must’ve been paused so we had to send that computer to the lab for data recovery – but that’s not ShareGates fault one bit!

Exchange : Oh joy! I was in charge of the Nordics business moving from on-prem to Online 3 years ago so I wasn’t looking forward to another move at all. After doing a quick check around for what tool to use (with our extremely limited budget – our company had gone bankrupt and we were still getting back on our feets!). It ended up being CodeTwo which was by far the cheapest alternative. But as the saying goes “you get what you paid for” and in this instance we paid for a software to move data from Mailbox A in Tenant X to Mailbox A in Tenant Y. And it did that job without much of an issue. There were still a lot of things to sort out around the move (like transport rules, conference rooms) but the big issue was just moving all the data. The biggest issue I had with that software was that they didn’t have a CSV import function when moving tenant->tenant! When moving on-prem -> tenant that wasn’t an issue, but tenant -> tenant, well the only way to enter a mailbox was to actually manually enter a mailbox! So we spent days entering 5,500 mailboxes and matching them with their new mailbox. A simply CSV import would’ve saved us days of work on this. My next issue with the software was when we were up to about 800 mailboxes per server on 7 servers, that really slowed the UI down. At the end it was so slow that when you started a queue for a incremental copy the UI would stop responding and you didn’t even know it was working until it was done and it just popped alive again.

Teams: Now Teams was the most interesting bit. Because Teams is based on so many technologies it was difficult to do a proper Teams migration. No matter how far we looked we just couldn’t find a tool that would migrate Teams with the channel/chats that also took the entire underlying SharePoint site! If you had other document libraries or data on the SharePoint site, then that was lost if you migrated the Team. But if you migrated the SharePoint site you will have lost the data in Teams that wasn’t in the default document library! So we made the choice of migrating the SharePoint sites since noone should have have posted anything business critical in a chat in a channel in Teams. Fortunately ShareGate comes with the ability to recreate O365 groups so all the groups got recreated and we only had to make the ones that were Teams into Teams manually, that was it. But it was a bit of a “unexpected behaviour” for ShareGate when it came to legacy sites (that were migrated from on-prem) that now had an O365 group, it simply wouldn’t recognise them as O365 groups or O365 Group sites and created them as legacy sites in the new tenant regardless. But that was easy enough to handle afterwards.

Licenses: This was another headache but fortunately not mine! Since our old license agreement with Microsoft was tied to our old company we couldn’t use that. And since our company was brand new we had no credit score anywhere so Microsoft couldn’t just hand us 3,000 licenses and hope we’d pay. After a lot of back and forth we managed to get the licenses in place well enough to start the migration and begin copying all that data. But there was still the matter of support contract with Microsoft. There was alot of options floating around to try different support alternatives but in the end we agreed on a premiere support deal with Microsoft. Even though the paperwork got sorted and we were told on Friday January 31st that everything was done and we now had premiere support with MSFT it turns out that like a lot of things in O365, sometimes it can take a day or two for the wheels to turn and you’ll see how critical this became for us.

Additional headache: One headache we had was that we’re not only running a normal business, we’re also running an airline. And the pilots must be able to check their e-mail for any notices and warnings from the aviation authorities before takeoff. This may include stuff like “this aircraft model isn’t flight worthy so don’t fly this aircraft model” and “Iran just shot down a civilian aircraft, avoid their airspace”. Things like that is absolutely critical for the pilots to check for, so saying “e-mail will be down for a day” is completely unacceptable from that perspective. And we were supposed to retain all the e-mail domains, and a domain can only exist in one tenant at a time. So we had to figure out a way to handle this and move their accounts and e-mail domain as quickly as possible to avoid any flight delays because their e-mails isn’t working. (spoiler – their email was down for 90 minutes)

The plan: So the best plan we came up with was to start an incremental copy of all the SharePoint/OneDrive data first thing on the morning of Saturday February 1st. Then at about 18:00 CET we’d set automatic forwarding on everyone’s mailbox in the old tenant that would forward every mail to their new mailbox with the “onmicrosoft” address. That way we were guaranteed no mail would go missing in case of bad timings. Then we did an incremental copy of all mailboxes. We had done this in plenty of tests and it would only take 2 hours so we planned to start with the first most important domain for our airline at 21:00 CET, then when that was done continue with the largest domain we had (with about 800 users) and work our way through our list of about 10 domains.
The switch consisted of alof of steps since we weren’t allowed to sync an on-prem object to two tenants.

  • The first step was to change the UPN domain of the users on-prem to newtenant.onmicrosoft.com and let that sync to the old tenant. Since that domain didn’t exist in the old tenant that resulted in the user being given a oldtenant.onmicrosoft.com UPN domain which was crucial since we knew we would end up having to restore users from recycle bin, which would be problematic if they still had their old UPN domain which no longer was in the tenant.
  • The second step was removing them from sync in the old Azure AD Connect sync and changing the extensionattribute so it would sync to the new tenant. This resulted in all users being put into the recycle bin in the old tenant, and in the new tenant it would match everyone properly as long as the UPN matched perfectly for on-prem and in the new tenant. They were then automatically converted to “synced from on-prem” users in Azure AD.
  • Thirdly we removed the domain from the old tenant and added it to the new tenant. Even though this is a straight forward process when you’ve made sure all objects for that domain are changed so the domains aren’t in use, I feared this step the most since I’ve previously had alot of issues removing a domain like this. Then ofcourse we’d have to tell that domain to be federated so it would use ADFS.
  • Lastly we would change the UPN of the user back to their original UPN on-prem and let that sync to the new tenant which now had the new domain and everything was set.
    When we did this with our test domains (of about 20 users each) this entire process took an hour so we felt pretty comfortable we’d be done at about 3-4 on Sunday morning and then we’d get some sleep before the users woke up to check their phones only to see the “error signing you in” and they’d start calling.

But… “no plan of operations extends with any certainty beyond the first contact with the main hostile force“.

How it played out: I woke up early on Saturday (at about 5) to start incremental copy of all the SharePoint / OneDrive data. Unfortunately Sharegate was a bit unpredictable in it’s behaviour so I had to move sites around in the queues to make it before 18:00 but make it I did. Then I ran the powershell to set the automatic forwarding and started the incremental copy of the mail. The team (4 engineers, 1 external SME/contractor and the project manager) met up at the office at about 20:00 in the evening for pizza and a last “go-no go” check for everything. And at 21:00 I started with our airline domain And by 22:30 it was all done, every user had the proper UPN, licens, login everything was good to go. And that’s when it started – the operations team in our airline said they couldn’t access their emails in the Outlook app on their phones or computers. We had ofcourse verified that it worked through the O365 portal so we knew everything worked. After troubleshooting this for about an hour we decided to log a Severity A case with Microsoft (at 23:30) and one of us would work on this case and the rest continue working with the other domains. That work with the other domains came to a halt for one of our largest domains which wasn’t removed from the ole tenant. No user had it in their UPN, no recipient used the domain, nothing. But the domain never got deleted, it was stuck in “pending”. So another severity A case to Microsoft (at about 00:30) and we proceeded with the next domain. At about 02 in the morning that domain did eventually go away by itself and we thought everything was good when our airline operations team (who’s responsibility it is to keep the planes flying, so I have the utmost respect for them and their challenges!) wanted us to do a rollback and try again at a later date. We spent about an hour with them arguing than a rollback wouldn’t solve this issue and we didn’t have time to try again next week since we had to evacuate the old tenant. Another argument was that this is a client issue and the mails are accessible through the web and we can get Microsoft to solve the client issue after. Fortunately we were able to convince them to proceed but now we’re at 03 int he morning and I had been working for 22 hours straight and I had no energy left in me so I tried sleeping for a bit. After 2 hours I woke up to cheers because now the Outlook clients in our airlines started to work so the biggest issue we had was solved and we could keep on with the remaining few domains.
At about lunch on Sunday morning we were all done with all domains and users and started to do the clean up job of on-prem systems no one knew about that had a EWS configured to the old tenant that no longer worked etc and that continued for days.

So where was Microsoft in this? As I mentioned our premier support deal with them got activated on the day before the switch. But that hadn’t replicated to all systems and instances of those systems in Microsoft so there was a big challenge even to get them to accept a SevA case from us. But we had two cases that managed to register as SevA cases with them during this switch and they weren’t helping us with either of them. The first case was regarding Outlook clients no longer being able to connect. Many blogs on many sites on the Internet says “when moving to a new tenant this may take a few hours”. In our case we were already up to hours and when creating new users we were able to connect to them immediately, but not the ones that had been switched and we didn’t see a reason why. This started to resolve itself after about 6 hours. And it wasn’t thanks to Microsoft doing anything on their side because they called me at about 5:30 on the sunday morning to say “sorry but we still haven’t been able to find any engineer to work on this case”. The other case we had with them was regarding the domain that wasn’t getting deleted. The called back on that issue also after it was resolved to ask us to verify the domain name because according to what they were seeing the domain was no longer in the old tenant so they obviously hadn’t done anything on their end in that case either.

Lessons learned:

  • Powershell and CSV files rule! If we didn’t have the proper master files for data information this would have been alot more difficult.
  • Switching over 1,000 mailboxes from on tenant to another actually does take up to 6 hours for all of Exchange Online to know what hit it so the clients can connect again.
  • Azure AD Connect is very powerful and “smart” in how it matches users.
  • Information and user communication and support is vital for this! In our case we started informing right away it was coming and we had staffed up extra support on the monday to get our business up and running after this big switch and that was really needed.
  • You can get away with buying cheaper “off the shelf” products rather than more expensive products but expect to have to work around their flaws and shortcomings. Do you want to pay twice the amount for a more expensive solution or sacrifice a few days work for your staff for manual work?
  • Test-test-test and test again just to be sure.

Skype For Business Online Users Disabled ?

I recently came up against an issue that I eventually needed MSFT to investigate and come up with a solution for and in the hopes of saving someone else the trouble, I’m going to go ahead and write a small blog post about it.

Symptom: The issue was that users in Skype For Business Online were stuck in the “Disabled” state and with the Directory Status “On-premises (hybrid)”. Nothing I did changed that. But other users belonging to the same domain (“contoso.com”) were enabled without issues?
After analyzing alot of the users I found that the attribute “HostingProvider” was set to “SRV:” for the users that it didn’t work for, but “sipfed.online.lync.com” for the ones that it did work for.

Root cause: The root cause for this is that when a user is provisioned in Skype For Business Online, “O365” checks in real time for a DNS record “lyncdiscover” of the domain of the user, in this case “lyncdiscover.contoso.com”. If the DNS record is set to “webdir.online.lync.com” then the user will be provisioned as an “Online” user and enabled. But if the DNS record is something else, then it will assume the user exists in an on-premise environment and it will be provisioned as an “On-premises (hybrid)” user and disabled. And in our case, sometime during the adoption of O365 services this DNS entry lost the trailing period (“.”), so for O365 it looked like “webdir.online.lync.com.contoso.com” and that’s why it assumed they were on-prem!

The Fix: Fixing the DNS entry is easy enough so that should solve it, right? Unfortunately this check happens when a user is provisioned and then it’s set. And the only way to trigger an update is to delicense the user (that is “removing Skype For Business license”), wait a few hours and then license the user again! That will trigger a provisioning process again and O365 will see the correct DNS setting and the user will be “Enabled”!

Thank you MSFT for the details regarding this process!

Checking AD FS Federation & Certificate Status

SCENARIO
You’re managing a large O365 tenant with AD FS service or multiple AD FS services and those certificates are expiring and needs replacing.

PROBLEM
The main problem is that there is no good way of telling ADFS to do something on only the domains that it actually is federated with, it’ll just assume it has them all. This may lead to some complications.

SOLUTION
I wrote this little script because I wanted to know
a) the domains that were federated to this ADFS service
b) the domains that were NOT federated to this ADFS service
c) the domains that hadn’t refreshed the signing certificate.
This little script, which must be executed on the ADFS service in an admin powershell, will first check the URL of the local ADFS service and then go through every domain in your tenant to see which match, and if they match will check the certificate. That way you know exactly which domains to look at.

It spits it all out in the console but also in 3 files in the c:\temp directory. And if you feel brave enough, you can uncomment the “update-federation” command to run that command.

Also it assumes you are already connected to the MSOL Service.

Start-Transcript c:\temp\msolfederation_check_log.txt
# Getting the local AD FS server address:
$stsaddress = ""
$stsaddress = (Get-AdfsEndpoint -AddressPath /adfs/ls/).FullUrl
$stsaddress = $stsaddress -replace "https://","" -replace "/adfs/ls/",""
write-host "The local AD FS address is $stsaddress"
$federateddomains = Get-MsolDomain | where{$_.authentication -eq "Federated"}
foreach($feddomain in $federateddomains)
{
# Clearing the variables
$certmatch = ""
$feddomainname=""
$fedinfo=""
$fedinfosts=""
# Setting the domainname of this domain
$feddomainname=$feddomain.name
if($feddomain.rootdomain)
	{
		write-host -ForegroundColor Yellow "$feddomainname is a subdomain, skipping check"
		$feddomainname >> "C:\temp\FedDomains - Subdomains.txt"
	}
else
	{
	write-host -NoNewline "Checking Federation for domain $feddomainname..."
	# Getting federation information for this domain
	$fedinfo = Get-MsolFederationProperty -domainname $feddomainname -ErrorAction SilentlyContinue
	if($fedinfo)
		{
			# Getting the STS info for this domain that can be in either two of the resulting array
			if($fedinfo.source[0] -eq "Microsoft Office 365") { $fedinfosts = $fedinfo.tokensigningcertificate[0].subject }
			if($fedinfo.source[1] -eq "Microsoft Office 365") { $fedinfosts = $fedinfo.tokensigningcertificate[1].subject }
			# Now we check if the thumbprints match
			if($fedinfo.tokensigningcertificate[0].Thumbprint -eq $fedinfo.tokensigningcertificate[1].Thumbprint) { $certmatch = "1" } else { $certmatch = "" }
			if($fedinfosts -like "*$stsaddress*")
				{
					write-host -NoNewLine " Federated to "
					write-host -NonewLine -foregroundcolor Green "this AD FS service"
					if($certmatch -eq "")
						{
							write-host -ForegroundColor Red " but certificates do not match!!!"
							# You could try to execute the below command to update the Federation information # if you feel safe in this.
							# Update-MsolFederatedDomain -DomainName $feddomainname -SupportMultipleDomain
							$feddomainname >> "C:\temp\FedDomains - ADFS Match - Cert Mismatch.txt"
						}
					else
						{
							write-host -ForegroundColor Green " and certificates do match."
							$feddomainname >> "C:\temp\FedDomains - ADFS Match - Cert Match.txt"
						}
					$feddomainname >> "C:\temp\FedDomains - domains federated to this ADFS.txt"
				}
			else
				{
					write-host -NoNewLine " Federated to "
					write-host -foregroundcolor Yellow "another AD FS instance"
					$feddomainname >> "C:\temp\FedDomains - ADFS Mismatch.txt"
				}
		}
	}
}
Stop-Transcript

I Finally Saw “Bohemian Rhapsody” – And This Is My Problem With It

I don’t consider myself a huge Queen or Freddie Mercury fan – I was unfortunately too young in the 80’s for that. But I do love their music! I don’t think there’s any other band that have more songs that I love than Queen, not even ABBA. And I love 80’s music in general. So when there was talks about a Freddie Mercury / Queen movie I loved the idea of it but I was always sceptical any actor would be able to do a good Freddie. And when Rami Malek, who is awesome in Mr. Robot, was cast I was even more sceptical. Then the movie came out with all kinds of great reviews. But it took me this long to actually take the time away from work and everything in life to go and see it.

And I liked it. I liked it a lot! I even liked Rami as Freddie, he obviously did a lot of research on the moves and Freddie’s style. And with the sunglasses it was actually a very good resemblance. And since I’m not that big a fan that I know all stories and band-moments it’s difficult to know how much of the movie is factually correct but since both Roger Taylor and Brian May were credited as producers (and yes I even spotted their cameos) I guess it can’t be too far off the truth. And I know they took a lot of liberties with the timeline so they could build up the Live Aid show as the movie’s crescendo and Freddie’s redemption, I’m all ok with that. I mean I love Braveheart even though it has more holes than Al Powell’s car at Christmas.

So what was my problem with it? Two words – “false” and “advertisement”.

In the press material for the movie and on the poster there is this image:

And that is indeed an iconic photograph of Freddie at Wembley. But it was taken at their concert in July 1986 – a concert I happen to think is one of the best concerts I’ve ever seen (even though I’ve only seen it on DVD), even including the concerts I’ve actually seen live this one takes the gold. But as I wrote – the movie’s crescendo and ending is the Live Aid concert in 1985, one year earlier. So this poster is for an event that happened after the movie’s ending and never appears in the film! That’s most definitely false advertisement.

But if you know me, if that is my only gripe with the movie, then it’s a pretty damn good movie 🙂

Check If Connected to SPOService in Script

SCENARIO
When executing SharePoint Online scripts you need to be connected to your “admin” site or the script will just fail if you’re not.

PROBLEM
When writing a script you can’t assume that you’re already connected to your SPO tenant and unlike the “msolservice” connect call you need to specify your “admin” URL which can be quite long. But sometimes you’re already connected in the Powershell session.

SOLUTION
Writing this little thing in the start of your script will check if you’re connected to the admin site and if not will call the connect-sposervice command with the URL already set.

# First we reset the sitecheck to avoid having an old result
$sitecheck=""
# This is the address of your SPO admin site
$adminurl = "https://[your tenant name]-admin.sharepoint.com"
# Now we try to get the SPOSITE info for the admin site
Try { $sitecheck = get-sposite $adminurl }
# If we get this server exception for any reason, the service isn't available and we need to take action, in this case
# write it to the console and then connect to the SPO service.
Catch [Microsoft.SharePoint.Client.ServerException]
{
Write-Host -foreground Yellow "You are not connected!"
connect-sposervice $adminurl
}

Issues changing ImmutableID with error FederatedUser.SourceAnchor

Recently ran into an issue where a user in the on-prem AD had been deleted unintentionally and in the next sync his user went along with his mailbox.
Googling around I found a helpful article how to best go about restoring this. It’s basically about creating a new on-prem users and setting the new GUID on the recovered AzureAD user so AzureAD Connect can tie them together.
However, when trying to set the new “ImmutableID” with “set-msoluser” I got this error:
Set-MsolUser : You must provide a required property: Parameter name: FederatedUser.SourceAnchor

Took alot of Googling to realise what was wrong! The issue here is that you can’t set a new ImmutableID on a user in a Federated domain! So the trick here was to change the user to an “onmicrosoft” user, change the ImmutableID and then changing it back to the federated domain!

# Checking the original ImmutableID
get-msoluser -UserPrincipalName [email protected] | select *immutableid*
# Changing it to a "onmicrosoft" UPN
set-MsolUserPrincipalName -UserPrincipalName [email protected] -NewUserPrincipalName [email protected]
# Setting a new Immutable ID from on-prem AD
set-MsolUser –UserPrincipalName [email protected] -ImmutableId "Z/-XGv2W4kWPM1mR/ddSdn!)"
# Check that the change was applied
get-msoluser -UserPrincipalName [email protected] | select *immutableid*
# Changing it back to the original UPN
set-MsolUserPrincipalName -UserPrincipalName [email protected] -NewUserPrincipalName [email protected]
# Checking that the UPN is now correct and the correct ImmutableID is applied
get-msoluser -UserPrincipalName [email protected] | select *immutableid*

Hope that saves someone some headache.

Heatwave – I wonder what might’ve caused it…

We’re having a major heatwave here in Sweden, so bad that even Pokemon Go are alerting me about it! I’ve heard it’s been the same a little all over the planet. And this reminds me of something that’s been on my mind ever since physics in college when we were discussing energy and how it can’t be created or destroyed, it can only be converted from one form to another. And this made me go around thinking how different things convert energy and it didn’t take too long to realise that so incredibly much of today’s society relies on stuff that converts energy to heat!

I mean, even if we disregard the entire greenhouse effect caused by gases, today’s society relies so much on things that create heat as a bi-product that we really can’t be too surprised when we get heatwaves like this. Nuclear power plants creates so much heat they need gazillion gallons of water to cool it, driving your car creates heat both in your car and the asphalt, using your computer creates heat, running your fridge and freezer creates heat, running the train creates heat, running your air conditioning unit to keep cool creates heat, most of the stuff we use today create heat – even your cellphone! And then there’s the fact that every single person is a walking radiator stuck at 37′ and now there are like 10 billion of us?

So yeah, I remember Trump’s tweet about how that cold day in Manhattan was proof there was no global warming – well this is most definitely proof that it’s a thing 🙂

Too Old For Concerts !!

Me and the wife celebrated 10 years a few months back. And one of the things I had planned was going to see Ed Sheeran in Stockholm since she likes his music and the timing was pretty good. So I made sure to be there when tickets went up for sale last year and got two tickets and last Saturday was the day of the concert. And the result was … we’re too old for this!!

First of all, entry was at 6:30. I made jokes “the guy probably isn’t gonna go on until 9!”. I was wrong – he went up about 8:40 so off by 20 minutes. So spending 2 hours listening to pre-show / opening stuff is “as intended” I guess? And whoever organised the event should have planned a bit better and planned for the roof to be open for the event as it’s July!! The temperature was about 35 degrees in there by the end of the night. And after the concert there was a traffic mayhem to get out of there because they had blocked off most streets which congested everything. So instead of the usual 20 minutes from MoS -> home it took us about 1 1/2 hours.
“Well, what about the show itself”? .. well I’m not a big fan of his, even though I enjoy some of his songs and lyrics. I compared it to going to the movies to see a romantic comedy – It’s wouldn’t be my first choice, but I’ll do it with the wife and I’m bound to get at least some enjoyment out of it! But this show was really different than what I expected. The guy even tried rapping a few times! And no sign of Supermarket Flowers either.

But my biggest issue was the volume. I know, I know, concerts are loud. But this was way well beyond “loud”. I already have tinnitus on my right ear thanks to me underestimating the volume at a Röyksopp / Moby concert back in 2002. So I made sure to buy earplugs before the concert to try to make sure that didn’t happen again. And my ear is still ringing!! I honestly don’t get where the enjoyment is when the music is so loud it hurts my ears even with earplugs !? Yes, you want to feel the bass in your chest but I get that from my home cinema that never gave me a ringing in my ear! It just makes no sense!! Even in between songs when he was talking it was so loud I couldn’t hear what he was saying half the time. And this is completely accepted and expected today!? I really don’t get it!!!

The one good thing I can say is I was impressed that he handled the stage alone in front of 50 000 people superbly and his way of creating musical loops with his pedals was quite funny and unexpected. And I liked it!

What MFA method is used by how many users

SCENARIO
You want to know how many users are using SMS for MFA or mobile app to change user behavior to drive adoption of the MFA app.

PROBLEM
By default when users enrol with MFA they click “Next” all the way and end up with SMS authentication, regardless of what information we provide them with. And the way Microsoft stores this information isn’t very friendly for us to see this easily.

SOLUTION
I wrote this to demonstrate to management that users indeed doesn’t read the e-mails sent out to them which detailed that they should use “Mobile app” verification and what actually happened was they just clicked “Next” all the way and ended up with SMS authentication. In our case we ended up with about 2% of users chosing the application!

$phoneappnotificationcount = 0
# Setting the counters
$PhoneAppOTPcount = 0
$OneWaySMScount = 0
$TwoWayVoiceMobilecount = 0
$nomfamethod = 0
# Getting all users
$allusers = Get-MsolUser -all
# Going through every user
foreach($induser in $allusers)
	{ 
	# Resetting the variables
	$methodtype = ""
	$strongauthmethods = ""
	$upn = ""
	$strongauthmethods = $induser | select -ExpandProperty strongauthenticationmethods
	$upn = $induser.userprincipalname
	# This check is if the user has even enrolled with MFA yet, otherwise we +1 to that counter.
	if(!$strongauthmethods) { $nomfamethod++ }
	# Going through all methods ...
	foreach($method in $strongauthmethods)
		{ 
		# ... to find which is the default method.
		if($method.IsDefault)
			{
			$methodtype = $method.MethodType
			if($methodtype -eq "PhoneAppNotification") { $phoneappnotificationcount++ }
			elseif($methodtype -eq "PhoneAppOTP") { $PhoneAppOTPcount++ }
			elseif($methodtype -eq "OneWaySMS") { $OneWaySMScount++ }
			elseif($methodtype -eq "TwoWayVoiceMobile") { $TwoWayVoiceMobilecount++ }
			# If you want to get a complete list of what MFA method every user got, remove the hashtag below
			# write-host "User $upn uses $methodtype as MFA method"
			} 
		} 
	}
# Now printing out the result
write-host "Amount of users using MFA App Notification: $phoneappnotificationcount"
write-host "Amount of users using MFA App OTP Generator: $PhoneAppOTPcount"
write-host "Amount of users using SMS codes: $OneWaySMScount"
write-host "Amount of users using Phone call: $TwoWayVoiceMobilecount"
write-host "Amount of users with no MFA method: $nomfamethod"

SharePoint Upgrade From Hell

This is going to be a wall of text. And 99% of the people I know aren’t even interested. But I’m writing this on behalf of every other SharePoint admin out there who are unfortunate enough to discover just how easy SharePoint is to break!

Little background: I’ve been working with SharePoint since about 2005. Not that long for some but long enough to know that after a few years of use a SharePoint farm has a few quirks in it and it’s a good idea to upgrade it. And you never upgrade an existing farm, you always start with a new fresh one and import all data! Now one of my jobs (!) is managing a 30k user corporate SharePoint – a business critical solution since all documentation are in there. And not only that, our entire BI solution is in there as well, complete with “PowerPivot” and “Reporting Services for SharePoint”… No pressure!

So now it was time to upgrade it from SP2013/SQL2014 to SP2016/SQL2016, including all BI solutions. We’ve gone through a “dev” environment, a “test” environment and even a “preprod” environment and everything went surprisingly well. There was ofcourse the usual glitches getting the BI features to work (and the S2S cert trust that is required for Excel with data source connection files now that Excel service moved out of SP to OOS!). But anyway, the preprod farm was so great that the plan was to take it into production. Our BI team didn’t see a big problem doing that in an afternoon on a weekday, whereas for me the biggest problem was the 1.5TB of data that needed to be shuffled and upgraded. And “even the best laid plans”, you know. I also knew that one of the biggest issue was network infrastructure which for a global company is so complex that the best way forward was to swap IP addresses of the servers so we wouldn’t have to change DNS or static IP routes anywhere, we’d just solve it at the load balancer level. So I managed to get a whole Saturday from the business to have SharePoint offline, but no more. After all, all documentation is in there!

That Saturday was last Saturday April 14th. I got up at 4am to start shuffling the data. By 7 that was done and I started upgrading the database with the normal “mount-spcontentdatabase”. Here was my first mistake (in hindsight). I had already written a script to do this, but that’ll come later. By 10 everything was loaded, upgraded and I proceeded to change IP addresses around and change it in the load balancer, then go through my long list of checks that normal user SP functionality works while our BI team were updating all of their things.

After lunch we had a “go/no-go” meeting and everything looked good. I also noticed at this point I had a case to create a new SharePoint site for a project, something I actually hadn’t tested since that’s not a “normal user SP functionality”. And that’s when the shit hit the fan! What I had missed thanks to my scripting was that one of the content databases had failed to upgraded and was now corrupt and when I wanted to create a new site it did it in that database since it was the “least used” and hence the error. “No problem, plan a) I’ll just delete this database”, right? Nope, SharePoint wouldn’t have it because the database wasn’t attached since it was corrupt. Yet I could see the sites in that database listed with get-spsite?

Tried a few things but couldn’t recover so I decided plan b) remove the web app and create a new and re-import/re-mount this corrupt DB, all other DB’s were already upgraded successfully so not a big operation. Well, SharePoint wouldn’t have that either – it couldn’t dismount this database because it was corrupt so I couldn’t remove the webapp! I was completely stuck with a broken web app that I couldn’t remove because of a content database that wasn’t mounted?!

So plan C) rename that webapp with the corrupt database and give it a nonsense URL so I could create a new web app with the proper URL. That seemed to work but when I tried importing a new backup of this content DB it didn’t import any of the site collections! .. digging around I could see that the sites in the broken webapp, with the new nonsense URL, still had the original URL! It couldn’t update them because… there was no content DB attached to them! I dug around in SharePoint Manager (which was designed for 2013 I know) but it kept crashing when I clicked any of the sites in the broken webapp.

So there I was with a broken web app with a corrupt contentdb with sites occupying the URL I needed to create our proper web app. Came to the conclusion that the config db was pretty much fucked at this point at now we’re at 2pm. Best option available to me at this point was calling Microsoft premiere support case with a severity A case. I’m pretty sure if I had gone for that they would have looked at it, made the same determination as me and said “since this is a farm not yet in production, I’d say the best way forward is to recreate the farm”. During that time our BI would be in SharePoint 2016 but the “big” web app in 2013 on separate IP addresses! God knows how the network would handle that and getting the engineers in India to change firewall routes in less than a week wasn’t that likely. Because rebuilding a new farm in production would take at least a week, right?…


After clearing it with my supervisor that this was indeed the best way to solve it NOW! All other options led to some unknown hellhole – going back was always a possibility no matter what.

I got a green light and Red Bull at about 3pm …

 

  • SP Product Config Wizard to detach all server from the farm
  • delete all databases from SQL except all the (successfully) upgraded content DB’s
  • thank myself for having saved all of the “AutoSPInstaller” response files
  • create a dummy web app to upgrade the corrupt DB (no way I’m doing that in the proper web app again!)
  • eat the food my awesome wife brought me
  • recreate all webapps
  • restore all content DB at about 1.5TB
  • upgraded the service apps

Basically I had done at least a weeks work in 7 hours and all in production environment!

The “Done!” mail got out at 9pm! Now I’m not one to brag, but any SharePoint admin must be impressed by that! Hell, even Scotty would be proud! I spent a few hours on Sunday cleaning up the mess and sorting out the BI issues (since this was a new farm there were a lot of BI configuration that was lost) but by Sunday 6pm everything was fully operational and I promptly went to be and slept like a baby. And one of the first things to hit me on Monday morning was “why is Managed Metadata empty” because yeah, in my haste I forgot that little thing ?

How was your weekend?

It’s Been 10 Years!!

It’s been 10 years since me and my wife met. It’s been an unexpected ride that I’m incredibly happy I took a chance on!

Wind back the clock about 10 years and I was living very happily alone (but not lonely!) in my apartment in Visättra. My life was computer games (mostly WoW), movies, TV, F1 and my family in Nynäshamn. And the job at the lawfirm. Everything was great and I didn’t feel like I needed a girlfriend or live with some other person, I had way too many “special” habits to live with another person for long especially a girl. But I was still signed up to some dating sites and had the odd date or two. But then a mail dropped in through Parship from this chick who I just loved the way she wrote and expressed herself, she was funny, she was honest and open and the “straight to the point” kind of person I can really dig. So we set a date after work, hooked up and just walked around in Stockholm for a while, only stopping quickly to grab a coffee. Then I tried kissing her goodbye (DENIED!) and off she went. But I felt and knew this was something special so when I got home that night I ordered her flowers. Nice and romantic right? It was my way of saying “I don’t mind getting turned down for a kiss, I really dig you and I wanna meet again”. Little did I consider the fact that she works in “logistics”, which is a very male dominated area so when her male co-workers saw she got flowers the day after she’d been on a first date they jumped to conclusions! Anyway, a few days later she decided (without telling me!) to test how allergic I was to her cats by inviting me home to her place! Fortunately for me it wasn’t a big problem and after passing that test we went to see a terrible movie (“Jumper”) and made out a bit. And then we met a a few days a week but eventually I felt it was “do or die” and moved in with her after only 6 months. Yeah, I know, crazy but that’s how perfect this relationship felt. And 4 months after that we signed on for a house together. And 3 months after that we were pregnant. And the hits kept on coming!

It’s been a few lows here and there but as I see this has gone way better than I could have hoped for and I can just hope it keeps going that way because I’m having a blast!

Last weekend we had booked a room at the B&B at “Kastellet” at Vaxholm. That’s an old fortress on a very small island. It was used to fend off invaders in the archipelago but now it’s mostly a tourist site. But because of the extreme weather we had in Sweden last week there wasn’t anyone there during the weekend. At all! Not even the staff who had given us the code and put out the key for us for a room. So we had the entire place to ourselves! And it was absolutely amazing!!

So here’s hoping for another awesome 10,20, 30 or even 40 years!!

NASA. Again.

K mår bättre än bra

Yeah, I don’t know why but NASA has a special place in my heart. Maybe cause I’m a tech nerd, a scifi geek or just like to have my shit together, or maybe it’s some visionary part of me I don’t know I have but I just love it. In everything from fictional NASA in “Contact” to proper NASA in “From the Earth to the Moon” it’s an inspiration. That’s one of the reasons I made a point at going to Kennedy Space Centre when I was in Florida and one of the reasons that trip was an awesome success to me. And one of the reasons I didn’t have a problem opening up my wallet in the gift shop!

And yesterday I saw the movie/documentary “Mission Control” – about those 20-something engineers that made up the mission control team. I really recommend catching it on Netflix or renting it on bluray cause it’s awesome. One of the things that surprised me was the interview with one of the engineers who was there in the trench for a lot of the Apollo missions, even the moon landing, that said he regretted doing it because of the toll it took on his family! I mean, it’s one of the things I can only dream of doing so hearing that makes you wonder what really is important – making a mark in history or being with your family.

Another NASA “merchandise” I can recommend is the book “View From Above” by austronaut and “photographer in space” Terry Virts. You can get it from Amazon or something but it’s well worth it. Not only because of the awesome pictures that makes you feel tiny and insignificant but also because of the stories he has to tell.

Manage External Sharing in SharePoint Online

SCENARIO
You’re managing a SharePoint Online environment and you want to know where external sharing is enabled.

PROBLEM
The problem is that Microsoft hasn’t fully launched a way of getting a good overview of this where you can change it. When you first enable sharing for example alot of sites will have it turned on by default etc. The new SharePoint Admin center has the ability to add the “external sharing on/off” column in the list of sites but that is very limited and you can’t enable or disabled it.

SOLUTION
Fortunately there is a very good attribute that you can retrive to get this and alter the external sharing setting called “SharingCapability”.
So using that you can get a list of all sites and what the status is of them, or you can filter for all that have it enabled or disabled:

get-sposite | select url, SharingCapability												# All sites with their URL and SharingCapability
get-sposite | Where-Object{$_.SharingCapability -eq "ExternalUserSharingOnly"}			# External user sharing (share by email) is enabled, but guest link sharing is disabled.
get-sposite | Where-Object{$_.SharingCapability -eq "ExistingExternalUserSharingOnly"}	# External user sharing to existing Azure AD Guest users
get-sposite | Where-Object{$_.SharingCapability -eq "ExternalUserAndGuestSharing"}		# External user sharing (share by email) and guest link sharing are both enabled
get-sposite | Where-Object{$_.SharingCapability -eq "Disabled"} 						# External user sharing disabled

Once you have that you can script it so you can disabled external sharing on all sites by doing this:

$allsites = get-sposite | Where-Object{$_.SharingCapability -ne "Disabled"}
foreach($specificsite in $allsites) { Set-SPOSite $specificsite.url -SharingCapability Disabled }

The reason you want to do this in a “foreach” is there will be a site or two you may get an error that you can’t change the setting, so that would exit the command on that error.

Being a Gamer Sucks Right Now. Hard!

How can I make that statement this of all years, when the best Assasins Creed “in years” launched, best “Star Wars” game ever, sequal to “Shadow of Mordor”, a WWII “Call of Duty” and oh so many other great titles come out!? Well, bare with me…

You know I’ve always been a gamer, right? Ever since my dad dragged home the first “portable” computer in the 80’s and we were playing that terrible olympic Decathlon game, through the Commodore series (VIC20 -> C64 -> Amiga) all the way up till now, I’ve always played computer games. Never been much for consoles though but that’s a different story. And playing games have been pretty much the same for most of that time. But when “World of Warcraft” launched back in 2004 it was… a subscription!? $60 to buy the game plus $10 per month!? Well they pushed out content on content so I thought that was ok. Think I paid about $1300 for “World of Warcraft” all in all. That was for over 10 years of entertainment, pretty sweet deal if you ask me!

And being a Blizzard fanboy I’ve gone through their “Heroes of the Storm” and “Overwatch” too. One thing I never really liked about those games was the lootboxes. I didn’t mind it much, I even bought a HotS lootbox pack once, but I can’t say I liked it. But in Overwatch it was always just skins which made it more ok than in HotS when it was actual characters you needed. But I never actually bought HotS for $60 so still fine (I’ll give them a pass on the D3 AH because they took it down and said “our bad”). Then there’s been “gold edition” of games and DLC packs and stuff like that that ads value over time, but it’s always been optional.

But now it’s just getting a bit much. Like most other gamers out there I am so very frustrated at the new schemes coming out of Ubisoft, Activision and most of all EA. Ubisoft has had “cosmetic” items for purchase a while for both “Assasins Creed” and “Division” but nothing more than that. Now it’s changing and it’s affecting gameplay! The most recent and extreme example of this is Battlefront II. With their way of pushing lootboxes on consumers I absolutely won’t be paying $60 for that game! Maybe I’ll pick it up next year on Black Friday sale, I dunno, but paying $60 for game where I have to grind grind and grind to even play characters that should be there out of the box?! Or you can buy lootboxes for more money! Really!? And then EA releases Need for Speed with… “speedcards” that you can fast-progress by buying lootboxes! Another game I was absolutely planning to already be playing was the new Mordor game (“Shadow of War”). But oh no, they had to go ruin that game too with in game store to buy Orcs. Yeah, buy Orcs in a game for real money!

And they even have the balls to call it “microtransaction”, you know like the “micrtransaction” for a Android app that cost like $1? No, because here we’re talking about getting 20 lootboxes for $60 – as much as the f*cking game costs! And don’t come with any “but games have been $60 for ages now!” because yeah, they have, and have the profit of any publisher gone down because of that? No, they’ve made more and more money every year! Look at “Cuphead” that cost like $20 which is turning out to be one of the best games all year! No, games don’t have to cost $100 million to make! You don’t have the PR push it that bad if it’s good enough, you don’t have to have 1000 song in the music library like GTA!!

What makes this even worse is that in some of these cases you’re not even buying the thing you want – your paying FOR A CHANCE at the thing you want! You may get the Orc you want, but you may end up with nothing. You may get the power up for your Heavy stormtrooper, or you might get a silly emote! It’s gambling and feeding on addiction and it’s loathsome and everyone should be ashamed of it. I know I am and I’m not even buying or playing those games! The irony is that Battlefront 2 is made by DICE – a Swedish studio. And the government in Sweden are pretty strict when it comes to gambling. Pretty strict as in “only government run gambling is allowed!”. Yeah, someone should maybe look into this! (and not the ESRB, that’s like Donald Trump saying his son is a good person!)

The last game I bought was Assasins Creed Origin which came out a few weeks ago. And so far I haven’t run into much lootboxes or “pay to get this über gear” yet, if you don’t count the gold edition addons. But looking at the horizon, I have no idea what I’m actually willing to buy even though there are plenty of games I should love to buy and play but my moral compass really gets in the way.

Fortunately people are rising up and raging against the machine. Just youtube “lootboxes” and you’ll find tons of videos on the topic. Or you may have seen the news that EA’s reply on reddit regarding Battlefront 2 progression is the most “thumbs down” comment ever on reddit?

How many has what Exchange storage limit?

SCENARIO
You’re asked how many users has what storage quota/limit in Exchange

PROBLEM
The problem originates from MS saying that the standard Exchange Online mailbox is 100GB in size. But some of our users are reporting they “only” have 50. I thought this was a minority if people so not a big thing. My manager disagrees.

SOLUTION
I began writing quite a complicated powershell for this but when I looked at it after a coffee break I said to myself “there’s gotta be a better way”. And sure enough it is. I’ve simply never used the “group-objects” function before! But now I can clearly get a report that’s just 3 lines long!

 
get-mailbox -resultsize Unlimited | Group-Object -property ProhibitSendReceiveQuota

Microsoft Ignite Conference

Lobby of OCCC South

The whole reason I went to the US was to attend the Microsoft Ignite conference. It’s an annual conference Microsoft has where they reveal a lot of new stuff they are either launching or working on and have sessions and workshops. Our company sends 2-3 people to that conference but since the ticket, hotel and flight (not to mention the time from doing actual work) the cost goes up quite a lot for the company. This year I got to go for the first time as kind of reward for good working migrating to Exchange Online. My cloud-colleague Michael also got to go but unlike me he knew some Swedish consultants that were also going so we could hang with them when we’re not at the actual conference. After an initial scare it was going to be called off thanks to Hurrican Irma we were ready to go!

And it really was fortunate that we were the ones to go since sooooo many of the sessions and talk was about Office 365, Azure and the cloud! It was really hard to find sessions that talked about on premises stuff but I managed to go to a few! The event started officially on Monday morning with a vision keynote by Satya, the CEO of Microsoft and had a bit of this and that in it.

Trying to get the new about OneDrive

After that it was a technical keynote of the digital workplace and then it was just one “breakout” session after another. I think I attended a total of 20 sessions in total and almost got overloaded with information. I used my cellphone to take photos of some presentation slides to remember what that session was about and what we’d covered in what sessions!

Another great thing about these events is that you meet the people who are actually working on the other side – when I’m freaking out over the bad SharePoint Online admin center “well that guy right over there is the program manager of that, go talk to him”. Which I did. “Well you’ll glad to know we’re working on version 2, mail us and we’ll get you into the preview”. Done and done! And seeing some really pros at doing presentations, like Anne Michels who constantly made jokes on her expense (and sometimes even Mr. Michels).

And on Thursday evening Microsoft had “rented” the entire Universal Studios Orlando theme park for us! All you can eat, drink and ride all evening long! That was certainly an experience since we don’t have anything close to these theme parks in Sweden! We have plenty of amusement parks, but no theme parks, certainly not like this where you can walk into Jurassic Park and have a dinoburger!

Then friday was kind of winding down and collecting thoughts and writing reports on what I’ve learnt and then on Saturday the long trek back to Stockholm began. I checked in at the airport at about 2pm on Saturday and passed through customs in Stockholm at about 1pm on the Sunday.

But all in all it was an absolutely awesome experience and conference to attend for me. The downside was of course being away from my family for 8 days, that really felt long in the end. My and the wife have never been away from each other for that long since we moved in together 8 years ago!

Visiting Kennedy Space Center

KFC monument för JFK

I’ve always been a NASA-fanboy. I’m the guy that won’t ever say no to seeing Apollo 13 for the 500th time, or will sit through “From the Earth to the Moon” over and over again. And as a Trekker I’m loving the “exploration” theme and drive over there. The very human need for exploration and need to know what’s out there. So when I planned the trip, going to Kennedy Space Center was one of the musts. Fortunately my traveling companion Michael shared that need so along with a few fellow IT nerds we rented two cars and sat out to drive over there.

SpaceX byggnad & launchpad

We went on the “explorer tour” which gave us a trip around the cape and the launch sites of missions past but also the SpaceX stuff going on there now. We had a great tourguide Kurt who was totally right man for the job! Perfect amount of geekiness but also wanting to share that geekiness everywhere. He was amazing!

After that 2 hour ride we were dropped of a the Saturn station (or whatever it was called) which was just this huge museum for the Apollo program! I completely geeked out there, running around photographing every mission banner there was and every little thing! After a quick lunch we set off back to the Visitor center where they had a Atlantis museum which was an awesome 3-stage display climaxing in a reveal of the actual space shuttle Atlantis! Completely geeked out again! Like a kid in a candy store on Christmas!! Then it got really emotional! I still don’t know why I get all somber up and even tear up at it, but at the end of the exhibit was the Challenger and Columbia memorials.

We spent a total of 7 hours there and I could’ve stayed a while longer! Absolutely one of the best experiences of my life. My only regret is that my wife and son wasn’t there to share it or see me get that excited about it.

Then we went to what these IT nerds who have been here a few times before thought was the greatest steakhouse ever – Morton’s. To sum it up and as my wife could say – I could’ve done more for less. I mean, it wasn’t bad, it just wasn’t all that and it was a pretty pretentious restaurant. But at least the company was good.

All in all a really great day!!