‘Connect-MsolService’ is not recognized as the name of a cmdlet

If you are facing this issue, you are not alone. In my case, I had run the install-Msolservice command before and it completed with no errors but nothing seemed to be installed, therefore it didn’t connect or recognize the modules in the machine. Here are the steps to get it fixed.

Open PowerShell as Admin –> Run the following commands in sequence (ensure your machine is connected to internet)

Firstly, uninstall the Azure-AD module

uninstall-module AzureAD

The re-install it

Install-module AzureAD

Install-module AzureADPreview

Try to run this. It will complete without any errors if you have the module existed but somehow corrupted (It could fail too but just run it anyways to verify)

Uninstall-module MSOnline

Now re-install the MSOnline Module

Install-module MSOnline

And now you can connect to O365. It should prompt you for credentials to login

Connect-MsolService

Once completed, the following command can be used to verify the installation.

Get-Module -ListAvailable -Name MSOnline*

Advertisement

Permanently deleting an Office 365 Group object in retention enabled environment

There is a stage where an Office 365 group can reach its end. As O365 group acts a major role for may Office 365/Azure related workloads, there could be plenty of situations you come across that you have to get rid of some of your Office 365 Groups.

For instance, a situation where you have removed your Team and Its associated SharePoint site but Group object could be still hanging in the recycle bin until it reaches the retention period based on the retention policy you have set. Or, perhaps, you have decided to delete a SharePoint site or Microsoft Team, you will find you cannot create another team or site in its place. You will receive an error saying this group already exists.  This is because the group was deleted as a ‘soft delete’. Meaning it’s sitting in a recycle bin for a number of days until it’s permanently deleted (retention plays again). Just follow these steps and you will immediately get rid of that unnecessary group object.

First and foremost, ensure that you have Azure AD PowerShell module is installed in your PC.

Run the following commands in sequence.

This first line will connect you to your Office 365 Tenant’s Azure AD. you will be prompted for the credentials to log in.

Connect-AzureAD

Now let’s run this one to get the group GUID from the deleted list

Get-AzureADMSDeletedGroup

Copy that GUID of the desired group and run the following by targeting that ID.

Remove-AzureADMSDeletedDirectoryObject -Id <ReplaceWithGroupID>

It should result as follows if it was success

To ensure the deletion is successful, run the same command again and see if it doesn’t return the group name you deleted. It shouldn’t !

Get-AzureADMSDeletedGroup

Stay ahead on Hybrid Identities–Microsoft’s Azure AD Connect v1.3.20.0 has a lot to offer

Microsoft has released the latest version of Azure AD Connect last week which was long impending !

Azure AD Connect is the bridge that is used to synchronize identities (objects and their attributes) across on-premise and cloud environments by many organizations.  However, every feature that is bundled in this release doesn’t target every audience. You can choose the ones that are most applicable to your organization’s environment.

Download the latest version of AADConnect

Fixes this version carries:

1. Fix the SQL reconnect logic for ADSync service
2. Fix to allow clean Install using an empty SQL AOA DB
3. Fix PS Permissions script to refine GWB permissions
4. Fix VSS Errors with LocalDB
5. Fix misleading error message when object type is not in scope
6. Corrected an issue where installation of Azure AD PowerShell on a server could potentially cause an assembly conflict with Azure AD Connect.
7. Fixed PHS bug on Staging Server when Connector Credentials are updated in the old UI.
8. Fixed some memory leaks
9. Miscellaneous Auto upgrade fixes
10. Miscellaneous fixes to Export and Unconfirmed Import Processing
11. Fixed a bug with handling a backslash in Domain and OU filtering
12. Fixed an issue where ADSync service takes more than 2 minutes to stop and causes a problem at upgrade time.

New features and advancements (19 new stuff in one go !)

1. Add support for Domain Refresh
2. Exchange Mail Public Folders feature goes GA
3. Improve wizard error handling for service failures
4. Added warning link for old UI on connector properties page.
5. The Unified Groups Writeback feature is now GA
6. Improved SSPR error message when the DC is missing an LDAP control
7. Added diagnostics for DCOM registry errors during install
8. Improved tracing of PHS RPC errors
9. Allow EA creds from a child domain
10. Allow database name to be entered during install (default name ADSync)
11. Upgrade to ADAL 3.19.8 to pick up a WS-Trust fix for Ping and add support for new Azure instances
12. Modify Group Sync Rules to flow samAccountName, DomainNetbios and domainFQDN to cloud – needed for claims
13. Modified Default Sync Rule Handling – read more here.
14. Added a new agent running as a windows service. This agent, named “Admin Agent”, enables deeper remote diagnostics of the Azure AD Connect server to help Microsoft Engineers troubleshoot when you open a support case. This agent is not installed and enabled by default. For more information on how to install and enable the agent see What is the Azure AD Connect Admin Agent?.
    Updated the End User License Agreement (EULA)
15. Added auto upgrade support for deployments that use AD FS as their login type. This also removed the requirement of updating the AD FS Azure AD Relying Party Trust as part of the upgrade process.
16. Added an Azure AD trust management task that provides two options: analyze/update trust and reset trust.
17. Changed the AD FS Azure AD Relying Party trust behavior so that it always uses the -SupportMultipleDomain switch (includes trust and Azure AD domain updates).
18. Changed the install new AD FS farm behavior so that it requires a .pfx certificate by removing the option of using a pre-installed certificate.
19. Updated the install new AD FS farm workflow so that it only allows deploying 1 AD FS and 1 WAP server. All additional servers will be done after initial installation.

If you plan to upgrade, the following resources should be your first reads.

• Explore the steps to upgrade from a previous version to the new AADConnect – How to upgrade
• Automatic update approach – How to
• Release History – AADConnect Releases

Azure AD App Only Authentication

In a simple way, App Only authentication is the ideal method if you want to execute  a task by daemon. This allows you to execute some code without the permissions of a user or without an auth token of a user.

As part of a series of articles, idea of this 1st post is to give you an basic  fundamental understanding on creating an Azure AD App and grant permissions for this App to communicate with SPO.

let’s get this started. Simply head on to your Office365 home page and switch to Admin Centers. From the left pane, click on “Azure Active Directory”. From Azure AD, search for “App Registrations” and click “Add new application registration” link.

A new application interface will pop-up for you. Enter a name, Application type and Sign-on URL and click “Create”. Sign-in URL can be any and it also can be amended later to reflect a different one. A future post will discuss this again on what sort of URLs are used here.

 

Once the app creation done, you will be given with the app ID and other details related to it.

Next- Select Settings –> Required permissions and Add

In this case the API going to be SPO. You can choose the right API based on the requirement.

Next, hit “Grant Permission” button on the required permissions tab to provide none-tenant admin user access the application.

A self-signed or public (commercial) certificate must be provided now and then update the Azure AD manifest accordingly.

Following PS can be used to provision the certificate but ensure you have installed OfficeDev PnP PowerShell.

$certroot = 'C:\Site Creator'
$certname = "IntelAi-Cert-1"
$password = ConvertTo-SecureString "P@$$w0rd" -AsPlainText -Force
$startdate = Get-Date
$enddate = $startdate.AddYears(4)
makecert.exe -r -pe -n "CN=$certname" -b ($startdate.ToString("MM/dd/yyyy")) -e ($enddate.ToString("MM/dd/yyyy")) -ss my -len 2048
$cert = Get-ChildItem Cert:\CurrentUser\My | ? {$_.Subject -eq "CN=$certname"}
Export-Certificate -Type CERT -FilePath "$certroot\$certname.cer" -Cert $cert -Force
Export-PfxCertificate -FilePath "$certroot\$certname.pfx" -Cert $cert -Password $password -Force

Following line will copy a string to your clipboard

Get-PnPAzureADManifestKeyCredentials -CertPath 'C:\Site Creator\IntelAi-Cert-1.cer' | clip

Following is how the copied string would look like. It has to be added to the manifest file of the Azure AD application.

"keyCredentials": [
 {
  "customKeyIdentifier": "5lca+kziogw7T6MB4kUrxseK5m8=",
  "keyId": "84153f1a-90b7-4802-b99a-bb75d4f9a35b",
  "type": "AsymmetricX509Cert",
  "usage": "Verify",
  "value": "MIIDAjCCAe6gAwIBAgIQkawCJU0cWYxH8RamKNuqqTAJBgUrDgMCHQUAMBkx
 }
],

Select your application under app registrations in Azure AD. Replace the “KeyCredentials”:[], section, as shown below.

Now this can be tested whether the application has required permissions to connect to the SharePoint Online site. For the ClientID, you need to provide application ID of the app you have created.

$password = ConvertTo-SecureString "P@$$w0rd" -AsPlainText -Force
Connect-PnPOnline -Url https://site.sharepoint.com/ -ClientId 0c01f61e-ba27-4ae7-ab19-174884a949fc -CertificatePath 'C:\Site Creator\Site-Cert-1.pfx' -CertificatePassword $password -Tenant intelai.onmicrosoft.com
$myWeb = Get-PnPWeb
$myWeb.Title

DISCLAIMER NOTE: This is an enthusiast post and is not sponsored by Microsoft or any other vendor.