Configuring Office 365 Preferred Language Settings

Introduction

Office 365 empower organizations to use cloud based services for their business to ensure anytime anywhere access to corporate information. When you setup Office 365 tenant for an organization with offices in different regions then you’re also required to empower your end users to setup up their own preferred language settings in Office 365. For example, if you have a user in Japan then his preference will be to use Japanese language for his Office 365 portal instead of using English. In Office 365 you can set up language settings for users based on how you setup identities in Office 365. You can easily update language settings for users using PowerShell. Preferred language settings depends on how user identity is provisioned. If you have cloud based identities then you need to use Azure AD to modify the user account properties in Office 365. If you are using Azure AD Connect to sync on-premises active directory accounts with Office 365, then you have to update the settings in local active directory.

Configuring Office 365 Preferred Language Settings for Cloud Identities

Configuring Office 365 language settings for cloud based identities requires you to connect with Azure AD powershell. Perform the following steps to configure these settings.

  • Connect with Azure AD powershell using global admin credentials

C:\> Connect-MsolService

Configuring Office 365 Preferred Language Settings

  • Run the following cmdlet to configure the preferred language settings for user pgarcia@msexperttalk.com to Urdu

PS C:\> Set-MsolUser -UserPrincipalName pgarcia@msexperttalk.com -PreferredLanguage “ur-PK”

  • To verify the language settings for the user account, run the following PS cmdlet

PS C:\> Get-MsolUser -UserPrincipalName pgarcia@msexperttalk.com | fl PreferredLanguage

Configuring Office 365 Preferred Language Settings

Configuring Office 365 Preferred Language Settings for Synced Identities

When you are using synced identities with Office 365, you need to modify the on-premises user attribute in Active Directory to setup preferred language in Office 365. To modify the preferred language in Office 365 to Urdu for a user Phil, you need to set the “PreferredLanguage” attribute in user account properties in Active Directory. By default, this attribute does not contain any value and set to use English as default language.

  • To modify the individual user account properties, you can run the following PowerShell cmdlet.

Set-ADUser pgarcia@msexperttalk.com -Replace @{‘PreferredLanguage’=”ur-PK”}

  • To update the preferred language attribute in a specific OU, run the following cmdlet.

Get-ADUser SearchBase “OU=Test,OU=IT, DC=msexperttalk,DC=com” Filter * Properties PreferredLanguage | ForEach-Object {Set-ADUser $_.SAMAccountName –replace @{PreferredLanguage=“ur-PK”}}

  • To update the preferred language attribute of users in a specific domain, run the following cmdlet. Following cmdlet will set the attribute for those users who do not have any this attribute setup.

Set-AdServerSettings -RecipientViewRoot “msexperttalk.com”
#Change language to ur-PK for all users with a setting of NULL in the MSExpertTalk.com domain
Get-ADUser -SearchBase “DC=msexperttalk,DC=com” -Filter * -Properties PreferredLanguage | where {$_.PreferredLanguage -eq $null} | Select SAMAccountName | ForEach-Object {Set-ADUser $_.SAMAccountName –replace @{PreferredLanguage=”ur-PK”}}

Preferred Language attribute settings will update the language for the following in Office 365.

  • Office 365 Default Landing page
  • General settings and menu
  • Office 365 Management portal
  • Video
  • Groups
  • OneDrive for Business
  • Delve
  • Office Online
  • Planner

To review a complete list of available language codes, please visit the Microsoft TechNet site.

Configuring Azure AD Connect to use specific Domain Controller

Introduction

Microsoft Azure AD Connect (AAD Connect) tool replicates your on-premises Active Directory with Office 365. Configuring Azure AD Connect to use specific domain controller can help expedite the process of replicating the changes to Office 365. I have seen scenario’s where on-premises Active Directory changes have not been replicated to Office 365 after 30minutes and Azure AD Connect shows a successful Delta Sync status in MIIS client. The fact why it happens is because Azure AD Connect is replicating the changes to Office 365 from a domain controller which doesn’t have your latest updates.

How Azure AD Connect locate a Domain Controller?

When you deploy Azure AD Connect tool in Active Directory forest, Azure AD Connect leverage DNS to locate a domain controller. Once Azure AD connect has a domain controller information, it connects with the same domain controller every time until the domain controller is not reachable and than Azure AD Connect tries to connect to another domain controller.

Why we need to Configure Azure AD Connect to use specific Domain Controller?

Configuring Azure AD Connect to use specific domain controller is required when you are implementing directory synchronization with Office 35 for multi-site active directory infrastructure where users are in multiple active directory sites across the globe.If you are modifying active directory changes and need to have them replicated to Office 365 quickly than we have 2 options, option 1 is to modify the changes to the domain controller from where Azure AD Connect is replicating the changes to Office 365. Downside of option 1 is that, you have to check the domain controller information from where the changes were being replicated during the last sync cycle. Option 2 is to configure the AAD Connect tool to use specific domain controllers. It’s much easy to configure the list of domain controllers in directory sync tool than to wait for replication changes to happen across active directory sites.

Configuring Azure AD Connect to use specific Domain Controller

Once the directory synchronization tool is installed. Follow the steps mentioned below to configure the list of domain controllers to which Azure AD Connect tool will connect.

  • Login to Azure AD Connect server and run the miis client

if you have installed the tool on default location, than Miis client can be located from C:\Program Files\Microsoft Azure AD Sync\UIShell

Configuring Azure AD Connect to use specific Domain Controller

  • Navigate to connectors and go to the properties of your connector

Configuring Azure AD Connect to use specific Domain Controller

  • In properties windows, select Configure Directory Partition and click on Configure to define your prefer domain controllers

Configuring Azure AD Connect to use specific Domain Controller

  • Enter the FQDN of your preferred domain controllers and click on Add

Configuring Azure AD Connect to use specific Domain Controller

 

  • Once you have defined the preferred domain controllers, make sure you have mark the checkbox next to Only use preferred Domain Controllers

Configuring Azure AD Connect to use specific Domain Controller

  • Click OK button to complete the configuration of preferred domain controller in Azure AD Connect tool

Azure AD connect tool is now configured to use preferred domain controllers only. Azure AD Connect will always check the preferred domain controllers for any modification in Active Directory to replicate with Office 365. More information on Azure AD Connect tool can be found here

 

Azure AD Sync Requirements / Prerequisites (Part 1)

Azure AD Sync Requirements / Prerequisites (Part 1)

In this articles series, I will walk you thru step by step to install and configure Azure AD Sync tool to synchronize on prem identities with office 365. You can download the most recent version of Azure AD Sync from Microsoft Website. Let’s get started with part 1 of this series.

Introduction:

Azure Active Directory Sync is the new synchronization service that allow customers to do the following:

  • Synchronize multi-forest Active Directory environments without needing the complete feature set of Forefront Identity Manager 2010 R2.
  • Advanced provisioning, mapping and filtering rules for objects and attributes, including support for syncing a very minimal set of user attributes (only 7!)
  • Configuring multiple on-premises Exchange organizations to map to a single Azure Active Directory tenant

More details on Azure AD Sync tool can be found on Technet

In this article series, we’ll setup environment for synchronizing on premise users with Office 365 using Azure ADSync Tool and apply different filtering options to synchronize only the required users. Once it’s all done we will upgrade the Azure ADSync tool to the new Azure AD Connect Preview 2 tool.

Prerequisites for Azure AD Sync:

  • Windows Server 2008, 2008R2, 2012, 2012R2
  • .Net framework 4.5 installed
  • PowerShell (preferably PS3 or better)
  • An account with local administrator privileges on your computer to install Azure AD Sync.

Azure AD Sync requires a SQL Server database to store identity data. By default a SQL Express LocalDB (a light version of SQL Server) is installed and the service account for the service is created on the local machine. SQL Server Express has a 10GB size limit that enables you to manage approximately 100.000 objects.

 

DirSync

Service Accounts for Azure AD Sync Tool

We need 2 service accounts for Azure AD Sync installation as mentioned below.

  1. Local Active Directory user account
  2. Office 365 user account (Global Admin Rights)

On Premises Service Account to connect to AD DS:

On Prem service account is required to read the user information from local active directory. Additional permissions are required for Password Right Back and other optional features of Azure AD Sync tool. To create a service account on local active directory  –> logon to any writable Domain controller and follow the steps as mentioned below.

  • With an admin account, create a user account in AD for the AAD Sync service account.

100

101

 

102

  • Once the active directory account is created, login to Azure AD Sync server and add the newly created AD account to local admin groups on the AAD Sync server.

110

111 112

113

  • Log off the AAD Sync server and login to the Domain Controller to assign appropriate permissions to the AAD Sync Service Account.
    • On Prem service account required “Replicating Directory Changes” and “Replicating Directory Changes All” permissions in local active directory. To assign these permissions make sure that “Advanced Features” are enabled for the domain

120

121 122

  • Configure “Reset Password” and “Change Password” extended rights for the AAD Sync service account in Windows 2012 R2. To assign appropriate permissions Right Click on Domain name –> Properties –> Security.

150

151

152

153

154

  •  Additional rights that are required for the service account to use the write back feature.
Object Type Data source Attribute Permission / Access Right Inheritance
Contact proxyAddresses Write The child objects only
Group proxyAddresses Write The child objects only
User/InetOrgPerson msExchArchiveStatus Write The child objects only
msExchBlockedSendersHash Write The child objects only
msExchSafeRecipientsHash Write The child objects only
msExchSafeSendersHash Write The child objects only
msExchUCVoiceMailSettings Write The child objects only
msExchUserHoldPolicies Write The child objects only
proxyAddresses Write The child objects only

Office 365 Service Account:

Office 365 Service accounts is used to read & write the user information to office 365 Active directory (Azure Active Directory). Office 365 account needs to be a global admin and password expiry should be set to “NeverExpire” as best practice.

  • Create a user account on Office 365 and assign global admin rights to the account

1 2

  • Set Password to never expire using the PS Cmdlet Set-MsOlUser -UserPrincipalName syncaccount@contoso.com -PasswordNeverExpires $True

1

2

This concludes part 1 of this multi-part article in which I’ve explained the pre-requisities for Azure AD Sync tool and permissions required on both side (local Active Directory and Office 365).

If you want to read the other Parts in this series, then please go to: