Identifying and Counting Office 365 Cloud vs On Premises Users

Posted on by Adam Fowler

How do you easily identify Cloud and On Premises users in your Office 365/Azure AD instance? With PowerShell of course!

Prerequisite – Windows Azure Active Directory Module

Using the ‘get-msoluser -all’ command, you can find all your users in Office 365/Azure AD. Getting the results of which users are cloud only based, or synced via an on-premises LDAP such as Active Directory may not be easy at first glance.

If you expand out all the details possible from a user, the fields are as follows:

get-msol1

None of these are obvious to indicate where the account is primarily located.

After a quick comparison of an on-premises account and a cloud account, I noticed the ‘ImmutableId’ was blank for the cloud users. I found a great blog post about what the value was for here, which proved my guess – the value corresponds to the ‘objectGUID’ of the account, which cloud-only accounts don’t use.

Based on that, the rest is simple. Here’s some example commands:

get-msoluser -all | where immutableid -eq $null
Get a list of all cloud only accounts

get-msoluser -all | where immutableid -eq $null |fl
Get all cloud only accounts with all values

get-msoluser -all | where immutableid -ne $null
Get all synced on-premises accounts (e.g. DirSync, Azure AD Connect, ADFS)

get-msoluser -all | where immutableid -eq $null |measure
Show a count of how many cloud only accounts

get-msoluser -all | where immutableid -eq $null | export-csv cloudusers.csv
Export the list of cloud only accounts to a csv file

Testing Twitter Influence – Part Two

Posted on by Adam Fowler

Read Part One Here

It’s been a few weeks since I decided to muck around with Twitter, and it’s been a learning experience to get to the stage I’m at.

I bought 7500 and 8000 followers respectively through fiverr.com – a bad idea to do both at once, since both ‘professionals’ claimed they’d delivered after I got to 7800 followers. I couldn’t prove who did and didn’t do it, or if they’d both half done it… so just bought a third chunk of 7500. I wanted to get over the 10k mark as to me, that appears more impressive than seeing a number like “9,825” followers.

Within the week, I had my 15k followers. The first thing that jumped out at me was that a lot of them were eggs:

twitter1

Apart from the eggs, there were a lot of non-English style followers. I feel bad because I’m sure these identities have been stolen for fake accounts (as in the photos, I’m sure the names aren’t real). It was at this stage I realised there’d be a bit more work to do, just having 15k followers wasn’t enough.

I checked out IFTTT.com which can automate some Twitter things, but it seems Twitter has blocked a bunch of things I’d hoped to do. First I tried to follow everyone who followed me – I couldn’t find a way to do this at all. There was also no way to automatically follow anyone, nor a way to retweet anything automatically. I was trying to do all of these things to create content and contacts without effort. I dare say the exact reasons I was trying to do this, was the same reasons it’s not allowed.

What I could do, was get IFTTT to search a hastag (e.g. #microsoft) and add that person to a Twitter list. IFTTT will only grab 30 results at a time, so it’s slow – but I figured people like being added to lists, and might follow my account after feeling special enough for being added to a list.

You can see my #Microsoft list here and I did the same for #Windows here. There seems to be a mix of rubbish Twitter accounts along with real ones, so I’d say it’s been semi successful.

I also found a service called  that would retweet tweets from lists. I did this for a little while just to get my tweet count higher, but stopped it. Due to only using the free service, there were some rather heavy limitations, along with a daily “I’m using RoundTeam” tweet they kindly made my account do. I was hoping automatic retweets would do the same as adding someone to a list, while making my feed look useful. The problem I found was, I was often retweeting non-English tweets that used #Microsoft or #Windows which made my feed look pretty crappy.

As a final attempt, I followed only a few tech Twitter accounts, added them to a list, and retweeted their tweets occasionally. This cleaned up my feed a bit, but it wasn’t really doing much to get social media influence.

I then turned off all the automation, apart from the lists as I figured that wasn’t doing anything visibly obvious to anyone, apart from accounts added to the list. I managed to get some legitimate followers though, if you see who follows my account, the first few pages look pretty good.

I have a feeling that if I now treated the account properly, created content and interracted with people it would be seen as a legitimate, popular account. What do you think?

My next step is to create a page and see how many hits I can get to it, probably by paying another spammer $5US to promote a tweet. I’m curious to see how many hits I’ll get…

Azure AD Connect – Password Sync Times

Posted on by Adam Fowler

Azure AD Connect is a Microsoft utility that will sync your Active Directory records to Azure AD/Office 365. An introduction to this is available here.

One of the benefits of Azure AD is being able to use it as your point of authentication for users over the internet, without having to poke holes in your on-premises firewall. I was considering this for a 3rd party solution – but I had a concern.

How Do Passwords Work in Azure?

Azure AD/Office 365 stores passwords for users created ‘On Cloud’ – i.e. the primary record for them exists in Azure AD/Office365. For the ‘On Cloud’ users, password resets are instant, because the same system that hosts the user, manages their password.

Azure AD/Office 365 does not store passwords for your on-premises users. Instead, it uses a password hash. To learn more about this, read Mircosoft’s article on Understanding Office 365 identity and Azure Active Directory. This only functions if you’ve actually enabled password sync, which is a tickbox configurable from the Azure AD Connect side of things.

This means an on-premises user still authenticates against Azure AD/Office 365, but details are synced using Azure AD Connect on a scheduled basis. Someone’s phone number changes? That’ll be pushed to the cloud on the next sync. By default, that sync is every 3 hours. Personally I prefer every hour, but this is going to be dependent on the size of your AD environment if that makes sense.

What about Password changes?

Password hashes are different though. They occur every few minutes – sometimes within seconds. Event logs on the server that hosts Azure AD Connect will show three different events occuring.

The first is the ‘Password Change Request’ Event ID 656. From this you’ll see which user it is, as well as when the password change was actually made according to AD.

Second is the batch count, Event ID 651. This shows that it’s finished collecting details of password changes.

Finally, the Password Change Result record, Event ID 657. This should show the user affected again, and the result of the password change (which is hopefully Success):

adsync1

I was hoping passwords would almost be instant (within a few seconds) and my original testing showed that, but after more testing I found mixed results. More often it would take a minute or two.

Real World Impact

This means that if you have any application that authenticates against Azure AD, there is a chance of up to a roughly 3 minute delay before Azure AD knows of the new password, and won’t create a great experience for end users depending what applications they use, even first party.

Consider if you had Sharepoint Online for something staff accessed, and someone logs onto their domain connected PC. Their password has expired, so they change it and continue logging in. First thing they do is try and get to the SharePoint Online website, and get prompted for credentials. They try their new password, and it doesn’t work! So they try their old password… but in between these two attempts, their password in Azure AD has now updated. The old password doesn’t work either! From an end user perspective, that’s incredibly confusing.

Solution

The real solution to all of the above is to not use Azure AD Connect, and instead use ADFS. Instead of syncing passwords, password requests come from Azure AD back to your on-premises ADFS environment to authenticate a user. This will be immediately aware of a password change, and authenticate the user with the right credentials. You get the added benefit of pass-through authentication to Azure/Office 365 resources, which means users don’t need to keep authenticating to online resources (such as my SharePoint Online example above).

Any questions/comments/disputes on the above? Comment below!

Thanks to @Froosh for confirming my tests on this.

Testing Twitter Influence – Part One

Posted on by Adam Fowler

I have some theories and questions around Twitter, follower counts and reach – so I thought I’d put some stuff to the test. Each social network is different, and in turn will attract both people trying to make a quick buck as well as people looking to exploit it.

I plan to try a few different cheap methods of social influence on Twitter, and see what happens. I’ve been curious about it for a while, but honestly I don’t really trust anything out there as there’s usually an angle someone’s pushing for (such as selling SEO type services) and trying to make money for themselves. I’m not, which hopefully is clear from this write up.

I also don’t want to discount the idea of value from influencing. I am personally an influencer in a few programs, but all this means is I have access to products and information that I can share how I please, because I have a perceived audience who will listen. It definitely works – an example off the top of my head is Oprah’s Book Club. Any book she recommends hits all the top sellers lists once she recommends it. The Oprah effect is real and valuable, and I’m happy with this method as long as it really reflects’s the person’s views and they’re honest in what they say. For myself, I only go into programs of products I actually like, and as long as the other side is aware that I’m not going to blindly praise anything I get – it will be honest and fair comments made publicly.

My preconceived ideas:

  • A lot of people have huge followers on Twitter, and I think many buy followers for influence.
  • Buying followers is cheap and easy.
  • Getting influence through lots of fake followers, and getting fake accounts to write something for you actually gives you hits to your website.
  • People will see the amount of followers you have being huge, and think you actually have a big influence, which will lead to real opportunities.

Questions I have are:

  • Is it actually as easy as I think to get thousands of followers?
  • How long will it take?
  • How many hits can I get to a blog post by solely getting it tweeted out by a bunch of fake accounts?
  • How much will this cost?
  • Is any of this better than what an ‘SEO Expert’ will do, costing many times more?

I’m hoping the results of this will give a little less credit to many who abuse the system, and highlight that the quality of followers you have on Twitter is much more important than the actual number. Maybe I’ll be completely wrong, my tests will work amazingly well, we shall see.

I’ll probably find other interesting things to try in this process also, I’ll keep everything transparent as I continue through it.

Step One – Create a Twitter Account

I’ve already put step one into action. I’ve created @adamfowleritcom which has zero followers and zero followings. Zero tweets too. I’ve changed the picture from Twitter’s egg to a very unexciting text about my website. I don’t want to actually use this account at the end of this test for my blog as I believe this to be ethically wrong, and I use my normal Twitter account @AdamFowler_IT anyway – but I may leave it untouched so readers can see the results.

Step Two – Buy Followers

I’m not sure the best place to even buy followers. I could search on Twitter for all the accounts that spam ways of getting followers, but instead I’ve decided to use Fiverr. This way, it’s going to cost $5US a shot, and I’ll pick someone who has actual feedback. I don’t want to promote who I choose, because I’m not doing this to promote the actual usage of buying followers. It’s a very small amount of money and maybe there’s cheaper out there…

There’s a lot to choose from, so I picked one that promised 7500 followers, and another that promised 7000 followers. 14,500 total, and it takes 1 – 2 days to deliver. If they don’t deliver, I can just get a refund from Fiverr and try again.

I feel a little dirty already from doing this, like I need a shower dirty. I’ll wait a few days and provide an update.

 

Source: http://news.xinhuanet.com/english/photo/2015-04/28/c_134190146.htm

Source: http://news.xinhuanet.com/english/photo/2015-04/28/c_134190146.htm

 

Intel 6th Gen CPU Launch

Posted on by Adam Fowler

I was given the opportunity to attend the launch of Intel Asia Pacific’s 6th Generation CPU in Sydney, 14th October 2015.

Sydney Opera HouseSydney Opera House

The event was held in the Sydney Opera House, which I’d never been in before. Great building, but not so great for phone reception – luckily Wi-Fi was readily available. The event was also live streamed so people around the world could watch and see what Intel had to say. If you missed out, you can still watch a reply of it here.

20151014_173053Intel On Stage

The hashtag for the event was #Experience6thGen and you can check out what people were saying on Twitter – including myself as I live tweeted points I found interesting.

Take home messages from the event for me were:

  • Intel are releasing 48 different CPUs for the 6th Generation – ranging from CPUs designed for convertibles, laptops, gaming PCs and servers
  • Skylake is the code name for the 6th Gen CPU
  • Gaming CPUs are selling great, Intel are seeing a resurgence of console gamers coming back to PC. Intel is focusing more on gamers now along with eSports sponsoring
  • CPU sales are still on a slight downward trend, but as an example Q3 2015 was better than Q2 2015, and Intel are hoping this new CPU along with Windows 10 and the new devices coming out help drive growth
  • Thunderbolt 3 is supported with the new CPU which is 8x faster than USB 3.0
  • RealSense is awesome – 3D Camera support which most laptops will come with. This enables secure face scanning for login via Windows 10 along with a bunch of other cooler things – think 3D printing/copying! Sheldon Cooper can tell you all about it.
  • Intel has some crazy new storage technology on the way for 2016 – Intel Optane
  • There’s a lot of new devices on their way!

Some of the devices were on display. To get to them, I had to sneak past a robot:

RobotIntel Robot

…then I had to avoid detection of some Stormtroopers:

StormtroopersLooking for droids?

… and I finally managed to make my way to Lenovo’s showcase of devices, with Intel’s new CPU inside.

I spotted:

ThinkPad Yoga 260Lenovo ThinkPad Yoga 260

Lenovo P50Lenovo P50

YogaLenovo Yoga 500

Miix 700Lenovo Miix 700

Sorry about the photo angles, it was very crowded! Personally, I’m most interested in the P50/P70 series of Lenovo laptops because they’re really a decent server in laptop form, go read about them! The ThinkPad Yoga 260 is also interesting for a business user, as a lot of the Yogas lately have been consumer. They all look like decent laptops though, and have their own target audience.

There was also a gaming desktop set up, but I only managed to snap a photo of the awesome red keyboard:

20151014_175307Lenovo Gaming Keyboard

It’s nice to see a focus from both Lenovo and Intel on the gaming community again, which combines with so many people wanting a grunty PC as rich media content creator and editor.

CRQzC7bU8AAYGR6Hi from the event! (I’m 3rd from left)

Thanks for the invite Intel, had a great time and got to catch up with a variety of great people all with an interest in what Intel does. Hopefully I’ll have my hands on a 6th Gen CPU myself, so I can put it through the paces.