Tag Archives: Office 365

UPN changes for students – impact on Office 365

All,

The student UPNs will be changing on September 12 from user@onid.oregonstate.edu to user@oregonstate.edu. This has some specific impacts on Office 365. Please read – I anticipate a large number of calls. 

  1. The way they login to Office 365 will change. When you help a new user login for the first time, please make them aware of the change happening on September 12.
  1. Connections from Office and OneNote to files in their OneDrive will break. The symptom of this problem will generally be a yellow triangle with an exclamation point in the Office or OneNote apps. The solution is to repoint to username@oregonstate.edu. I will verify that we have a help doc on this issue.
  1. Links to shared files will break. The resolution to this is to re-share the files. This may impact College of Business students more than others as they use these features more. They can also get help from the COB helpdesk.

-Kirsten Petersen, IT Manager
Information Services, Oregon State University
http://oregonstate.edu/is

From: dca-all-bounces@lists.oregonstate.edu [dca-all-bounces@lists.oregonstate.edu] on behalf of Lomax, Erica L [Erica.Lomax@oregonstate.edu]
Sent: Thursday, August 27, 2015 17:46
To: DCA All
Subject: [DCA-All] 9/12 – Login changes to Google and Student UPN changes

On Saturday, September 12 starting at 8am the IAM team will be making changes to the logins and email addresses at Google for all users, student Active Directory User Principal Names (UPN), student primary email addresses, and UPN updates for a subset of other users.  It is anticipated that the set of changes will take approximately 12 hours on that date.

 

A summary of what is changing is as follows

o   If a graduate student account is pending unification and the UPN has already been assigned to the non-ONID account, no account update will occur.

  • UPN on ONID accounts for Employee & Associates that are located in the ONID OU in AD and do NOT have an existing identity match (PIDM) will be set to user@oregonstate.edu

If you would like a copy of your domain/OU’s users and their current identity match (PIDM) status, please send an email to IAMTeam @oregonstate.edu and let us know what domain or OU and we will provide you with a file.  It will contain the user, their non-ONID domain account and matching ONID account, if matched. You can use this file to fill in the missing ONID matches and return it to us to update AD with the matches.

 

Helpdocs are under development about the impacts to end users.  There will be email messages sent to the users via inform lists regarding the changes.

 

Please let us know if you have questions.

 

 

Erica Lomax

Director, Identity and Access

Information Services | Oregon State University

P: 541-737-3619

 

Office 365 Login Issues

Heads up: we have been fighting some issues with directory sync from OSU AD to Office 365 recently, resulting in the following issues:

  • People could not login (because their account has not been synced)
  • They could login but were told they are “not licensed”
  • They get an error saying they are “blocked”

All of these issues were due to directory sync problems. Jason spent some time chasing that down and resolved the problem yesterday, but the sync took 12 hours to run as it had a backlog to catch up on. A few people may be synced today but unlicensed – they should be fixed when the script runs at 11PM tonight.

I’ll be working with Jason and Jeff to improve our documentation on these types of issues, as well as to give everyone view access to the admin console so you can see status information. If there is an API, we will look to integrate that with RefTool.

For now, the basic things we need to check (as best we can) before escalating Office 365 issues are:

  • Have they activated their ONID account?
  • Can they login with their ONID to other services?
  • Is their ONID account disabled? (E.g. due to account compromise?)
  • Are they logging in with their UPN?
  • Are they registered for a class (at least 1 credit) in a current or future term? (Note: as soon as they register, they should be licensed at 11PM that day.)
  • Try clearing cookies in the browser to rule out ADFS issues.

Once you’ve verified that their ONID is good to go, they are logging in correctly, and they have registered for classes more than 24 hours ago, it’s probably something that needs to be escalated.

Note: the process for employees will be similar, but will depend instead on them being unified and in an allowed OU. RefTool will be the best place to find that information (may still need some tweaks).

OneDrive for Business cache issue

Problem:

When OneDrive for Business (ODFB) starts, you see the following error message:  “A problem occurred while accessing the Office Document Cache.  Do you want to repair this problem?”

Regardless of whether you choose Yes or No, the error keeps coming up. Also, on the Mac the computer becomes extremely slow, with CPU pegged.

Solution:

  1. Close ODFB, close all Office applications, and close OneNote.
  2. Delete the “OfficeFileCache” folder and its contents.
  3. Restart ODFB. You should not get errors this time.

On Windows, you might have to work a bit harder to close ALL processes that are accessing the cache folder.

Windows details here: http://www.7tutorials.com/fix-problems-microsoft-office-document-cache-being-corrupted

Mac details here: https://community.office365.com/en-us/f/153/t/298682

Unified Accounts: Things to Know

As you all hopefully know, the university is working on unifying all Active Directory accounts as a part of the identity management initiative.  Here are a few things you should know in order to support our customers during and after this transition.

Short version:
Look in RefTool to see if an account is unified.
Unified means they have ONE account, in ONID.
Password resets are via the ONID password reset tool.
Directory updates happen via Banner data.

What is Account Unification?

From the customer’s perspective, account unification means they have one set of credentials to login to most university services. They will use the same username and password to login to email, VPN, OSU Online services, etc.

From an IT perspective, a unified account means the following:

  • It is like a traditional “ONID” account:
    • It is automatically created via scripts from Banner data.
    • The customer activates their account when they become a new student or employee.
    • It is synchronized between ONID LDAP, the ONID Active Directory domain, Google, and Office 365 (same username and pass for all of these).
    • Directory information such as name, phone number and office are populated from Banner (and need to be updated there if they are wrong).
    • Password resets are self-service via the ONID password reset tool.
  • An IT unit on campus has claimed the account, and has administrative access to it.
  • The AD account may or may not have an Exchange mailbox attached to it. If it does, the ONID email address will not be listed in the Exchange Global Address List (GAL).

Note: for undergraduate students, account unification doesn’t have any particular meaning, because they typically only had one AD account to begin with (the ONID one).

Is This Account Unified?

In RefTool, you can see whether an account has been unified. Because unification has no impact on undergraduate students, nothing will be listed for them.

So far, the following groups have been unified: Library, Information Services, College of Ag Sciences.

All units should be unified by January 2016.

User Principal Name (UPN)

We are requiring everyone to set their UPN to the new standard as part of the account unification process. People might be confused about how to login after this.

The UPN is another account logon type, in the format oniduser@oregonstate.edu.

The UPN is unique in the AD forest, whereas usernames can be repeated (i.e. you can have forestry\bob and onid\bob and they can be different people, but there is only one bob@oregonstate.edu).

Because the UPN looks like an email address, we decided to make sure that everyone also has an email alias that matches their oniduser@oregonstate.edu UPN. However, that email alias may not be the person’s primary alias, the one they send email from.

For example, my attributes are as follows:

    username: peterkir
    UPN: peterkir@oregonstate.edu
    primary SMTP:kirsten.petersen@oregonstate.edu
    additional SMTP: peterkir@oregonstate.edu
    SIP address: kirsten.petersen@oregonstate.edu

In many places you can login either as domain\user or user@oregonstate.edu.  Office 365 requires you to login with the UPN.

The SIP address is used for Lync, and does not have a standard format yet (unfortunately). Changing the SIP address is a problem – it causes the person to disappear from other people’s contact lists.