Posts

Showing posts from July, 2023

365 Azure AD Synchronization Permissions – Insufficient access rights 8344

Image
  In Azure AD Sync you get the following 8344 Insufficient access rights to perform the operation on one or multiple accounts: Go to ADUC and right click on your domain to open Properties. Go the Security Tab and confirm the account that is used for synchronization has the following permissions: If still having the issue, I have found that if your sub OU or users are blocking inheritance that can also block the permissions from applying to the lower OU’s. Here is an example of proper setting in an sub OU. Note it says “Disable Inheritance” indicating inherence is properly enabled: Note: Inheritance may be disabled for another reason so please confirm with your Administrative team before revising. Worse case you can manually add those permissions without enabling inheritence.   The same can happen to an individual user. In this case Inheritance is disabled thus the option displayed to “Enable Inheritance” :

365 Delete Malicious Content - Hunt Status Code 400

Image
  When you access your 365 Exchange mail trace and run a query it will show the “Go Hunt for this message” option.       However if you don’t have the proper Microsoft Defender Licensing it appears to fail the hunt: For a more manual FREE method of clear those messages out such as the one in the image below we can use the Compliance Features. From Admin Centers Open Compliance: Content Search: Name and Description (Shorter name is easier for script later)   I am only removing from Exchange in this instance:  I selected Query Build so I can customize for my query:  Confirm/Submit: You can monitor it from the Content Search and open it once status is complete:   Double click to open the results: Reminder: If your query legitimate or not contains more than 10 emails per mailbox or more that 50,000 mailboxes this will not work! If you have more than 10 it may only delete the first 10 it finds. If you run it over and...