Azure AD Connect Not Synchronizing Shared and Resource Mailboxes
I was at a customer site who was having issues with Azure AD Connect not synchronizing shared and resource mailboxes to Office 365. In short, any accounts that is in a disabled state.
By default, Azure AD Connect does synchronize disabled accounts. In an Exchange hybrid deployment, it is crucial that the shared and resource mailboxes get synchronized as well. The main tool to figure out why the disabled accounts are not getting synchronized is to look at the rules in the “Synchronization Rules Editor” on the AAD Connect server.
The problem was that the scoping filter within “In from AD – User AccountEnabled” rule needed to be modified. Once the userAccountControl was set to ISNOTNULL rather than the ISBITNOTSET, the shared and resource mailboxes showed up after the next AAD Sync.
Run through the steps below to make the change.
Launch “Synchronization Rules Editor” on the AAD Connect server.
Highlight the rule “In from AD – User AccountEnabled” and click Edit.
Click on ‘No’ so that the rule can be modified.
Select “scoping filter” from the left pane.
Change the operator value to ‘ISNOTNULL’
Leave the ‘Value’ column blank.
Click Save.
Force an AAD Sync by running Start-ADSyncSyncCycle -PolicyType Delta from the Shell.
Other Popular Articles
Disable Windows Copilot Using Intune
How To Insert Emoji In Outlook Email
How To Disable Microsoft Viva Emails
If you click “No” then the rule cannot be modified or saved.
Windows Copilot is Microsoft’s take on making life easier for Windows users using the power of AI. This article explains how to disable the feature using Intune, if your organization is not ready yet to walk into the AI world.
Table of Contents
Disable Windows Copilot Using Intune
We need to create a Configuration Profile for Windows devices in the Intune portal to disable Windows Copilot. Below are the steps that we need to create the profile.
Launch the Intune Portal and login as a Global Admin or Intune Admin.
Navigate to Devices -> Windows -> Configuration Profiles.
Click on Create -> New Policy.
Select Windows 10 & later as the platform and Settings Catalog as the profile type & click on the Create button.
Give the policy a meaningful name & description and click Next.
Within the configuration settings, click on the Add Settings option.
Search for ‘copilot’, Windows AI will come up as the category. Click on Windows AI and the Turn off Copilot in Windows (User) setting will come up. Check the box and click Next.
Specify scope tags if required and click Next.
Select who this policy should apply to in the Assignments section. I have selected to add all users. If you want to test the setting, you can create a test group and select that group here.
Similarly, you can also exclude certain group from disabling AI (say IT team) if required.
A summary of selected settings will be displayed. Click on the Create button to setup the policy to disable Windows Copilot.
Wait for the replication to complete in the cloud backend and login to your machine. Your chatty Copilot should now be disabled.
Disable Windows Copilot On Windows 11 Pro
Follow the steps below to disable Copilot on a personal Windows 11 Pro machine (say your own laptop).
Search for ‘group’ in Windows 11 and click on Edit Group Policy option.
Navigate to User Configuration -> Administrative Templates -> Windows Components -> Windows Copilot.
Double click on Turn off Windows Copilot setting on the right pane.
Select Enabled and click OK.
Close the Group Policy Editor. This will disable Windows Copilot on a Windows 11 Pro machine.
Summary
We have learned to disable Windows Copilot using Intune and Group Policy on Windows 11 machines.
Please let me know if you have any questions in the comments section.
Domain controllers are the backbone of any Active Directory domains in the Microsoft world. Any Windows server can be promoted to be a domain controller. In this article, we will go through the steps of promoting a Windows 2025 Server to be a domain controller.
Table of Contents
Windows Server 2025
The latest version of the server operating system has been named Windows Server 2025. You can start with a 2025 Server & create an AD domain or you can promote a member server that is already a part of a domain.
If you have been working with Windows servers long enough, everything starts with the Server Manager app. Promoting a server to a domain controller is no different.
Launch ‘Server Manager’ & click on Add roles and features.
You land on the summary page that explains what is required to run this wizard successfully. Click Next.
Select Role-based or Feature-based installation and click Next.
Select the server that needs to be promoted and click Next.
Select Active Directory Domain Services (second option) and click on Add Features.
Go with the default options for features that need to be installed.
A summary of AD DS pops up next, click next to continue.
Select Restart the server automatically if required and click Install.
You get to keep an eye on the progress of the installation.
Once the role has been installed, you will find an exclamation mark on the top right corner of the Server Manager. Click on that and select Promote this server to be a domain controller.
You get an error straight away (which you have never seen before) – Error determining whether the target server is already a domain controller. Role change is in progress or this computer needs a restart.
We never needed to restart the server after installing the role in the DC promotion process. Given that it is an insider build of Server 2025, I am hoping that this will get fixed before the public release.
Restart the server, launch Server Manager and click on the Promote this server to be a domain controller option again.
I am setting up a brand new AD forest and hence I select the third option (Add a new forest) and enter my root domain name.
Next window brings the option to set your forest & domain functional level and the DSRM password. In the insider build, it shows what looks like a variable (the Windows server version on which the you are working).
You can leave the default options in the DNS options wizard and click next.
Enter the netbios name of the domain in the next window and click next.
You can stick with the default paths for the AD database, log & sysvol folder or pick a location of your choice.
Review the selections that you have made so far and click next.
Wait for the green check mark on the prerequisites page and click next.
Click Install in the final window & wait for the magic to happen. Once the machine gets restarted (which it will do automatically), you will have a brand new domain controller based on Windows Server 2025.
Summary
Promoting a Server 2025 to a domain controller follows pretty much the same steps as previous operating systems. The Insider build has few errors that needs to be fixed, but hey, it is an insider build!
Please let me know if you have any questions in the comments section.
Microsoft has released an insider preview of it’s next server operating system named Windows Server 2025. We will have a look at the installation steps involved in setting up a 2025 server.
Table of Contents
Windows Server 2025
Microsoft has gone with the same look and feel of Windows 11 operating system in it’s current server operating system – Windows Server 2025. As the product is in insider preview, there might be slight changes before it hits the public shelves.
It is refreshing to see a ‘modern’ feel in the installation process of a server operating system. Gone are the days where the installation of a consumer based OS felt much better compared to it’s server counterpart.
Installing Windows Server 2025
Let’s take a look at the steps involved in setting up a Windows Server 2025 machine. First step is to download the ISO from the Windows Insider portal.
Next step is to boot the virtual / physical machine from the ISO which will kick off the installation of Server 2025.
First option to select is the language settings. Pick the one based which relates to you and click next.
Select the keyboard settings in the next screen and click next.
You get the option to select whether you want to Install Windows Server or Repair the installation. The bottom left corner also has the option to go to the previous version of setup.
You are asked to enter the product key, which is available in the Windows Insider portal.
Next option to choose is the type of image you want to install – Windows 2025 core or full blown desktop experience.
You need to agree to the licensing terms to move forward in the next step.
Select the partition on which the server OS should be installed and click next. You also have the option to slice the partitions the way you see fit in the same screen.
The Ready to Install window comes up, click the install button.
Installation of Server 2025 is underway and you get to see the progress.
Once the installation is complete, you need to enter an administrator password of your choice to finalize the setup.
And there you go! You see a Windows 11 login screen staring at you ;-)
After logging in, you get to set the options around sending diagnostic data to Microsoft, which I always set as ‘required only’.
The Windows Server 2025 desktop looks similar, doesn’t it? ;-)
The Windows Server 2025 has the same look and feel as a Windows 11 operating system. The installation options also provide that modern ‘feel’ and makes it a bit soothing to the eyes!
Please let me know if you have any questions in the comments section.
Rajith Enchiparambil
Hello! I am Rajith & work as a Cloud Architect in London. I love writing "how to" articles about Microsoft 365, Azure, PowerShell & AWS. Follow me on LinkedIn for article updates.
If you click “No” then the rule cannot be modified or saved.
Thanks for the update DaGriff.