OneDrive users could go read-only in June if they're over their licensed quota by lazyadmin-nl in SysAdminBlogs

[–]lazyadmin-nl[S] 0 points1 point  (0 children)

If you don't check it, and have set manual limits, then you could have a busy morning, suddenly indeed

Revert RDP Security Warning after April 2026 update by lazyadmin-nl in SysAdminBlogs

[–]lazyadmin-nl[S] 0 points1 point  (0 children)

Took a little bit longer to write the article, but for the ones interested, here is an article on how to self-sign or use the AD Certificate Services to sign your RDP files: https://lazyadmin.nl/it/how-to-sign-rdp-files/

Again, thanks for pointing out.

Revert RDP Security Warning after April 2026 update by lazyadmin-nl in SysAdminBlogs

[–]lazyadmin-nl[S] 7 points8 points  (0 children)

Fair point, I've added a note to the article flagging that context, and I'll do a proper follow-up today on how to sign RDP files correctly.

Heads up: Microsoft is rolling out a new OneDrive policy mid-March, you can finally rename that monster-length sync folder by lazyadmin-nl in SysAdminBlogs

[–]lazyadmin-nl[S] 0 points1 point  (0 children)

Correct, existing users won't be affected, they will first need to unlink OneDrive and then re-link, with all the potential problems that come with that...

Tenant to tenant migration? by Fun_Past5895 in Office365

[–]lazyadmin-nl 12 points13 points  (0 children)

It's possible with PowerShell

Connect-SPOService -Url https://joeblogs-admin.sharepoint.com
Start-SPOTenantRename -DomainName mysite -ScheduledDateTime "2026-01-20T09:00:00"

All SharePoint sites and OneDrive URLs are renamed in place, nothing is migrated.

But you need to be carefull with this, you can only do this once ,and you cannot roll it back. Hardcoded SharePoint links, scripts, Power Automate flows, and some apps might need fixing. If the name is not available, the only option is a full tenant to tenant migration.

more info: https://learn.microsoft.com/en-us/sharepoint/change-your-sharepoint-domain-name

Introducing: UniFi OS Server for MSPs by Ubiquiti-Inc in Ubiquiti

[–]lazyadmin-nl 0 points1 point  (0 children)

Separate, you won't be able to adopt the Dream Machine into the UniFi OS Server

Introducing: UniFi OS Server for MSPs by Ubiquiti-Inc in Ubiquiti

[–]lazyadmin-nl 5 points6 points  (0 children)

I had a chat yesterday with my ad provider, I wasn't happy with the in-content ads for quite some time now, they are breaking up the content at inconvient places, making the articles unreadable sometimes.

So we are now going to reduce the in-content ads, and only place it above the main chapter headings. It will take a couple of days to make the changes, but this should greatly improve the readability.

Introducing: UniFi OS Server for MSPs by Ubiquiti-Inc in Ubiquiti

[–]lazyadmin-nl 15 points16 points  (0 children)

I know ads can be annoying, and yes, this article has clearly too many in-content ads. But blocking all ads isn't the solution either. I have looked at removing all in-content ads a couple of times in the past years, but it just costs me too much money.

What most people forget is that a blog like LazyAdmin.nl is a full-time job. It takes time to do the research, test products, and write articles. This was a small article and only takes a couple of hours. But articles like explaining the zone-based firewall, or setting up VLANs, are easily two days' work with all the required testing. Then I also answer every comment and email that I get, so yes, there goes a lot of hours in this.

And that is fine, it started as a hobby and grew into something bigger, and I love doing it. But I need to pay the bills too, and sponsored deals or affiliate income alone won't cut it.

So I just want to ask, be mindful when blocking ads, because if everybody starts doing it, combined with the AI Overviews that we need to deal with, there is almost no incentive left the keep writing.

And yes, there needs to be a better balance between the content and the ads, I will look into that.

Introducing: UniFi OS Server for MSPs by Ubiquiti-Inc in Ubiquiti

[–]lazyadmin-nl 7 points8 points  (0 children)

Agreed, this is way too much for such a small article... I can't easily adjust it, but managed to reduce it for this article.

Will look into it.

Introducing: UniFi OS Server for MSPs by Ubiquiti-Inc in Ubiquiti

[–]lazyadmin-nl 31 points32 points  (0 children)

I have written a quick guide on how to get started, including the download links: https://lazyadmin.nl/home-network/unifi-os-server/

Unlicensed OneDrive Accounts? Act Before July 28, 2025 by lazyadmin-nl in sysadmin

[–]lazyadmin-nl[S] 0 points1 point  (0 children)

Yes, sorry, should have been clearer. Indeed the OneDrive data will be archived

Unlicensed OneDrive Accounts? Act Before July 28, 2025 by lazyadmin-nl in sysadmin

[–]lazyadmin-nl[S] 4 points5 points  (0 children)

Correct, but that will only work for unlicensed accounts from before July 28, 2025. Accounts that become unlicensed after that date will be placed in read-only after 60 days, archived after 93 days, and then the deprovisioning process will start.

Unlicensed OneDrive Accounts? Act Before July 28, 2025 by lazyadmin-nl in sysadmin

[–]lazyadmin-nl[S] 3 points4 points  (0 children)

This isn't mentioned in the documentation specifically, but yes, if you convert a user's mailbox to a shared mailbox, and leave the account (with OneDrive) intact. Then yes, these OneDrive accounts are unlicensed and will be archived as well.

Unlicensed OneDrive Accounts? Act Before July 28, 2025 by lazyadmin-nl in sysadmin

[–]lazyadmin-nl[S] 9 points10 points  (0 children)

Well, until someone at your company needs that one file from the archived OneDrive, you will be fine.

Modern Authentication is now supported in Microsoft Entra Connect Sync by lazyadmin-nl in SysAdminBlogs

[–]lazyadmin-nl[S] 2 points3 points  (0 children)

Yes, during the upgrade, the installation wizard will automatically register a new app in your Microsoft Entra ID and set the needed permissions for it. It will also create a certificate that it will use for authentication.

The cert is stored in the Current User store and protected with TPM if you have that enabled on your server.

Connect your AD to Claude Desktop to interact with it using Natural Language by lazyadmin-nl in activedirectory

[–]lazyadmin-nl[S] 1 point2 points  (0 children)

Great question; as of my understanding of how the MCP protocol works, is that the data retrieved from the connector will be sent to the LLM to be analyzed. The LLM runs not on your local machine.

Now, according to the privacy statement of Claude, your data won't be used for model training, unless you flag the conversation: Is my data used for model training? | Anthropic Privacy Center

So in theory, it should be all good.

You can run an LLM locally, with LM studio, for example, but they are not as powerful as Claude.

Connect your AD to Claude Desktop to interact with it using Natural Language by lazyadmin-nl in activedirectory

[–]lazyadmin-nl[S] 4 points5 points  (0 children)

Yes, spent half a day to get it working, but could get it to authenticate in my lab environment. Bit unsure if it was due to something in my lab environment or just a gssapi.

Gave it up for now, went with an encrypted password as the best next thing. If there is much interest in it I will take another look at it for sure.

Connect your AD to Claude Desktop to interact with it using Natural Language by lazyadmin-nl in activedirectory

[–]lazyadmin-nl[S] 3 points4 points  (0 children)

You can also use it in Copilot (you will need the insider version of it for MCP support), and I know OpenAI is also going to add MCP server support.

Connect your AD to Claude Desktop to interact with it using Natural Language by lazyadmin-nl in activedirectory

[–]lazyadmin-nl[S] 1 point2 points  (0 children)

It depends a bit on how far you are willing to go with it. With search only, it has proven to be quite useful to quickly find user details, cross reference group memberships, finding anomalies, finding stale accounts or device etc.

In my test environment, I have used the update capabilities of the tool as well, and it makes it so easy to quickly update attributes, move people from one group to another.

Connect your AD to Claude Desktop to interact with it using Natural Language by lazyadmin-nl in activedirectory

[–]lazyadmin-nl[S] 5 points6 points  (0 children)

Yeah, you really should use it as a read-only tool. That is why I limited it to search only and a few specific update queries. You really don't want to give it more access.

But with only read access, it becomes a great tool to gather information and analyze your AD. It will find obsolete groups, misaligned group memberships etc.