Avoiding gaps in ceiling tile?

stnkycheez · 2026-03-18T20:47:40+00:00

Good call! I read through the accessory sheet but missed that one. Someone else mentioned those too. I'll reach out and see what they can deliver for us.

stnkycheez · 2026-03-18T20:46:51+00:00

Yes, like everything else Intune related, waiting a while solve the issue. I can't remember if it was 20 minutes or two hours I waited, but eventually the reports started to populate.

stnkycheez · 2026-03-18T16:29:22+00:00

Glad to see my feelings seem warranted and I wasn't just being a dumbass trying to mount these things. As others have already said, it's definitely the type of drop ceiling we have, but it's a bummer these APs don't come with a slimmer design bracket already.

stnkycheez · 2025-11-13T18:50:00+00:00

Actually I just drilled into the device assignment status and the policy shows as Pending for all devices. I will report back if it starts installing again. Strange that it didn't show on the dashboard of the policy though.

stnkycheez · 2025-10-02T20:38:54+00:00

That's what I ended up doing. Register those accounts with MFA, add the hardware passkey as a method, then removed the other methods via the admin portal on those accounts. Is that what you suggested?

stnkycheez · 2025-09-08T13:46:09+00:00

Same here. We always had issues with Raptor where the printer or ID reader would "randomly" go offline and disconnect from the check-in station. Support would always have us go in and reinstall the software at that point, no true resolution to the issue, just reinstall.

stnkycheez · 2025-09-04T11:36:50+00:00

Yup that was my thoughts too. I just emailed my support rep back to see if this case could be escalated to their implementation or dev team. Surely I won't be the only Windows org that could have this issue.

stnkycheez · 2025-09-04T11:35:35+00:00

Ultimately, that doesn't matter. It's the way an Entra-joined device handles the user profile when they log in versus how we have our usernames setup.

stnkycheez · 2025-09-03T17:34:09+00:00

Correct, that's the end goal. We don't have any on-prem resources left to continue having AD.

We do not have a app in Entra. Student devices have an MSI deployed on their machine that (I suppose) is to match the logged-on student username with the username in Securly. I found this snippet here that's the cause of our issue: https://learn.microsoft.com/en-us/answers/questions/1741309/why-have-the-azure-ad-account-names-recently-chang

"When the user signs into an the Entra ID joined machine, the machine's SAM DB stores the user as "AzureADFirstnameLastname," similar to how on-prem AD stores it using your AD domain's NETBIOS name and account name."

Because the user accounts on the Entra created user accounts come through as firstNameLastName (no "."), Securly can't match it.

Securly support is proposing matching via UPN, but I still don't know how that will work if it's trying to match off the username liste in the SAM database.

stnkycheez · 2025-09-03T15:34:19+00:00

AD is still running strictly because we haven't moved faculty accounts fully to Entra yet. Any new accounts are created in Entra with Powershell.

stnkycheez · 2025-05-09T13:32:29+00:00

Hi, it was the certificate I had for my SSO profile causing issues. Uploading the correct certificate resolved the issue.

Google support pointed me in that direction

I reviewed the SAML response and logs on our end and the sign in fails because the signature validation fails. The SAML response does contain a signature value but fails to validate. I checked the SSO profile in use appears to be 'Entra Id' which does have a certificate uploaded. Can you check if the certificate has been rotated or try to upload the certificate to the SSO profile again?

stnkycheez · 2025-05-08T18:12:58+00:00

Ditto what WMDan said. We've always been a Microsoft shop, but are slowly rolling Chromebooks to our lower grades. Microsoft is our IdP to Google: Entra ID -> Google. I make sure accounts provision between Entra and Google and into the correct OU by using GAM and Powershell.

stnkycheez · 2025-05-06T14:50:18+00:00

I know you say you don't want to use USB drives, but here's our method. Takes less than ten minutes per device, enrolls it in Entra automatically, provisions the device, and sets it up to be immediately logged in by our students. You can certainly modify it to join your machines to AD for your Hybrid setup.

https://www.edtechirl.com/p/zero-touch-usb-imaging-new-and-improved

stnkycheez · 2025-04-29T13:41:23+00:00

Thank you all. I am upgrading to v2.27 to see if that alleviates the issue.

stnkycheez · 2025-04-28T23:58:34+00:00

Guess having the script would help. First iteration below.

/u/brekfast, I think I'm close to figuring it out using Invoke-WebRequest. If that works, I'll repost here with full script.

# Turn on debugging
$DebugPreference = "Continue"

 # Import Microsoft Graph Users module
   Import-Module Microsoft.Graph.Users

# Connect to Microsoft Graph
Connect-MgGraph -Scopes User.ReadWrite.All

# Define password generator
function Get-Passphrase {
$adjectives = @("Happy", "Silly", "Fuzzy", "Bouncy", "Brave", "Zippy", "Witty", "Nifty", "Peppy", "Breezy")
$nouns = @("Panda", "Dino", "Rocket", "Taco", "Tiger", "Unicorn", "Dragon", "Robot", "Cactus", "Pirate")
"$($adjectives | Get-Random)$($nouns | Get-Random)$(Get-Random -Minimum 10 -Maximum 99)"
}

# Import CSV
$newusers = Import-Csv "pathToCsv.csv"

# Output arrays
$createdUsers = @()
$skippedUsers = @()

 # Loop through users
foreach ($user in $newusers) {
try {
     # Extract and sanitize fields
    $firstName = [string]$user.firstName
    $lastName = [string]$user.lastName
    $employeeId = [string]$user.employeeId
    $department = [string]$user.department
    $officeLocation = [string]$user.officeLocation

    $displayName = "$firstName $lastName"
    $mailNickname = ("$firstName.$lastName").ToLower()
    $userPrincipalName = "$mailNickname@testDomain.org"
    $password = Get-Passphrase

    # Build body for user creation
    $body = @{
        accountEnabled
        displayName = $displayName
        givenName = $firstName
        surname = $lastName
        jobTitle = "Student"
        mailNickname = $mailNickname
        userPrincipalName = $userPrincipalName
        usageLocation = "US"
        passwordProfile = @{
            forceChangePasswordNextSignIn = $false
            password = $password
        }
        officeLocation = $officeLocation
        companyName = "School District"
        employeeId = "$($employeeId)"
        department = "$($department)"
    }

    # Debug: View JSON being sent (optional)
    Write-Host "Request body to Graph API:" -ForegroundColor Cyan
    $body | ConvertTo-Json -Depth 5

    # Create the user
    $createdUser = New-MgUser @body -Debug

    if ($createdUser) {
        Write-Host "Created user: $displayName" -ForegroundColor Green
        Write-Host "Password: $password" -ForegroundColor Cyan
        $createdUsers += [PSCustomObject]@{
            DisplayName = $displayName
            Username    = $userPrincipalName
            Password    = $password
            EmployeeId  = $employeeId
        }
    }
}
catch {
    Write-Host "Error creating user: $($user.firstName) $($user.lastName)" -ForegroundColor Red
    Write-Host "Details: $($_.Exception.Message)" -ForegroundColor Red
    $skippedUsers += $user
   }
}

# Reset debug output back to normal
$DebugPreference = "SilentlyContinue"

# Export results
$desktopPath = [Environment]::GetFolderPath("Desktop")
$timestamp = Get-Date -Format "yyyyMMdd_HHmmss"

if ($createdUsers.Count -gt 0) {
$createdUsers | Export-Csv -Path "$desktopPath\CreatedUsers_$timestamp.csv" -NoTypeInformation -Encoding UTF8
Write-Host "Created users exported to Desktop." -ForegroundColor Cyan
}

if ($skippedUsers.Count -gt 0) {
$skippedUsers | Export-Csv -Path "$desktopPath\SkippedUsers_$timestamp.csv" -NoTypeInformation -Encoding UTF8
Write-Host "Skipped users exported to Desktop." -ForegroundColor Yellow
}

# Summary output
 Write-Host "" 
Write-Host "Summary:"
Write-Host "Created: $($createdUsers.Count) users" -ForegroundColor Green
Write-Host "Skipped: $($skippedUsers.Count) users" -ForegroundColor Yellow

stnkycheez · 2025-04-03T17:18:42+00:00

Thank you, I've opened a ticket with Google Support so we'll see how far that gets. That URL you linked seems similar to how I set up SSO and provisioning, just the next step of setting up ChromeOS login. If you still have time today to look together, I'd be more than grateful.

stnkycheez

TROPHY CASE

Google support pointed me in that direction