Troubleshooting Tips

    Prerequisites

    Management operations

    Report generation and tenant configuration

    Prerequisites

    Atleast Microsoft .NET version 4 and PowerShell version 3.0 must be installed.

    If you have installed the product in any machine that runs an OS version lower than Windows 8 (Windows 7 SP1, Windows 2008 R2 SP1 & Windows 2008 SP1), please make sure that you have Microsoft .NET version 4 and PowerShell version 3 installed in your system.

    1. To check if Microsoft .NET Framework is installed, open Command Prompt from Run. Enter the following command wmic product where "Name like 'Microsoft .Net%'" get Name, Version. Check the displayed version. If the version is below 4, install Microsoft .NET Framework 4 from here.
    2. To check if PowerShell is installed, type PowerShell from Run. If PowerShell is installed, check for its version number by running the command $PSVersionTable. If the version is below 3 or if PowerShell is not installed, install PowerShell V 3.0 from here.

      Note: For machines running Windows 8 and later, Microsoft .Net version 4 and PowerShell version 3.0 come pre-installed.

    Windows Azure Active Directory Module and Microsoft Online Services Sign-In Assistant must be installed.

    If the Windows Azure Active Directory Module is not installed, you will not be able to generate any Azure reports, such as user, group, or license reports.

    Steps to download and install the Windows Azure Active Directory Module:

    1. Download and install the Microsoft Online Services Sign-In Assistant. To check if this module is installed, run service.msc and check if the service Microsoft Online Services Sign-in Assistant is installed. If not, download the module here.
    2. Download and install the Windows Azure Active Directory Module for Windows PowerShell. To check if this module is installed, open PowerShell and enter get-module -Name msonline. This will list the module if it is installed. If not, download the module here.
      Note: The latest version of the Azure Active Directory Module for Windows might cause an error due to a lack of backward compatibility. To circumvent this, the other version of the Azure Active Directory Module can be downloaded here: Azure Active Directory Module for Windows.
    3. Refer to this document for any help and information regarding installation of the Azure Active Directory Module.
    4. After installing the module, please restart ADManager Plus.
    5. After starting ADManager Plus, refresh the tenant.
      • Navigate to the Admin tab.
      • Under System Settings, click Microsoft Tenant Settings.
      • Under Actions, click the Refresh icon for the tenant.

    Azure module must be installed to perform this action. Please restart the product.

    Azure Active Directory module must be installed to generate reports and do management actions on Azure AD.

    1. Azure AD will be automatically installed when O365 Manager Plus is configured.
    2. To check if this module is installed, open PowerShell and enter get-module -Name AzureAD. This will list the module if it is installed.
    3. Even though the module is not installed, please restart the product.

    Unable to connect to Microsoft 365. Please check your internet connection.

    1. The product requires an active internet connection to connect to Microsoft 365 and perform the desired operations. Please ensure that your internet connection is active and stable.
    2. To allow the product to interact with Microsoft 365, add the ports and URLs mentioned in this article to your firewall allow connection to the internet. Failure to do so will result in certain features not working as intended.

    Untrusted certificate provider

    This error occurs when certificate based authentication is used in firewall, and the product's JRE does not trust the certificate. To fix this, add the certificates to the JRE's trusted certificate store using these steps,

    • Navigate to <product_installation_directory>/jre/bin.
    • Open command prompt as an administrator.
    • Execute this command:
      keytool.exe -import -trustcacerts -alias "certAlias" -file "certPath" -keystore
      ..\lib\security\cacerts
      In the command,
      - certAlias - A name of your choice
      - certPath - Path of the certificate.
    • You will be prompted for a password. The default password is changeit. Provide the password and hit Enter.
    • Restart the Product.

    Management operations

    Insufficient privilege to perform the operation

    When REST API is enabled in the product, directory roles are required for the Azure application to perform privileged operations like reset password, block/unblock users, delete user, restore user, and hard delete user. For this purpose,

    • Help desk administrator role can be assigned to update changes for non-administrators and other help desk administrators.
    • Privileged authentication administrator or Global administrator role can be assigned to update changes for all users - administrators and non-administrators.

    Contact your administrator for assistance.

    Microsoft 365 user creation - Rest API Error - 403 Forbidden

    This error usually occurs due to a lack of permissions for the user creation graph API. Refer to this link to learn about the required permissions.

    Note: All the permissions should be granted admin consent. The steps are given below:
    1. Log in to the Azure AD portal using the credentials of the account for which the REST API is to be enabled.
    2. Navigate to Azure Active Directory > App registrations, and select the desired application name from the list shown.
    3. Select API permissions from the left pane and click the Grant admin consent for <your_company_name> option listed under the Grant consent section. Grant the necessary permissions as required.

    Report generation and tenant configuration

    To test the connectivity to Microsoft 365

    1. To test the connectivity of your Office 365 environment using PowerShell, follow the steps listed here.

    Open Session Failure/Connection Error

    This error occurs when a PSSession could be opened successfully. To fix this, execute the Office365Troubleshoot.ps1 script file by following these steps.

    • Open PowerShell as the administrator.
    • Run the command Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force -Scope process.
    • Run this script:
      <install-dir>/bin/Office365Troubleshoot.ps1

      Note: <install-dir> here refers to the directory in which you have installed ADManager Plus.

    • Enter the username and password of the Microsoft 365 global admin with which the tenant was configured.
    • If Is Global Admin Account returns a value False, make the user a global admin.
    • If Exchange session returns a value Error Occurred, the problem is with the configured account.
      1. If the problem occurs when you try to configure an Microsoft 365 tenant, try using a dedicated service account to configure ADManager Plus by following these steps.
      2. If the problem occurs at any other stage, the error may be temporary and try again after some time. If the issue persists, please contact support@admanagerplus.com.

    Permission Denied

    Follow these steps to fix this.

    • Open PowerShell as the administrator.
    • Run the command Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force -Scope process.
    • Run this script: <install-dir>/bin/Office365Troubleshoot.ps1

      Note: <install-dir> here refers to the directory in which you have installed ADManager Plus.

    • Enter the username and password of the Microsoft 365 global admin with which the tenant was configured.
    • If Is Global Admin Account returns a value False, make the user a global admin.
    • If Exchange session returns a value Error Occurred, the problem is with the configured account.
      1. If the problem occurs when you try to configure an Microsoft 365 tenant, try using a dedicated service account to configure ADManager Plus by following these steps.

    Operation Stopped

    Some possible reasons and the steps to fix them.

    1. MSOnline module might have some compatibility issues.
      • To check your module version run this script:
        (Get-Item C:\Windows\System32\WindowsPowerShell\v1.0\Modules\MSOnline\Microsoft.Online.Administration.Automation.PSModule.dll).VersionInfo.FileVersion
      • If the version is higher than the suggested version, uninstall the module and install the compatible module using the below command
        1. Open PowerShell as Administrator.
        2. Install the MSOnline module using this command:
          • Install-Module -Name MSOnline -Force
      • If the version matches, try reinstalling the module.
    2. Microsoft Online Services Sign-in Assistant may not be ready yet. To restart the service:
      • Type services.msc in Run and hit enter.
      • Find Microsoft Online Services Sign-in Assistant, right click and select restart.
    3. This error may arise due to credentials without sufficient permissions when the product is installed as a service. To resolve this, try using Domain User account as a Service Logon account. To do this:
      • Type services.msc in Run and hit enter.
      • Right click ManageEngine ADManager Plus and select Properties.
      • Select Log On tab.
      • Select This Account and type the valid credentials.
      • Click OK.
    4. If the problem still persists, run the Office365Troubleshoot.ps1 script file a
      • Open PowerShell as the administrator
      • Run the command Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force -Scope process.
      • Run this script: <install-dir>/bin/Office365Troubleshoot.ps1
      • Note: <install-dir> refers to the directory in which you have installed ADManager Plus .
        1. Enter the username and password of the Microsoft 365 global admin account.
        2. Contact support@admanagerplus.com with the screenshot of the error message you get.

    Steps to create a dedicated service account

    • Log in to the Microsoft 365 portal.
    • Navigate to Users → Active Users → Add a User.
    • Create a new user by filling the mandatory fields display name and user name.
    • In the password section, select Let me create the password and enter a password for the user account.
    • Uncheck the Make this user change their password when they first sign in.
    • In the product licenses section, select Create user without product license.
    • Click Save.
    • Use this account to configure your Microsoft 365 tenant in ADManager Plus.

    If the problem persists, contact support@admanagerplus.com.

    Don't see what you're looking for?

    •  

      Visit our community

      Post your questions in the forum.

       
    •  

      Request additional resources

      Send us your requirements.

       
    •  

      Need implementation assistance?

      Try onboarding