Jump to content

Oscar Stankard

Hornbill Users
  • Posts

  • Joined

  • Last visited

  • Days Won


Oscar Stankard last won the day on September 15 2017

Oscar Stankard had the most liked content!

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

Oscar Stankard's Achievements


Contributor (5/14)

  • Dedicated Rare
  • First Post
  • Collaborator
  • Conversation Starter
  • Week One Done

Recent Badges



  1. Hi there, Thanks for your efforts getting this sorted, can I ask how the change has gone and what the delivery stats for smart host delivery to Exchange Online are looking like now? Kind regards, Oscar
  2. For anyone that also hadn't seen this, if you click on the envelope icon next to a recipient's name in the email TO field it will give you the option to "Resend Message to Recipient". It's also got a great SMTP session log under the Delivery Status option that's handy.
  3. Hi there, We've got the direct delivery (DNS routing) thing going OK so people are happy enough in the meantime, don't think missing the outbound emails from our backups/archives is the end of the world in the meantime but there might be a way we can get an account created at Mimecast to allow authenticated 'smart host' delivery injecting messages into our normal delivery process but at a different point (and should then be captured on the way out and get backed up/archived again). Would be good to understand if there is a different cryptographic utility/library that is able to connect to MS's SMTP since whatever it is changed yesterday morning and also what they say to Victor's request but pretty much ticking over here now glad to say. Kind regards, Oscar
  4. Hi there, OK thanks for your help, will propose switching to the direct delivery option in the meantime and see what the team says. Is your direct to internet SMTP service able to submit messages to external domains on Office 365 at the moment? Does the direct delivery option use the same connector as authenticated smart host delivery (and do Microsoft handle these TLS connections to the SMTP.office365.com and mail.protection.outlook.com with the same behaviour)? Are there different results when using another cryptography library/tool? How many other customers are still having this issue and are they geographically concentrated or with any other shared characteristics? What have they managed to do in order to continue to send messages from their helpdesk? While it's someone else's service that's at fault there is a great deal more information that would be helpful to both understand the state of play but also what our options are for resuming sending messages. If this was affecting all ways of sending email via Microsoft's SMTP service I would have expected more reports of it or workarounds being drawn up, but struggling to find anything so anything that can be expanded on short of raising it with Microsoft would be very welcome. Thanks for your help. Kind regards, Oscar
  5. Hi there, I don't seem to have as much luck, have pressed the 'Resend Message to Recipient' option (the envelope icon?) but after doing that multiple times for every message I have still yet to see anything in the sent items folder past 9:55 this morning. Do you have any observations about the success rate and how many times people need to retry for messages to be sent? I don't seem to be able to find any information about a Microsoft change to their Exchange Online SMTP service or other people having issues so I'm a little in the dark about what's going on and what our best course of action is. Have any further findings been made with the behaviour, announcements made by microsoft, or any further suggestions from Hornbill about ways of sending emails from Service Manager in the meantime can I check? Thanks for your help. Kind regards, Oscar
  6. Hi there, Thanks for the update on this and will stop testing things and wait for changes, it does jog my memory though please can we have the ability to set a FROM address as well as a TO address on the send test email function (my email server won't let me send as do-not-reply@hornbill.com)? Thanks for your help and good luck in your troubleshooting of the problem. Kind regards, Oscar
  7. Hi there, Ah good stuff I had not twigged that this 'Type' key was to change the update mode of the 'UserType' value, presuming the update mode under the 'User' section was the one that goverend it. So all the other values are hopefully the same between all 'basic' and 'user' users (the "Basic User Role" role can be applied to both types of users without issue as far as I can think?) and we can bare to add the userusers-specific roles and change user type manually for the handfull of service desk changes we have day to day. Let's see if this ticks the box for the service desk team, thanks for your help. Kind regards, Oscar
  8. Hi there, The script seems to permit all users listed from the Graph call to be created or updated to either 'basic' or full 'user' users, but we need some to be basic and some to be full? When trying to run the import it's currently trying to 'downgrade' the helpdesk users, leaving the value blank or setting a 'none' update mode doesn't appear to be an option. So if we need to run 2 separate conf.json, one to look at the 'user' and one to do the 'basic' ones, we need a way to exclude the helpdesk users from the basic sync, and then exclusively the helpdesk users in a second config set for 'user' level users? Users that have documents assigned to them seem to reject the attempt to 'downgrade' so perhaps we could just ensure every team member has a document assigned to block this? In experimenting with the (Graph?) filter syntax that's exposed to us by the userfilter value, it seems it doesn't support the 'ne' operator, or give the ability to reference 'complex' properties like the licence collection? Looking through the documentation I can't seem to see a way to set the user filter to exclude the dozen or so helpdesk menbers from the wider results? Hopefully I'm overlooking something but at the moment the only path I can see is to populate 2 Azure AD groups with the 2 types of users we want to import/sync with a separate script not limited by Graph, and use that as the UsersByGroupID filter for 2 separate basic/user sync runs to Service Manager? Thanks for your help. Kind regards, Oscar
  9. Hi there, Have found that you need to have a capital N in mailNickname in the Azure as well as mapping fields and then it works as hoped. On to some testing! Kind regards, Oscar
  10. Hi there, We tried .userPrincipalName first but thought to try the .keysearch option after having no luck. Happy to use any alternate value you might suggest, also tried .mailnickname just in case but believe it will be needing the version that includes the domain in the UserDN value? The existing userID/logonID/employeeID values for this record in Service Manager apear to be the short/domainless version and the record in Azure AD appears to have the mailnickname populated. If I use the "startswith(displayName,'Oscar')" in the UserFilter to try with a different record it seems to fail in the same way. I have tried it again but with the proper userPrincipalName capitalisation in case it was case sensitive but to no effect. Previous runs seem to have got past this record and gone on to list all users to the log file but it's getting stuck at the first record now. If I update the account mapping values UserID/LoginID/EmployeeID to use the .userprincipalname instead of .mailnickname value it seems to work without this WARN so perhaps I can use that value but with our domain taken out instead using one of those inline 'startswith' functions? Thanks for your help. Kind regards, Oscar
  11. Hi there, Great thanks for your help Sam, it looks like setting the specific API key from the specific user on the Hornbill side was the missing link when setting up the KeySafe entry. We've since tried a few imports to try and refine the user filter but the connection is failing stating: [WARN] No Unique Identifier set for this record &map[businessPhones:[] givenNam e:.087 id:0041d-752f-015b3d7c5f mail:087@ourdomain.com mailN ickname:087 surname:ourname userPrincipalName:087@ourdomain.com] This user seems to be normal in so far as we've spotted and no other lines are logged after this warn event and this seems to happen when we've selected .keysearch or .userprincipalname as the UserDN value. Here's the current cof.json in case anyone can spot the problem: { "APIKey": "", "InstanceId": "", "AzureConf": { "KeySafeID": 6, "Tenant": "", "ClientID": "", "ClientSecret": "", "UserFilter": "", "UserID": "", "UserProperties": [ "givenName" , "surname" , "businessPhones" , "mail" , "mailnickname" ], "APIVersion": "v1.0", "Search": "users", "UsersByGroupID": [ ] }, "User": { "Operation":"Both", "UserDN": "{{.keysearch}}", "HornbillUniqueColumn": "h_user_id", "AccountMapping": { "UserID": "{{.mailnickname}}", "LoginID": "{{.mailnickname}}", "EmployeeID": "", "UserType": "basic", "Name": "{{.givenName}} {{.surname}}", "Password": "", "FirstName": "{{.givenName}}", "LastName": "{{.surname}}", "JobTitle": "", "Site": "", "Phone": "", "Email": "{{.mail}}", "Mobile": "", "AbsenceMessage": "", "TimeZone": "", "Language": "", "DateTimeFormat": "", "DateFormat": "", "TimeFormat": "", "CurrencySymbol": "", "CountryCode": "" }, "Type": { "Action": "Both" }, "Status": { "Action": "Both", "Value": "active" }, "Role": { "Action": "Both", "Roles": [ "Basic User Role" ] }, "ProfileMapping": { "MiddleName": "", "JobDescription": "", "Qualifications": "", "Interests": "", "Expertise": "", "Gender": "", "Dob": "", "Nationality": "", "Religion": "", "HomeTelephone": "", "SocialNetworkA": "", "SocialNetworkB": "", "SocialNetworkC": "", "SocialNetworkD": "", "SocialNetworkE": "", "SocialNetworkF": "", "SocialNetworkG": "", "SocialNetworkH": "", "PersonalInterests": "", "homeAddress": "", "PersonalBlog": "", "Attrib1": "", "Attrib2": "", "Attrib3": "", "Attrib4": "", "Attrib5": "", "Attrib6": "", "Attrib7": "", "Attrib8": "" }, "Manager": { "Action": "__clear__" , "AzField": "userPrincipalName" , "HornbillUniqueColumn":"h_user_id" }, "Image": { "Action": "Both", "UploadType": "uri", "InsecureSkipVerify": false, "ImageType": "png", "ImageSize": "504", "URI": "" }, "Site": { "Action": "Both", "Value": "" }, "Org": [ ] } } Thanks very much for any thoughts anyone has. Kind regards, Oscar
  12. Hi there, Thanks for your help, have added the Hornbill API key to the KeySafe config and saved the changes but the connect button and result when pressed remains the same unfortunately. Made a new API key just in case as i noted the one in there already didn't have an expiry date but seems to be the same. I've seemingly got the non-KeySafe version working but I'm keen to get the KeySafe version functioning as described due to the increased security it offers, but this should at least prove the API details are valid. If I press on and try and use KeySafe entry 6 in the config the logging seems to suggest the tennant is not suitably configured in the KeySafe config: 2022/04/20 15:47:45 [DEBUG] Loading Config File: C:\Entertainer\Hornbill AzureAD Graph/conf.json 2022/04/20 15:47:45 [MESSAGE] Loading KeySafe Authentication Data: 6 2022/04/20 15:47:45 [ERROR] Error Loading KeySafe Authentication: The API key being used does not have permission to access this keysafe record 2022/04/20 15:47:45 [ERROR] Error Decoding LDAP Server Authentication: unexpected end of JSON input 2022/04/20 15:47:45 [DEBUG] Tenant found in KeySafe: 2022/04/20 15:47:45 [ERROR] azure Tenant is not set 2022/04/20 15:47:45 [ERROR] Please Check your Configuration: goAzure2HUserImport But the Azure App Registration Tenant ID is filling the Hornbill "API Endpoint" box as I read is required, and it's also the same TenantID that works when supplied through the non-KeySafe route. Thanks for your help. Kind regards, Oscar
  13. Hi there, So under the part of the KeySafe config called API Key Permissions, if I click on the green + symbol it just states that there're no permissions found to add: "No API Keys Found". How can I best check on the current API Key and KeySafe entry marrying and that the permissions you mention are confirmed? I'm quite sure I've pressed the buttons to confirm the AzureAD user and group read permissions when creating the app registration and API key and they all showed a green tick after, each time we attempted to set up the API. The Azure AD page warns me that I should be using MSAL rather than ADAL but no idea what either are. Thanks for your help.
  14. Hi there, When making a KeySafe key I only see one option named "oAuth 2.0" and when I enter the details stipulated on the Azure User Import instructions the Connect button appears after saving changes to the KeySafe entry. Have gone through again from scratch in case have made errors and seem to be making the same ones this time round too whatever they are, other screens captured for second pair of eyesness. Thanks for your help. Kind regards, Oscar
  15. Hi there, Trying to get the Microsoft Graph API connection set up to allow us to sync usernames but seem to be having issues whether using the secret in the json or using the KeySafe method. When trying to set up the KeySafe method and hitting the 'connect' button it says that it's been unable to connect ("Unexpected Exception: Failed to load the requested oauth2 config") and when configuring the key values and data in the .json config file itself the debug log reports endpoint returning a 401 error ("2022/04/12 12:05:49 [DEBUG] [SCRIPT] Generating Bearer Token 2022/04/12 12:05:49 [ERROR] [Azure] BearerToken Error: Invalid HTTP Response: 401"). I have recopied the client ID, client secret/value, and tenent ID several times as errors with seems to be the most widely reported reason for this error but to no avail. The executable/zip appears to be the current one linked to on github by the instructions at https://wiki.hornbill.com/index.php?title=Azure_User_Import and https://wiki.hornbill.com/index.php?title=Azure_App_Registration_Instructions. I'm not entirely sure we've populated all the required values on the KeySafe given how empty it's looking after we've plumbed in all the details we are aware of and given the error message but not sure how we'd even determine what the other values should be. Please can anyone advise what we might try next or that we might have overlooked, don't seem to see any KeySafe logs at https://wiki.hornbill.com/index.php?title=Hornbill_KeySafe either unfortunately. Thanks for any thoughts you might have. Kind regards, Oscar
  • Create New...