An Exchange Online license was applied to the user before the Exchange GUID got synchronized from on-premises Active Directory. For synchronized accounts, having the Exchange GUID synchronized from on-premises is used to tell Exchange Online that the mailbox hasn’t been migrated yet, and is what allows customers to pre-license accounts prior to migration. From: My user has a mailbox both on-premises and in Exchange Online. So, in my case many times we get into situation where license is applied before Exchange GUID is synchronized to O365. I am using this script to check whether user has two mailboxes. Script closes Exchange session BEFORE it opens connection to Exchange Online as both use same commands. You can use Get-Mailbox both on-prem and Online, therefore it is crucial to close connection before you open other. # DISCLAIMER: # This code is provided "as is" without warranty of any kind, either express or implied, including but not limited to the implied warranties of
An untrusted certification authority was detected while processing the domain controller certificate used for authentication additional information be available in the system event log . Please contact your administrator.
I was trying to log in with Smart card (Yubico in my case) but server could not log me in and returned the error: An untrusted certification authority was detected while processing the domain controller certificate used for authentication additional information be available in the system event log. Please contact your administrator. Checked the certificate store and required certificates were in the store. In my case Root CA and Intermediate CA certificates. When I ran the command certutil -viewstore -enterprise NTAuth in the elevated PowerShell window I got no certificates. Therefore, I exported the intermediate certificate from the store (certmgr.msc), put it in the C:\TEMP path and ran: certutil -enterprise -addstore ntauth "C:\TEMP\intermediate.cer" After that I was able to sign in with smart card. Whay certificate was not propagated through domain is still a mystery :)