When you connect to as many different Office 365 tenancies as I do, it’s easy to lose track of which tenant you’re connecting to – especially if you’re working on one project, but logging on to another tenant to test changes.
Sure enough, I was testing OneDrive sync restrictions for a client, and I accidentally ran the cmdlets in their production tenant, and not in my test tenant like I thought. Basically, the purpose of the cmdlet is to only allow domains on a safe list to sync – everything else (including Macs) gets blocked.
Needless to say, I was horrified when users company-wide started reporting that their OneDrive sync had stopped working! Thankfully, I was able to reverse the changes fairly quickly, and my client took my mistake and profuse apologies in good grace.
Now, it’s one thing to call this a Lesson Learned, and say that you should always double check your tenant name before you connect to run PowerShell commands, but a good friend and colleague of mine has a saying about lessons learned that I’ve taken to heart:
“There are only three responses to lessons learned: either we need more research, give feedback to the consultant, or change the process.”
So I took my feedback like a big boy, and decided that I was going to figure out how to change my process to prevent these types of mistakes from happening again – and I re-wrote my connection script to force me to put in the tenant name every time I connected. It can’t completely prevent mistakes, but it at least prevents autodialing the wrong tenant if I’m not paying attention to what I’m doing.
Here’s what the script looks like:
ram ( [Parameter(Mandatory=$true,ValueFromPipeline=$false)] [String] $TenantName = "") $spoDomain = "https://" + $Tenantname $spoDomain = $spoDomain + "-admin.sharepoint.com" $objCreds = Get-Credential Connect-SPOService -Url $spoDomain -credential $objCreds Connect-MSOLService -credential $objCreds
And here’s a copy that you can download and use if you’d like: Connect-SharePoint-Online.ps1. Simply run this script with the -TenantName parameter, like so:
.connect-SharePoint-Online.ps1 -TenantName Contoso
If you only ever connect to a single tenant, all you need to do is change your connection string to look like this:
This connects you to both SharePoint Online, as well as the MSOL Service so you can query/manage AD objects as well.
$objCreds = Get-Credential $spoDomain = "https://contoso-admin.sharepoint.com" Connect-SPOService -Url $spoDomain -credential $objCreds Connect-MSOLService -credential $objCreds
Hope this helps… as always, scripts or cmdlets are provided without any guarantees on my part – read it over and make sure you know what you’re running before you execute scripts in a production environment!