Lessons Learned, SharePoint Online Edition

When you connect to as many different Office 365 tenancies as I do, it’s easy to lose track of which tenant you’re connecting to – especially if you’re working on one project, but logging on to another tenant to test changes.

Sure enough, I was testing OneDrive sync restrictions for a client, and I accidentally ran the cmdlets in their production tenant, and not in my test tenant like I thought. Basically, the purpose of the cmdlet is to only allow domains on a safe list to sync – everything else (including Macs) gets blocked.

Needless to say, I was horrified when users company-wide started reporting that their OneDrive sync had stopped working! Thankfully, I was able to reverse the changes fairly quickly, and my client took my mistake and profuse apologies in good grace.

Now, it’s one thing to call this a Lesson Learned, and say that you should always double check your tenant name before you connect to run PowerShell commands, but a good friend and colleague of mine has a saying about lessons learned that I’ve taken to heart:

“There are only three responses to lessons learned: either we need more research, give feedback to the consultant, or change the process.”

So I took my feedback like a big boy, and decided that I was going to figure out how to change my process to prevent these types of mistakes from happening again – and I re-wrote my connection script to force me to put in the tenant name every time I connected. It can’t completely prevent mistakes, but it at least prevents autodialing the wrong tenant if I’m not paying attention to what I’m doing.

Here’s what the script looks like:

ram (
[String] $TenantName = "")

$spoDomain = "https://" + $Tenantname
$spoDomain = $spoDomain + "-admin.sharepoint.com"
$objCreds = Get-Credential

Connect-SPOService -Url $spoDomain -credential $objCreds
Connect-MSOLService -credential $objCreds

And here’s a copy that you can download and use if you’d like: Connect-SharePoint-Online.ps1. Simply run this script with the -TenantName parameter, like so:

.connect-SharePoint-Online.ps1 -TenantName Contoso

If you only ever connect to a single tenant, all you need to do is change your connection string to look like this:

This connects you to both SharePoint Online, as well as the MSOL Service so you can query/manage AD objects as well.

$objCreds = Get-Credential
$spoDomain = "https://contoso-admin.sharepoint.com"

Connect-SPOService -Url $spoDomain -credential $objCreds
Connect-MSOLService -credential $objCreds

Hope this helps… as always, scripts or cmdlets are provided without any guarantees on my part – read it over and make sure you know what you’re running before you execute scripts in a production environment!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.