Monday, December 1, 2014

Fixing conflicts and errors with Active Directory synchronization to Office 365 and Azure

Sometimes user accounts (or objects) that have been deleted and then recreated on your Active Directory will become out of sync with Office 365 meaning changes to passwords and other attributes won't sync properly. Another cause is a change in the configuration of your Azure Active Director Sync utility, such as changing the SourceAnchor attribute.

DirSync is more common in the Office 365 user base because its replacement, Azure Active Directory Sync was recently released in September of 2014. For a comparison of the two tools visit Microsoft's Directory Integration Tools page.

If you have objects out of sync or conflicting you might receive an error message email every few hours when the AAD Sync utility is run.


You should also see the errors in the Event Viewer and Application Logs on the Windows Server running the utility.

In some cases, the Microsoft's own Office 365 IdFix tool can't find the problem, and thus can't fix it.

By reviewing the contents of userdetails.csv output by the PowerShell command:
get-msoluser | export-csv userdetails.csv
we were able to see that the ImmutableID was set incorrectly due to a prior sync configuration or that the on-premises Object ID shown in the error message above was already connected to another user.

Somewhere along the line, Microsoft removed the ability change or clear the ImmutableID attribute without first disabling Directory Sync for the organization so most internet postings we found while looking for a solution are no longer valid. Some postings showed that back in 2012 you could set the ImmutableID from PowerShell. Today you can only clear it to null if Directory Sync is deactivated.

Deleting (setting to null) the ImmutableID attribute on Office 365/Azure Active Directory solved the sync problem for us. You can no longer change it to match but the directory sync utility will re-populate it for you. Here's how to do it.

Start by disabling the Azure AD Sync Scheduler task in Task Scheduler on the Windows Server that runs AAD Sync:


Next Deactivate Directory Sync on your Office 365 Admin console:



In our experience, it actually takes a couple of hours during business weekdays and about 10 minutes on a Saturday night to deactivate, but it could theoretically take up to 72 hours to complete.

Copy the commands below into a new text file and save it as eraseimmutableid.ps1, change the $upn value accordingly and run it:
set-executionpolicy RemoteSigned
Import-Module MSOnline
Connect-MsolService
$upn = "sampleuser@domain.com
$oid = (Get-MsolUser -UserPrincipalName $upn).ObjectID
Write-Output "Before:"
Get-MsolUser -UserPrincipalName $upn | select userprincipalname,ImmutableID,ObjectID
Write-Output "`n`nAfter:"
set-msolUser -ObjectID $oid -immutableID "$null"
Get-MsolUser -UserPrincipalName $upn | select userprincipalname,ImmutableID,ObjectID
Now re-enable the sync service in Task Scheduler and run it manually.

If you still see errors keep looking at the results of userdetails.csv mentioned above. Search for the email addresses and Object IDs shown in the error message email.

Feel free to reach out to InterlockIT.com for assistance with your Office 365 Directory Synchronization configuration and fine tuning.

Thursday, November 20, 2014

Interlock IT earns two Microsoft Silver Competencies!

Cloud Computing is entering its second second stage of hypergrowth in enterprises. Forrester estimates the public services cloud market will grow to $191 billion by 2020, a huge leap from "just" $58 billion in 2013.

Businesses of all sizes are looking to roll out fully cloud-enabled productivity suites with a minimum of disruption to their business. We've seen a huge uptick in demand for cloud-based systems that remove the stress of administering your own email system or file server and let you focus on the things that matter—like finding new clients or executing on projects.
Early in his career as Microsoft's new CEO, Satya Nadella knew that the way forward both for Microsoft and other businesses was "mobile first, cloud first." Shouldn't your business be able to work from anywhere in the world, on any device, at any time?

Office 365 plans start at $5.10 per user per month and for $12.90 per month the desktop versions of the Office suite are included. At that price managing on-premises email servers or paying for hosted Exchange no longer makes sense.


As a Microsoft Partner with Silver-level Competencies in both Small and Midmarket Cloud Solutions and Cloud Productivity, the team at Interlock IT is well-positioned to help you move from your antiquated email system that doesn't work at the pace of modern business.

Wednesday, October 29, 2014

Automating Quickbooks from the Cloud

For all the benefits working in the cloud provides, sometimes migrating every aspect of your business operations to cloud services is not an option.  What do you do when your CRM and Project Management are cloud based, but you need to move data back to Quickbooks on the desktop?

One answer: get in touch with Interlock IT.

Our client had already switched their Contact and Project management to Norada's Solve CRM when they did just that:
I would like to integrate the Solve CRM API with Quickbooks to automate our workflow bidirectionally between Solve CRM and Quickbooks. We use Quickbooks Enterprise Construction Edition.
Our first response was to rule out other options, couldn't we move accounting into the Cloud? Specific features of the Quickbooks Contractor edition were mission critical; there was no direct cloud replacement. Xero, Quickbooks Online, and Freshbooks would not meet their needs at this time.

Enter the Quickbooks Web Connector, a legacy application released by Intuit, the makers of Quickbooks, designed to allow desktop editions of Quickbooks to communicate with web-applications, also known as the Cloud!

Armed with a method of communicating with Quickbooks on the desktop, we dug into the clients specific needs and developed the solution below.

Setting a Revenue Opportunity to "Won" in Solve CRM kicks off the process.
When a revenue opportunity is marked Won in Solve CRM, the following occurs automatically:
    • Instantly create a Customer and Job in Quickbooks with details from the Solve CRM Company record.
    • Add an Estimate to the Job and convert it to a Sales Order, using details from the revenue opportunity.
Details from Company record and Opportunity are synced into Quickbooks.
Now the accounts team can take over and work with the project in Quickbooks, tracking progress and financial details on the automatically created job in Quickbooks.

Finally, our system syncs financial report figures back into Solve CRM, allowing for reports on project finances to be generated entirely from data in the Cloud, avoiding a time consuming manual process of matching Quickbooks reports with Solve CRM Opportunities.

Later, Quickbooks report values are synced back into Solve CRM automatically, simplifying project based reporting.
The technology stack used to implement this solution consists of Google Apps Script and Python on the Google App Engine.  Webhooks triggered from within Solve CRM call out to a Google Apps Script living on Google Drive.  The Apps Script processes the Webhook and determines the required action. If Quickbooks related actions are required, the Apps Script passes the request onto the Google App Engine application, which handles SOAP based communication with Quickbooks, using QBXML.

The Quickbooks Web Connector polls the App Engine application and consumes any new actions that have been passed from Apps Script, returning results to the App Engine. The App Engine then feeds data back into Solve when necessary.

The end result is an integrated solution that saves time, reduces errors, and provides staff access to important financial data direct from Quickbooks!

Try Solve CRM for Free.

Wednesday, September 24, 2014

Updated guide to embedding an image in your Google Apps for Work signature

Earlier this year we posted a guide for using Google Drive to host images embedded in your email signature and it's been one of our most popular articles. However, Google recently changed the behaviour of Drive's image viewer, so this method no longer works. Instead, you now need to use Google+ Photos (formerly Picasa) to upload images and link to them directly. Here's how.

First, if you don't have one already, create a Google+ account with your Google Apps for Work email address by visiting http://plus.google.com. (You'll need to make sure your domain administrator has enabled Google+ for this to work.)


Next, either head directly to Google+ Photos or hover over the Home icon in the top-left corner of the page and click Photos, then click the Upload photos link along the top of the page. Upload the image you'd like to use as your signature, and click Done.


In the Share album dialogue box that appears, type "Public" in the To: box and click Share.


The image should now open in an album view; click the image to open it on its own. Right-click on the image and select Copy image URL (assuming you're using Google Chrome; in Firefox this is "Copy Image Location"). The resulting URL will look something like this when you paste it:
https://lh6.googleusercontent.com/-LDvF-aANinE/VCMjrpWet7I/AAAAAAAAA0U/eE1oYgtVrKo/w150-h70-no/Interlockit_Logo%2B150x70.png
Copy this entire URL into the Add an image dialogue box of the signature editor, and you should see a preview of the image you're about to insert.



If you see the preview correctly, click OK and you're all done! The image you uploaded will now be linked in (rather than attached to) your signature, won't make your messages larger than they need to be, and shouldn't trigger spam filters.

If you're a regular Google+ user, then uploading the image(s) you use in your signature will show up in your Google+ stream and other users will be able to see the posts. If you'd rather not have the uploads clog up your stream, head over to your profile, hover over the photo you want to remove from your stream, click the down arrow in the top-right corner and click Delete post. This will not remove the photo attached to the post, but will stop the upload from showing up in your own or others' streams.

Friday, August 15, 2014

Chromebooks and centralized management of devices

We've mentioned in past blog posts that we're well-equipped to tackle anything we might need with nothing more than a web browser and a laptop. So why bother spending hundreds or thousands of dollars outfitting the team with laptops that will only run a web browser? Why not invest in smaller, cheaper, faster laptops that are designed around a suite of web-based applications? That's where Chromebooks come in.
Google's Chromebook Pixel
Chromebooks can boot to the desktop in less than 10 seconds, automatically update on their own, include built-in virus protection, and integrate very tightly with the Google Apps suite. If you're already using Google Apps, it's the perfect laptop for your sales team that uses email, calendar, contacts, Solve360 CRM, Google Drive, and more. Chromebooks can even edit Excel and Word files for no additional cost.

If you still need to run Windows-exclusive software, install one of many RDP (Remote Desktop Protocol) clients from the Chrome Web Store and connect to a Windows Terminal Server or Windows desktop computer.

Add in the Chromebook Management Console and you can manage thousands of Chromebooks from your Google Apps admin control panel to make your life even easier. You can configure wireless networks so users are up and running as soon as they log in, allow or block guest access to the machines, and much more. By design Chromebooks are encrypted and highly secure, and since all your data is stored in the cloud, users can pick up any available Chromebook and be productive in seconds.

A Chromebook even works great offline for drafting emails, managing appointments, and editing documents.

The best part is, as always with Google, the price. Chromebooks start from as low as $249 CAD and a one-time license for the management console costs just $161 CAD for businesses or $32 CAD for education users, available from us here at InterlockIT.com.

Thursday, June 19, 2014

How Google Apps for Business Turned Cobblestone Into an Even More Efficient HR Machine

Employing client-tailored solutions that are unique in a crowded marketplace, Cobblestone Human Capital is a recruitment and HR optimization firm trusted by some of Canada’s top employers, Fortune 500 multinationals and companies across North America and in Europe. Empowering clients with tools, knowledge, experience and support, Cobblestone (www.cobblestonepath.com) drives the success of diverse organizations by helping them to recruit top talent and efficiently manage their human resources at a fraction of the cost of traditional solutions.

CobblestoneGoogle.jpg

Information Technology (IT) is a critical part of what they do.

Being highly experienced, knowledgeable experts, Cobblestone’s employees operate independently and remotely, yet still function as a team to deliver the various components of any HR mandate. Keeping a widely dispersed staff continually in the loop demands both real-time access to information and easy contact with each other.

The Dark Ages

Unfortunately, this demand was increasingly not being met. As Cobblestone’s business grew, so too did the strain on their antiquated backend systems.

The company’s technology was old school. Server-based applications, individual user licenses, constant IT fixes: not a cloud in sight.

Specifically, managing client information was a chore. The team accessed their CRM via virtual private network (VPN), which led to constant delays and lost time. Giant headaches were the norm, usually caused by repeated banging of heads to walls. It was such a hassle accessing the shared server that staff sometimes didn’t enter key information in a timely fashion. As you can imagine, for a client-focused business like Cobblestone, incomplete or inaccurate CRM is deadly.

Furthermore, the CRM required individual licenses specific to each employee’s operating system. Not only was this costly, it required constant IT supervision. Not a week would go by without a service call from an IT specialist to fix the latest glitch.

And nothing talked with anything else. Client management, invoicing and accounting, all handled by standalone apps, sat in separate silos. So huge amounts of time were wasted shifting between each system and trying to ensure consistency across them.

IT had become a constant distraction. It was affecting business relationships and the bottom line. Staff were fed up with inefficiencies that were making business and project administration more challenging than it needed to be. Something had to give.

The Clouds Part

Being an HR shop, Cobblestone’s leaders listened to their team. They recognized that growing the business while continuing to deliver maximum value to clients warranted a complete rethink of their IT systems.

Cobblestone expertise lies in HR & recruitment, not IT. Of course, its people have a firm grasp of the technologies that can power an effective backend. But when it comes to implementing specific solutions, they knew it was critical to turn to outside experts.

Enter Blair Collins at Interlockit.com. His task was to pick up where Sheepdog (a cloud computing consultant) left off. He worked to help Cobblestone redesign their IT systems, with a goal to streamline all their processes, from CRM to communications, to invoicing and accounting.

Blair worked with Cobblestone to build on the foundations of Google Apps for Business deployed by SheepDog. This provided the platform through which various applications now connect and work seamlessly together. He also made informed recommendations on which third-party apps to consider for managing sales prospects, billing clients and keeping track of finances.

Thanks to Blair’s good work and sage advice, Cobblestone’s operations now hum along nicely:

  • Team members connect through conference calls within Google Hangouts.
  • Incoming calls, including those to the toll-free number, are routed through a VoIP system.
  • And through API connections and single sign-on, Cobblestone’s Google Apps link to its other cloud-based applications: Solve360 for CRM; Freshbooks for invoicing; Xero for accounting; and Compas for ATS.
  • A change made in one application is immediately communicated to and reflected in other relevant apps. So for example when a client pays an invoice, the CRM and accounting data gets updated accordingly, and notifications get sent via email to the right team members.

Critically, the ancient server got the boot. Everything has moved to the cloud, ensuring that information is accessible in real-time, wherever and whenever needed.

And just as importantly, costs have dropped significantly. It’s less expensive to use Google Apps and other solutions than the old system. And with the efficiencies made possible by the change, team members spend less time managing information and more time on servicing clients. Cobblestone can in turn pass savings on to clients, who benefit from rates up to fifty percent below the competition’s.

All in all, these changes have given Cobblestone the edge it needs to focus on delivering HR and Recruitment value to clients.

Case Study in Google Doc format

Friday, June 13, 2014

Customer case study: Google Apps and Xero work together to drive efficiency

At InterlockIT.com, we're Google Apps Resellers with a CPA on staff who noticed that there was a distinct lack of integration between accounting software (specifically Xero) and the wonderful collaborative features built in to Google Spreadsheets. We wondered if there was a way to maybe get the two to work together...

We built our powerful Xero reporting engine called Blink Reports to give users a faster and easier way to produce financial spreadsheets and reports from their accounting data. What we've learned along the way is that we can do so much more with the new Google Spreadsheets and Xero than we ever imagined was possible.



TargetCW is a leading provider of contingent workforce services across the US and overseas. Their corporate Kaizen philosophy of continuous improvement applies to their accounting and financial processes too. Xero recommended that Ryan Anning at TargetCW test out our Blink Reports for Xero reporting engine to overcome the limited number of columns that are normally shown on the profit and loss statement. Ryan's goal was to produce a revenue and cost analysis by worker which requires a report with more than a few hundred columns! It turned out that his need was so unique that initially our Blink Reports engine would produce an error due to waiting too long to receive the data from Xero.

On a standard profit/loss report, it's unlikely that you'd need such a wide spreadsheet, and indeed Google Sheets has traditionally had a 256 column limit. Thankfully, with the new version of Google Sheets (now the default), this limit and a number of others no longer exist. Need to generate a huge 100% cloud-based spreadsheet, with up to 2 million cells and the share it securely in real time with others? Not a problem. Google Sheets will do it for you right from within your web browser.

The technical side of how we fixed Ryan's challenge is quite clever, but we won't go into too much detail here. Mainly, we're using Google App Engine to handle all the hard work between the user's Google Spreadsheet and their Xero accounting data. Due to the flexibility of Google App Engine we were able to adapt our code, test it live without impacting existing Blink Reports users, and then make it the production version with zero downtime.

The solution means that Ryan can now generate large reports like the one you see below (click to enlarge). Note the columns stretch all the way to KJ—representing nearly double the original column limit—and it will continue growing as needed.


Xero's built-in reporting engine has good functionality, but when you need to analyze the data in a spreadsheet you're forced to export the report to Excel or Google Sheets format. This leads to static financial data that becomes quickly out of date. To put it bluntly, Xero simply cannot generate reports to rival what we can do on the Google Cloud Platform with Google Sheets.

With Google Spreadsheets and Blink Reports, all of a sudden you can review this month's revenue and expenses by worker, then change two date fields and see a different month (or even year) for comparison.

Offloading the pain of financial reporting to Blink Reports from Interlockit.com means that Ryan at TargetCW can now work more quickly through his finances and focus on the things that matter: generating business instead of generating spreadsheets.

Friday, May 23, 2014

Microsoft Azure vs. Amazon Elastic Cloud Compute (EC2)

In our increasingly cloud-based world, it can be difficult to work with more traditional client- or server-side tools to do what we need. At Interlock IT, we're well-equipped with nothing more advanced than a web browser and a laptop for day-to-day work, but sometimes we just need that little bit of extra horsepower.

So, what to do? Well, we could spend thousands of dollars building our own workstations and servers, but why not leverage the cloud once again? A couple of years ago, we started using Amazon's Elastic Cloud Compute (EC2) service; a central part of their Amazon Web Services infrastructure. AWS powers a host of websites, services, and more that you probably use every day—including, notably, Netflix.

EC2 allows you to get servers up and running in an Amazon datacentre fairly quickly and relatively painlessly. But even Amazon, for all their consumer-friendliness, hasn't managed to make it quite easy enough just yet. Setting up a new server takes many steps, including opening ports, setting security groups, assigning storage blocks (and choosing which type you'd like), and more. It's a lot of initial setup work, but once you're up and running, it just works.


Microsoft, on the other hand, has been steadily building out it's own Azure cloud platform since it launched in 2010. While Microsoft's service is a little younger (Amazon had a four-year head start with EC2), it meant that Microsoft could take a look at what Amazon was doing and set up their service a little bit differently.

Instead of having to wade through fifteen menus to get a new server up and running on Azure, there's five simple screens that ask you for a bit of information to set up your server, and then Azure does the rest.


I've done this repeatedly over the course of the last few months since we started using Azure and can get a new server up, running, and connected in less than five minutes. It's great!

To make things even better still, if you pre-pay your Azure account, the system can track your daily usage and forecast what your bill will be at the end of the month. No more worrying if you're going to be stuck with a huge bill at the end of the month.

We've switched most of our Windows cloud server needs to Azure because we find it a more powerful, easier-to-use option than Amazon's venerated EC2.