Contact Us
If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.
Neil Langston
neil@powersyncpro.com
2
Article
Last Month
-50.0%
Bulk Token Retrieval Failed (AADSTS90092)
Published October 25th, 2023 by Neil Langston
In rare circumstances your tenant may be missing important components to enable the creation of the Bulk Enrolment Token when configuring your Directories. The errors can be: “Bulk Token Retrieval Failed” "AADSTS90092: Non-retryable error has occurred" To fix this, you may need to create a Service Principal called Microsoft.Azure.SyncFabric . Check
legacyExchangeDN and other mail attributes - implicit writes
Published September 29th, 2023 by Neil Langston
Default processing PSP will always process the following attributes when Mail-Enable is selected. mail mailNickname proxyAddresses groupType reportToOrignator If those attributes are present on the source object, they will be written to target. The legacyExchangeDN is written to the proxyAddresses attribute as an x500 address. If they are not prese
Microsoft errors from the field
Published December 12th, 2024 by Neil Langston
With any workstation migration, the device is at the whim of many controlling factors, to name a few: GPO, Active Directory, Intune, DNS, network, VPN, installed software, conditional access, tenant configuration, permissions, enterprise apps, Entra ID, and more. We have other articles related to Intune enrolment which may also help guide you to a
Migration Agent is not starting or registering on a device
Published June 25th, 2024 by Neil Langston
Event viewer & agent reporting Application Event viewer is your friend here, look for any errors, problems are likely to be there on the device. Within the server navigation in Migration Agent, use the reports section to review where there might be problems “Agents”: Is the device registered “Agent logs”: see granular information on the progre
Documentation & binaries
Published July 6th, 2023 by Neil Langston
Before you start Please ensure you have read the PowerSyncPro – Prerequisites document and installation guide, and are building a supported scenario for PSP. PowerSyncPro TM Directory Synchronisation Prerequisites https://downloads.powersyncpro.com/current/PSPSync-Prerequisites.pdf Installation Guide https://downloads.powersyncpro.com/curren
No License for Domain
Published July 19th, 2023 by Neil Langston
You want to export (make changes) in your environment however, you see “No License for Domain” PSP is in a fully featured simulation mode. In other words, you have not purchased a license. or, the directory you are connecting to is not part of your license. or, you have not installed the license All features are available to you - apart from Expo
Create PowerSyncPro Entra ID App Registration
Published November 27th, 2024 by Neil Langston
To smooth the creation of your PowerSyncPro Entra ID Application in the source or target tenant the script below will create the full requirements for directory synchronisation (read & write) and enable features for creating the bulk enrolment token for device migrations to become cloud native (Entra Joined). Requirements: An activated Global Ad
Restrict access to Logon page from the internet.
Published May 22nd, 2025 by Neil Langston
How does PowerSyncPro Migration Agent communicate with the PowerSyncPro server? For the vast majority of our customers and partners, PowerSyncPro is presented to the internet for Migration Agent over HTTPS onto their own hosted PowerSyncPro server. This is so that PowerSyncPro Migration Agent installed on your workstations can perform the following
Sync profile has a * (asterisk) next to it
Published July 19th, 2023 by Neil Langston
You have made a change in PSP which requires a “What If” review and approval before the job can complete. For example When you make changes to a sync profile, or many other places in PSP, there is a failsafe to ensure you will not cause unintended changes to your environment. You need to review the “what if” report to ensure that the changes y
User Choice Protection Driver (UCDR) causing Explorer or icon flickering issues.
Published May 20th, 2025 by Neil Langston
Microsoft are rolling out a new enhancement into Windows to prevent the default applications being modified, this is called the User Choice Protection Driver or UCDR. You may have seen the following errors in the logs Failed to process [HKEY_USERS\<user SiD>\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\<protocol>\UserC
Requirements validation on the PowerSyncPro Server
Published November 27th, 2024 by Neil Langston
You can easily check all requirements are installed on your PowerSyncPro server by running the script below. This script gives you the possibility to performing checks for both Directory Synchronisation and orchestrating device migrations using Migration Agent. Furthermore, if you do not have a firewall enabled, you can also ignore any firewall port
Group managed service account
Published June 19th, 2024 by Neil Langston
You can use the common commands below to create and use a Group Managed Service Account “gMSA” for your PowerSyncPro DirSync Server installation For detailed gMSA information please refer to this article Getting Started with Group Managed Service Accounts in Windows Server | Microsoft Learn Update the highlighted sections according to your envir
"Is not null" and "is not empty" not working as expected.
Published June 25th, 2024 by Neil Langston
In active directory, an attribute value can have many states. Null and blank (is empty) are two different states for an attribute value. PowerSyncPro can handle this circumstance, by combining both states to ensure you have the flexibility when you want to use Null independently on a different expression. For example, if you want to employeeID a
Cannot manipulate targetValue in complex expression.
Published October 4th, 2023 by Neil Langston
You want to manipulate the target value when performing directory synchronisation and modifying attributes. Directory synchronisation in PowerSyncPro focusses on using source attribute values to determine what the target value should be. The resultant target value for an attribute can be calculated from the result of a complex expression or simpl
Best practice for using userAccountControl in scoping
Published June 25th, 2024 by Neil Langston
A robust and more reliable way to identify the userAccountControl state in scoping is by using its property flags in your complex expression. For example, if you want to scope on the userAccountControl attribute to 0x0202 in hexadecimal (0x002 + 0x0200) in decimal, it's 514 (2 + 512) = ACCOUNTDISABLE, you would use the decimal value 2. (you can re
Setup Migration Agent to reconfigure Azure Information Protection
Published August 4th, 2023 by Neil Langston
If you would like to remove AIP (Azure Information Protection) from your workstation you need to obtain the correct information to populate into your runbook to remove AIP from the device. Here is the Migration Agent Runbook option for AIP. To obtain the correct information, you'll need to run the following cmdlets with Global Admin in both your
AADSTS135010 UserPrincipal doesn't have the key ID configured
Published April 8th, 2025 by Neil Langston
The other error related to this is: Authorisation code not received from authorize endpoint call. We have seen this error when the organisation has a restriction on “Users may join devices to Microsoft Entra” and they come to generate the bulk enrolment token (BPRT) for Entra Joining devices within the PowerSyncPro directory setup for Entra ID.
PowerSyncPro top 10 features
Published July 25th, 2023 by Neil Langston
PowerSyncPro Migration Agent 1. Migrates Windows 10/11 devices2. Migrates between Active Directories and/or Microsoft 365 tenants (AAD Join states)3. Re-permission Windows User profiles4. Reconfigure Microsoft Desktop Applications: Outlook, Teams, OneDrive, OneNote, Office Apps - reconfigure any application as it also has custom scripting capabili
I've configured an SSL certificate in PowerSyncPro but my browser is not HTTPS
Published October 5th, 2023 by Neil Langston
There are two places which are distinctly separate which have the possibility of a certificate, one compulsory and one optional: Compulsory: Secure Migration Agent Communication, this is a certificate which is you generate in PowerSyncPro Migration Agent Server configuration which supersedes the PreSharedKey (PSK) when the device is registered, th
Licensing of PowerSyncPro
Published October 5th, 2023 by Neil Langston
PowerSyncPro should be implemented by a certified Partner to ensure your project is successful. This is important as you are configuring identity and devices which are the bedrock of your environment. Please contact us so we can put you in contact with a certified partner for your geography, or if you already have a partner, we are happy to on board
Win32Exception (1): Incorrect function.
Published July 19th, 2024 by Neil Langston
Error: Category: AgentBase EventId: 0 Error calling GetAzureAdJoinInformation Exception: System.ComponentModel.Win32Exception (1): Incorrect function. Cause: You have installed the migration agent on a machine which is not joined to an Azure/Entra domain or an Active directory domain. Currently we do not support WORKGROUP based migrations. If you
SMTP entries do not flow
Published July 20th, 2023 by Neil Langston
If you find SMTP domains are not flowing from source to target in an attribute like proxyaddresses, you need to add the domains into “SMTP Domains”. If your smtp domain is not listed it will not flow. One exception is that the mail attribute will always become the primary SMTP entry in proxyAddresses. Domains are removed before mappings. He
How to create a command line package to Run.
Published October 17th, 2024 by Neil Langston
At the start-up or completion of your runbook you can run a script that will run as the local SYSTEM Account. You will need to package the script within a zip file for it to execute. There are lots of options here, if you wish to run PowerShell to create a folder here is an example: Create a file called “ cmdline.cmd ” this will be run using comma
Workgroup workstation migration process
Published December 4th, 2024 by Neil Langston
PowerSyncPro Migration Agent can convert a device from a workgroup to e.g. Entra Joined retaining the user profile. NOTE: ensure the version of the Windows 10 or 11 is Pro, so it can connect to your corporate network. Home editions do not allow this. As in any project, you should also consult your device management team and identity access teams
Load More