Check users email fields-
get-aduser -Filter * -Properties mail | select name,mail | Out-GridView
Command to copy-
Get-ADUser -LDAPFilter '(userPrincipalName=*)' ` -Properties userPrincipalName,mail | Select-Object * | ` ForEach-Object { Set-ADObject -Identity ` $_.DistinguishedName -Replace ` @{mail=$($_.userPrincipalName)} }
Here is how to set up Mimecast to work with Duo's Cloud SSO. The online instructions are confusing and inaccurate.
DUO SSO-
Deploy and configure DUO SSO if you haven't already.
https://duo.com/docs/sso
DUO Application-
In Duo, go to Applications, click Protect an Application, search for Generic, there will be two Generic Service Providers, select the one that says "2FA with SSO hosted by DUO".
Fill in the following-
Entity ID- us-api.mimecast.com.ACCOUNTCODE (Replace account code with your account code, it will be something like CUSA88U99)
Assertion Consumer Services ACS URL- https://us-api.mimecast.com/login/saml
Copy the metadata URL to notepad, you'll need it later.
Name (under settings)- Mimecast
Leave everything else alone, click save.
Mimecast-
Administration, Services, Applications, Authentication Profiles, Default Authentication Profile.
Check the box that says "Enforce SAML Authentication for Mimecast Personal Portal"
Provider- Other
Metadata URL- paste the Metadata URL you copied earlier. Click Import.
Click Save and Exit.
Repeat above if you want to enforce User Applications.
Repeat above in Administration, Services, Applications, Authentication Profiles, Account_Administrators_Authentication_Profile if you want to enforce it for admins.
