Office 365 Teams, webhooks & PowerShell

I do like Office 365 Teams, and have actually started to use the Teams App instead of Skype :-o

If you have not played with it, do, you will  love it.

Anyway, with a Team Channel, you can create an Incoming Webhook connector, that allows you send data to a channel.

In Teams, click on channel and the ellipse (…) and click on Connectors.

In the connectors list find “Incoming Webhook” and click configure.

Give the connector a name and click Create.

This will create the connector and give you it’s url.  Take a copy of it.

You can then use the following PowerShell cmdlets to post to the channel:

$TeamChanneluri = "# the channel url #"

$body=@"
{
  "@type": "MessageCard",
  "id": "list",
  "title": "-TITLE-",
  "TextFormat":"xml",
  "text": "You can use HTML codes like <B>bold</B>  and a <P/>new line or <HR/>line"
}
"@

Invoke-RestMethod -uri $TeamChanneluri -Method Post -body $body -ContentType 'application/json'

How cool is that!  What is good is that you can some standard html codes to make things look nice!

Enjoy

 

Exchange Online Default Email Address Policy

So this was interesting.  I had a user that was failing to create an Exchange Online Mailbox, due to a duplicate tenant address (tenantname.onmicrosoft.com), which us mortal people have zero control over.

After a week of playing I raised a call with Microsoft to see what the hell was going on.

To cut a long story short, the issue was resolved by itself.  “When product group started the troubleshooting mailbox was already created.”  Yeah right! As if by magic after a week it sorts itself .. sorry not convinced!

Anyway, it turns out (according to PSS), that the Default Email Address Policy on Exchange Online actually does nothing, and updating it from the default email template, has zero effect on users!  Which seams a bit odd, but hey!?!

The other interesting thing, is that if two users share the same UPN prefix like bob@domain1.com and bob@domain2.com there will be a conflict because both should get bob@tenantname.onmicrosoft.com as an alias in Office 365.

We have over 100k synced objects and over 600 domains.  So we should have seen this issue before .. but we didn’t.

Anyway, this is where the duplicate attribute resiliency feature of AAD Connect should come in to play, to make sure the attributes are unique. https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsyncservice-duplicate-attribute-resiliency.

However, for the user I had an issue with, this didn’t happen!

The expected behavior should be:

1st user to be synced / provisioned:
UPN / primary SMTP: bob@domain1.com
Secondary SMTP / cloud alias: bob@tenantname.onmicrosoft.com
Remote routing address: whatever is set via Exchange console (using the tenantname.mail.onmicrosoft.com domain)

2nd user to be synced / provisioned:
UPN / primary SMTP: bob@domain2.com
Secondary SMTP / cloud alias: bob1234@tenantname.onmicrosoft.com
Remote routing address: whatever is set via Exchange console (using the tenantname.mail.onmicrosoft.com domain)

So, only the IT gods know what happened, and it shouldn’t have happened in the first place, but welcome to the occasional oddness of cloud computing and Office 365.

UPDATE#1: Resolution from Microsoft: Attribute resiliency feature action generated unique onmicrosoft.com smtp address, but unfortunately with significant delay.

Laters

Exchange Online Mailbox Types

That is interesting.  Been playing with Exchange Online Mailbox types.

With the -Type parameter specifies the mailbox type for the mailbox. Valid values are:

  • Regular
  • Room
  • Equipment
  • Shared

Now I had never noticed this before, but when you switch a mailbox to anything other than Regular, the UserAccountControl changes to AccountDisabled.

That would explain why authenticated SMTP relay to smtp.office365.com would stop working :-o

 

Office 365 SMTP Relay Using Windows PowerShell

We are looking to the future, and getting ready to remove OnPrem Exchange.  To do this we need to deal with SMTP Relay.

Microsoft have this doc to help: https://support.office.com/en-gb/article/How-to-set-up-a-multifunction-device-or-application-to-send-email-using-Office-365-69f58e99-c550-4274-ad18-c805d654b4c4

But I wanted to code it ;-)

Quite simple, you need to use an Exchange Online Account:
$Password = "#mailbox password"
$emailFrom = "#mailbox"
$SMTPServer = "smtp.office365.com"
$SMTPPort = 587
$emailTo = "#recipient"
$msgsubject = "testing testing 1-2-3"
$msgBody = "hello world"
$message = New-Object Net.Mail.MailMessage($emailFrom, $emailTo, $msgsubject, $msgBody)
$message.IsBodyHTML = $True

$smtp = New-Object Net.Mail.SmtpClient($SMTPServer,$SMTPPort)
$smtp.EnableSSL = $true
$smtp.Credentials = New-Object System.Net.NetworkCredential($emailFrom, $Password);
$smtp.Send($message)

enjoy

Using Windows PowerShell to Find an AD User across multiple domains

So, I have a single forest with multiple domains.  I wanted to use the native ActiveDirectory module for find a SamAccountName.

I came up with this:

$sam = "mysam"
$domains = (Get-ADForest).domains
ForEach($domain in $domains){
  Write-Host $domain
  Get-ADUser -Filter 'SamAccountName -eq $sam ' -Server $domain -Properties *| select DistinguishedName
}

Then I had a brain fart!  Why not use a GC?  Its quicker ;-)

$sam = "mysam"
$forest = (Get-ADForest).Name + ":3268"
Get-ADUser -Filter 'SamAccountName -eq $sam' -Server $forest -Properties * | select DistinguishedName

enjoy!

Quest Support Product Release Notification – Enterprise Reporter 3.0

From Quest

“We are excited to announce a new version of Enterprise Reporter 3.0 is now available for download.
Look what’s new:

  • Check out the “What’s New with Enterprise Reporter 3.0” video
    • Support for Office 365 – Azure AD, Exchange Online, and OneDrive for Business
      • Including Azure Tenant, Subscription and Licensing information
    • Take action with Security Explorer Remediation Reports
    • Performance Enhancements with NTFS Collector
    • Enhanced Data Collections with new attributes
    • Configuration options to integrate with IT Security Search “

Using Windows PowerShell to “normalise” a text string

Long story, but I  needed a way to normalise a text string.  Say this:

$txt = "Correo electrónico del usuario"

and I found this:

[Text.Encoding]::ASCII.GetString([Text.Encoding]::GetEncoding(1251).GetBytes($txt))

and the result is:

Correo electronico del usuario

Awesome, job done!