flaphead.com

Office 365 Groups and Primary SMTP Addresses

June 11, 2017 by ucinfo, posted in Office 365, Powershell

So here is an interesting one.

We know Office 365 groups are a hybrid Exchange Online / SharePoint Online thing.

When you create an Office 365 Group, it creates an MSOLGroup and a UnifiedGroup object, that you can access using Windows Powershell (Get-MsolGroup / Get-UnifiedGrou).

Any email addresses that are set as Primary on the unified group, replicate up to the MSOLGroup object.

Now, you can remove them from the unified group, but they will NEVER be removed the MSOLGroup object. Try it ;-)

This means, if you need to do say a Tenant to Tenant migration, and the default msoldomain is a vanity domain, all office 365 groups will have the vanity domain as primary and you cannot remove it!

The only fix, is to delete the group! -or- raise a call with Microsoft and have your engineer engage with the Microsoft Online Domain Services Backend team (Azure AD) to remove them for you.

Enjoy

Quest Migration Manager for AD 8.14

June 1, 2017 by ucinfo, posted in MMAD, Quest

Just received this:

We are excited to announce a new version of Migration Manager for AD 8.14 is now available for download.

Look what's new:

The highest priority matching rule with the UserPrincipalName target matching attribute will be automatically configured for each new migration pair. Such matching rule can be manually added to existing migration pairs and collections using Migration Manager for AD (Microsoft Office 365) console.

8.14 can be installed on Microsoft Windows Server 2016.

Support for processing of Microsoft Windows Server 2016 using Resource Updating Manager.

Support for migration to Windows 2016 AD including: Migrating objects to Windows 2016 AD, Synchronizing objects with Windows 2016 AD in both directions, Synchronizing passwords with Windows 2016 AD, Migrating SID-History to Windows 2016 AD and Migrating computers to Windows 2016 AD.

Migration Manager for AD 8.12 is now in limited support. To determine the current support phase of your product, please refer to the Migration Manager for AD life cycle table.

Be sure to check out the Migration Manager for AD Product Support page to find solution articles, tips and tricks, tutorials, documentation, notifications, life cycle tables, training, and a product user forum.

Important Notice: Due to our recent divestiture from Dell Technologies, we are required to retire any Dell branded software from our Support Portal. This means that all software downloads and technical documentation for Migration Manager for AD prior to version 8.14 will be removed from the Support Portal after November 1, 2017. Please download any older versions now that you may need for your future use.

List Office 365 Administrators

May 17, 2016 by ucinfo, posted in Office 365, Powershell

So, I had a need to see who the other Global Admin are my Tenant. Knocked this up to help.

The following assumes you already have a remote powershell session to Office 365!

$msoladmin = @()
$roles = Get-MsolRole
ForEach($role in $roles){
  $n = $role.Name
  Write-Host $n " " -NoNewLine -f Green
  [array]$tAdmin = Get-MsolRoleMember -RoleObjectId $role.ObjectId | Select *, @{Expression={$n};l="Role"}
  Write-Host $tAdmin.Count
  $msoladmin += $tAdmin
}
$msoladmin | sort Role,DisplayName | select DisplayName, Role

DirSync and Office 365

September 23, 2015September 22, 2015 by ucinfo, posted in Office 365

I wanted to share this for my own reference, but wanted to share the love.

Have been having a challenge with people thinking I am talking cr@p, which make me smile. If I am wrong I will admit it.

When you setup DirSync, users from your onPrem AD are copied to the Office 365 Azure AD. Simple.

When you migrate (onboard) a mailbox to Office 365 the onPrem accounts change:

RecipientType	RecipientTypeDetails		RecipientType	RecipientTypeDetails
UserMailbox	UserMailbox	->	MailUser	RemoteUserMailbox
UserMailbox	SharedMailbox	->	MailUser	RemoteSharedMailbox
UserMailbox	RoomMailbox	->	MailUser	RemoteRoomMailbox

Now if you have a filter based on msExchRecipientTypeDetails you need to watch out, as expected the msExchRecipientTypeDetails changes:

Type	Before	After
User Mailbox	1	2147483648
Shared Mailbox	4	8589934592
Room Mailbox	16	17173869184
Equipment Mailbox	32	34359738368

This caused me some challenges as we had a filter that would only migrate disabled accounts with a value of 4 or 16 in msExchRecipientTypeDetails.

The net result was that after a Shared or Room mailbox was onboarded to o365 they would drop out of DirSync. This is okay, as they stay in the Azure AD as a deleted user for 30 days.

You can recover a user from deleted users, they appear in Azure AD as “In Cloud” and any mailbox they had is accessible.

This is the fun bit. If the recovered user is added back in to dirsync, dirsync uses the Azure AD ImmutableId and compares that to an OnPrem Guid. If a match they are become Dirsynced again.

You can see the ImmutableId when your run a get-msoluser. Essentially it’s a fudge of the OnPrem AD ObjectGuid. This post explains and here is a script to convert between the two.

Hope this helps someone, it helped me, get an understanding of what the hell was going on!

If this is complete cr@p let me know please!

OnPrem Lync/Skype and Office 365

September 22, 2015 by ucinfo, posted in Lync, Office 365

Had an issue with mailboxes migrated to Office 365 while using OnPrem Lync/Skype.

Lync showed a constant “Enter Credentials” dialog:

The KB appears to have fixed it: Office 2013 and Lync 2013 periodically prompt for credentials to SharePoint Online, OneDrive, and Lync Online

A simple registry key that you can rollout with a GPO.

Exchange 2010 with UAG and Moving Mailboxes to o365

July 15, 2015 by ucinfo, posted in !Things2Remember, Exchange 2010, Office 365

Came across this the other, when moving mailboxes from Exchange 2010 to Office 365.

The move works, but takes a hell of a long time. If you look in the move logs you see:

Transient error MrsHttpInternalServerErrorException has occurred.

It would appear that UAG has a limit of some kind that is causing these errors.

I have not tried this, however Microsoft suggest you can try create following registry key on the UAG servers.

 “HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\e-Gap\von\UrlFilter\InconsistentCookieThreshold”
 DWORD
 Value: 30 (Decimal)

Microsoft suggests that this registry key should be removed from the servers, after completing the mailbox migration task.

Activate the UAG server configuration after applying this registry key and then do “IISreset” on all UAG servers.

Outlook says .. Microsoft Exchange is not available

April 27, 2015 by ucinfo, posted in Exchange, Exchange 2010

This was is a good one and has been doing my head in!

I had a user mailbox that could log in to OWA but not Outlook.

With outlook you would get an error saying:

"Cannot open your default e-mail folders. Microsoft Exchange is not available. Ether there are network problems or the exchange Computer is down for maintenance"

If you run:

Get-LogonStatistics -Identity <email address>

Then have a look at the FullMailboxDirectoryName

This should match the users legacyexchangedn. In my case, another user has the same address as a proxy address.

Just removed it and everything worked fine!

Monitor-MailboxDatabaseCopyStatus.ps1

January 22, 2015 by ucinfo, posted in Exchange, Exchange, Exchange 2010, MsExchange, Powershell

#Exchange2010 #MsExchange #Powershell

Hello every Happy New Year and all that .. long time to talk.

Wanted to share this. Basically had a Cisco UCS Blade failure today, where it took 2 nodes of a 3 node Exchange 2010 dag out.

Its been a fun day! NOT!

Anyway, I knocked this script up to monitor the database copy status when we put everything back.

PARAM([String]$Server = (HOSTNAME),
[int]$time            = 30)

Write-Host "Server:.."$Server
Write-Host "Timer:..."$time
$position = $host.ui.rawui.cursorposition
$position.y = $position.y+4
while($True){
  Get-MailboxDatabaseCopyStatus -Server $Server
  $endpos = $host.ui.rawui.cursorposition
  for($i=1;$i-le $time;$i++){write-host "." -nonewline -f Yellow;sleep 1}
  $host.ui.rawui.cursorposition=$endpos;
  Write-Host (" "*$time)
  $host.ui.rawui.cursorposition=$position;
}

Find Exchange Databases using Powershell

September 20, 2014September 19, 2014 by ucinfo, posted in MsExchange, Powershell

A small change in $strFilter=”(objectClass=msExchPrivateMDB)” and you get all the mailbox databases ;-)

$forest    = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()
$Dom  = "LDAP://CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=" + $Forest.Name.Replace(".",",DC=")
$strFilter="(objectClass=msExchPrivateMDB)"
$Root       = New-Object DirectoryServices.DirectoryEntry $Dom 
$selector   = New-Object DirectoryServices.DirectorySearcher 
$selector.PageSize    = 1000 
$selector.Filter      = $strFilter 
$selector.SearchRoot  = $root 
$selector.SearchScope = "Subtree" 
$Objs = $selector.findall() 
$Objs.count 
$Objs

Find Exchange Servers using Powershell

September 19, 2014 by ucinfo, posted in Exchange 2010, MsExchange, Powershell

#Powershell #MsExchange

I have a suite of discovery scripts that I use every now and then. I adapted this to look in the AD and get a list of the exchange servers!

$forest    = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()
$Dom = "LDAP://CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=" + $Forest.Name.Replace(".",",DC=")
$strFilter="(objectClass=msExchExchangeServer)"
$Root       = New-Object DirectoryServices.DirectoryEntry $Dom
$selector   = New-Object DirectoryServices.DirectorySearcher
$selector.PageSize   = 1000
$selector.Filter     = $strFilter
$selector.SearchRoot = $root
$selector.SearchScope = "Subtree"
$Objs = $selector.findall()
$Objs.count
$Objs