Troubleshooting

Mailbox Delivery Settings

From time to time, I run into environments where things are configured in “non-standard” ways.  Granted, we don’t have a lot of specificity or documentation around some attribute configurations because the default configuration has been tested by the people who created the software and works in almost every conceivable situation. … [ Continue reading ]

Identity

Finding Duplicate Objects in Active Directory

For those of you that have embarked upon the trek to Office 365, you’ve undoubtedly run (or at least heard of) IDFix.  It detects and fixes a number of conditions that will cause the directory sync to report errors.

Today, I want to focus on a tool I wrote for a customer almost 2 years ago that addresses conditions not yet identified or remedied by IDFix. … [ Continue reading ]

Scripting

PowerShell Random Password Generator

On a project earlier this year, I had to create random passwords for user accounts as part of a provisioning tool.  Perpetually trying to find the fastest way to do something, I came up with a one-liner that you can use to create a random text string from the following ASCII printable characters:

!”#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_abcdefghijklmnopqrstuvwxyz{|}~0123456789

To create the passwords, I use this bit of magic:

PS> $Password = ([char[]]([char]33..[char]95) + ([char[]]([char]97..[char]126)) + 0..9 | sort {Get-Random})[0..8] -join ''
PS> $Password
Z-=$fNgb!
[ Continue reading ]
Configuration

Create a Transport Rule to Reject a Message When Both Domain Conditions Are Met

Today, I saw a question come up as to how to block a message when it’s sent to two different classes of users at the same time.  Let’s say you want to be able to send to John@domain1.com, Bob@domain2.com, and Jane@domain3.com (list 1) or to Mark@domain4.com, Sue@domain5.com, and Mary@domain6.com (list 2), but any time those users from both list 1 AND list 2 appear in the To/CC of the *same* email message, you want it to be blocked. … [ Continue reading ]

Migrating

Fix those IMCEAEX NDRs

I had a customer migrate some mailboxes a few weeks ago, and they’re now just getting some NDRs.  Here’s a sample NDR:

imceaex-1

To fix this, you can take the NDR that you receive, copy/paste it into this function, and then take the resultant decoded x500 address and add it back to the proxyAddress array for the recipient.… [ Continue reading ]

Configuration

Updates to Office 365 Proxy PAC Generator

I wrote the original Proxy PAC tool for a customer almost a year ago, and since have added a lot of new functionality.  Rather than updating my previous blog posts about it, I thought I would start a fresh thread.  If you want some background on how Proxy PAC files work and how to distribute them to your users via GPO or WPAD, I would suggest taking a look at my posts dealing with those topics:

Now, on to the new stuff.… [ Continue reading ]

Identity

Use AADConnect to add a Proxy Address

* UPDATE* After doing this originally, I decided to take a different route and write it back to the on-premises AD, so that way, the objects are synchronous.  This post now reflects the updated content.

A few weeks ago, I had an issue where I needed to remove a proxy address from the proxyAddresses array of a user being synchronized to Office 365. … [ Continue reading ]

Scripting

Testing for bad SMTP Addresses

While working on my latest project,  I encountered a significant number of objects with malformed SMTP addresses.  These appeared to have been objects that had been somehow manually modified over the years by directly writing to the proxyAddresses attribute in Active Directory, bypassing an API that would check for correctly-formatted addresses.… [ Continue reading ]

Identity

How to Merge Duplicate Mail-Enabled User and Contact Objects

One of the first steps in preparing for an Office 365 migration is running a tool we provide called IDFix.  The goal of this tool is to help minimize identity issues when migrating to the cloud.  Most identity issues come down to two issues:

  • Invalid characters in key attributes
  • User objects with duplicate values in indexed attributes (duplicate objects)

The first issue is pretty easy to deal with–IDFix will identify objects with offending characters and the attributes where they exist, and will even make some recommendations. … [ Continue reading ]

Configuration

Creating a Pinpoint DNS Zone

I saw an interesting question floating around a discussion alias earlier today–how to return different IP addresses for the same hostname from different DNS servers for users that are in different regions (for example, have DNS servers on the east coast return “1.2.3.4” for my.domain.com and DNS servers on the west coast return “5.6.7.8” for same name–the trick being that domain.com is an internal Active Directory DNS zone). … [ Continue reading ]