Scripting

ActiveSync Device and User Report for Office 365 D, MT, and Exchange 2010+

Today, I had a customer ask me for an ActiveSync device report.  Normally, this is a somewhat simple task (Get-Mailbox | Get-ActiveSyncDevice), but in a large environment with hundreds of domains representing different agencies or business units, that is kind of an unwieldy report to run (as well as including a lot of data for out-of-scope users).… [ Continue reading ]

Migrating

Fix those IMCEAEX NDRs

I had a customer migrate some mailboxes a few weeks ago, and they’re now just getting some NDRs.  Here’s a sample NDR:

imceaex-1

To fix this, you can take the NDR that you receive, copy/paste it into this function, and then take the resultant decoded x500 address and add it back to the proxyAddress array for the recipient.… [ Continue reading ]

Identity

Use AADConnect to add a Proxy Address

* UPDATE* After doing this originally, I decided to take a different route and write it back to the on-premises AD, so that way, the objects are synchronous.  This post now reflects the updated content.

A few weeks ago, I had an issue where I needed to remove a proxy address from the proxyAddresses array of a user being synchronized to Office 365. … [ Continue reading ]

Scripting

Testing for bad SMTP Addresses

While working on my latest project,  I encountered a significant number of objects with malformed SMTP addresses.  These appeared to have been objects that had been somehow manually modified over the years by directly writing to the proxyAddresses attribute in Active Directory, bypassing an API that would check for correctly-formatted addresses.… [ Continue reading ]

Identity

How to Merge Duplicate Mail-Enabled User and Contact Objects

One of the first steps in preparing for an Office 365 migration is running a tool we provide called IDFix.  The goal of this tool is to help minimize identity issues when migrating to the cloud.  Most identity issues come down to two issues:

  • Invalid characters in key attributes
  • User objects with duplicate values in indexed attributes (duplicate objects)

The first issue is pretty easy to deal with–IDFix will identify objects with offending characters and the attributes where they exist, and will even make some recommendations. … [ Continue reading ]

Configuration

Creating a Pinpoint DNS Zone

I saw an interesting question floating around a discussion alias earlier today–how to return different IP addresses for the same hostname from different DNS servers for users that are in different regions (for example, have DNS servers on the east coast return “1.2.3.4” for my.domain.com and DNS servers on the west coast return “5.6.7.8” for same name–the trick being that domain.com is an internal Active Directory DNS zone). … [ Continue reading ]

Configuration

Updating Remote Recipient Types on-Premises

During migrations from third-party platforms like Gmail or various POP3 providers or from hosted Exchange environments, we frequently see customers provisioning remote mailboxes for shared resources.

This works fine for three out of four recipient types. You can run New-RemoteMailbox for a regular user or specify a Type (Room or Equipment) to get the appropriate mailboxes. … [ Continue reading ]

Identity

Remove an unwanted ProxyAddress pattern from users via AADConnect

I had an interesting request from a customer the other day where they were synchronizing Active Directory into two disparate environments–Office 365 and another hosted Exchange environment.  In their new Office 365 environment, they didn’t want any address proxies matching a particular pattern to be part of a user’s proxyAddress array–BUT–they also didn’t want to remove them from their on-premises accounts since they are being used by their other hosting environment as an application routing address.… [ Continue reading ]

Configuration

Office 365 License Assignment

There is perpetually a lot of angst around licensing users for Office 365 workloads.  Most of my customers over the years have wanted to ease into deployment, only enabling certain services at a time.  Of course, as an evergreen service, we are always adding features, leading to new service plans to disable as you discover them.… [ Continue reading ]

Configuration

Sign an exported certificate from an F5

I’ve run into this delightful scenario a few times–the network team generates CSRs and certificates for the environment, and since they want to do SSL termination on their network devices, complete the certificate process there.  When you ask for an export of the certificate from, say, an F5, they will just give you the unsigned certificate–so that when you import it into your server, you end up with something unusable, since it has no private key.… [ Continue reading ]