An issue came up today for one of my customers–how to remove orphaned mailbox searches in Exchange Online. Apparently, they have about 300 mailboxes in this state. Oops.
So, in order to do this, you need to go through a handful of steps:
- Identify all of the Mailbox Searches.
… [ Continue reading ]
A few weeks ago, I ran into an issue with a customer. Scenario:
- Customer had configured alternate-id sign in with AAD Connect (the gist is that it flows on-premises mail to cloud UPN)
- Synced identity to tenant
- Tenant did not have any verified domains
As expected, without a matching verified domain in the tenant, UPN suffixes in the tenant were actually set as @tenant.onmicrosoft.com. … [ Continue reading ]
One of my peers this week was looking for a script to help check global DNS resolution for particular records for both replication and geo-loadbalancing testing.
The record types and data he was looking for:
- TXT (for SPF)
- TXT (for DMARC)
This is what I came up with, so maybe it can help someone else.… [ Continue reading ]
If you’ve ever asked anyone how to do virtually anything, the answer is usually “It depends.” Just as there is no wrong way to eat a Reese’s Peanut Butter Cup and more than one way to skin a cat, so it frequently is with technological tasks. … [ Continue reading ]
I trotted out the trusty WireShark and Fiddler tools today and ran through the latest iteration of AAD Connect setup. In so doing, I’ve added a few endpoints to the test:
As always, the newest version is available at http://aka.ms/aadnetwork.… [ Continue reading ]
This week, while troubleshooting a networking problem for a customer, I wanted to limit or block network connectivity to some remote endpoints from a test workstation. To accomplish this, I created a quick PowerShell function to null route the traffic (send it to an invalid/null next hop).… [ Continue reading ]
Update: This tool has a new shortlink: http://aka.ms/aadnetwork
Since the tool passed the 500 download mark a few weeks ago, I’ve started getting more questions (internal and external) about a few of the tests and checks. So, I decided to update/refine them to hopefully provide better guidance.… [ Continue reading ]
Yesterday, I was asked if I had developed any testing tools for the Dynamics CRM suite availability—but, never having had to do much with them, I didn’t have anything available. I just built a quick tool today, and it covers all of the endpoints listed at https://support.microsoft.com/en-us/help/2655102/internet-accessible-urls-required-for-connectivity-to-microsoft-dynami and https://msdn.microsoft.com/en-us/library/gg328127.aspx, broken apart by region, with the exception of the following URLs that we have listed:
- https://cloudredirectorsam.cloudapp.net – no valid DNS
- https://cloudredirectorsamsec.cloudapp.net – no valid DNS
- https://www.crmdyntint.com – unregistered domain
- http://*.passport.net – no valid URLs to test
- https://sc.imp.live.com – no valid DNS
- https://cloudredirectornam.cloudapp.net – no valid DNS
- https://cloudredirectornamsec.cloudapp.net – no valid DNS
- https://cloudredirectoreur.cloudapp.net – no valid DNS
- https://cloudredirectoreursec.cloudapp.net – no valid DNS
- https://cloudredirectorapj.cloudapp.net – no valid DNS
- https://cloudredirectorapjsec.cloudapp.net – no valid DNS
- https://cloudredirectorjpn.cloudapp.net – no valid DNS
- https://cloudredirectorjpnsec.cloudapp.net – no valid DNS
- https://dynamicscrmgcc.accesscontrol.usgovcloudapi.net – No valid DNS
- https://cloudredirectoroce.cloudapp.net – No valid DNS
As a note, I haven’t added any of the Azure datacenter IPs in there (since we don’t have any endpoints or ability to stand up generic services in those).… [ Continue reading ]
Over the last couple of days, I’ve updated a few tools that I have published on the gallery. Here’s the run-down:
AAD Connect Network and Name Resolution Test
I’ve been busy with this tool a lot lately, both adding tests and tweaking the way things are done. … [ Continue reading ]
A few months ago, I debuted a new tool for AAD Connect deployment (read about it here: AAD Connect Network and Name Resolution Test or download it here: https://gallery.technet.microsoft.com/Azure-AD-Connect-Network-150c20a3) which allows you to test a number of conditions to make sure your server and environment are suitable for deploying AAD Connect.… [ Continue reading ]
Last year, I had a project that involved migrating a large customer from Office 365 Dedicated to Office 365 GCC (multi-tenant). While Exchange hybrid moves were possible for the mailboxes, we were unable to perform the necessary hybrid migration configuration for Lync to migrate users. … [ Continue reading ]
Update: I’ve added several additional parts to this tool since it was originally released, including some debug logging, an Azure credential check to ensure that your identity is part of Global Admins, additional cloud endpoint checks, and a more thorough system inventory.… [ Continue reading ]
Recently, I had a requirement come up to enable the bulk restore of content from a OneDrive for Business site in the event of a cryptoware or ransomware attack. OneDrive has versioning turned on, so I figured this would be an “easy” add. … [ Continue reading ]
This afternoon, I ran into a customer with a very interesting configuration–a 300-user department with 15 domain controllers spread among 6 sites.
Which, given our guidance in the past didn’t seem that out of line (redundant domain controllers at each site to process logons).… [ Continue reading ]
While migrating users via MRS between organizations (especially to Exchange Online), a pretty common error that I run across is:
You can’t use the domain because it’s not an accepted domain for your organization.
This error is generated because the MailUser object of the user you’re attempting to migrate has a proxy address attached to it that is NOT an accepted domain in your target organization or tenant.… [ Continue reading ]
This afternoon, while configuring AAD Connect for a customer, I ran into a new error when I clicked Install at the end of the installation wizard:
An error occurred executing Configure AAD Sync task: Unexpected exception thrown. Action: PingProvisioningServiceEndPoint, Exception: An error occurred.
… [ Continue reading ]
From time to time, I run into environments where things are configured in “non-standard” ways. Granted, we don’t have a lot of specificity or documentation around some attribute configurations because the default configuration has been tested by the people who created the software and works in almost every conceivable situation. … [ Continue reading ]
For those of you that have embarked upon the trek to Office 365, you’ve undoubtedly run (or at least heard of) IDFix. It detects and fixes a number of conditions that will cause the directory sync to report errors.
Today, I want to focus on a tool I wrote for a customer almost 2 years ago that addresses conditions not yet identified or remedied by IDFix. … [ Continue reading ]
I had a customer migrate some mailboxes a few weeks ago, and they’re now just getting some NDRs. Here’s a sample NDR:
To fix this, you can take the NDR that you receive, copy/paste it into this function, and then take the resultant decoded x500 address and add it back to the proxyAddress array for the recipient.… [ Continue reading ]
While working on my latest project, I encountered a significant number of objects with malformed SMTP addresses. These appeared to have been objects that had been somehow manually modified over the years by directly writing to the proxyAddresses attribute in Active Directory, bypassing an API that would check for correctly-formatted addresses.… [ Continue reading ]