Scripting

Removing Orphaned Mailbox Searches

An issue came up today for one of my customers–how to remove orphaned mailbox searches in Exchange Online.  Apparently, they have about 300 mailboxes in this state.  Oops.

So, in order to do this, you need to go through a handful of steps:

  1. Identify all of the Mailbox Searches. 
[ Continue reading ]
Configuration

Cloud UPNs for AAD Connect users with Alt-ID don’t update after domain verified in tenant

A few weeks ago, I ran into an issue with a customer.  Scenario:

  • Customer had configured alternate-id sign in with AAD Connect (the gist is that it flows on-premises mail to cloud UPN)
  • Synced identity to tenant
  • Tenant did not have any verified domains

As expected, without a matching verified domain in the tenant, UPN suffixes in the tenant were actually set as @tenant.onmicrosoft.com. [ Continue reading ]

Information

Check commmon records for a domain

One of my peers this week was looking for a script to help check global DNS resolution for particular records for both replication and geo-loadbalancing testing.

The record types and data he was looking for:

  • A
  • CNAME
  • MX
  • TXT (for SPF)
  • TXT (for DMARC)

This is what I came up with, so maybe it can help someone else.… [ Continue reading ]

Configuration

Update: AAD Connect Network Test Tool

I trotted out the trusty WireShark and Fiddler tools today and ran through the latest iteration of AAD Connect setup.  In so doing, I’ve added a few endpoints to the test:

$CRL
http://ocsp.msocsp.com

$RequiredResources
adminwebservice-s1-co2.microsoftonline.com

$RequiredResourcesEndpoints
https://adminwebservice-s1-co2.microsoftonline.com/provisioningwebservice.svc

As always, the newest version is available at http://aka.ms/aadnetwork.… [ Continue reading ]

Client

Dynamics 365 Network Test Tool

Yesterday, I was asked if I had developed any testing tools for the Dynamics CRM suite availability—but, never having had to do much with them, I didn’t have anything available.  I just built a quick tool today, and it covers all of the endpoints listed at https://support.microsoft.com/en-us/help/2655102/internet-accessible-urls-required-for-connectivity-to-microsoft-dynami and https://msdn.microsoft.com/en-us/library/gg328127.aspx, broken apart by region, with the exception of the following URLs that we have listed:

  • https://cloudredirectorsam.cloudapp.net – no valid DNS
  • https://cloudredirectorsamsec.cloudapp.net – no valid DNS
  • https://www.crmdyntint.com – unregistered domain
  • http://*.passport.net – no valid URLs to test
  • https://sc.imp.live.com – no valid DNS
  • https://cloudredirectornam.cloudapp.net – no valid DNS
  • https://cloudredirectornamsec.cloudapp.net – no valid DNS
  • https://cloudredirectoreur.cloudapp.net – no valid DNS
  • https://cloudredirectoreursec.cloudapp.net – no valid DNS
  • https://cloudredirectorapj.cloudapp.net – no valid DNS
  • https://cloudredirectorapjsec.cloudapp.net – no valid DNS
  • https://cloudredirectorjpn.cloudapp.net – no valid DNS
  • https://cloudredirectorjpnsec.cloudapp.net – no valid DNS
  • https://dynamicscrmgcc.accesscontrol.usgovcloudapi.net – No valid DNS
  • https://cloudredirectoroce.cloudapp.net – No valid DNS

As a note, I haven’t added any of the Azure datacenter IPs in there (since we don’t have any endpoints or ability to stand up generic services in those).… [ Continue reading ]

Configuration

Updated Tool Roundup!

Over the last couple of days, I’ve updated a few tools that I have published on the gallery.  Here’s the run-down:

AAD Connect Network and Name Resolution Test

I’ve been busy with this tool a lot lately, both adding tests and tweaking the way things are done. … [ Continue reading ]

Client

Clearing Skype Cached data

Last year, I had a project that involved migrating a large customer from Office 365 Dedicated to Office 365 GCC (multi-tenant).  While Exchange hybrid moves were possible for the mailboxes, we were unable to perform the necessary hybrid migration configuration for Lync to migrate users. … [ Continue reading ]

Migrating

Troubleshooting Mailbox Migration Error “You can’t use the domain because it’s not an accepted domain for your organization.”

While migrating users via MRS between organizations (especially to Exchange Online), a pretty common error that I run across is:

You can’t use the domain because it’s not an accepted domain for your organization.

This error is generated because the MailUser object of the user you’re attempting to migrate has a proxy address attached to it that is NOT an accepted domain in your target organization or tenant.… [ Continue reading ]

Troubleshooting

Mailbox Delivery Settings

From time to time, I run into environments where things are configured in “non-standard” ways.  Granted, we don’t have a lot of specificity or documentation around some attribute configurations because the default configuration has been tested by the people who created the software and works in almost every conceivable situation. … [ Continue reading ]

Identity

Finding Duplicate Objects in Active Directory

For those of you that have embarked upon the trek to Office 365, you’ve undoubtedly run (or at least heard of) IDFix.  It detects and fixes a number of conditions that will cause the directory sync to report errors.

Today, I want to focus on a tool I wrote for a customer almost 2 years ago that addresses conditions not yet identified or remedied by IDFix. … [ Continue reading ]

Migrating

Fix those IMCEAEX NDRs

I had a customer migrate some mailboxes a few weeks ago, and they’re now just getting some NDRs.  Here’s a sample NDR:

imceaex-1

To fix this, you can take the NDR that you receive, copy/paste it into this function, and then take the resultant decoded x500 address and add it back to the proxyAddress array for the recipient.… [ Continue reading ]

Scripting

Testing for bad SMTP Addresses

While working on my latest project,  I encountered a significant number of objects with malformed SMTP addresses.  These appeared to have been objects that had been somehow manually modified over the years by directly writing to the proxyAddresses attribute in Active Directory, bypassing an API that would check for correctly-formatted addresses.… [ Continue reading ]