While working on my latest project, I encountered a significant number of objects with malformed SMTP addresses. These appeared to have been objects that had been somehow manually modified over the years by directly writing to the proxyAddresses attribute in Active Directory, bypassing an API that would check for correctly-formatted addresses.… [ Continue reading ]
So, a million years and tens of thousands of lines of code ago, I wrote a script for a customer to populate the Office 365 UsageLocation property (Set-MsolUser -UsageLocation) with the ISO country codes from Active Directory. In Office 365, UsageLocation is used to determine what features are available to your users.… [ Continue reading ]
Earlier this week, a question popped up on a distribution list for managing an opt-out process with Exchange Online. That wasn’t the first request I’ve seen for such a tool (in fact, I had my own customer asking for something similar). … [ Continue reading ]
One of the first steps in preparing for an Office 365 migration is running a tool we provide called IDFix. The goal of this tool is to help minimize identity issues when migrating to the cloud. Most identity issues come down to two issues:
- Invalid characters in key attributes
- User objects with duplicate values in indexed attributes (duplicate objects)
The first issue is pretty easy to deal with–IDFix will identify objects with offending characters and the attributes where they exist, and will even make some recommendations. … [ Continue reading ]
I saw an interesting question floating around a discussion alias earlier today–how to return different IP addresses for the same hostname from different DNS servers for users that are in different regions (for example, have DNS servers on the east coast return “18.104.22.168” for my.domain.com and DNS servers on the west coast return “22.214.171.124” for same name–the trick being that domain.com is an internal Active Directory DNS zone). … [ Continue reading ]
During migrations from third-party platforms like Gmail or various POP3 providers or from hosted Exchange environments, we frequently see customers provisioning remote mailboxes for shared resources.
This works fine for three out of four recipient types.… [ Continue reading ]
I’ve been involved in a lot of Exchange migrations over the years, to and from all sorts of different environments.
On a current engagement, I had to export a ton of cloud-managed distribution lists and their members from Office 365 / Exchange Online Dedicated and import them into Office 365 Multitenant. … [ Continue reading ]
I had an interesting request from a customer the other day where they were synchronizing Active Directory into two disparate environments–Office 365 and another hosted Exchange environment. In their new Office 365 environment, they didn’t want any address proxies matching a particular pattern to be part of a user’s proxyAddress array–BUT–they also didn’t want to remove them from their on-premises accounts since they are being used by their other hosting environment as an application routing address.… [ Continue reading ]
There is perpetually a lot of angst around licensing users for Office 365 workloads. Most of my customers over the years have wanted to ease into deployment, only enabling certain services at a time. Of course, as an evergreen service, we are always adding features, leading to new service plans to disable as you discover them.… [ Continue reading ]
A few weeks ago, I saw something come up for a peer that needed a way to manage the maximum number of ActiveSync devices that a user had connected in Office 365. Using only native Exchange policies, we can’t do that (MDM solutions solve this problem by manning the Exchange ActiveSync quarantine). … [ Continue reading ]
I’ve run into this delightful scenario a few times–the network team generates CSRs and certificates for the environment, and since they want to do SSL termination on their network devices, complete the certificate process there. When you ask for an export of the certificate from, say, an F5, they will just give you the unsigned certificate–so that when you import it into your server, you end up with something unusable, since it has no private key.… [ Continue reading ]
Frequently, I am asked to make changes to a customer's environment. I'm a belt and suspenders kind of guy, so my backups have backups. At any rate, normally when I am performing changes in a tenant (or Exchange on-premises environment, for that matter), I make two sets of backups–one by piping a Get-cmdlet to Export-CSV (so I have a readable copy), and one by piping the same Get-cmdlet to Export-Clixml (so I have a way to set the nodes as parameters and import them back).… [ Continue reading ]
Another blog on customizing the PowerShell console? Really?
Yes. This is actually what I use on a day-to-day basis as a consultant managing many projects at once. I find that I’m usually running various PowerShell sessions concurrently and having to keep which one is which can be difficult without having to stop and check which server or Office 365 tenant I’m connect to, or what type of activity I’m performing.… [ Continue reading ]
If you’ve ever wanted to add columns for unlisted attributes to Active Directory Users and Computers, you’ve been out of luck without editing the displaySpecifiers manually.
Until I had enough of it.… [ Continue reading ]
Today, one of my consultant peers posed a problem to me: a customer wanted to import all PSTs into Office 365 archives, but in order to do that, had to disconnect them from the user’s default Outlook profile.… [ Continue reading ]
This tool has been updated with new options. See https://www.undocumented-features.com/2017/10/19/update-to-wipe-exchange-online-mailbox-script/.
Periodically over the years, I’ve run into content problems trying to migrate data to Exchange Online using third-party migration tools–they somehow get stuck, don’t like something existing in the destination mailbox (or didn’t write it properly in the first place) and you need a clean mailbox to restart the process. … [ Continue reading ]
If your organization is like a lot of them out there, you have mailbox users without the email address policy applied. It’s a pretty common practice to work around name changes, users with similar names or middle initials, or one-off primary SMTP addresses.… [ Continue reading ]
From time to time, an issue that crops up during Exchange or Office 365 migrations is the dreaded “insufficient access rights:”
It’s commonly manifested like this (though I have seen it displayed other ways as well):
Warning: Unable to update Active Directory information for the source mailbox at the end of the move.… [ Continue reading ]