Configuration

Forwarding Address Import and Export

Four score and many moons ago, I was working on one of my first projects in Microsoft Consulting Services.  This particular customer (a university) shared their Active Directory infrastructure with a hospital.  During the course of their business, employees would frequently move between organizations. … [ Continue reading ]

Configuration

Updated Tool Roundup!

Over the last couple of days, I’ve updated a few tools that I have published on the gallery.  Here’s the run-down:

AAD Connect Network and Name Resolution Test

I’ve been busy with this tool a lot lately, both adding tests and tweaking the way things are done. … [ Continue reading ]

Configuration

Office 365 Groups and Anonymous External Senders

I have created a more detailed example of how to do this here: https://www.undocumented-features.com/2018/09/14/fixing-office-365-anonymous-group-write-back-and-external-delivery/

Office 365 Groups are glorious creations.  There are, however, some instances where they don’t work as you anticipate (or hope). One of those scenarios is when you are configured in hybrid coexistence with the following scenario:

  • Office 365 Group Writeback is enabled (for configuring permissions, see this script)
  • RequireSenderAuthenticationEnabled is set to False for an Office 365 group
  • Your organization’s MX record is configured to point on-premises

In this scenario, external emails sent to Office 365 groups (via your organization’s MX record pointing on-premises) will be returned with one of our favorite NDRs:

“You do not have permission to send to this recipient.”

This happens because the RequireSenderAuthentication attribute (which maps to msExchRequireAuthToSendTo) written to the synced group object is set to the constant True inside of AAD Connect (as shown in the rule “Out to AD – Group SOAInAAD”):

Which translates to this on written-back group objects:

In order to fix this, you need to either update the rule (Edit | Disable and Make a Copy) or update the msExchRequireAuthToSendTo attribute on the synced group objects if you are keeping your MX pointed on-premises, or update the MX to point to Office 365.… [ Continue reading ]

Scripting

Update to Wipe Exchange Online Mailbox script

Earlier today, I was asked to make an update to my script to wipe Exchange Online mailboxes to include Archive Mailboxes.  Fortunately, it ended up being much easier than I anticipated:

When I enumerated the mailbox originally, I used:

$Root = [Microsoft.Exchange.WebServices.Data.Folder]::Bind($service, [Microsoft.Exchange.WebServices.Data.WellKnownFolderName]::Root)

In order to access the Archive folder, I just had to change the WellKnownFolderName from Root to ArchiveRoot, after examining the list available at https://msdn.microsoft.com/en-us/library/microsoft.exchange.webservices.data.wellknownfoldername(v=exchg.80).aspx.… [ Continue reading ]

Configuration

Manage Office 365 Distribution Groups via Excel spreadsheet or CSV

A consultant friend of mine posed an interesting question to me this week–one of his customers wanted to be able to let his users administer a cloud-managed Office 365 distribution group by uploading a CSV or Excel spreadsheet.  From an administration perspective, I have done an incredible amount of directory management tasks using CSVs, so this didn’t seem like that difficult of a task.… [ Continue reading ]

Migrating

Migrating Hybrid Public Folders to Office 365

Update: Shameless plug: I’ve written more extensively about public folder migrations from both the 2007/2010 and 2013/2016 perspectives in the book, “Office 365 Administration: Inside Out,” available at http://aka.ms/thebookonit.

So, tonight I started the last phase of one of my longest-running projects since joining Microsoft–an Exchange Online migration for a school district that I began nearly a year and a half ago. … [ Continue reading ]

Migrating

Troubleshooting Mailbox Migration Error “You can’t use the domain because it’s not an accepted domain for your organization.”

While migrating users via MRS between organizations (especially to Exchange Online), a pretty common error that I run across is:

You can’t use the domain because it’s not an accepted domain for your organization.

This error is generated because the MailUser object of the user you’re attempting to migrate has a proxy address attached to it that is NOT an accepted domain in your target organization or tenant.… [ Continue reading ]

Configuration

Migrating EOP Settings Between Tenants

I find myself currently writing tools to both support my and other organization projects, as well as looking for ways to refine existing tools and scripts, make my life easier for future migrations, and provide additional resources to the community to help other customers more successfully use our products.… [ Continue reading ]

Configuration

Export and Import Calendar Processing Information

During my current project, it became necessary to capture additional calendar processing parameters that are not preserved during a normal hybrid move–such as booking policies.

Some of the challenges that I faced with this tool:

  • Blank or unpopulated attributes
  • Conversion of sAMAccountName values to PrimarySmtpAddress
  • Multiline attributes with special characters
  • Attributes that were set for the wrong recipient type

So, the first thoughts I have when building a tool generally involve four concepts: what data do I need to gather/export, what format is the source data, what format do I need to save it in, and how do restore/import that data back into the target?… [ Continue reading ]

Migrating

Fix those IMCEAEX NDRs

I had a customer migrate some mailboxes a few weeks ago, and they’re now just getting some NDRs.  Here’s a sample NDR:

imceaex-1

To fix this, you can take the NDR that you receive, copy/paste it into this function, and then take the resultant decoded x500 address and add it back to the proxyAddress array for the recipient.… [ Continue reading ]