As luck would have it, I have one more update to deliver today.
One of my peers (shout out to Mike Manning) noticed that when using the ExportImport-CalendarProcessing tool, mailbox objects that have some special characters in them don’t get processed correctly on the import function. … [ Continue reading ]
Yes, Hell has frozen over. The cows have come home. The lady of size has sung.
I have come up with a “best case” solution for the Office 365 hybrid group write-back problem.
For the long(er) background, you’ll probably want to go see this post.… [ Continue reading ]
Four score and many moons ago, I was working on one of my first projects in Microsoft Consulting Services. This particular customer (a university) shared their Active Directory infrastructure with a hospital. During the course of their business, employees would frequently move between organizations. … [ Continue reading ]
So, today, I received an email from one of my esteemed colleagues asking how we could get B2B Azure AD tenant guests to show up in the Office 365 GAL. I thought, “Yeah, that should be something that’s possible. I mean, they have email addresses.”
In a rare turn of events, it actually is as easy as un-hiding them from the GAL.… [ Continue reading ]
Since the dawn of time (or at least, since the dawn of the Epoch), people have been inadvertently deleting stuff. As is attributed to Uncle Ben, “with great power comes great responsibility,” and so it is true with the system administrator. … [ Continue reading ]
Over the last couple of days, I’ve updated a few tools that I have published on the gallery. Here’s the run-down:
AAD Connect Network and Name Resolution Test
I’ve been busy with this tool a lot lately, both adding tests and tweaking the way things are done. … [ Continue reading ]
So, imagine this:
The security team comes to you and asks you for a report on how people are accessing Exchange Online services–browser, mobile, Outlook client. In the olden days of Exchange on-premises, you could look at the IIS logs to check browser traffic. … [ Continue reading ]
I have created a more detailed example of how to do this here: https://www.undocumented-features.com/2018/09/14/fixing-office-365-anonymous-group-write-back-and-external-delivery/
Office 365 Groups are glorious creations. There are, however, some instances where they don’t work as you anticipate (or hope). One of those scenarios is when you are configured in hybrid coexistence with the following scenario:
- Office 365 Group Writeback is enabled (for configuring permissions, see this script)
- RequireSenderAuthenticationEnabled is set to False for an Office 365 group
- Your organization’s MX record is configured to point on-premises
In this scenario, external emails sent to Office 365 groups (via your organization’s MX record pointing on-premises) will be returned with one of our favorite NDRs:
“You do not have permission to send to this recipient.”
This happens because the RequireSenderAuthentication attribute (which maps to msExchRequireAuthToSendTo) written to the synced group object is set to the constant True inside of AAD Connect (as shown in the rule “Out to AD – Group SOAInAAD”):
Which translates to this on written-back group objects:
In order to fix this, you need to either update the rule (Edit | Disable and Make a Copy) or update the msExchRequireAuthToSendTo attribute on the synced group objects if you are keeping your MX pointed on-premises, or update the MX to point to Office 365.… [ Continue reading ]
We’re all familiar with how Office 365 tenants work–when you spin up a new Office 365 tenant, you get a managed domain (tenant.onmicrosoft.com). Then, maybe you configure a hybrid environment, and now your tenant has your domain, as well as your original tenant.onmicrosoft.com domain, and a new tenant.mail.onmicrosoft.com. … [ Continue reading ]
While I was working on a script to configure Office 365 Secure Score settings, I came up with a few scripts that I thought would be helpful in monitoring your messaging environments. Many organizations have policies against data exfiltration, but detecting and enforcing are totally different animals. … [ Continue reading ]
Earlier today, I was asked to make an update to my script to wipe Exchange Online mailboxes to include Archive Mailboxes. Fortunately, it ended up being much easier than I anticipated:
When I enumerated the mailbox originally, I used:
$Root = [Microsoft.Exchange.WebServices.Data.Folder]::Bind($service, [Microsoft.Exchange.WebServices.Data.WellKnownFolderName]::Root)
In order to access the Archive folder, I just had to change the WellKnownFolderName from Root to ArchiveRoot, after examining the list available at https://msdn.microsoft.com/en-us/library/microsoft.exchange.webservices.data.wellknownfoldername(v=exchg.80).aspx.… [ Continue reading ]
A consultant friend of mine posed an interesting question to me this week–one of his customers wanted to be able to let his users administer a cloud-managed Office 365 distribution group by uploading a CSV or Excel spreadsheet. From an administration perspective, I have done an incredible amount of directory management tasks using CSVs, so this didn’t seem like that difficult of a task.… [ Continue reading ]
Update: I posted roll-back steps at the bottom of the article.
Several months ago, I wrote a blog on Disabling Office 365 Groups. It seems as though we couldn’t leave well enough alone. Such is a price of progress.
I got a new laptop a few weeks ago, and then found myself in the position of helping out a few colleagues this week. … [ Continue reading ]
Update: Shameless plug: I’ve written more extensively about public folder migrations from both the 2007/2010 and 2013/2016 perspectives in the book, “Office 365 Administration: Inside Out,” available at http://aka.ms/thebookonit.
So, tonight I started the last phase of one of my longest-running projects since joining Microsoft–an Exchange Online migration for a school district that I began nearly a year and a half ago. … [ Continue reading ]
While migrating users via MRS between organizations (especially to Exchange Online), a pretty common error that I run across is:
You can’t use the domain because it’s not an accepted domain for your organization.
This error is generated because the MailUser object of the user you’re attempting to migrate has a proxy address attached to it that is NOT an accepted domain in your target organization or tenant.… [ Continue reading ]
This script and the accompanying post have been updated.
I saw a request come through the other day for a method to remove unwanted proxy addresses for contacts. I’d had some code sitting around from a project a few years back and decided to freshen it up, and maybe add some newer tricks.… [ Continue reading ]
I find myself currently writing tools to both support my and other organization projects, as well as looking for ways to refine existing tools and scripts, make my life easier for future migrations, and provide additional resources to the community to help other customers more successfully use our products.… [ Continue reading ]
During my current project, it became necessary to capture additional calendar processing parameters that are not preserved during a normal hybrid move–such as booking policies.
Some of the challenges that I faced with this tool:
- Blank or unpopulated attributes
- Conversion of sAMAccountName values to PrimarySmtpAddress
- Multiline attributes with special characters
- Attributes that were set for the wrong recipient type
So, the first thoughts I have when building a tool generally involve four concepts: what data do I need to gather/export, what format is the source data, what format do I need to save it in, and how do restore/import that data back into the target?… [ Continue reading ]
I had a customer migrate some mailboxes a few weeks ago, and they’re now just getting some NDRs. Here’s a sample NDR:
To fix this, you can take the NDR that you receive, copy/paste it into this function, and then take the resultant decoded x500 address and add it back to the proxyAddress array for the recipient.… [ Continue reading ]
Update: There are new cmdlets available for this task. This blog is for historical reference only. A new, updated process is available here (https://www.undocumented-features.com/2017/04/29/disable-office-365-groups-creation-redux/).
Office 365 Groups are a (somewhat) new feature that act both like a distribution list and a public folder or shared mailbox. … [ Continue reading ]