Search

AnotherUCBlog > Exchange, S4B, O365

Share my findings in the Microsoft unified communication world

Category

O365

O365 – Create Mail User from AADConnect synced user

Hello all,
A few days ago, I had to make a user in a local AD appearing as a contact in O365 address book.
The local AD was not having a local Exchange so I couldn’t use the ECP to populate the right attribute…
Here are the required attribute to fill in the local AD user to make it appear in O365 address book as a contact (mail user):
mail = externalemail@domain.com
mailNickName = internal.username (should be the same value as samAccountName)
targetAddress = SMTP:externalemail@domain.com
proxyAddresses = SMTP:externalemail@domain.com
Hope this will save time to you
Bye
Advertisements

O365 EXCHANGE – Powershell connexion to Exchange Online and Exchange On-Premise in the same console

Hello everybody,

Today I had to make a script to compare the Distribution group members between our on-premise environment and the cloud to bee sure that they all are consistent.

The problem I ran into was that the powershell command to get the group members (Get-DistributionGroup) is the same on local Exchange and Exchange Online, so I had to connect/disconnect from each one each time I parse a new Distribution Group, which is taking time and resources…

After some search, I found that in the command “Import-PSSession” use to connect the Exchange (cloud and on-prem) environment, you can use the parameter “prefix” which will be used to make the difference between the on-premise commands and cloud commands.

A bit difficult to explain, here is an example :

Here is how you will create the connection :

# Exchange Online connexion
$ExchangeOnlineSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential (Get-Credential) -Authentication Basic -AllowRedirection -ea stop
Import-PSSession $ExchangeOnlineSession -AllowClobber -Prefix “Cloud” -ea stop

# Exchange On-prem connexion
$LocalExchangSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri “http://$ExchangeServer/powershell/” -Credential (Get-Credential) -Authentication Kerberos -ea stop
Import-PSSession $LocalExchangSession -AllowClobber -Prefix “Local” -ea stop
Set-LocalAdServerSettings -ViewEntireForest $True -ea stop

Now if you want to get the list of mailboxes in the cloud, you have to type this :

Get-CloudMailbox

If you want to get the list of mailboxes in your local environment, just type this :

Get-LocalMailbox

Easy !!!

This, decrease my script time execution from 35 min to less than 5 minutes !

Enjoy 😉

O365 – Assign permissions to access O365 Audit log report

Hello all,

Following the article on this new feature, you maybe now want to give access to someone to it and only to it.

This cannot be done via the permissions part of the compliance center, it is indeed in the Exchange Online RBAC permissions.

The cmdlet Search-UnifiedAuditLog is part of the Exchange Online cmdlets.

To give users ability to use that cmdlet you need to assign them the role “View-Only Audit Logs”. Then those users will have to go to “https://protection.office.com/” and they will be able to perform their search.

Have a good day 🙂

O365 – O365 Audit log report (License change report)

Hi all,

If I say that you can now audit and get reports of modifications done in O365 like licenses modification ! That would be great, isn’t it ? This is now the case, thanks to the feature called “O365 Audit log report”.

LicenseAudit

By default, this feature is turned off, to enable it, follow this steps :

  1. Log on the O365 portal
  2. On the left pane, click on Compliance
  3. The Compliance Center should open
  4. Go to Reports and in the part Auditing, click on “Office 365 audit log report”
  5. The “Audit log search” page appear and you can now turn on the feature by clicking on the “Start recording user and admin activities” button.

This should take around 2 hours to be effective.

Now to search for any modification done on licenses :

  1. Enter a start date and an end date
  2. If you want to trigger any modification done by an admin, fill the “User” field
  3. Launch the Search
  4. And here is the result : LicenseAudit
  5. You can now use the filter on the item column in order to check modification done on a particular user.

This audit and report feature can also be used for Exchange Online and Sharepoint reporting like modification done a document hosted in a personal Onedrive storage.

AuditExternalModification

The picture show modifications done on an excel file hosted in Onedrive, one modification has been done by an internal user and the other has been done by an external user.

You can audit the following solutions :

  • User activity in SharePoint Online and OneDrive for Business
  • User activity in Exchange Online (Exchange mailbox audit logging)
  • Admin activity in SharePoint Online
  • Admin activity in Azure Active Directory (the directory service for Office 365)
  • Admin activity in Exchange Online (Exchange admin audit logging)

Just to let you know :

  • You can search the Office 365 audit log for activities that were performed within the last 90 days.
  • It takes up to 15 minutes after an event occurs in SharePoint Online or OneDrive for Business for the corresponding audit log entry to be displayed. It takes up to 12 hours for events in Exchange Online and Azure Active Directory.

You can also perform your search using Powershell with the Search-UnifiedAuditLog cmdlet (https://technet.microsoft.com/library/mt238501(v=exchg.160).aspx)

You can get more information regarding this feature on this page https://support.office.com/en-us/article/Search-the-audit-log-in-the-Office-365-Protection-Center-0d4d0f35-390b-4518-800e-0c7ec95e946c?ui=en-US&rs=en-US&ad=US

En joy 🙂

Office 365 – Import PST

Hi Guys,

Today, I have started to use the new “PST import” process for O365. It is much quicker and reliable than using Outlook.

Here is how to use it :

  1. Install Azure tools
  2. Get credentials to connect to your Azure storage
    1. Connect to the O365 portal admin
    2. On the left click on the “IMPORT” button
    3. Click on the Key
    4. A new window called “Secure key and URL” open
    5. Select the button “Copy the key” and “Copy the secure network upload URL”
    6. These are your credentials to connect to your azure storage (never share the key).
  3. Upload your pst to Azure
    1. Launch a powershell console
    2. Go to C:\Program Files(x86)\Microsoft SDKs\Azure\Azcopy
    3. Launch the command : “.\Azcopy.exe /source:SharePathToPSTFiles /dest:SecureNetworkUploadURL/Folder/ /destkey:Key /S /V:LogFilePath\Logfile.log
  4. Upload your pst file from Azure to the mailbox or the archive
    1. Start the tool called “Azure Storage Explorer”, this tool give you a view of your azure storage
    2. Click on “Add Account”
    3. A new window open,
      1. Let “Cloud Storage Account” ticked
      2. Enter your account name which is the part between “https://” and “.blob.core.windows.net” of your destination URL. In my case, it is : “ee33215c499641ac8362756”
      3. Enter your “storage account key” which is the secure key. In my case, it is : “v9s7HzoABZPJxBZFAzeWMSrTZmra80ZERVIMfX8Xa0WTUEHw0joyHpyt+aIElBskG2UZ+N7N/4Jm4+nuJ7MRZf==”
      4. Let “Microsoft Azure Default” ticked
      5. Let the “Storage endpoints domain” set to “core.windows.net”
      6. Tick “Use HTTPS”
      7. Click on “Test Access” and if successful, click on “Save”
      8. You’re now connected to your azure storage
    4. Select the pst file you want to upload and click on “Security” on the left
    5. Go to “Shared Access signatures” tab and click on “Generate Signature”
    6. Copy what is below the “?” character and start by “sv=”. In my case, it is : “sv=2014-02-14&sr=c&sig=k5uDAdKOgPb0COzS9BWTT%2F9PjSP5c2M%2BQoXJwRVPeOQ%3D&st=2015-12-21T23%3A00%3A00Z&se=2015-12-29T23%3A00%3A00Z&sp=r” (this signature is valid for all items in this Blob)
    7. Launch a PowerShell console, connect to Exchange Online and type the following command : “New-MailboxImportRequest -Mailbox TargetMailboxIdentity -AzureBlobStorageAccountUri ‘https://SecureNetworkUploadURL/Folder/PSTFileName.pst‘ -AzureSharedAccessSignatureToken FileSignature -Name “Folder/PSTFileName.pst” -TargetRootFolder “/” -BatchName “MigrationBatchName” -BadItemLimit 50
      • If you want to upload the PST to the online archive of the user, add the parameter “-IsArchive”.
      • If you want to upload the pst into a special folder, set the parameter “TargetRootFolder” with the folder path (Like “Archive_2011”).
      • A complete example : “New-MailboxImportRequest -Mailbox nigel.smith@pontoonsolutions.com -AzureBlobStorageAccountUri ‘https://ee33215c499641ac8362756.blob.core.windows.net/ingestiondata/Nigel/NigelSmith_mailbox.pst’ -AzureSharedAccessSignatureToken “sv=2014-02-14&sr=c&sig=k5uDAdKOgPb0COzS9BWTT%2F9PjSP5c2M%2BQoXJwRVPeOQ%3D&st=2015-12-21T23%3A00%3A00Z&se=2015-12-29T23%3A00%3A00Z&sp=r” -Name “Nigel/NigelSmith_mailbox.pst” -TargetRootFolder “/” -BatchName “NigelMigration” -BadItemLimit 50″
  5. Then you can run the command “Get-MailboxImportRequest -BatchName NigelMigration | Get-MailboxImportRequestStatistics” to get the status of your batch.

If a folder with the same name exist, the process will merge and not create duplicates.

It is not as easy as it was with an on-prem Exchange but it is good that Microsoft proposed this workaround.

Enjoy 🙂

O365 – OWA Error “We can’t get that information right now. Please try again later.”

Hi Guys,

A user told me that he had an issue to access a shared mailbox via OWA but there was no issue to open it via Outlook…

When accessing with OWA, he got that error :

OWA_Error

The user was not having a permission issue as he was able to access it with Outlook and I could with PowerShell that he has FullAccess permission on it.

I gave myself Full Access on that shared mailbox and I got the same error…

After googling a bit, I found that this error was really generic and found multiple solutions like if there was a moverequest flag you could get that error but this was not the case.

Then I saw that the principalsmtpaddress was having an “&” character, so I replaced the email address in the URL by an alias without any special character and… I was able to access it !

The moral of the story, beware of the special characters !

Exchange – Set a forward to an external email address

Hi guys,

In Exchange/O365, there is multiple ways to set an auto-forward to an external email address :

  • Create a contact and set a forward on the mailbox (GUI or PowerShell) to this contact

ForwardContact

  • Fill the parameter “ForwardingSMTPAddress” on the mailbox with the external email address (Powershell)
    • The command looks like this : “Set-Mailbox MailboxForwardFrom -ForwardingSMTPAddress EmailAddressForwardTo@domain.com”
  • Fill the AD attribute “targetAddress” with the external email address (Exchange on-premise only)

ForwardTargetAddress

The first choice will work for both O365 and Exchange directly. The third one will also work directly in Exchange on-premise.

But the second choice will work directly only on O365. That is because, in O365 the remote domain “*” is already created with the AutoForwardEnabled property so AutoForward will work for any external domains. In Exchange, this remote domain is not created by default so you have two options :

  • You can create a remote domain with “*” and the property AutoForwardEnabled which will enable the auto forward for any external domains
  • You can create a remote domain per external domain in order to control this feature.

To create the remote domain, use the following command (AutoForward is enabled by default) :

“New-RemoteDomain -Name ExternalDomain -DomainName somedomain.com”

EOP – Emails identified as spam do not go to the Junk email folder

Hi,

Today we encounter a new issue, a user was complaining about receiving a lot of spam in their inbox. He sent me more than ten examples and when looking at the header, all of them were well identified by EOP and should have been moved to the Junk email folder…

X-Forefront-Antispam-Report: CIP:31.220.114.14;CTRY:DE;IPV:NLI;EFV:NLI;SFV:SPM;SFS:(2990300002)(438002)(3380300002)(189002)(199003)(107886002)(106466001)(58226001)(2351001)(77156002)(19617315012)(46102003)(81156007)(16236675004)(62966003)(15975445007)(512874002)(450100001)(5002240100001)(84326002)(2920100001)(64706001)(229853001)(4001450100002)(5001960100002)(2160300002)(110136002)(92566002)(5001860100001)(5001830100001)(81686999)(50986999)(4001540100001)(5002050100002)(54356999)(42186005)(19580395003)(189998001)(44706002)(86362001)(87836001)(100156002);DIR:INB;SFP:;SCL:5;SRVR:DB3PR06MB140;H:7ibe5o3.bilti.faith;FPR:;SPF:Pass;PTR:7ibe5o3.bilti.faith;MX:1;A:1;LANG:en;

I have also performed a mail trace and it was explicit that the email has been moved to the junk email folder !

MailTrace

After some search, I found that there is a possiblity to disable and also custom the junk email rule for a specific mailbox. This can be done thanks to this command Set-MailboxJunkEmailConfiguration (https://technet.microsoft.com/en-us/library/Dd979780(v=EXCHG.150).aspx).

After running the command Get-MailboxJunkEmailConfiguration for this user, I have effectively seen that for him the rule was disabled ! Why this was disabled, I don’t really know but I think that this was done before the migration to O365 and this setting is kept during the move.

O365 – Duplicate mailbox Cloud/On-Prem

Hi all,

Today, I received a complain from a user which was not receiving any emails coming from external…

So I checked his account and found that this user had a mailbox in the cloud but also in our Exchange environment ! Of course as the MX records are still pointing to the on-prem, all external emails came on the on-prem mailbox and never been forwarded to the cloud mailbox…

So the only solution I found was to export the on-prem mailbox as a pst using the command new-mailboxexportrequest then disable the mailbox (ensure to keep the proxy addresses and every ms exchange custom attributes before launching the command) and finally enable a mail user (report the proxy addresses and the custom attributes if needed).

Blog at WordPress.com.

Up ↑