Category: Exchange and Exchange Online

PowerShell and Web Console Won't Connect to On-Prem Exchange 2013
article #1070, updated 25 days ago

Set of steps here, worked very well just now:

https://evotec.xyz/exchange-2013-powershell-errors-out-and-exchange-2013-ecp-doesnt-work-correctly/

Categories:   Exchange and Exchange Online   

==============

Create "All Users" Distribution List in Office 365
article #1061, updated 55 days ago

Methods for both O365 web console and PowerShell, right here:

https://community.spiceworks.com/how_to/102462-office365-all-users-distribution-group

Notes:

  • Checking the contents works perfectly in PowerShell, not always in Outlook.
  • Users who default to the offline address book in Outlook, may have to download the Global Address List or wait a day. Downloading is accomplished within Send/Receive; in 2016 open the dropdown “Send/Receive Groups” and choose “Download Address Book”. There are Office 365 configurations in which this dropdown item does not exist.

Categories:   Exchange and Exchange Online   Office 365

==============

Change Outlook/Exchange Folder Data Type and Much More
article #1053, updated 73 days ago

Sometimes an import to Outlook gets in all of the data, but the data type of the folder is wrong, so Outlook tries to show (e.g.) a Contacts folder as a list of emails. This was easy to fix in olde versions of Outlook, one just pulled up the properties of the folder and changed the type. The Microsoft lords have decided not to give us this easy way anymore, but one of their many major engineers gave us something which will do this among many other things:

https://github.com/stephenegriffin/mfcmapi

This is a very interesting GUI tool which will connect to a recent working Outlook profile, and permit you to do lots of deep things. It’s interesting to google MFCMAPI to see a few of them. You do need the 32-bit version of MFCMAPI if you have 32-bit Outlook, and 64-bit for 64-bit.

In this case, let’s say we have the situation in which we have imported a Contacts folder, but Outlook is showing it as a list of badly formed email forms. To fix it:

  1. Open the profile in MFCMAPI. (We do not have to close Outlook while this is happening, but we do need to restart it to see results.)
  2. Double-click on the Display Name of the account you wish to open. There may be just one, or more.
  3. A window comes up. Open its tree in the left pane using the little arrow to the left of the name near the upper left corner.
  4. Scroll down and open “Top of Information Store” in the left pane.
  5. Left-click once on the default Contacts folder for the profile, the one that is working well.
  6. Scroll in the right pane, down to PR_CONTAINER_CLASS. Doubleclick on it. Under “Ansi” it should say “IPF.Contact”, this verifies you are in the right place. Click Cancel.
  7. Right-click on PR_CONTAINER_CLASS and choose “Copy property”.
  8. Open and/or scroll in the left pane to the contacts folder which is not working properly.
  9. Right-click anywhere in the right pane, the properties list, and choose “Paste property…”. Complete the little wizard.
  10. The change will be visible immediately in Outlook if it’s open.
  11. However, at least in the case just seen, the change was not synched to EOL. I had to open the original export PST and recopy, after deleting the file in OWA. One thing not tried yet was to do the above with cached-exchange turned off; in theory this might sync directly through Outlook to EOL. Also, MFCMAPI includes folder copy capability, which may make it an entirely different import method, if it works!

MFCMAPI does lots and lots of things, but not everything extremely well :-) For instance, it may throw errors when deleting a folder stored on EOL; if so, use OWA for this, OWA seems to be much more quickly authoritative.

Categories:   Outlook & Exchange   Exchange and Exchange Online

==============

Export Office 365 Mailboxes to PST using eDiscovery
article #1052, updated 75 days ago

Steps:

  1. There will be a ClickOnce application involved for the potentially huge download. If you use Firefox as I do, you’ll want the new Firefox plugin which makes ClickOnce work much better.
  2. Within the O365 tenant’s Exchange admin area, open Permissions, open Discovery Management, and make sure all of Legal Hold, Mailbox Import Export, and Mailbox Search are present. If any of these three are absent, add them. Then scroll down to the bottom, and add your admin login as a Member.
  3. Within the O365 tenant’s Security & Compliance admin area, open Permissions, open eDiscovery Manager. Scroll down to the bottom, and add your admin login as an eDiscovery Administrator.
  4. Log entirely off of the O365 console, to activate the above permissions. Occasionally activation may require 30 minutes or more, but often it is immediate after logoff/logon.
  5. Go back to Security & Compliance, open Search & investigation. Click on eDiscovery.
  6. Create a new case. Name it something like “Export mailbox Grom”, if it’s just one user by the name of Grom that you are exporting.
  7. Open the case. Click on the Search tab. Click the Plus. Name it “mailbox Grom” or something else appropriate. Add the user to search for. Search all sites. Search public folders if you want. Click next. Don’t enter any search delimiters here unless you want a limited result. Click Search. The search is created and begun automatically. It will show you how big the result is. This is the size of the download you will be doing. The download is done by the ClickOnce application, not the browser, but if it’s huge it’s still huge.
  8. Once the search is done, you’ll need to find a little icon in the row of icons just above the list of searches. It’s fourth from the right at this writing, it looks like an arrow pointing down to a dash. Click on that, it will give you the option to “Export the Results”, which you should do as well. This starts the export wizard.
  9. Best to export all items, excluding ones that have unrecognized format, are encrypted, or weren’t indexed for other reasons, unless you have definite reason and knowledge to do otherwise.
  10. One PST file for each mailbox.
  11. No de-duplication, just in case.
  12. Versions for SharePoint documents if you want. In certain circumstances this could get huge.
  13. Start export. Here, unfortunately, is where you learn whether or not the Permissions settings are fully active yet. If they are, it will work; if not, it will tell you that you don’t have permissions sufficient, and you will have to wait.
  14. Once it’s done, click on the Export tab, and then the Refresh double arrow circle. You should see a downloadable export file. Make sure it’s highlighted, and click “Download exported results”, the blue text on the right side towards the bottom.
  15. Click “Copy to clipboard” under the export key. You’ll need this as authentication for the ClickOnce application.
  16. Click “Download results”.
  17. I’m in Firefox, so I click on the button “ClickOnce Install”.
  18. The eDiscovery Export Tool runs. I paste in the export key, and browse to a good path for the download. Then I click Start. And it begins the download! Obviously it may take a very long time for multiple gigs to download, and it even may take the cloud server a few minutes to prepare the download before it starts. But once it starts it is able to use a very large amount of Internet bandwidth if you have it. On a large pipe I watched it run at a consistent 10,000+ KB/second — ten megabytes per second, or 80 megabits per second, or 36 gigabytes per hour; so very large exports are feasible.

Categories:   Exchange and Exchange Online   

==============

Microsoft online services: FQDN firewall openings
article #947, updated 146 days ago

Some firewalls have FQDN capability (e.g., Watchguards), which makes careful rule creation practical for a behemoth like Microsoft Office 365 and all of its related services. The info below is condensed from here. I have omitted a very few items (e.g., ports 25, 465, and 993, and *.msn.com), for reasons which I hope are reasonably obvious.

Create one rule with these ports:

80, TCP
443, TCP
587, TCP
3478, UDP
5223, TCP
50000-59999, TCP and UDP

to the following list of locations, and it is done.

*.office365.com
*.office.com
*.office.net
*.microsoftonline.com
*.msocdn.com
*.microsoft.com
*.live.com
*.onmicrosoft.com
*.msedge.net
*.aadrm.com
*.azurerms.com
*.virtualearth.net
*.cloudapp.net
*.visualstudio.com
*.windowsazure.com
*.cloudappsecurity.com
*.microsoftonline-p.net
*.microsoftonline-p.com
*.msecnd.net
*.azure.com
*.msft.net
*.outlook.com
*.azurewebsites.net
*.lync.com
*.trafficmanager.net
*.skype.com
*.skypeforbusiness.com
*.sharepoint.com
*.sharepointonline.com
spoprod-a.akamaihd.net
*.aspnetcdn.com
*.onenote.com
*.onenote.net
*.yammer.com
*.yammerusercontent.com
ajax.googleapis.com
*.cloudfront.net
*.edgesuite.net
*.edgekey.net
*.sway.com
*.sway-cdn.com
*.sway-extensions.com
ms.tific.com
*.apple.com
auth.gfx.ms
view.atdmt.com
*.msecnd.net
m.webtrends.com
*.getmicrosoftkey.com

Categories:   Firewalls   Exchange and Exchange Online

==============

When OWA is slow or doesn't work well, including failure of attachment capability
article #1005, updated 280 days ago

When this happens to OWA, do this in Exchange PowerShell:

Remove-OwaVirtualDirectory "EXCHANGESERVERNAME\owa (default web site)"
New-OwaVirtualDirectory

This came from here:

https://social.technet.microsoft.com/Forums/exchange/en-US/f9c0ca61-2e64-4a75-81ae-5c7c119a96fb/owa-2010-users-cant-attach-files?forum=exchange2010

Categories:   Exchange and Exchange Online   

==============

Connect PowerShell to Exchange Online
article #931, updated 304 days ago

Best documentation is probably here as of this writing:

https://technet.microsoft.com/en-us/library/jj984289.aspx

Categories:   Exchange and Exchange Online   

==============

Setting email aliases in an Office 365 AD-synchronized environment
article #992, updated 323 days ago

At least initially, one must:

  1. Load up adsiedit.msc,
  2. Find a user object,
  3. Get its properties,
  4. Click on anything in the list,
  5. Press P on the keyboard,
  6. Scroll to proxyAddresses and edit it,
  7. Set the primary address as SMTP:email@domain.com (note the caps in the prefix),
  8. Set all alias(es) as smtp:email2@domain.com (note the lowercase prefix!).

In some environments, a new tab appears in ADUC which means you don’t have to go back to ADSI Edit, but this is not always the case.

Categories:   Exchange and Exchange Online   

==============

Rescue email from the Exchange dumpster, from a date range
article #989, updated 330 days ago

This command does it for everything Sent after 9/22/2016 and before 9/27/2016. You’ll then have to export it from the temporary_storage_mailbox, and import it into original_mailbox.

This is all one command line in Exchange PowerShell, set as multiple lines for easy reading. The SearchQuery is especially arcane; there is a lot of incorrect syntax out there for it, the below worked today (2016-09-27) on Exchange 2010 fully updated.

Search-Mailbox -Identity original_mailbox@domain.com 
-TargetMailbox temporary_storage_mailbox@domain.com 
-TargetFolder "Rescued_From_Dumpster" 
-SearchQuery {Sent:>22-Sep-2016 AND Sent:<27-Sep-2016}
-SearchDumpsterOnly

Categories:   Exchange and Exchange Online   

==============

Use Search-Mailbox in On-Premises Exchange
article #988, updated 331 days ago

Here are instructions for adding the domain admin you are using, to the appropriate Exchange roles:

https://technet.microsoft.com/en-us/library/dd638143

And the role changes you need, are listed here:

http://notes.ponderworthy.com/copy-an-exchange-online-mailbox-to-another-in-powershell

Categories:   Exchange and Exchange Online