Category: Exchange and Exchange Online

Purge/Delete Deleted Users and Mailboxes in Office 365
article #1481, updated 95 days ago

This is a skeleton, Powershell. Needs prerequisite setup added.

$Cred = Get-Credential
Connect-MSolService -Credential $Cred
Install-Module MSOnline
Get-MsolUser -ReturnDeletedUsers
# The list of users/mailboxes marked 'deleted', is visible, if there are any.
# Do the next step ONLY if you are certain. There is no going back after this.
Get-MsolUser -ReturnDeletedUsers | Remove-MsolUser -RemoveFromRecycleBin -Force

Categories:      

==============

Export Office 365 Mailboxes to PST using eDiscovery
article #1052, updated 637 days ago

These steps change quite often, fair warning!

Steps below are as of 2021-01-04. Please note this has to be done in Internet Explorer or Edge.

First, set permissions.

  1. Browse to protection.office.com/homepage , log in as tenant administrator
  2. Click eDiscovery Manager.
  3. Open eDiscovery Administrator, and add your current admin user.

It takes one hour (as of Microsoft support 2021-01-04) for the permissions to take effect. Used to be up to 24. Afterwards, perform the export.

  1. Browse to protection.office.com/homepage , log in as tenant administrator
  2. In left pane, click Search, then click Content Search
  3. Click New Search
  4. At bottom, item Specific locations, click Modify
  5. At top left, Exchange email, click “Choose users, groups, or teams”
  6. Click “Choose users, groups, or teams” in the new window
  7. Enter mailbox email address, wait until the search results come
  8. Check the mailbox, and click Choose, then Done
  9. Click Save
  10. Click Save & run
  11. Name the query (and PST), click Save. The query will run. Don’t continue until it’s done. It will say “Status: completed” at the lower left.
  12. Click on the word “More” at the top, just to the left of the word “Sort”.
  13. Click on “Export results”. Choose options appropriately. Click Export.
  14. Click on “Exports” above that area, to the right of “Searches”. If the export does not appear, click on Refresh.
  15. Click on the export item.
  16. Click on “Download results”. A download applet will start, requiring an export key which can be copied from the browser. Paste it in, choose your download destination, and go! It can take a very long time to start, there is a long preparation phase.

Categories:      

==============

Connect PowerShell to Exchange Online / Office 365 / Azure
article #804, updated 731 days ago

The following method is the Microsoft-recommended current one. You may need to use Install-Module instead of Update-Module depending on pre-existing installations et cetera:

Set-ExecutionPolicy RemoteSigned -Force -Scope Process
Update-Module -Name ExchangeOnlineManagement
Update-Module -Name AzureAD
Update-Module -Name MSOnline
Import-Module -Name ExchangeOnlineManagement
Import-Module -Name MSOnline
Import-Module -Name AzureAD
Connect-ExchangeOnline -UserPrincipalName login@domain.com -ShowProgress $true

The following method is the previous, and is the one which works pre-Windows-10 and/or Powershell before 5.1:

$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session -DisableNameChecking

When you’re done, be sure to do the following afterwards, or you may have to wait for automatic session expiration.

Remove-PSSession $Session

Categories:      

==============

Convert Exchange Online / Office 365 Mailbox from AD Sync to Cloud Only
article #1368, updated 812 days ago

In administrative Powershell:

  1. Install-Module AzureAD
  2. Install-Module MSOnline
  3. Connect-AzureAD
  4. Connect-MsolService

In Active Directory Users and Computers, remove the user object from OU being AD-synched. Then complete an Azure/AD sync cycle. Then:

  1. Restore-MsolUser -UserPrincipalName users_login_probably_email
  2. Set-MsolUser -UserPrincipalName users_login_probably_email -ImmutableId "$null"

Do the last step before the next automatic AD sync!

Categories:      

==============

Filter On-Prem Exchange Attributes for Azure AD Sync and Office 365 Migration
article #1379, updated 845 days ago

A couple of links:

https://itpro-tips.com/2019/this-users-on-premises-mailbox-hasnt-been-migrated-to-exchange-online/

https://answers.microsoft.com/en-us/msoffice/forum/all/this-users-on-premise-mailbox-hasnt-been-migrated/5735f499-7079-42a4-a5e9-8da275404d09

Categories:      

==============

Improve speed and prevent timeouts downloading PSTs from Office 365
article #1311, updated 850 days ago

If you let the eDiscovery Export Tool time out, it will eventually give you a link:

https://docs.microsoft.com/en-us/office365/securitycompliance/increase-download-speeds-when-exporting-ediscovery-results

which has the registry edit below. No explanation is given, but it does say that adjustment of the number (in some direction?) can help.

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Client\eDiscovery\ExportTool]
"DownloadConcurrency"="2"

Categories:      

==============

Count Folders in Exchange Online / Office 365 Mailbox
article #1355, updated 958 days ago

To count the total number of folders in use within a mailbox, first connect Powershell to Exchange Online, then:

$MailboxToCountFoldersWithin = Get-Mailbox username
$MailboxToCountFoldersWithin | Get-MailboxFolderStatistics | Measure-Object | Select-Object -ExpandProperty Count

The total number of folders, will be output as a number.

Categories:      

==============

IPs, URLs, and Ports for Microsoft Cloud Services and Office 365 (Firewall Configuration)
article #800, updated 1090 days ago

This includes Exchange Online, Lync, and others:

https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity

This has been updated recently, and many changes have occurred. Ports have been reduced considerably, and many more FQDNs added.

Categories:      

==============

Microsoft online services: FQDN firewall openings
article #947, updated 1386 days ago

Some firewalls have FQDN capability (e.g., Watchguards), which makes careful rule creation practical for a behemoth like Microsoft Office 365 and all of its related services. The info below is condensed and sorted from here. I have omitted a very few items (e.g., ports 25, 143, 465, and 993, and *.msn.com), for reasons which I hope are reasonably obvious.

Create one rule with these ports:

80, TCP
443, TCP
587, TCP
3478-81, UDP
5223, TCP
50000-59999, TCP and UDP

to the following list of locations, and it is done.

*.aadrm.com
*.aadrm.com
*.aka.ms
*.apple.com
*.aspnetcdn.com
*.aspnetcdn.com
*.assets-yammer.com
*.azure.com
*.azure.net
*.azureedge.net
*.azurerms.com
*.azurerms.com
*.azurewebsites.net
*.cloudapp.net
*.cloudapp.net
*.cloudappsecurity.com
*.cloudfront.net
*.edgekey.net
*.edgesuite.net
*.getmicrosoftkey.com
*.gfx.ms
*.live.com
*.lync.com
*.microsoft.com
*.microsoftazuread-sso.com
*.microsoftonline.com
*.microsoftonline-p.com
*.microsoftonline-p.com
*.microsoftonline-p.net
*.microsoftonline-p.net
*.microsoftstream.com
*.msappproxy.net
*.msecnd.net
*.msecnd.net
*.msecnd.net
*.msecnd.net
*.msedge.net
*.msft.net
*.msftauth.net
*.msocdn.com
*.mstea.ms
*.o365weve.com
*.office.com
*.office.net
*.office365.com
*.onedrive.com
*.onenote.com
*.onenote.net
*.onestore.ms
*.onmicrosoft.com
*.optimizely.com
*.outlook.com
*.phonefactor.net
*.sfbassets.com
*.sfx.ms
*.sharepoint.com
*.sharepointonline.com
*.skype.com
*.skypeassets.com
*.skypeforbusiness.com
*.sway.com
*.sway-cdn.com
*.sway-extensions.com
*.tenor.com
*.trafficmanager.net
*.trafficmanager.net
*.virtualearth.net
*.visualearth.net
*.visualstudio.com
*.windows.net
*.windowsazure.com
*.windowsazure.com
*.yammer.com
*.yammerusercontent.com
ajax.googleapis.com
ms.tific.com

Categories:      

==============

Exchange 2013: 550 5.7.1 Client does not have permissions to send as this sender
article #1208, updated 1531 days ago

This is is caused by bad permissions in a receive connector. The fix:

  1. Open ADSIEdit
  2. Browse to Configuration, Services, Microsoft Exchange, , Administrative Groups, Exchange Administrative Group, Servers, , Protocols, SMTP Receive Connectors
  3. Open the properties for the receive connector(s) involved in the transmissions you are debugging
  4. Open the Security Tab. Under “Authenticated Users”, make sure “Accept any Sender” and “Accept Authoritative Domain Sender” are checked.
  5. Wait five or ten seconds, and try again.
  6. If still not, or if it works for a little while and then does the error again, you probably have severe issues in your Exchange. For a stopgap, you can set permissions for Everyone, but an Exchange rebuild is probably warranted.

Categories: