Category: Exchange and Exchange Online

Tweaking for On-Prem Exchange
article #1146, updated 20 days ago

Great input:

https://technet.microsoft.com/en-us/library/dn879075%28v=exchg.150%29.aspx

Categories:   Exchange and Exchange Online   

==============

Give Exchange Online users ability to manage distribution lists
article #1118, updated 110 days ago

From the profound Mike Crayton. We do this:

  1. Create an admin role group named “Manage Distribution Groups”, with the admin role of “Distribution Groups”, setting as members the user(s) to be given this ability
  2. Give them this URL for getting to the management console:
    https://outlook.office.com/ecp/

Categories:   Exchange and Exchange Online   Office 365

==============

DKIM settings for Office 365 and Exchange Online
article #1031, updated 122 days ago

These are not very documented, and at least at this writing, the informatives in the console were incomplete. Here’s the steps I have working at this writing, postulating the domain at hand being “emaildomain.com”:

  1. First, in the O365 Exchange administrative console, go to the Protection area, and the rightmost tab is “dkim”, click on that. Then try to Enable any which are disabled. You will see an error message which says you need to create two CNAMEs. The two strings given, are the alias targets, the alias names are not given. Use these in the next step.
  1. Set CNAMEs in Internet DNS. The alias names are the same every time; the targets are taken from the error message in step 1. They are not always entirely predictable, sometimes you will see “0i” buried within and there may be other variations. But the result will not be very distant from this:

selector1._domainkey.emaildomain.com
CNAME to
selector1-emaildomain-com._domainkey.emaildomain.onmicrosoft.com.
TTL 3600

selector2._domainkey.emaildomain.com
CNAME to
selector2-emaildomain-com._domainkey.emaildomain.onmicrosoft.com.
TTL 3600

  1. Once your DNS changes have propagated thoroughly, go back to step #1 and try to enable DKIM again for the domain whose records you have just changed. If you have done your CNAMEs correctly, O365 will turn DKIM on. You may need to wait for DNS propagation.

Categories:   Office 365   Exchange and Exchange Online

==============

Connect PowerShell to Exchange Online / Office 365
article #804, updated 129 days ago

Contributed by the excellent Matt Quick:

https://mattthequick.wordpress.com/2015/11/25/connect-to-office-365-via-powershell/

  1. $msolcred = get-credential
  2. connect-msolservice -credential $msolcred
  3. $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $msolcred -Authentication Basic –AllowRedirection
  4. Import-PSSession $Session

Categories:   Exchange and Exchange Online   Office 365

==============

Publish a Shared Mailbox Calendar in Exchange Online / Office 365
article #1103, updated 137 days ago

It is not hard. After you have created the shared mailbox, its email address will appear in the Office 365 console. We’ll call it “abcdefg@domain.com”.

  1. Connect PowerShell to Exchange Online.
  2. Turn publishing on for the calendar.
Set-MailboxCalendarFolder -Identity abcdefg@domain.com:\calendar -PublishEnabled $true
  1. Get the URL. The following code will request all of the calendar setup parameters, including both an HTML URL for general web browsers and an ICS URL for many applications.
Get-MailboxCalendarFolder -Identity abcdefg@domain.com:\calendar
  1. If you test the HTML URL now, you will see no details. Do this to put all of the details in:
Set-MailboxCalendarFolder -Identity abcdefg@domain.com:\calendar -DetailLevel FullDetails

Categories:   Exchange and Exchange Online   

==============

Outlook Autodiscover After Migrating To Office 365 / Exchange Online
article #839, updated 157 days ago

After migrating all email accounts from an on-premises Exchange 2008 or later server to Exchange Online, there remains the problem of what to do about new Outlook profile creation. Outlook will still look for the old server name, and especially if you want to keep the old server alive for a while, you will have significant problems getting Outlook 2013 to do anything with Exchange Online. Here is what the extraordinary Matt Quick and I did recently with beautiful results.

For the sake of this discussion, “localdomain.local” is the LAN-local AD-enabled domain, and “publicdomain.pub” is the Internet domain. The on-prem Exchange originally had local DNS name “exchange.localdomain.local” and Internet DNS name “exchange.publicdomain.pub”.

  1. Migrated all mailboxes from on-premises Exchange 2010 to Exchange Online. Dirsync was used for initial account setup, then turned off for the actual copyover process which was done with MessageOps.
  2. In Exchange Management Shell, ran Get-ClientAccessServer to get the canonical name of on-prem Exchange (we’ll say it was EXCHANGENAME), and then Set-ClientAccessServer -Identity EXCHANGENAME -AutoDiscoverServiceInternalUri $NULL (replacing EXCHANGENAME with the actual name) to nullify as many defaults as possible.
  3. Set autodiscover.localdomain.local as a CNAME to autodiscover.outlook.com.
  4. Set autodiscover.publicdomain.pub as a CNAME to autodiscover.outlook.com in Internet DNS. This LAN has a local copy of publicdomain.pub in its domain controllers, so copied this record to the local server as well.
  5. Unregistered the NIC for the on-premises Exchange server in DNS. The checkboxes are in the DNS tabs of both TCP/IPv4 and TCP/IPv6, within the Advanced area of the NIC. This is done so that DNS changes which are next, will not be undone automatically.
  6. Removed DNS A records exchange.localdomain.local and exchange.publicdomain.pub from local and Internet DNS respectively.
  7. Added DNS CNAME records exchange.localdomain.local and exchange.publicdomain.pub, both pointing to outlook.office365.com, to local and Internet DNS as appropriate.
  8. Set up oldexchange.localdomain.local and oldexchange.publicdomain.pub as A records pointing to the IP being used by the on-premises Exchange, to local and Internet DNS as appropriate, for archival uses and until we are ready to decommission the on-prem Exchange altogether.

Categories:   Exchange and Exchange Online   Office 365

==============

PowerShell and Web Console Won't Connect to On-Prem Exchange 2013
article #1070, updated 205 days ago

Set of steps here, worked very well just now:

https://evotec.xyz/exchange-2013-powershell-errors-out-and-exchange-2013-ecp-doesnt-work-correctly/

Categories:   Exchange and Exchange Online   

==============

Create "All Users" Distribution List in Office 365
article #1061, updated 235 days ago

Methods for both O365 web console and PowerShell, right here:

https://community.spiceworks.com/how_to/102462-office365-all-users-distribution-group

Notes:

  • Checking the contents works perfectly in PowerShell, not always in Outlook.
  • Users who default to the offline address book in Outlook, may have to download the Global Address List or wait a day. Downloading is accomplished within Send/Receive; in 2016 open the dropdown “Send/Receive Groups” and choose “Download Address Book”. There are Office 365 configurations in which this dropdown item does not exist.

Categories:   Exchange and Exchange Online   Office 365

==============

Change Outlook/Exchange Folder Data Type and Much More
article #1053, updated 252 days ago

Sometimes an import to Outlook gets in all of the data, but the data type of the folder is wrong, so Outlook tries to show (e.g.) a Contacts folder as a list of emails. This was easy to fix in olde versions of Outlook, one just pulled up the properties of the folder and changed the type. The Microsoft lords have decided not to give us this easy way anymore, but one of their many major engineers gave us something which will do this among many other things:

https://github.com/stephenegriffin/mfcmapi

This is a very interesting GUI tool which will connect to a recent working Outlook profile, and permit you to do lots of deep things. It’s interesting to google MFCMAPI to see a few of them. You do need the 32-bit version of MFCMAPI if you have 32-bit Outlook, and 64-bit for 64-bit.

In this case, let’s say we have the situation in which we have imported a Contacts folder, but Outlook is showing it as a list of badly formed email forms. To fix it:

  1. Open the profile in MFCMAPI. (We do not have to close Outlook while this is happening, but we do need to restart it to see results.)
  2. Double-click on the Display Name of the account you wish to open. There may be just one, or more.
  3. A window comes up. Open its tree in the left pane using the little arrow to the left of the name near the upper left corner.
  4. Scroll down and open “Top of Information Store” in the left pane.
  5. Left-click once on the default Contacts folder for the profile, the one that is working well.
  6. Scroll in the right pane, down to PR_CONTAINER_CLASS. Doubleclick on it. Under “Ansi” it should say “IPF.Contact”, this verifies you are in the right place. Click Cancel.
  7. Right-click on PR_CONTAINER_CLASS and choose “Copy property”.
  8. Open and/or scroll in the left pane to the contacts folder which is not working properly.
  9. Right-click anywhere in the right pane, the properties list, and choose “Paste property…”. Complete the little wizard.
  10. The change will be visible immediately in Outlook if it’s open.
  11. However, at least in the case just seen, the change was not synched to EOL. I had to open the original export PST and recopy, after deleting the file in OWA. One thing not tried yet was to do the above with cached-exchange turned off; in theory this might sync directly through Outlook to EOL. Also, MFCMAPI includes folder copy capability, which may make it an entirely different import method, if it works!

MFCMAPI does lots and lots of things, but not everything extremely well :-) For instance, it may throw errors when deleting a folder stored on EOL; if so, use OWA for this, OWA seems to be much more quickly authoritative.

Categories:   Outlook & Exchange   Exchange and Exchange Online

==============

Export Office 365 Mailboxes to PST using eDiscovery
article #1052, updated 255 days ago

Steps:

  1. There will be a ClickOnce application involved for the potentially huge download. If you use Firefox as I do, you’ll want the new Firefox plugin which makes ClickOnce work much better.
  2. Within the O365 tenant’s Exchange admin area, open Permissions, open Discovery Management, and make sure all of Legal Hold, Mailbox Import Export, and Mailbox Search are present. If any of these three are absent, add them. Then scroll down to the bottom, and add your admin login as a Member.
  3. Within the O365 tenant’s Security & Compliance admin area, open Permissions, open eDiscovery Manager. Scroll down to the bottom, and add your admin login as an eDiscovery Administrator.
  4. Log entirely off of the O365 console, to activate the above permissions. Occasionally activation may require 30 minutes or more, but often it is immediate after logoff/logon.
  5. Go back to Security & Compliance, open Search & investigation. Click on eDiscovery.
  6. Create a new case. Name it something like “Export mailbox Grom”, if it’s just one user by the name of Grom that you are exporting.
  7. Open the case. Click on the Search tab. Click the Plus. Name it “mailbox Grom” or something else appropriate. Add the user to search for. Search all sites. Search public folders if you want. Click next. Don’t enter any search delimiters here unless you want a limited result. Click Search. The search is created and begun automatically. It will show you how big the result is. This is the size of the download you will be doing. The download is done by the ClickOnce application, not the browser, but if it’s huge it’s still huge.
  8. Once the search is done, you’ll need to find a little icon in the row of icons just above the list of searches. It’s fourth from the right at this writing, it looks like an arrow pointing down to a dash. Click on that, it will give you the option to “Export the Results”, which you should do as well. This starts the export wizard.
  9. Best to export all items, excluding ones that have unrecognized format, are encrypted, or weren’t indexed for other reasons, unless you have definite reason and knowledge to do otherwise.
  10. One PST file for each mailbox.
  11. No de-duplication, just in case.
  12. Versions for SharePoint documents if you want. In certain circumstances this could get huge.
  13. Start export. Here, unfortunately, is where you learn whether or not the Permissions settings are fully active yet. If they are, it will work; if not, it will tell you that you don’t have permissions sufficient, and you will have to wait.
  14. Once it’s done, click on the Export tab, and then the Refresh double arrow circle. You should see a downloadable export file. Make sure it’s highlighted, and click “Download exported results”, the blue text on the right side towards the bottom.
  15. Click “Copy to clipboard” under the export key. You’ll need this as authentication for the ClickOnce application.
  16. Click “Download results”.
  17. I’m in Firefox, so I click on the button “ClickOnce Install”.
  18. The eDiscovery Export Tool runs. I paste in the export key, and browse to a good path for the download. Then I click Start. And it begins the download! Obviously it may take a very long time for multiple gigs to download, and it even may take the cloud server a few minutes to prepare the download before it starts. But once it starts it is able to use a very large amount of Internet bandwidth if you have it. On a large pipe I watched it run at a consistent 10,000+ KB/second — ten megabytes per second, or 80 megabits per second, or 36 gigabytes per hour; so very large exports are feasible.

Categories:   Exchange and Exchange Online