Some Notes on the Machines

These are not very documented, and at least at this writing, the informatives in the console were incomplete. Here’s the steps I have working at this writing, postulating the domain at hand being “emaildomain.com”:

1. First, in the O365 Exchange administrative console, go to the Protection area, and the rightmost tab is “dkim”, click on that. Then try to Enable any which are disabled. You will see an error message which says you need to create two CNAMEs. The two strings given, are the alias targets, the alias names are not given. Use these in the next step.

2. Set CNAMEs in Internet DNS. The alias names are the same every time; the targets are taken from the error message in step 1. They are not always entirely predictable, sometimes you will see “0i” buried within and there may be other variations. But the result will not be very distant from this:

selector1._domainkey.emaildomain.com
CNAME to
selector1-emaildomain-com._domainkey.emaildomain.onmicrosoft.com.
TTL 3600

selector2._domainkey.emaildomain.com
CNAME to
selector2-emaildomain-com._domainkey.emaildomain.onmicrosoft.com.
TTL 3600

3. Once your DNS changes have propagated thoroughly, go back to step #1 and try to enable DKIM again for the domain whose records you have just changed. If you have done your CNAMEs correctly, O365 will turn DKIM on. You may need to wait for DNS propagation.

After migrating all email accounts from an on-premises Exchange 2008 or later server to Exchange Online, there remains the problem of what to do about new Outlook profile creation. Outlook will still look for the old server name, and especially if you want to keep the old server alive for a while, you will have significant problems getting Outlook 2013 to do anything with Exchange Online. Here is what the extraordinary Matt Quick and I did recently with beautiful results.

For the sake of this discussion, “localdomain.local” is the LAN-local AD-enabled domain, and “publicdomain.pub” is the Internet domain. The on-prem Exchange originally had local DNS name “exchange.localdomain.local” and Internet DNS name “exchange.publicdomain.pub”.

1. Migrated all mailboxes from on-premises Exchange 2010 to Exchange Online. Dirsync was used for initial account setup, then turned off for the actual copyover process which was done with MessageOps.
2. In Exchange Management Shell, ran Get-ClientAccessServer to get the canonical name of on-prem Exchange (we’ll say it was EXCHANGENAME), and then Set-ClientAccessServer -Identity EXCHANGENAME -AutoDiscoverServiceInternalUri $NULL (replacing EXCHANGENAME with the actual name) to nullify as many defaults as possible.
3. Set autodiscover.localdomain.local as a CNAME to autodiscover.outlook.com.
4. Set autodiscover.publicdomain.pub as a CNAME to autodiscover.outlook.com in Internet DNS. This LAN has a local copy of publicdomain.pub in its domain controllers, so copied this record to the local server as well.
5. Unregistered the NIC for the on-premises Exchange server in DNS. The checkboxes are in the DNS tabs of both TCP/IPv4 and TCP/IPv6, within the Advanced area of the NIC. This is done so that DNS changes which are next, will not be undone automatically.
6. Removed DNS A records exchange.localdomain.local and exchange.publicdomain.pub from local and Internet DNS respectively.
7. Added DNS CNAME records exchange.localdomain.local and exchange.publicdomain.pub, both pointing to outlook.office365.com, to local and Internet DNS as appropriate.
8. Set up oldexchange.localdomain.local and oldexchange.publicdomain.pub as A records pointing to the IP being used by the on-premises Exchange, to local and Internet DNS as appropriate, for archival uses and until we are ready to decommission the on-prem Exchange altogether.

Here is a very powerful tool, very automatic:

https://diagnostics.office.com/#/Download?env=SOC&theme=setup

It has many functions, one of which is to automatically fix Office 365 licensing issues, reinstalling if it detects a need. It’s a 36M download, but during the install it may download twice that or more to get libraries it needs.

Methods for both O365 web console and PowerShell, right here:

https://community.spiceworks.com/how_to/102462-office365-all-users-distribution-group

Notes:

• Checking the contents works perfectly in PowerShell, not always in Outlook.
• Users who default to the offline address book in Outlook, may have to download the Global Address List or wait a day. Downloading is accomplished within Send/Receive; in 2016 open the dropdown “Send/Receive Groups” and choose “Download Address Book”. There are Office 365 configurations in which this dropdown item does not exist.

It’s called the “Microsoft Office Configuration Analyzer Tool”, or OffCAT. Courtesy of the excellent Kaleb Carrol.

https://www.microsoft.com/en-us/download/details.aspx?id=36852

This article states that it applies to click-to-run 2013 and later, which certainly includes 365. Its registry entries permit automatic updates to be turned off and on, and also, for the on-PC UI item to be turned off and on too.

https://support.microsoft.com/en-us/help/2753538/automatic-updating-for-office-2013-and-office-2016-click-to-run-is-not-enabled

Something very like a best practices analyzer / BPA for Office, 32-bit and 64-bit, versions 2007 and newer, both MSI and click-to-run:

https://www.microsoft.com/en-us/download/details.aspx?id=36852

As of “Wave 15” of Office 365, there is enterprise-wide, a.k.a. global, automatic signature capability. It’s in Exchange -> mail flow -> rules, and it involves setting a disclaimer message, but there is extensive user-data variable substitution. A full description is here:

http://365command.com/justins-tech-tip-of-the-week-global-email-signatures-for-office-365/

There are many situations in which a recent version of Excel will report that there is not enough available memory or disk space, where there very clearly is. To knock this one out, go to File menu and Options, click Trust Center on the left, click Trust Center Settings… on the right, and then Protected View on the left. Uncheck everything in there, and OK all the way out. Close Excel and try it again. Problem eliminated.

There is a mixture of public reference statements as to whether or not Previous Versions, also called Versioning, is enabled in OneDrive for Business, which is really a second frontend for Sharepoint. Recently a new installation was studied and there was a mix of automatic activations of Versioning for different libraries and lists made, without clear logic behind. Versioning is essential as a backup method for many related uses, so it becomes essential to know how to turn it on automatically for all libraries and lists of an entire Office 365 tenant. And right now, this appears to be the only published way, a contributed script in the Office 365 Gallery:

https://gallery.technet.microsoft.com/office/Enable-versioning-for-all-ae5cfb5d

In order to use it, one first installs:

• PowerShell 3.0 if you don’t have it,
• The SharePoint Online Management Shell, and
• The Sharepoint Online Client Components SDK

Then log into the Office 365 tenant as an administrator, and click Sharepoint. You’ll be looking at the page for a URL something like this:

https://partofmydomain.sharepoint.com/_layouts/15/sharepoint.aspx

Now run PowerShell as administrator, take the “partofmydomain” chunk of text from your browser, and form the SharePoint admin URL. Don’t browse to it, but you’ll need it shortly:

https://partofmydomain-admin.sharepoint.com

Now you’ll need the script from the web page referenced at the top of this article, saved to a location to which you can CD in PowerShell. Get to that location in the shell, and run ‘notepad versioning.ps1’, towards the end you’ll see two path lines:

Add-Type -Path "c:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\ISAPI\Microsoft.SharePoint.Client.dll"  
Add-Type -Path "c:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"

The 15’s need to be changed to 16’s to match the current version of the Sharepoint installables above. Once you have this, run:

Set-ExecutionPolicy Unrestricted

in PowerShell if you haven’t already, and then:

./Versioning.ps1

It will ask you for the URL; give it the one you constructed above. Then it will ask you for admin credentials. Once it has them, it will run through every list and library, and if Versioning can be turned on, it will be.