Azure Active Directory Connect – Exchange Mail Public Folders

Azure Active Directory Connect – Exchange Mail Public Folders

Microsoft has included the official release of Exchange Mail Public Folders within the AAD Connect tool. This option enables support for Public Folder by synchronizing a specific set of attributes for Mail-Enabled Public Folders so they represented in Azure AD. This synchronization is required for including the public folders addresses in Directory-Based Edge Blocking.

If you have configured Directory Based Edge Blocking, please visit my post on how it is done. http://www.blogabout.cloud/2019/05/697/

This new feature from Microsoft doesn’t create actual public folder objects in Exchange Online directory, there is additional sychronization steps via PowerShell that is required if you are using Exchange Online.

You should ensure that “Microsoft.Exchange.System Objects” OU is also selected in OU Filtering, (it is selected by default)

The additional PowerShell are as followed;

Please Note:

If you have Exchange 2010 public folders, see Configure legacy on-premises public folders for a hybrid deployment.

Step 1: Download the scripts

Download the following files from Mail-enabled Public Folders – directory sync script:

  • 1
    Sync-MailPublicFolders.ps1
  • 1
    SyncMailPublicFolders.strings.psd1

Save the files to the local computer on which you’ll be running PowerShell. For example, C:\PFScripts.

Step 2: Configure directory synchronization

Directory synchronization service doesnt sync all mail-enabled public folders the scripts outlined in step 1 will synchronize these objects across on-premises and Office 365. Any special permissions will need to be recreated as these are currently unsupported by Microsoft. Synchronized mail-enabled public folder will appear as mail contact objects for mail flow purposes. These contacts will not be viewable via Exchange Admin Centre and can only be viewed using Get-MailPublicFolder

Permissions

In order to recreate the SendAs permissions in the cloud, you will need to use the Add-RecipientPermission cmdlet.

On the Exchange Server, run the following PowerShell command to synchronize mail-enabled publics


1
Sync-MailPublicFolders.ps1 -Credential (Get-Credential) -CsvSummaryFile:sync_summary.csv

Recommendation

It is always recommended to use the -Whatif parameter to simulate the action before making environmental changes.
Step 3: Configure Exchange Online users to access Exchange Server on-premises public folders

Step 3: Configure Exchange Online users to access Exchange Server on-premises public folders

The final step in this procedure if to configure your Exchange Online organsation to allow access to the Exchange Server Public Folder, this is completed by running the following command in Exchange Online.


1
Set-OrganizationConfig -PublicFoldersEnabled Remote -RemotePublicFolderMailboxes Mailbox1,Mailbox2,Mailbox3

The waiting game…

It may take up to 3 hours before the Active Directory synchronization has completed. Once completed, Log on to Outlook for a user who is in Exchange Online and perform the following public folder tests;


View the hierarchy.
Check permissions
Create and delete public folders.
Post content to and delete content from a public folder.

Regards

The Author – Blogabout.Cloud

HCW8078 – Migration Endpoint could not be created

HCW8078 – Migration Endpoint could not be created

Quicktips: Notes from the field

While running the Exchange Hybrod Configuration Wizard I ran in the following issue;

HCW8078 – Migration Endpoint could not be created
Microsoft.Exchange.Migration.MigrationServerConnectionFailedException
The connection to the server ‘http://mail.domain.com’ could not be complete

This issue is a known issue to Microsoft and the resolution is the good old “Have you tried turning it off and on?”

The It Crowd Chris Odowd GIF - Find & Share on GIPHY

The resolution was to Disable MRSProxyEnabled, this can be easily completed for all servers using;

Get-WebServiceVirtualDirectory | Set-WebServiceVirtualDirectory -MRSProxyEnabled $False

Get-WebServiceVirtualDirectory | Set-WebServiceVirtualDirectory -MRSProxyEnabled $True

This script will need to repeat this process for all your servers where MRSProxy is being used.
Invoke-Command -ComputerName Server1 -ScriptBlock {iisreset /restart}

Once you have completed the below steps you will be able to successful rerun the Hybrid Configuration Wizard without any errors

Regards
The Author – Blogabout.Cloud

Exchange Online: You can’t use the domain because it’s not an accepted domain for your organization

Exchange Online: You can’t use the domain because it’s not an accepted domain for your organization

One of the gotchas you may encounter when migrating mailboxes to Exchange Online is none registered Accepted Domains in Exchange Online. For example you may encounter the below error;

ERROR: Migration Permanent Exception: You can’t use the domain because it’s not an accepted domain for your organization –> You can’t use the domain because it’s not an accepted domain for your organization.

This maybe due to an email alias on a particular mailbox or all your organisation mailboxes due to an Email Address Policy. When migration to Exchange Online on you need to register all your accepted domains and remove any that may cause you the above issue.

In my case, I had domain.com registered with EXO but not extension.domain.com, as the alias was a legacy address you could be removed from the mailbox either using the Exchange Management Console or my favourite utility PowerShell.

Please ensure that Azure Active Directory has synchronize this change to your mailbox

Set-Mailbox <identity> -EmailAddresses @{remove=”<E-mail address>”}

Regards

The Author – Blogabout.Cloud


Import Exchange PowerShell Module into your PowerShell ISE console

Import Exchange PowerShell Module into your PowerShell ISE console

When working with Exchange there may be a requirement to create a PowerShell script using PowerShell ISE. Even if you run ISE on a Exchange Server you are unable to get the Exchange cmdlet in ISE, so the workaround for this is to use the following command;

  • If you are trying to add the Exchange cmdlets to your client machine you will need to Install the Exchange Management Tools from the Exchange installation media

The command to import the Exchange modules is different for each version – please use the appropriate command below:

Exchange 2007

2007 Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Admin; 

Exchange 2010

2010 Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010; 

Exchange 2013, 2016, 2019

2013-2019 Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn; 

Regards
The Author – Blogabout.Cloud


Do I have duplicate Recipient Alias within my Exchange organization?

Do I have duplicate Recipient Alias within my Exchange organization?

So do you know if you have duplicate recipient alias within your Exchange organisation? Heres a quick script that will look at your Exchange Environment and download all recipient address into a handy csv file you to play with.

The script

 Clear-Host
$start = [datetime]::Now
Start Transcript
Start-Transcript -Path "$env:USERPROFILE\Desktop\Mailbox Alias\mailboxaliaslog.txt"
Get-Recipent
$Mailboxes = Get-Recipient -ResultSize Unlimited -RecipientType UserMailbox |
Sort-Object -Property @{ Expression = { $_.EmailAddresses.Count } } -Descending
$Results = foreach( $Mailbox in $Mailboxes ){
$Stats = $Mailbox | Get-MailboxStatistics

$Properties = [ordered]@{ FirstName = $Mailbox.FirstName LastName = $Mailbox.LastName DisplayName = $Mailbox.DisplayName TotalItemSize = $Stats.TotalItemSize PrimarySmtpAddress = $Mailbox.PrimarySmtpAddress } $AltAddresses = $Mailbox.EmailAddresses | Where-Object { $_ -match '^smtp:' -and $_ -ne $Mailbox.PrimarySmtpAddress } $i = 1 Write-Host ('INFO: Working {0}.PrimarySmptAddress' -f $Mailbox) foreach( $Address in $AltAddresses ){ $Properties.Add( ('AltAddress{0}' -f $i), $Address -replace '^smtp:' ) $i++ } [pscustomobject]$Properties }

$Results |
Export-Csv -Path "$env:USERPROFILE\desktop\MailboxAliasReport.csv"
$end = [datetime]::Now
$resulttime = $end - $start
Stop Transcript
Stop-Transcript
Write-Host ('Execution : {0}Days:{1}Hr:{2}Min:{3}Sec' -f $resultTime.Days, $resultTime.Hours, $resultTime.Minutes, $resultTime.Seconds)

Download

Get-RecipientAlias (44 downloads)

Discovering Distribution Lists using PowerShell

Discovering Distribution Lists using PowerShell

Do you have a requirement to understand how many Distribution Lists exist within your Exchange organization or need to understand if they actually being utilized? Well, this is something I have come across recently while working for the customer. They have a mass of distribution lists across their organization which they are trying to tidy up before migrating to Office 365. The organisation I was working for had over 100,000 distributions list but the state of them was unknown so what challenges did I face?

The challenges faced

  • Unknown the number of DLs that had 0 members
  • Unknown the number of DLs that had 0 managers
  • Unknown the number of DLs that had invalid characters

The solution… PowerShell

So the following script was created to obtain the all the attributes listed before, this enable to put together a business case for which distribution lists should be deleted and which should be migrated.

  • Distribution List Name
  • SamAccountName
  • GroupType
  • DistinguishedName
  • Managedby
  • memberdepartrestriction
  • memberjoinrestriction
  • primartysmtpaddress
  • Number of Members
 [CmdletBinding()]
param()
# Call Distribution Lists
$dist = @(Get-DistributionGroup -resultsize unlimited)
# Start Transcript
Start-Transcript -Path $env:USERPROFILE\desktop\transcript.txt
# Report on Distribution List
foreach ($dl in $dist)
{
$count =@(Get-DistributionGroup $dl.samaccountname).count
$report = New-Object -TypeName PSObject
$report | Add-Member -MemberType NoteProperty -Name 'Group Name' -Value $dl.Name
$report | Add-Member -MemberType NoteProperty -Name 'samAccountname' -Value $dl.samaacountname
$report | Add-Member -MemberType NoteProperty -Name 'Group Type' -Value $dl.grouptype
$report | Add-Member -MemberType NoteProperty -Name 'DN' -Value $dl.distinguishedName
$report | Add-Member -MemberType NoteProperty -Name 'Manager' -Value $dl.managedby
$report | Add-Member -MemberType NoteProperty -Name 'Member Depart Restriction' -Value $dl.memberdepartrestriction
$report | Add-Member -MemberType NoteProperty -Name 'Member Join Restriction' -Value $dl.memberjoinrestriction
$report | Add-Member -MemberType NoteProperty -Name 'PrimarySMTPAddress' -Value $dl.primartysmtpaddress
$report | Add-Member -MemberType NoteProperty -Name 'Number of Members' -Value $count
Write-Host ('INFO: {0} has {1} members' -f $dl.name, ($count))
$reportoutput += $report
}
# Stop Transcript
Stop-Transcript
# Report
$reportoutput | Export-Csv -Path $env:USERPROFILE\desktop\DistributionListReport.csv -NoTypeInformation -Encoding UTF8

Regards
The Author – Blogabout.Cloud

Counting Exchange/Exchange Online Mailboxes with a specified SMTP Domain

Counting Exchange/Exchange Online Mailboxes with a specified SMTP Domain

When working with large organisations that have multiple SMTP Domains, you may run into a requirement where you need to know. How many mailboxes have blogabout.cloud as their PrimarySMTPAddress or have blogabout.cloud listed as their EmailAddress.

Using the below PowerShell snippet you can find out exactly

# Primary SMTP Address
get-mailbox -resultsize unlimited | where {$_.primarysmtpaddress -like "*@blogabout.cloud"} | Measure-Object


# Email Address
get-mailbox -resultsize unlimited | where {$_.emailaddress -like "*@blogabout.cloud"} | Measure-Object

Regards,

The Author – Blogabout.Cloud