Category Archives: Exchange

MAPI over HTTP, the preferred Outlook desktop client connectivity with Exchange server, is currently not enabled

When you install a Cumulative Update for Exchange Server 2016 you might receive the following informational message:

1
MAPI over HTTP, the preferred Outlook desktop client connectivity with Exchange server, is currently not enabled.
1
Consider enabling it using: Set-OrganizationConfig -MapiHttpEnabled $true
1
For more information, visit: <a href="http://technet.microsoft.com/library">http://technet.microsoft.com/library</a>(EXCHG.150)/ms.exch.setupreadiness.WarnMapiHttpNotEnabl
1
ed.aspx

This modern protocol for Outlook has been introduced to Exchange Server with Exchange Server 2013 SP1. The protocol removes the dependency to the Windows Server RPC over HTTP component. The reduced complexity enhances the reliability of the client access protocoll. It’s available for quite some time now. 

You can enable MAPI over HTTP on the organization level using the following Exchange cmdlet:?

Set-OrganizationConfig -MapiHttpEnabled $true

You can still controll the protocol setting at the user level by deactiviting MAPI of HTTP for certain users, if required:?

Set-CASMailbox -Identity [USER] -MapiHttpEnabled:$false

If your IT infrastructue is still not ready for MAPI of HTTP, your IT components pretty outdated. It’s time to move forward and to modernize the infrastructure. NOTE
Did you know that MAPI over HTTP connects to Exchange Server using TLS to encrypt the connection? Even though that the protocol name is “overHTTP” it literally uses HTTPS securing the connection.

Regards
The Author – Blogabout.Cloud

Check what Outlook versions are connecting to you Exchange servers

If you are running Exchange 2010, 2013, 2016 or 2019. You will need to run the following PowerShell script and in this example I am going to be targeting Exchange 2010.

# This is just default path to Exchange 2010 RPC logs. Change it to match your Exchange version.
$logpath = 'C:\Program Files\Microsoft\Exchange Server\V14\Logging\RPC Client Access'

# We limit the amount of logs by timeframe. This is to get more current view.
$files = Get-ChildItem $logpath |Where-Object {$_.LastWriteTime -ge (Get-Date).AddDays(-15)}

# Now, let's get the logs.
$logs = $files | ForEach {Get-Content $_.FullName}| Where-Object {$_ -notlike '#*'}

# We covert the data to PowerShell objects
$result = $logs |ConvertFrom-Csv -Header date-time,session-id,seq-number,client-name,organization-info,client-software,client-software-version,client-mode,client-ip,server-ip,protocol,application-id,operation,rpc-status,processing-time,operation-specific,failures

# And finally we filter the client information  and group it by version number.
$result | Where-Object {$_.'client-software' -eq 'OUTLOOK.EXE'}|group client-software-version

Once you have obtained the required information, you need identity which Outlook version is contacting to your Exchange server by using the following table.

Version numberName
5.0.3165.0Outlook 2000
6.0.7654.12Outlook 2000
6.0.8153.0Outlook 2000
6.0.8165.0Outlook 2000
6.0.8211.0Outlook 2000
6.0.8244.0Outlook 2000
10.0.0.2627Outlook 2002
10.0.0.4115Outlook 2002 SP2
10.0.0.6515Outlook 2002 SP3
10.0.0.6742Outlook 2002 SP3
11.0.5604.0Outlook 2003
11.0.6352.0Outlook 2003 SP1
11.0.6555.0Outlook 2003 SP2
11.0.8000.0Outlook 2003 SP2
11.0.8161.0Outlook 2003 SP3
11.0.8200.0Outlook 2003 SP3
11.0.8303.0Outlook 2003 SP3
12.0.4518.1014Outlook 2007 RTM
12.0.6024.5000Outlook 2007 RTM
12.0.6211.1000Outlook 2007 SP1
12.0.6300.5000Outlook 2007 SP1
12.0.6315.5000Outlook 2007 SP1
12.0.6423.1000Outlook 2007 SP2
12.0.6504.5001Outlook 2007 SP2
12.0.6509.5000Outlook 2007 SP2
12.0.6529.5000Outlook 2007 SP2
12.0.6539.5000Outlook 2007 SP2
12.0.6550.5000Outlook 2007 SP2
12.0.6554.5000Outlook 2007 SP2
12.0.6557.5000Outlook 2007 SP2
12.0.6562.5003Outlook 2007 SP2
12.0.6606.1000Outlook 2007 SP3
12.0.6661.5000Outlook 2007 SP3
12.0.6665.5000Outlook 2007 SP3
14.0.4734.1000Outlook 2010 RTM
14.0.6025.1000Outlook 2010 SP1
14.0.6109.5000Outlook 2010 SP1
14.0.6117.5001Outlook 2010 SP1
14.0.7151.5000Outlook 2010
14.0.7157.5000Outlook 2010
14.0.7160.5000Outlook 2010
15.0.4128.1019Outlook 2013 Preview
15.0.4727.1000Outlook 2013
15.0.4753.1003Outlook 2013
16.0.4229.1029Outlook 2016

Regards
The Author – Blogabout.Cloud

Exchange 2016 Requirements and Prerequisites

The following is a list of recommended and required items for installing Exchange Server 2016.

Exchange 2016 Server Requirements

CoexistenceRequires Exchange 2010 SP3 UR11 or Exchange 2013 UR10
Operating SystemWindows Server 2012 R2 Standard or Datacenter (full GUI required, Core not supported).
CPUMinimum of 2 CPUs with 2 cores each; Intel and AMD are supported
MemoryFor Mailbox role, 8GB memory minimum; Recommend 16GB or higher.
Page FileAmount of RAM + 10MB, not to exceed 32778MB (32GB) for initial and maximum size.
System (OS) partition:Must be NTFS. Recommend 120-150GB.
Data partition(s)Can be ReFS. Total size of all legacy EDBs + optional 30-40% minimum for growth.
Domain Controllers (DC)Must be Windows Server 2008 or newer.
Active Directory Forest Functional Level (FFL)Must be Windows Server 2008 or newer.
IPv6Do not disable.
NET FrameworkOnly .NET Framework 4.5.2 is supported currently.
Outlook ClientsOutlook 2010 with KB2965295 or newer (for Windows); Outlook 2011 for Mac or newer (for Mac).

Exchange 2016 Server Prerequisites

Active Directory Preparation

If you plan to use an Exchange 2016 server to prepare the Active Directory environment, perform these following tasks. If not, proceed to the section for Exchange Server Preparation.

  1. Install .NET Framework 4.5.2.
  2. Open an elevated PowerShell console and run this command to install Remote Server Administration Tools (RSAT)…
Install-WindowsFeature RSAT-ADDS

Exchange Server Preparation

  1. For the Mailbox server role, open an elevated PowerShell console and run the following command to install the required roles and features…
Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation

NOTE: There is no Client Access role with Exchange Server 2016. All roles, with the exception of the Edge Transport server role, have been combined to align with Microsoft’s long recommended guidance for multi-role servers.

2.  Restart the server (required).  Alternately, “-Restart” (quotes excluded) can be appended to the command above to automatically restart the server upon completing the install of the required roles and features.

3.  Install .NET Framework 4.5.2.

4.  Install Microsoft Unified Communications Managed API 4.0, Core Runtime 64-bit.

5.  Install all Windows Updates (including all optional updates).  Restart.  Repeat until no updates remain.

6.  Download Microsoft Exchange Server 2016.

NOTE: There are many hardware configurations that can be recommended, however, the items above are fairly consistent with all of projects I manage. Your suggestions are welcomed as I am always seeking to improve.

Reference(s):

Regards
The Author – Blogabout.Cloud

Install Exchange 2016 Edge Transport Server

Introduction

Edge Transport servers minimize the attack to your exchange organization by handling all Internet-facing mail flow. Edge Transport Server can be used to provide SMTP relay and smart host services for Exchange organization. Edge Transport role performs anti-spam filtering and applies security and email policies to messages in transport. Always Install Exchange 2016 Edge Transport server in the perimeter network and outside of the Active Directory forest.

Important Note:

Renaming a Server after the instalation of the Edge Transport Role isn’t supported. So when building the server unsure your naming is correct for installing this role.

Install Exchange 2016 Edge Transport Server

Before we install Exchange 2016 edge Transport Server role make sure that the following pre-requisties are met for edge transport server.

Edge Transport Network Requirement

You have allowed port 25 traffic from Internet to your Edge Transport Server.

You have configured the Network ports between Edge Transport Server and Exchange 2016 Server. Network ports required for Edge Transport server to communicate with Exchange 2016 are as below.

PortDescription
25SMTP Mail flow
2525SMTP Mail flow
53DNS Resolution
3389Remote Desktop
50389LDAP needs to be opened locally for LDAP binding
50636Secure LDAP to provide directory synchronization from Mailbox servers to AD LDS

Edge Transport Installation

Follow the steps to install the edge transport server.Login to Edge Transport Server as local Administrator

Set the Edge Server DNS Prefix by Navigating to My Computer –> Properties –> Click on Change under computer name, domain, workstation settings –> Under Computer Name, click on Change –> More –> and set the DNS Prefix. In my case it’s officec2r.com. This process requires you to restart your computer

Configure NIC to set the DNS server to point to your local DNS server.

Install AD LDS on Edge Transport Server Role by running the windows powershell cmdlet

Install-WindowsFeature ADLDS

Create “A” record in your DNS that point to Edge Transport Server.

Run the Exchange 2016 Setup as Administrator. I always recommend to Check for Updates. If you don’t want to check select “Don’t Check for updates right now” and click next

1.1

Setup will start the process of copying Exchange files for installation.

Once the copy process is completed, Setup will start the initial setup preparation.

1.2
1.3

Once the initialization is completed. Exchange Setup will start, Click on Next to continue.

10

Read and accept the license agreement and click Next

11

Use Recommended Settings for Exchange to automatically check online for solutions when encountering errors and provide feedback to Microsoft and click Next.

12

Select Edge Transport Server Role and “Automatically Install Windows Server Roles and Feature that are required to install Exchange Server” check box and click Next

13

Important Note

Exchange Edge Transport Server role cannot co-exist with the Mailbox Server Role

Select the installation path, In my case I am installing it in C: Drive as it’s my test lab.

14

Once the “Readiness Checks” are completed, Click on Install

15

Exchange 2016 Edge Server Installation process will start. Wait for the 9 step installation to be completed before you can configure your Exchange 2016 Edge Transport Server.

16

Once the Edge Server installation is completed, click on Finish to complete the process.

20

Once the Edge Transport Server role Installation is completed, the next steps are to configure the Edge Server for Exchange 2016 Mail Flow and set the policies.

Regards
The Author – Blogabout.Cloud

How to migrate from Exchange Server 2010 to Exchange 2016

I have recently been engaged to move a customer from Microsoft Exchange 2010 to Exchange 2016 so they can move to a moderm platform and leverage the features such as cloud deployments, improved reliability, and new architecture that is more in line with their technology roadmap

Before I move on I just want to highlight the features of 2016 in comparsion to 2010.

Architecture

Exchange 2010 had separate components such as Mailbox,  Hub Transport, Unified Messaging, and Client Access for performing separate roles in the server. In 2016, all of these components have been combined into a single component called Mailbox, and this component performs the combined role of other components.

Exchange Admin Center

Exchange Admin Center (EAC) has been greatly enhanced to help you connect from anywhere using a web browser. It acts as a single point of control for all operations and is optimized for on-premise, online, and hybrid Exchange deployments. Due to this enhanced EAC, Exchange Management Console (EMC) of 2010 has taken a back seat. Microsoft observed delayed updates in EMC, and this is why it decided to limit its scope in 2016.

Hybrid Configuration Wizard (HCW)

Exchange 2016 has a cloud-based application called Hybrid Configuration Wizard (HCW) that helps to connect with other Microsoft tools like Office 365 in real-time. Improved diagnostics and troubleshooting make it ideal for hybrid deployments.

MAPI over HTTP

MAPI over HTTP is the default protocol in Exchange 2016, as it is more reliable and stable than the RPC over HTTP protocol of Exchange 2010. Also, this protocol allows Outlook to pause a connection, change networks, and resume hibernation, things that were difficult to implement in Exchange 2010.

Certificate Management

In 2010, you had to install certificate for every server through EMC, while in 2016, you can install certificates across multiple servers at the same time through EAC. You can also see the expiry details in EAC.


Now that you know why Exchange 2016 is better, let’s see how to migrate from version 2010 to 2016.

Update the existing environment

If you unsure of the version you’re using, open the Exchange Management Shell and run this command:

Get-ExchangeServer : Format-List Name, Edition, AdminDisplayVersion

This should bring up the current version you’re using. Make sure it says Exchange 2010.

The first step is to update the existing environment to make the 2010 version suitable for upgrading to 2016.  To do that, install Exchange 2010 Service Pack 3 and Exchange 2010 SP3 Update Rollup 11. These are the minimum supported patch level updates for 2010, and the installation process is fairly self-explanatory.

exchange-server-2010-sp3-upgrade
installing-update-rollup

The next step is to consider updating the Directory Service Requirement and Outlook Client. For Exchange 2016, the minimum Directory Service Requirement is AD Functional Level 2008, and for Outlook Client, it is Exchange 2016 Support Outlook 2010 and above on Windows and Mac Outlook 2011 and above on Mac. You should update clients to this minimum supported version before implementing Exchange 2016.

Prepare the System for Exchange Server 2016

Do you have the system requirements needed to support Exchange 2016? Let’s double check the below requirements again, as Exchange Server 2016 supports only the following:

  • Windows Server 2012 / 2012 R2
  • Minimum memory requirement for Mailbox server role is 8GB plus an additional minimum requirement of 4GB for edge transport
  • Paging file size should be set to physical RAM, and an additional 10MB to 32788MB, depending on the size of the RAM. If you’re using 32GB of RAM, then go for the maximum of 32788MB
  • Disk space of at least 30GB on the drive on which you plan to install Exchange. Also, an additional 500MB is needed for every Unified Messaging (UM) language pack that you want to install. Additionally, you need 200MB of available disk space on the system drive, and a hard disk of a minimum of 500MB of free space for message queue database
  • A screen resolution of 1024 X 768 pixels.
  • Disk partitions that are formatted on the NTFS file system
  • .NET framework and UCS API should be installed before installing Exchange 2016. You can download both from Microsoft website and install it in your system.

Make sure your system meets all these prerequisites before installing Exchange 2016.

Next, you have to prepare the schema update. This step is irreversible, so make sure you have a full backup of Active Directory before proceeding.

A good part about this migration is you don’t have to worry much about changing HTTPS names for OWA as both the versions support the same set of naming services and active sync directories.

Install Active Directory for Exchange 2016

Next, run the Exchange 2016 setup. Choose a specific directory to extract all the files of this setup. Once the extraction is complete, run the following commands, one after the other. Open the command prompt and go to the directory where you have extracted the files.

The first command is to prepare the schema, which is, setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms

prepare-active-directory-schema

Now your schema is prepared, so move on to the next command, which is, setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms. Once that’s done, prepare your domain with the command setup.exe /PrepareDomain /IAcceptExchangeServerLicenseTerms. With this, we have completed the Active Directory installation for Exchange 2016.

Install Exchange 2016

Windows Server 2012 and 2012 R2

Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, RSAT-ADDS
exchange-2016-pre-requisites-01

A restart is required after the roles and features have finished installing. If you’d prefer that the server restarts itself automatically simply append -Restart to the command.

After the restart download and install (in order):

Windows Server 2016

Install-WindowsFeature NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, RSAT-ADDS

Next, install the following (in order):

Now that you have the environment set up and Exchane prerequisites are now met we can now install Exchange 2016. Using the installation wizard lets follow the steps through.

Browse through the setup directory, and run the file called Setup.exe.

initializing-setup

During the installation, you’ll be prompted to choose the server role selection. Choose “Mailbox role,” and the other options will automatically be deactivated because Mailbox and Edge Transport cannot coexist in the same machine.

server-role-selection

Installation will complete within the next few minutes.

server-progress-exchange-setup

Once the installation is complete, click on the Finish button. This will load the Exchange Admin Center on the browser.

exchange-admin-center

Exchange management console in 2010 is replaced with a web-based Exchange Admin Center in 2016. This is the place where you can have greater control over all operations.

exchange-admin-center-interface

Other Configurations

After installing Exchange 2016 successfully, update the Service Connection Point for AutoDiscover. To do this, use the Set-ClientAccess command from Exchange Management Shell.

Go to the Exchange Management Shell, and type this command:

Set-ClientAccessService -Identity 'ServerName' -AutoDiscoverServiceInternalURI https://autodiscover.yourURL.com/Autodiscover/Autodiscover.xml

Next, update the settings of Outlook Anywhere. To do this, go to EAC, and click on servers on the left hand side. This will open up the list of servers. Click the Edit icon and a pop-up will open. Choose the Outlook Anywhere option, and update the DNS lookup and IMAP4 settings with the name of your new server.

outlook-anywhere-interface

Once you’ve configured the settings, run IIS RESET. To do this, go to your command prompt and run the command iisreset. This will stop and restart IIS services.

The next step is to configure your Receive Connector to relay email applications. To configure this, go to the mail flow option in your EAC, click on a connector, and edit it.

receive-connector

Next up is your Mail Database installation. When you install 2016, a default database is created. You can rename this database and move it from C Drive to another drive. Open the EMC shell and run these commands to rename and move your database.

Get-MailboxDatabase -Server 'ServerName' : Set-MailboxDatabase -Name 'DatabaseName'

Move-DatabasePath -Identity 'ServerName' -EdbFilePath E:\Database\'ServerName'\'DatabaseName'.EDB. -LogFolderPath E:\Database\'DatabaseName'_Log

Once that’s done, update the OWA directory. Exchange 2016 supports acting-as-a-proxy for 2010, so both the versions can coexist using the same URLs. Now, change the OWA and autodiscover URL to Exchange 2016, to ensure all URLs go through Exchange 2016. You can use the below script to do that.

$Server  = 'SeverName'
$HTTPS_FQDN = your_URL
Get -OWAVirtualDirectory -Server $Server | Set -OWAVirtualDirectory -ExternalURL $null
Get -ECPVirtualDirectory -Server $Server | Set -ECPVirtualDirectory -ExternalURL $null
Get -OABVirtualDirectory -Server $Server | Set -OABVirtualDirectory -ExternalURL $null
Get -ActiveSyncVirtualDirectory -Server $Server | Set -ActiveSyncVirtualDirectory -ExternalURL $null
Get -WebServicesVirtualDirectory -Server $Server | Set -WebServicesVirtualDirectory -ExternalURL $null
Enable -OutlookAnywhere -Server $Server -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName $HTTPS_FQDN

Lastly, update the DNS, so it points to autodiscover and OWA. To do that, open your Accu Directory Domain Controller Machine. Open the DNS Manager, and change the record to ensure that it points to the new server.

Test your configuration

Finally, it’s time to test if your configurations work. It’s best to create a new user to login and test the account functionality. To create a new user, open EAC and click on Recipients. From here, add a new user and check if everything is working fine.

If all is good, migrate all users from the Exchange 2010 to the Exchange 2016 database.

In short, much has changed between Exchange 2010 and Exchange 2016, so it’s best you migrate to the latest version to make the most of the new functionalities. Migrating to 2016 is not so difficult when you follow the aforementioned steps.

Regards,
The Author – Blogabout.Cloud

Where is the Service Connection Point (SCP) set for Microsoft Exchange Server?

Every IT Administrator will have heard the term “Service Connection Point” or SCP when autodiscover is mentioned especially if you are still running Exchange Server On-Premises.

What is SCP?
Where can I find it?
What is it used for?

Whenever a Client Access Server is installed into a Greenfield or exisiting Exchange organisation. Exchange automatically creates at installation the virtual directory

1
autodiscover
in IIS, the frontend Client Access services web site that clients connect to. This allows Outlook to discover the Exchange mailbox settings so that users don’t have to deal with manually configuring advanced settings.

Autodiscover functional process

The SCP object is also created in Active Directory at the same time as the Autodiscover service virtual directory. The SCP stores and provides authoritative URLs of the Autodiscover service for domain-joined computers.

Where can I find SCP?

You can view the SCP object using Active Directory Sites and Services, after you have enabled the “View Services Node” option from the “View” tab.

You will have a list of SCPs if you have more than one CAS server in your environment. If you right click and take the properties of the SCP object (Attribute Editor tab), it contains two two pieces of information which is of interest;

  • “serviceBindingInformation” attribute
  • keywords” attribute.

The “serviceBindingInformation” attribute has the Fully Qualified Domain Name (FQDN) of the Client Access server in the form of https://ex02.officec2r.com/autodiscover/autodiscover.xml, where ex02.officec2r.com is the FQDN of the CAS server.

This url is mostly changed to one that is covered by the SAN/UCC certificate. It is this url which internal Outlook client uses to connect to the mailbox and other Exchange features published using autodiscover.

The “keywords” attribute specifies the Active Directory sites to which this SCP record is associated. By default, this attribute specifies the Active Directory site to which the Client Access server belongs.

What is it used for?

When using a domain joined client, Outlook client authenticates to Active Directory and tries to locate the SCP objects by using the user’s credentials. After the client obtains and enumerates the instances of the Autodiscover service, it connects to the first Client Access server in the enumerated list and obtains the profile information in the form of XML data that is needed to connect to the user’s mailbox and available Exchange features.

If you require to remove the ServiceBindingInformation at any point this can be completed by;


1
Set-ClientAccessServer -AutoDiscoverServiceInternalUri $Null

Once Active Directory replication has completed, the SCP object will be updated with the Null Value and if you need to reinstate the AutoDiscoverServiceInternalUri run the same command again but with the require value


1
Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://ex02.officec2r.com/autodiscover/autodiscover.xml

Regards
The Author – Blogabout.Cloud

Azure Active Directory Connect – Exchange Mail Public Folders

Microsoft has included the official release of Exchange Mail Public Folders within the AAD Connect tool. This option enables support for Public Folder by synchronizing a specific set of attributes for Mail-Enabled Public Folders so they represented in Azure AD. This synchronization is required for including the public folders addresses in Directory-Based Edge Blocking.

If you have configured Directory Based Edge Blocking, please visit my post on how it is done. https://www.blogabout.cloud/2019/05/697/

This new feature from Microsoft doesn’t create actual public folder objects in Exchange Online directory, there is additional sychronization steps via PowerShell that is required if you are using Exchange Online.

You should ensure that “Microsoft.Exchange.System Objects” OU is also selected in OU Filtering, (it is selected by default)

The additional PowerShell are as followed;

Please Note:

If you have Exchange 2010 public folders, see Configure legacy on-premises public folders for a hybrid deployment.

Step 1: Download the scripts

Download the following files from Mail-enabled Public Folders – directory sync script:

  • 1
    Sync-MailPublicFolders.ps1
  • 1
    SyncMailPublicFolders.strings.psd1

Save the files to the local computer on which you’ll be running PowerShell. For example, C:\PFScripts.

Step 2: Configure directory synchronization

Directory synchronization service doesnt sync all mail-enabled public folders the scripts outlined in step 1 will synchronize these objects across on-premises and Office 365. Any special permissions will need to be recreated as these are currently unsupported by Microsoft. Synchronized mail-enabled public folder will appear as mail contact objects for mail flow purposes. These contacts will not be viewable via Exchange Admin Centre and can only be viewed using Get-MailPublicFolder

Permissions

In order to recreate the SendAs permissions in the cloud, you will need to use the Add-RecipientPermission cmdlet.

On the Exchange Server, run the following PowerShell command to synchronize mail-enabled publics


1
Sync-MailPublicFolders.ps1 -Credential (Get-Credential) -CsvSummaryFile:sync_summary.csv

Recommendation

It is always recommended to use the -Whatif parameter to simulate the action before making environmental changes.
Step 3: Configure Exchange Online users to access Exchange Server on-premises public folders

Step 3: Configure Exchange Online users to access Exchange Server on-premises public folders

The final step in this procedure if to configure your Exchange Online organsation to allow access to the Exchange Server Public Folder, this is completed by running the following command in Exchange Online.


1
Set-OrganizationConfig -PublicFoldersEnabled Remote -RemotePublicFolderMailboxes Mailbox1,Mailbox2,Mailbox3

The waiting game…

It may take up to 3 hours before the Active Directory synchronization has completed. Once completed, Log on to Outlook for a user who is in Exchange Online and perform the following public folder tests;


View the hierarchy.
Check permissions
Create and delete public folders.
Post content to and delete content from a public folder.

Regards

The Author – Blogabout.Cloud

HCW8078 – Migration Endpoint could not be created

Quicktips: Notes from the field

While running the Exchange Hybrod Configuration Wizard I ran in the following issue;

HCW8078 – Migration Endpoint could not be created
Microsoft.Exchange.Migration.MigrationServerConnectionFailedException
The connection to the server ‘http://mail.domain.com’ could not be complete

This issue is a known issue to Microsoft and the resolution is the good old “Have you tried turning it off and on?”

http://gph.is/15qgSlN

The resolution was to Disable MRSProxyEnabled, this can be easily completed for all servers using;

Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory -MRSProxyEnabled $false
Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory -MRSProxyEnabled $true

This script will need to repeat this process for all your servers where MRSProxy is being used.
Invoke-Command -ComputerName Server1 -ScriptBlock {iisreset /restart}

Once you have completed the below steps you will be able to successful rerun the Hybrid Configuration Wizard without any errors

Regards
The Author – Blogabout.Cloud

Exchange Online: You can’t use the domain because it’s not an accepted domain for your organization

One of the gotchas you may encounter when migrating mailboxes to Exchange Online is none registered Accepted Domains in Exchange Online. For example you may encounter the below error;

ERROR: Migration Permanent Exception: You can’t use the domain because it’s not an accepted domain for your organization –> You can’t use the domain because it’s not an accepted domain for your organization.

This maybe due to an email alias on a particular mailbox or all your organisation mailboxes due to an Email Address Policy. When migration to Exchange Online on you need to register all your accepted domains and remove any that may cause you the above issue.

In my case, I had domain.com registered with EXO but not extension.domain.com, as the alias was a legacy address you could be removed from the mailbox either using the Exchange Management Console or my favourite utility PowerShell.

Please ensure that Azure Active Directory has synchronize this change to your mailbox

Set-Mailbox <identity> -EmailAddresses @{remove=”<E-mail address>”}

Regards

The Author – Blogabout.Cloud


Import Exchange On-Premiese PowerShell Module into your PowerShell ISE console

When working with on-premises Exchange there may be a requirement to create a PowerShell script using PowerShell ISE. Even if you run ISE on a Exchange Server, you are unable to get the Exchange cmdlets in ISE. So whats theworkaround for this is?

Important: Getting Exchange Cmdlets on a client machine

If you are trying to add the Exchange cmdlets to your client machine then you will need to Install the Exchange Management Tools from the Exchange installation media on your device.

Importing the Exchange Cmdlets into PowerShell ISE

The following commands allow the import of the Exchange Management Cmdlets into PowerShell ISE. They are slight different for the listed versions of Exchange.

Exchange 2007

Use the following Add-PSSnapin to bring the cmdlets into PowerShell ISE

 Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Admin; 

Exchange 2010

Use the following Add-PSSnapin to bring the cmdlets into PowerShell ISE

 Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010; 

Exchange 2013, 2016, 2019

Use the following Add-PSSnapin to bring the cmdlets into PowerShell ISE

Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn; 

Exchange Online

If you require the Exchange Online PowerShell Modules, you will need to install the new ExchangeOnlineManagement modules from the PowerShell Gallery.

https://www.powershellgallery.com/packages/ExchangeOnlineManagement/2.0.4-Preview6

Regards
The Author – Blogabout.Cloud