Steve Man

modify domain names for hybrid org relationship

Task: Modify domain names configured for an organization relatinship in a hybrid deployment

you can use powershell command below to complete task

$domains = (get-organizationrelationship ‘On Premises to Exchange Online Organization Relations

hip’).domainnames

Set-organizationrelationshp -id ‘On Premises to Exchange Online Organization Relations

hip’ -domainnames $domains

Add X500 Alias to Mailboxes with Old LegacyExchangeDN Value

Scenario: A user receives a bounce message (Non Delivery Report/NDR) when emailing to an internal user that contains the following:

Delivery has failed to these recipients or groups:

John Test<mailto:IMCEAEX-_O%3DYOUR%2B20ENTERPRISE%2B20EXCHANGE_OU%3DEXCHANGE%2B20ADMINISTRATIVE%2B20GROUP%2B20%2B28FYDIBOHF23SPDLT%2B29_CN%3DRECIPIENTS_CN%3DJTest451a@domain.edu<mailto:3DJTest451a@domain.edu>>
The e-mail address you entered couldn’t be found. Please check the recipient’s e-mail address and try to resend the message. If the problem continues, please contact your helpdesk.

Cause: This issue occurs because the value for the LegacyExchangeDN attribute changed. The auto-complete cache in Microsoft Outlook and in Microsoft Outlook Web App (OWA) uses the value of the LegacyExchangeDN attribute to route email messages internally.

Resolution: Global Fix – Creating an X500 address based on the LegacyExchangeDN and adding it as an email alias to the recipients Exchange mailbox.

Copy/Extract the LegacyExchangeDN info from the NDR. This is located under the Generating Server portion. It looks like this:

IMCEAEX-_O=YOUR+20ENTERPRISE+20EXCHANGE_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FYDIBOHF23SPDLT+29_CN=RECIPIENTS_CN=JTest451a@domain.edu

Perform the following on that address:

•Replace any underscore character _ with a slash character /
•Replace +20 with a blank space.
•Replace +28 with an opening parenthesis character (.
•Replace +29 with a closing parenthesis character ).
•Delete IMCEAEX-.
•Delete @domain.edu.

Final Result: /O=YOUR ENTERPRISE EXCHANGE/OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=JTest451a

Take the final result and add this as an X500 alias for the receiving mailbox by performing these steps:

1. Open the properties of the affected mailbox in Exchange 2010.

2. Click on the Email Addresses tab.

3. Click the drop down menu next to Add… and select Custom Address.

4. In the Custom Address properties window:

i. Email Address: /O=YOUR ENTERPRISE EXCHANGE/OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=JTest451a

ii. Email Type: X500

5. Click OK out of all the mailbox windows and you are done.

Testing: You should be able to enter in the X500 into a new mail message and perform a check names. It should resolve to the users account.

Notes

This can be performed on the server to apply a global fix. The real issue is stemming from the ‘Type Ahead’ cache in the users Outlook/Outlook Web App. They can easily clear out the cache completely OR delete the type ahead address as they are entering it and reselect from the address book..
Reference: The Cause and Resolution have been taken and modified to fit our scenario from here.

Exchange PowerShell to Recover Mailbox Items in Exchange 2010.

Scenario: A user is missing mailbox items because they were accidentally deleted or moved from the mailbox and the user cannot find these missing items in their “Recover Deleted Items” folder accessible in Outlook. (Note: How to access the Recover Deleted Items section in Outlook: Outlook 2010 & Outlook 2007)

Next Step: In Exchange 2010 PowerShell, a administrator can use the New-MailboxExportRequest command to create a PST of the users mailbox. The command will export the contents of the mailbox into a PST, in addition reveal the RecoverableItems folder which is a hidden folder in the mailbox that is not seen by Outlook. This folder may contain the contents of the missing items.

Ex2010 Powershell Commands:

Creating the PST Requests:

New-MailboxExportRequest username -filepath ServernameShareFile.pst

This will copy everything from the mailbox and put it in a .PST file that you can open in Outlook.

Monitoring the PST Requests:

Get-MailboxExportRequest

-Shows the status of the move requests

Get-MailboxExportRequest | Get-MailboxExportRequestStatistics

-Shows the percentage of completion

You can also attach the |FL shell command to existing command it will show all of the available information attached to the move requests.

After the PST request completes:

Once the PST is finished building, you can open it up in Outlook and try to find the missing mailbox items in the recoverable items folders. If you cannot find the missing items, its possible a restore will need to be performed from backup in order to find the missing data.

Out of Office Not Working for a Single User

Issue: Out of Office is turned on for a user, but a Out of Office notification is not beingsent to internal/external users. You may see the Out of Office message internally BEFORE you send the message in the Outlook notification bar in the new message window.

Cause: Mailbox rules have corrupted or are conflicting with the Out-Of-Office rule in order to send a message to recipients.

Resolution: The resolution is to remove the conflicting rules in the mailbox. To do this:

1. From a run prompt use the following switch: outlook.exe /cleanrules .This will clean client and server rules for the mailbox. This is the fastest way of fixing this issue.

2. You can manually remove each rule in the mailbox.

Rules of Troubleshooting

I came across these 8 rules of troubleshooting from the blog site referenced below and found it interesting enough to post it

The 8 Rules for Outstanding Troubleshooting Skills

I always check the Event Viewer or other log files first when troubleshooting.
I do not start troubleshooting until all software/hardware is patched up to the latest approved release.
I do not make modifications unless I have a verified backup, have logged the change and I am reasonably certain what the end result will be.
My job is to provide a solution. A “workaround” means that something is still broke, and I didn’t do my job.
An end user only reports their perception of the situation; It is my job to verify the reality of the situation before attempting to find the solution.
I never assume anything; I always verify everything with my own eyes.
Asking for help from a co-worker implies I have confidence in their ability to assist, it does not imply failure on my part.
I am never afraid to call a vendor or support line for 3rd party products. It’s their product and they will be more familiar with it than I will be leading to a faster resolution.

Reference:

http://beccabits.com/the-8-rules/

“the source data is corrupted or not properly base 64 encoded”

Issue:

Encoding error trying to import cert from Comodo to Exchange or complete a pending Cert request on exchange server 2010:

“the source data is corrupted or not properly base 64 enocded”

Resolution: Download as X509 Certificate only, Base64 encoded from Cert Enrollment email sent by Comodo server. This is the enocding that worked for Exchange

Track message logs for a user

Step 1. Determine user’s mailbox server

run the following scripts from Exchange powershell

For eg, to check the log for the recipients from sendertest@test.com:

Get-MessageTrackingLog -server servname -sender test@test.com | ft recipients,subject

To Get log from a certain time/date to a specific time/date. you can also change eventid from send to deliver or fail etc

Get-MessageTrackingLog -server srvname -resultsize unlimited -start “9/29/2013 8:00am” -end “10/1/2013 3:00pm” -EventId “send” -Recipients test2@domain.edu

Offboarding and Onboarding Mailboxes

Offboarding and Onboarding mailboxes to/from Office365

Moving mailboxes 2-way can be done using the EAC from Office365. You may also connect Powershell to Office365 and run any of the scripts below:

Onboarding to Cloud:

$opcred = get-credential [domainadmin]
Get-Mailbox xx| New-MoveRequest -Remote -RemoteHostName ‘mail.domain.com’ -RemoteCredential $opcred -TargetDeliveryDomain ‘o365.mail.onmicrosoft.com’

Offboarding from the Cloud to OnPrem:

$opcred = get-credential [domainadmin]
Get-Mailbox xx| New-MoveRequest -OutBound -RemoteTargetDatabase ‘Mailbox Database xxxxxxxx’ -RemoteHostName ‘mail.domain.com’ -RemoteCredential $opcred -TargetDeliveryDomain ‘domain name’

Error moving mailbox from Office 365

In a hybrid environment, trying to move user from Cloud to Onprem and got this error

Cannot find a recipient that has mailbox GUID <many numbers>

Please reference this article for the solution:

http://obergsinfra.blogspot.com/2013/09/error-moving-mailbox-from-office-365.html

Remove role entry from a role–RBAC

For eg, to remove set-casmailbox role entry from mail recipient role, you can follow these steps:

scenario: user wants to remove set-casmailbox role entry from mail recipient role associated to a rolegroup called airwatch which has org client access, recipient policies and mail recipient roles

1. step 1

New-ManagementRole -name “Airwatch-Mail-Recipient-No-CASMailbox” -Parent “Mail Recipients”

2. Step 2

Get-ManagementRoleEntry “Airwatch-Mail-Recipient-No-Casmailbox*” | ?{$_.name -like “set-casmai
lbox”} | remove-managementroleentry -confirm:$false

3. Step 3

Add the new management role to existing role group. you can use the console to do this