Category: Exchange Online

Selecting specific rows from a CSV file to perform Powershell functions/commands against

Scenario: You have a large CSV file that you need to import and perform specific PowerShell commands against. You need the results in a hurry and you want to split up the CSV so you can run multiple PowerShell sessions at once to pull the results in parallel. Instead of creating separate CSV files to import for each PowerShell session, you can tell PowerShell which rows of the import you want to target.

Code Example:   In each PowerShell you can import the CSV file. When calling the variable for the loop you can specify the rows you want to target.  In this example we are going to set customattribute1 to the string “MigrateME” for the first 1000 (well 1001) entries in the csv file in one PowerShell session.  In a second PowerShell session I would import the code but change [0..1000] to [1001..2000],  and repeat the increment for each additional PowerShell session.

$users = Import-csv C:TempAll_Mailboxes.csv

$users[0..1000] | Select -expandproperty alias | %{ set-mailbox $_ -customattribute1 “MigrateMe”}

Collect more than 1000 Results in a Exchange Online Message Trace

Scenario: Recently I was attempting to perform a Message Trace in Exchange Online for a message that went out to 7000+ recipients but realized I could only pull back 1000 results.

Solution:  I used Page and PageSize with the Get-MessageTrace in a loop to pull back more results

 #Collect more than 1000 results in Exchange Online
$P = 1
$messages = $null
do 

    Write-Host “Message Trace – Page $P…” 
    $temp_Messages = Get-MessageTrace -senderaddress maccount@microsoft.com -startdate 8/14/2019 -enddate 8/15/2019 -PageSize 1000 -Page $P
    $P++ 
    $Messages += $temp_Messages 
}until ($temp_Messages -eq $null)

#display messages
$Messages.Count
$Messages

 

 

 

Duplicate Mailbox in Exchange Online after Offboarding to Exchange On-Premises

Scenario:   We migrated (offboarded) a mailbox from Exchange Online to Exchange On-Premises.  Although the mailbox was successfully migrated to On-Premises, the Exchange Online mailbox (which should have been deprovisioned) was still available in the cloud with the following error found in the Users:

Exchange: Failed to disable the mailbox <GUID> due to a conflict in directory settings. To disable this mailbox, first run Enable-RemoteMailbox on-premises. After the next Dirsync sync cycle, run Disable-RemoteMailbox on-premises to disable this mailbox in the datacenter.; Exchange: An unknown error has occurred.

The issue is that we cannot Enable-RemoteMailbox On-Premises because a Mailbox already exists for the user account On-Premises.  Also we already disabled the Exchange Online license for that account.  Its just not working, MICROSOFT!

Instead we got around the issue by doing this:

Solution:   In ADSIEdit, we cleared the value for msExchRemoteRecipientType.   Originally this value was set to a ‘8’ (DeprovisionMailbox ).  By clearing this value, the mailbox and the error are no longer present in Exchange Online and everything is good.  There had to be an error in the process of the sync or the mailbox conversion, but after clearing the error there are no issues with the mailbox.

Remove an orphaned MSExchDelegateListBL (autodiscover) entry

Scenario:  A user no longer has fullaccess to a shared mailbox BUT the shared mailbox still attempts to reconnect via Autodiscover in the Outlook profile.

Solution: The following scriptlets will detect the autodiscover links associated with the problem mailbox and attempt to remove them.  Note, you can remove all backlinks, or specific backlinks.

  $u = "Steve"
  $u_DN = Get-ADUser $u | select -ExpandProperty DistinguishedName
  $d = Get-ADUser $u -Properties msExchDelegateListBL |  select msExchDelegateListBL
  
  #To remove all backLinks
  $d.msexchdelegatelistBL | %{Set-ADUser $_ -Remove @{msExchDelegateListLink = "$u_dn"}}
  
  #To Remove specific BackLinks
  $SharedMailboxToRemove
  $d | Where msexchdelegatelistBL -like "*$SharedMailboxToRemove*" | Select -ExpandProperty msexchdelegatelistBL | %{Set-ADUser $_ -Remove @{msExchDelegateListLink = "$u_dn"}}

Advanced PowerShell Select-Object Statements: Performing Get commands inside a Select-Object Statement (Tying the output from several commands by running one command)

Scenario: You want to pull in values/output from other commands into the output of a different command. In Exchange we know not all uniquely identifiable properties are attached to each exchange command:

Example: The Alias can be found in get-mailbox, but is not tied to the output of a get-mailboxstatistics command.

In the scriptlet below, we are going to tie together the following properties in a single one-liner using expressions within the Select-Object statement:

  • Displayname from  get-mailboxstastics
  • TotalItemSize & TotalDeletedItemSize from get-mailboxstatistics
  • HasActivesyncDevicePartnership from get-casmailbox
  • Alias from get-mailbox
  • MobileDevice Count from get-mobiledevice

 

Scriptlet:

Get-mailboxstatistics steve | Select Displayname,`
Total*Size,`
@{Name=”User_Email”;Expression={$u = $_.LegacyDN; (@(get-mailbox “$u”)).primarysmtpaddress}},`
@{Name=”Alias”;Expression={$u = $_.LegacyDN; (@(get-mailbox “$u”)).alias}}, `
@{Name=”HasActiveSyncDevicePartnership”;Expression={$u = $_.LegacyDN; (@(get-casmailbox “$u”)).HasActiveSyncDevicePartnership}}, `
@{Name=”MobileDeviceCount”;Expression={$u = $_.LegacyDN; (@(get-mobiledevice -mailbox “$u”)).count}}

Another example:  Pulling the Get-mailboxfolderpermission for the calendar, but including the primarysmtpaddress in the Select statement of the delegated user:

get-mailboxfolderpermission steve:calendar | Select FolderName,`
        User,`
        @{Name=”User_Email”;Expression={$u = $_.user; (@(get-mailbox “$u”)).primarysmtpaddress}},`
        AccessRights

 

 

 

 

Error: “You cant use the domain because it’s not an accepted domain for your organization” when onboarding a mailbox to Exchange Online

Scenario:  You receive the following error message when you attempt to onboard a mailbox from Exchange On-Premises to Exchange Online:

“You cant use the domain because it’s not an accepted domain for your organization”

Solution:  Check their Email aliases (Get-mailbox steve | Select -expandproperty emailaddresses). The user account may have an invalid email alias OR an alias that is not an accepted domain for the Exchange Online tenant.  For Example,  the On-Prem mailbox may have an alias of  steve@xyz.com  but the @xyz.com is not an accepted domain in the cloud.  Either add that domain to the cloud OR remove the alias.

Outlook’s Autodiscover Redirect Limit – Hybrid Autodiscover Breaking for Exchange Online Mailboxes / Remote On-Premises Mailboxes

Scenario:  After introducing additional Exchange On-Premises servers, we noticed that Autodiscover stopped working for our Exchange Online Hybrid mailboxes that were on computers internal to the domain. Using the ‘Test E-mail AutoConfiguration’ feature in Outlook, it would fail after the SCP/DNS autodiscover lookup.

Reason:  Outlook has an Autodiscover Redirect limit of 8-10 responses.  Being we had more than 10 servers in our Exchange Infrastructure, once it hit the response limit from each SCP lookup for each server, it would then fail all redirects thereafter. You do not need 100 SCP Failures if its going to fail after the first 10 servers.

Solution:  You can reduce the number of SCP lookup’s by performing any of the following.

  1. Set the AutoDiscoverSiteScope value on each Exchange server so it only serves requests for each  AD Site via the following command:  Set-ClientAccessServer ExSrv1 -autodiscoversitescope NewYork   (Or a combination NewYork,Baltimore,Tampa)
  2. Set the AutoDiscoverSiteScope to $null so it does not participate in SCP lookups via the following command: Set-ClientAccessServer ExSrv1 -AutodiscoverSiteScope $null
  3. Set the AutoDiscoverServiceInternalURI to $null so it does not participate in SCP lookups via the following command: Set-ClientAccessServer ExSrv1 -AutodiscoverServiceInternalURI $null

 

Federated Trust for Hybrid Environment

Add a Federated Trust using powershell for a Hybrid Environment

 

-Production on-premies powershell

PS H:> Get-FederationInformation -DomainName Friendly.onmicrosoft.com -BypassAdditionalDomainValidation | New-OrganizationRelationship “Friendly Online” -FreeBusyAccessEnabled $true -FreeBusyAccessLevel AvailabilityOnly

 

-Production cloud powershell

PS H:> Get-FederationInformation -DomainName Friendly .onmicrosoft.com -BypassAdditionalDomainValidation | New-OrganizationRelationship “Friendly Online” -FreeBusyAccessEnabled $true -FreeBusyAccessLevel AvailabilityOnly

 

-From outside company powershell

PS H:> New-OrganizationRelationship -Name “your company” -DomainNames “your company”.mail.onmicrosoft.com, “your company”.onmicrosoft.com,”Your company”.edu -FreeBusyAccessEnabled $true -FreeBusyAccessLevel AvailabilityOnly -TargetApplicationUri outlook.com -TargetAutodiscoverEpr https://autodiscover-s.outlook.com/autodiscover/autodiscover.svc/WSSecurity -Enabled $true

 *NOTE: cloud to cloud free busy search you will have to use the target addresses e.g someone@company.mail,onmicrosoft.com

 

Legitimate email is being dumped into the Junk folder for Exchange Online

Scenario:  When a user sends a legitimate message to an Exchange Online recipient via Outlook Web,  the email message gets moved into the Junk Email Folder.  Viewing the Spam Confidence Level (or SCL) of the message header, it ranks the message with a 5, or a higher value that Microsoft will mark it as Spam. This happens consistently.

Troubleshooting:  After viewing the Source code of the message of the email that went into Junk, we found it was filled with tons of blacklisted URLs.  I compared this to a known good message, and the source code was much cleaner. We disabled all PluginsAdd-ins in the browser, and all emails would now consistently be delivered to the inbox of a Exchange Online user.

Cause:  The plugin AdBlock Plus embeds HTML meta data into the email message when sending via OWA that identifies multiple URL’s hidden within the message body.

Solution:    Disable the AdBlock Plus plugin and it will no longer embed the body of the email message with items that are picked up by Exchange Online’s message scanners.