The Exchange toolkit

I’ve just bumped into Chad Solarz’s “The Exchange toolkit” blog entry. it’s quite dated… but nonetheless has great links and a great “one stop shop” here.

For your usage..

http://blogs.technet.com/b/csolarz/archive/2013/05/13/the-exchange-toolkit.aspx

Posted in Exchange 2003, Exchange 2007, Exchange 2010, Exchange 2013, Office 365, Outlook / MAPI, PowerShell | 2 Comments

Quest (Dell) ActiveRoles Management Shell for Active Directory

Looking to download QAD / Quest AD cmdlets / Quest ActiveRoles Management Shell for Active Directory ?

Took me a while to locate it now once Quest was integrated into the Dell Software website… so here’s your quick way to download :

http://software.dell.com/register/71110

It was just hiding in the Trial downloads section – http://software.dell.com/trials/

Happy QAD’ing :)

Posted in PowerShell | 3 Comments

How to reset OneDrive for Business when it’s crashing constantly

Recently I’ve messed with my Windows 8.1 profile account, and shortly after my OneDrive for business client started crashing in a loop… it just went crazy, filling my notification area with icons failing to stop. I had no way to reach any menu or remove the folders I’m syncing.

I’ve tried the easy (lazy) way of repairing / uninstalling / removing Office 365 ProPlus (in my case) which turned out useless.. did some manual clean up of registry entries, removed caching files and obviously looked-up forum threads and KB’s which also turned out as you’ve guessed it – useless…

Almost desperate, I’ve turned to the all mighty Process Monitor and started debugging the errors.

Thru closely examining the endless output of entries, I’ve spotted an undocumented registry entry that was being checked by the Groove.exe (which is your OneDrive sync process) upon start-up.

So there I was, crossing fingers,  editing the registry hoping… and BINGO! I have performed a reset to the OneDrive for Business client, and it behaved like the first time I’ve opened it up.

Here it is, Add/Modify these two DWORD values:

[HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Groove]
"FirstSyncComplete"=dword:00000000


[HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Groove\Development]
"IsResyncEnabled"=dword:00000001

Hope this post will help more good folks out there.

ilantz

Posted in Office 365 | 3 Comments

Exchange 2013 CU5 upgrade fails with error – The object already exists

Just ran into this one,

An existing Exchange 2013 CU2 installation was requested to be updated to CU5, nothing special there…

Once trying to run the CU5 setup.exe /PrepareAD , the setup failed with an error:
[02/07/2014 11:57:49.0192] [1] [ERROR] Active Directory operation failed on dc.domain.com. The object 'CN=Default,CN=OWA Mailbox Policies,CN=Exchange,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=com' already exists.
[02/07/2014 11:57:49.0192] [1] [ERROR] The object exists.

Digging in the ExchangeSetup.log file, I’ve tried to identify the cause.

[02/07/2014 11:57:49.0192] [1] [ERROR] The following error was generated when "$error.Clear();
$policyDefault = Get-OwaMailboxPolicy -DomainController $RoleDomainController | where {$_.Identity -eq "Default"};

if($policyDefault -eq $null)
{
New-OwaMailboxPolicy -Name "Default" -DomainController $RoleDomainController
}
" was run:
"Microsoft.Exchange.Data.Directory.ADObjectAlreadyExistsException:
Active Directory operation failed on dc.domain.com. The object 'CN=Default,CN=OWA Mailbox Policies,CN=Exchange,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=domain,DC=com' already exists. ---> System.DirectoryServices.Protocols.DirectoryOperationException:
The object exists.

So I’ve tried to reproduce the test manually using the same command in the setup:
Get-OwaMailboxPolicy -DomainController $RoleDomainController | where {$_.Identity -eq "Default"}
And the result was indeed $null .. which made no sense here… because it does exists, as the error states – the object ‘CN=Default,CN=OWA Mailbox Policies,CN=Exchange,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=com’ already exists.

Then I’ve noticed that the CN was “default” with lower “d” … although the Where-Object and -eq should be case insensitive, the check failed…

get-owamailboxpolicy before the change - default

So, I’ve modified the value to be “Default” with capital “D”:

Set-OwaMailboxPolicy -Identity default -Name Default

get-owamailboxpolicy after the change

that did the trick :) and the setup.exe /PrepareAD was successful.

ilantz

Posted in Exchange 2013 | 3 Comments

The Windows PowerShell snap-in Coexistence-Configuration is not installed on this machine

Just noticed now that the new build of Windows Azure Directory Synchronization Tool, is missing the DirSyncConfigShell.psc1 file..
more over the Coexistence-Configuration PSSnapin is also gone…

So if you’ve trying to use the known way to force a synchronization with DirSync, use these PowerShell commands to achieve what you were used to.

Import-Module DirSync
Start-OnlineCoexistenceSync

import-module-dirsync

enjoy !

Posted in Office 365 | 6 Comments

This message could not be sent – Error 0x80070005 – Office 365 | Report non-inherited Send-As permissions script

After a few incidents from Office 365 deployments, I’d like to share this issue to help anyone facing it.

If you or anyone of your users tried to send an email and use the “From” option to send as another recipient you might face NDR’s (non delivery reports) which will include these errors:

  • Delivery has failed to these recipients or groups
  • This message could not be sent. Try sending the message again later, or contact your network administrator.  Error is [0x80070005-00000000-00000000]

Using Exchange Server Error Code Look-up (Download Err.exe), 0x80070005 resolves back to MAPI_E_NO_ACCESS or E_ACCESSDENIED which bring us to the actual cause of the issue.

SendAs / Send-as permissions are not retained in migrations to Office 365 just because it is based on an ACL set in Active Directory and ACLs are not synced to Office 365.

To add a SendAs permission use the Add-RecipientPermission cmdlet with Exchange Online Remote PowerShell or use the Exchange Admin Control Panel and add the Send As permission from the “Mailbox Delegation” menu.

Add-RecipientPermission "Help Desk" -AccessRights SendAs -Trustee "Ayla Kol"

See the full reference about the command here – http://technet.microsoft.com/en-us/library/ff935839(v=exchg.150).aspx

As a result of this issue, I’ve created a small script to report which recipients (of any type) have non inherited SendAs permissions ACL’s.  You can later use the report to re-create the permission in 365.

Download the script here: http://gallery.technet.microsoft.com/Report-non-inherited-Send-86ab658b

 

Posted in Exchange 2010, Exchange 2013, Office 365, PowerShell | 2 Comments

Setting Office 365 UsageLocation value using the Country attribute value

Hi,

Since Office 365 projects started, setting users` licenses with scripts has been somewhat of an issue.

There are great scripts out there to automate assigning licenses to users, but the prerequisite of assigning an Office 365 license to a user is to choose the Usage Location for that user. When dealing with several dozens or hundreds of users that might be fine, but for large scaled deployments this becomes also an issue. and I’ve decided to script it and share this in case anyone will need this as much as I did.

This script is has a really simple logic, trace down the Country attribute value for each user, match that with the two letter country code (required for the PowerShell Set-MsolUser command) and set that value for the user.

I’ve worked up to match the list from https://www.iso.org/obp/ui to the countries available for selection within the Office 365 portal.

Keep in mind that the script will not handle any spelling errors, so be sure to maintain the country value BEFORE you run this script. If you are using Directory Synchronization this should be more productive as your Active Directory will also benefit from this move…

The script will try to find an exact match of the country value, although – case Insensitive.

grab it here: http://gallery.technet.microsoft.com/office/Setting-Office-365-Usage-4d685175

Please share your comments if you have any, I would love hearing this script is being used.

ilantz

Posted in Office 365, PowerShell | 2 Comments

Exchange Hybrid Configuration failed with error Subtask Configure execution failed

Hi Again,

While setting up the Hybrid Configuration Wizard on an Exchange 2010 server for Office 365, I’ve encountered this error:

[2/4/2014 13:36:8] INFO:Running command: Get-FederationInformation -DomainName 'contoso.mail.onmicrosoft.com' -BypassAdditionalDomainValidation 'True'
[2/4/2014 13:36:8] INFO:Cmdlet: Get-FederationInformation --Start Time: 2/4/2014 3:36:08 PM.
[2/4/2014 13:36:16] INFO:Cmdlet: Get-FederationInformation --End Time: 2/4/2014 3:36:16 PM.
[2/4/2014 13:36:16] INFO:Cmdlet: Get-FederationInformation --Processing Time: 7690.8.
[2/4/2014 13:36:16] INFO:Disconnected from On-Premises session
[2/4/2014 13:36:17] INFO:Disconnected from Tenant session
[2/4/2014 13:36:17] ERROR:Updating hybrid configuration failed with error 'Subtask Configure execution failed: Creating Organization Relationships.


Execution of the Get-FederationInformation cmdlet had thrown an exception. This may indicate invalid parameters in your Hybrid Configuration settings.


Operation is not valid due to the current state of the object.
at System.Management.Automation.PowerShell.CoreInvoke[TOutput](IEnumerable input, PSDataCollection`1 output, PSInvocationSettings settings)
at System.Management.Automation.PowerShell.Invoke(IEnumerable input, PSInvocationSettings settings)
at System.Management.Automation.PowerShell.Invoke()
at Microsoft.Exchange.Management.Hybrid.RemotePowershellSession.RunCommand(String cmdlet, Dictionary`2 parameters, Boolean ignoreNotFoundErrors)
'.


Additional troubleshooting information is available in the Update-HybridConfiguration log file located at C:\Program Files\Microsoft\Exchange Server\V14\Logging\Update-HybridConfiguration\HybridConfiguration_2_4_2014_13_35_39_635271177398297855.log.

Looking at the application log in the Exchange server showed an Event ID 403 with source MSExchange Common:
The Certificate named xxxxxxx in the Federation Trust 'Microsoft Federation Gateway' is expired. Please review the Federation Trust properties and the certificates installed in the certificate store of the server.

The Certificate named xxxxxxx in the Federation Trust 'Microsoft Federation Gateway' is expired. Please review the Federation Trust properties and the certificates installed in the certificate store of the server.

After checking of course, the Federation certificate was just created… and is indeed valid…..

All that was required was a quick “restart” to the application pools on the server, I usually just restart the MSExchangeServiceHost and MSExchangeProtectedServiceHost services. after that the wizard completed successfully :)

Hope this helped anyone,

ilantz

Posted in Exchange 2010, Office 365 | 2 Comments

Manually adding a secondary SMTP proxy address for hybrid Exchange Online and Office 365

Update - 07-30-2014 – Thanks for the feedback about this post, I’ve republished the code. it is now wrapped as a script and also logs results to a log file. download the new version…

I’ve been busy with more Office 365 and Hybrid Exchange Online deployments and came up with a script I hope will help some of you out there.

While deploying an Hybrid Exchange Online setup, one of the steps the Hybrid Configuration Wizard is doing is modifying the email address policy and adding “alias@tenant.mail.onmicrosoft.com” to the relevant EAP policies. This is great although there’s a good chance you have some mailboxes that are set with EmailAddressPolicyEnabled:$false

I’ve written a function script that will help you add the additional secondary SMTP proxy address to those mailboxes easily :)

Here’s an example on how to use the script:

.\Add-OnMicrosoftSMTP.ps1 -Tenant:ilantz

The script will require your “Tenant” name, for example – if your Office 365 tenant is ilantz.onmicrosoft.com, enter ilantz as the tenant name. Once entered it will find all mailboxes with the property EmailAddressPolicyEnabled:$false and will try to add the routing SMTP address – alias@tenant.mail.onmicrosoft.com (following the default Exchange Hybrid Configuration Wizard settings). If that SMTP proxy address is already taken, the function will add a random 5 digit number to the alias – alias12345@tenant.mail.onmicrosoft.com.

The script will catch and display any exceptions that may occur during the process. and will automatically log the results to a log file.

Get the script here – http://gallery.technet.microsoft.com/Office-365-Add-Exchange-14c7f0c3

Revision History
——————————————————————————–
1.0    Initial release
1.1    Updated and rewritten as a script instead of a function which caused confusion
1.2    Added Logging of successful addresses being added and failures

Enjoy !

ilantz

Posted in Exchange 2010, Exchange 2013, Office 365, PowerShell | 8 Comments

The Outlook Web App address is out of date – Office 365 Hybrid

Quick note from the field..

I’ve encountered an issue with an Exchange 2010 and Office 365 Hybrid configuration, users that were moved to Office 365 and tried to reach the original On-Premise OWA URL were receiving an error – The Outlook Web App address https://owa.domain.com/owa is out of date.

The Outlook Web App Address Is Out Of Date

What should have happen is that the OWA will offer the users to use the URL configured on the TargetOwaUrl parameter on the Organization Relationship to the Office 365 routing domain. After some digging I’ve realized that this hybrid setup was performed using the manual steps that were documented for Exchange 2010 SP1, so the Hybrid Configuration Wizard did not do it’s magic….

Anyhow, after comparing this setup with a working hybrid configuration including the OWA redirection, I’ve noticed that the TargetOwaUrl value did not had xxx/owa/xxxx in it’s URL.

So instead of http://outlook.com/owa/domain.mail.onmicrosoft.com – I’ve had http://outlook.com/domain.mail.onmicrosoft.com

So after running Set-OrganizationRelationship -TargetOwaURL “http://outlook.com/owa/domain.mail.onmicrosoft.com” the redirection worked as expected.

Hope this helps out anyone,

ilantz

See also: Simplify the OWA URL for Office 365 Hybrid

Posted in Exchange 2010, Office 365 | 1 Comment