ExchangeNerd

Powered by Ed Buford and Coffee

Disabling the URL Preview in Office 365 email using PowerShell

You can quickly disable the Link Preview in Office 365 for a single user setting the LinkPreviewEnabled attribute to $false when you type: 

Get-MailboxMessageConfiguration –identity ebuford –LinkPreviewEnabled $false

You can also do this for All your users if you like by getting all the mailboxes and setting them at once:

get-mailbox | Set-MailboxMessageConfiguration -LinkPreviewEnabled $false

Clean that Database!

Clean Database command missing in Exchange 2013

Sometimes you need to disable a mailbox you need to be able to see it as a disconnected mailbox right away. In the Past you’ve been able to use the Clean-Mailboxdatabase command.  I would normally tend to run the clean command against all databases since the command doesn’t draw much in the way of resources. So for me the command would look like this:    Get-Mailboxdatabase | Clean-Mailboxdatabase

But as with everything the times are constantly changing and so are the commandlets that go with them. Which brings me to Exchange 2013 where the Clean-Mailboxdatabase command no longer works. Now the command is Update-StoreMailboxState and sadly it’s not a simple command to clean all the databases – in fact to run the command you need to know the database and mailbox GUID. Now this is going far… but I digress…

Anyway if you know the database you can attack it like this:

Get-MailboxStatistics –Database DB01 | ForEach { Update-StoreMailboxState -Database $_.Database -Identity $_.MailboxGuid -Confirm:$false }

 

GetMailboxStatistics Database MDB02 |ForEach { UpdateStoreMailboxState Database $_.Database Identity $_.MailboxGuid Confirm:$false }

[Top]

Finding AD Groups with PowerShell

How to List AD Groups by type using PowerShell

The AD group type is a bit of a mystery to me. I’m not sure why Microsoft has chosen to make thing they way they have and I have to keep reminding myself they have been building Active Directory a lot longer than they have been building PowerShell.
Today one of my team asked me to see if I could pull Domain Local groups out of AD using PowerShell. I was sure this was going to be as easy as it sounds. Turns out it isn’t straight forward.

Since there isn’t a Get-ADGroupType PowerShell command I went looking at the Attributes and here’s what I found:

2015-06-08_14h57_36

Even more confusing when you Open that Attribute you get something even more interesting:

2015-06-08_14h58_48

 

So I started searching around MSDN and I came up with this chart:

Group Type                                                 Value
Global distribution group                        2
Domain local distribution group           4
Universal distribution group                  8
Global security group                               -2147483646
Domain local security group                  -2147483644
Universal security group                         -2147483640

Now that I have the value I’m looking for I can pull it out of AD:
In order to do that I need to log into Domain Controller or a Domain computer with RSAT loaded.  Then I can import the ActiveDirectory module:

Import-module ActiveDirectory

Then I can get the Group Type by using the command below

Get-ADGroup -Filter * -Properties GroupType | where {$_.GroupType -eq “-2147483644”} | FL name

If I want to change the Group Type that I’m searching for then I just change the number from the list above make sure to include the Negative on the ones that have it listed.

[sourcecode language='powershell' ]
Get-ADGroup -Filter * -Properties GroupType | where {$_.GroupType -eq "-2147483644"} | FL name

[/sourcecode]
[Top]

It’s Midnight, Do you know where your FSW is?

Your FSW is more important than you may think!

Over the past couple of weeks I’ve seen two Database Availability Groups that had their File Share Witness go missing on them. In both cases the server which housed the FSW were replaced and the FSW role was not recreated.

I’m guessing you’re asking yourself “how that can ever happened?” The truth is it’s a lot easier than you think. With a 2 node cluster and File Share Witness you only need 2 nodes up to have a Quorum. This means if both of your DAG servers are up good, or if one DAG server a and the FSW is up you’re still good. The problem is that a well configured Exchange server is kind of “Set it and Forget it” and losing a FSW can have no impact on you at all when the Servers are both up. However when one of your servers go offline for whatever reason, the remaining server relies on the FSW to hold a quorum. IF you don’t have enough nodes to maintain a Quorum then all your Database will DISMOUNT!

This action is by design, there is a crazy thing that could happen to you called Split Brain where you would write different data to your 2 copies of the database that leaving it out of sync. Since you don’t that to happen you need the  FSW.  The FSW is a great thing that should not be forgotten!

One way to tell if your FSW is online is to use the Fail Over Clusters powershell tools. You can do that from your Exchange Server. I always do it from the Standard PowerShell console (I don’t know why) but the module will load into your EMS as well.

Import-Module FailOverClusters

Get-ClusterResource

Depending on your status the output should look like one of these:

2015-06-01_16h03_33

Or you could create a task to in your event log to email you if this error shows up in your Event Logs

2015-06-01_15h54_17

Here’s a link on how to do that: https://technet.microsoft.com/en-us/library/cc732728.aspx

[Top]

SBS 2011 Exchange Hybrid with Office 365

SBS 2011 Exchange Hybrid – don’t bother

The short answer is you can’t do it.

Ok that might not be enough for you so let me give you a longer answer which I hope will satisfy you and if doesn’t then good luck and God Speed!

So here’s what you’re going to hear: SBS 2010 has Exchanger 2010 on it and all you have to do is make sure it’s on SP3 and you can run the Hybrid Configuration Wizard. While this is true enough you can run the HCW you can’t however connect your Exchange server to another forest which is essentially what you’re doing when you Add the Exchange Forest.

hybrid

When you go to add that Exchange Forest you’re going to start to run into issues even though you were able to run the HCW.

Notice from this next screenshot you’re getting an error message complaining about the WinRM client and all that jazz but also notice you can’t change the domain… no matter what you do here you can’t… Which means you can’t log into Office 365 which means this will not work.

Hybrid1

I worked with a great engineer from Microsoft and between the two of us we put in way more time than we should have on this issue simply because the documentation isn’t out there that says you CAN’T do it… well here it comes. Sadly it’s not a lot of documentation but if there was enough documentation on this I would not be writing this post…

So here is the story:

You can’t add the Exchange forest because SBS 2011 won’t allow an Inter-Forest Trust

Hybrid2

Here is a link to the document SBS 1011 FAQ the screenshot above is from Page 4.
I hope this saves you the hours of time it cost me.

[Top]

Office 365 has wrong email address Part 2

In the post:  Office 365 has wrong email address Part 1 I covered the issue of not being able to set the Email Address of a user who is being managed by Active Directory On-Prem. If you  doesn’t have a Hybrid Exchange server to set email attributes you will need to do that manually.  If any of this confuses you please jump back to Part 1 and make sure you get

what’s happening.

There are a number of scenarios of what you’re going to see when you dig into the ProxyAddresses attribute of a user. You may see an X.500 record, you may see something like the UPN that you don’t want to have. For my test domain it would like like this highlighted address:

2015-04-05_08h59_29

You can see by the way it is being formatted the address is the users UPN (User Principle Name) as it includes the full domain suffix: Corp.ExchangeNerd.com
Now I really don’t want to get too deep into the UPN but if you find you need it to get going you can leave a comment and I’ll try to answer it for you.

Getting back to the issue at hand how to change Primary Email Address of the a bunch of users at one time.  Leaving behind UPN and Domain Suffixes I’m just going to Add Primary Email addresses and figure the rest out later. In order to do that for my users I built a CSV file that has two columns The SAM Account Name and the Email Address I want my users to have.  I called this file HerosProxyAddress.csv and placed it in a folder called source on the C:\ drive.  Here’s a screen shot of what my CSV file looks like,

2015-04-05_09h12_52

Using these two columns I am able to create a quick PowerShell script to add the email address of each of the users.

Import-module ActiveDirectory $Users = Import-Csv -Path "C:\source\HerosProxyAddress.csv" foreach ($User in $Users) { $ProxyAddress = "SMTP:" + $user.'EmailAddress' Set-ADUser -identity $User.'sAMAccountName' -Add @{ProxyAddresses = $ProxyAddress} }

Copy this code into Notepad and save it with a .ps1 extension.  I saved mine as ChangeProxyAddress.ps1

Now on the domain controller I opened PowerShell as the Administrator and navigate to the place where I saved my PowerShell script.  Then  type:  .\ChangeProxyAddress.ps1

Before you try this on a lot of users I’d encourage you to test this on a couple of test users to make certain it works correctly for you.

Once you change the user attributes in Active Directory you’ll need to go to your DirSync server and load the DirSync PowerShell module. Now run the Start-OnlineCoexistenceSync with the –FullSync to make sure you get the attributes pushed out to the Cloud.

There is a lot more to talk about on this topic and there are a couple other ways we could tackle this script and at least one more script to write to Solve adding one user at a time.
So be on the lookout for Part 3.

[Top]

Office 365 has wrong email address Part 1

Lately this has come up a couple of times and I haven’t had too much time to set down and figure it out so today I thought I’d take the time to document the issues and a way to fix it.

When you set up DirSync from Active Directory to Office 365 without a hybrid Exchange server you’re faced with a problem: How do you set the Email address of the users?

When you use DirSync you can’t set the Office 365 email address out in the Cloud because it is being managed from Active DIrectory. If you don’t have a Hybrid Exchange configuration you don’t have any place to set the Email Address so when you go to Office 365 the email address will look like this: ebuford@ExchangeNerd.OnMicrosoft.com
So the question is how do I get rid of the OnMicrosoft.com part of the email address.

In order to answer the question above we have to understand that the problem comes from Active Directory not Office 365.  Since we’re using DirSync to send the Active Directory Attributes to Office 365 we need to have the Primary SMTP address set in AD. To Set the Primary SMTP address for a user in AD you need to edit ProxyAddresses Atrribute for the user AND you need to make sure the Primary Email address has the prefix of SMTP:
Just like you see it below.

2015-04-04_20h45_58

Now you can go about manually adding this address to each user in Active Directory but if you have a lot of users you’ll probably start hating life pretty quickly. So in Part 2 we’ll look at some code to Automate this process.

[Top]

Moving FSMO Roles with PowerShell

If you’ve ever had to move FSMO roles in Active Directory to another server you know it’s not as straight forward as it could should be (At least until I found PowerShell).

Open the Active Directory Module for Windows PowerShell or open PoweShell on a machine with RSAT installed and Import-Module ActiveDirectory

image

Part of the FSMO roles are Domain and part are Forest so you’ll need to use 2 commands to get the roles.
To get the Domain role holders:

Get-ADDomain | select PDCEmulator,RIDMaster,InfrastructureMaster

To get the Forest role holders:

Get-ADForest | select SchemaMaster,DomainNamingMaster

Moving roles only requires one command. Change the Target-DC to the name Domain Controller you’re moving the FSMO role(s) to.

There are 5 FSMO roles include the ones you want to move.

Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole SchemaMaster,RIDMaster,InfrastructureMaster,DomainNamingMaster,PDCEmulator

[Top]

Recover Deleted Items from Exchange Dumpster

I was having a conversation at lunch with a friend who needed to recover some items for a user from the Exchange Dumpster. So I came up with a one-liner to help you do just that but BEFORE i can really give you the one-liner I need to give you some background.

First there is a Deleted Items folder in your Exchange Mailbox. When you delete an email it goes here first (for many people that is as far as it goes but that’s another blog post…).
A user can simply look here in the their deleted Items folder and find something they have deleted if that folder has not yet been emptied.

If the Deleted Items folder has been emptied it will remain in the Deletions folder (Dumpster) for the next 14 days by default. During this time the user can use Outlook and or OWA to Recover Items that are now in the Dumpster.  I love this feature but it’s not very much fun for the user if they have deleted a lot of items lately. 

So to make things a little easier on the user you can recover all the items in PowerShell and then export them so the user can sort them to their hearts content.  The tricky part here is that you can’t drop them directly back into the mailbox you’re searching.  You can use the DiscoverySearchMailbox but I keep an admin mailbox around that I use for just such occasions. I call this mailbox SearchAdmin and it will become the Target mailbox.

The PowerShell command looks like this:

Search-Mailbox -identity ebuford -SearchDumpsterOnly -TargetMailbox SearchAdmin –TargetFolder ebufordDumpster

Search-Mailbox -identity ebuford -SearchDumpsterOnly -TargetMailbox SearchAdmin –TargetFolder ebufordDumpster

The three items in red are user mailbox you’re searching (ebuford) the target mailbox your dropping the files in (SearchAdmin) and the name of the Folder you want to dump them in (ebufordDumpster).

Once you’ve got them in the new folder you can export to a PST and then Import them back into the users mailbox. Now this isn’t the most straightforward admin task you’re going to do, but if you really want to please a user (or maybe your boss) this will make you some brownie points!

[Top]

Make today a little more productive!

Outlook is my number one tool for productivity, but when I not writing or answering email I don’t want it to distract me from whatever it is that I am doing.  To minimize  the distractions you can turn off the “Bing Bong you got your emails” notifications.

I’m using Outlook 2013 so this may look different for you, but find the Outlook Options page for you Outlook version and uncheck offending boxes.

This is how I did it for mine:

F1 

F2

F3

[Top]