Delegate Mailbox Access using Groups in Exchange Online

8th of February, 2016 / / 4 Comments
A common misconception about granting mailbox access rights in Exchange Online is that you can only add access to the individual and not a group. You may have opened the Exchange Administrator Center (EAC), found the mailbox you wanted and looked at the delegated access tab. Only to be provided with a list of eligible user identity’s, but none of your on-premises security groups that have been created. Fear not, the on-premises groups just need a little remediation to the correct flavour to be seen in the picker and then applied.
[Keep reading] “Delegate Mailbox Access using Groups in Exchange Online”

Office 365 Import Service via PowerShell

3rd of February, 2016 / / 32 Comments

UPDATE 10/02/2017

Ok, so sorry everyone, I’ve been a bit slack with this one and Microsoft have made some significant changes in this space since I blogged on it. I thought it best to get this page updated so anyone who googled it would have current info!

Firstly, Microsoft have changed the BLOB they give you for the ingestion service to write once. This of course means if you don’t place things in the right location (folder for example) it’s not going anywhere!… [Keep reading] “Office 365 Import Service via PowerShell”

Provision Users for Exchange with FIM/MIM 2016 using the Granfeldt PowerShell MA, avoiding the AD MA (no-start-ma) error

27th of January, 2016 / / 6 Comments

Forefront / Microsoft Identity Manager provides Exchange Mailbox provisioning out of the box on the Active Directory Management Agent. I’ve used it in many many implementations over the years. However, in my first MIM 2016 implementation in late 2015 I ran into issues with something I’d done successfully many times before.

I was getting “no-start-ma” on the AD MA on export to AD. The point at which the MA sets up its connection to the Exchange environment.… [Keep reading] “Provision Users for Exchange with FIM/MIM 2016 using the Granfeldt PowerShell MA, avoiding the AD MA (no-start-ma) error”

Using powershell to add users to an Exchange Online in-place hold

22nd of January, 2016 / / 1 Comment

Originally blogged @ Lucian.Blog. Follow Lucian on Twitter @LucianFrango.

A month ago I wrote a quick post (available here) on removing users from large in-place hold polices in Exchange Online. At the time I wasn’t that familiar with the process and documentation online was limited. After sharing is caring that process I had a deeper look into the in-place hold policies for a client I’m consultant at. There was some cleanup that was required and this post explains that process as well as a streamlined way via powershell to add users to an in-place hold policy.

The problem

Over the course of any large-scale migration to Exchange Online, managed services and project resource teams coordinate to successfully migrate users and apply policies and post migration tasks. In-place hold policies and governance around storing email data for compliance and legal purposes is key for certain organisations. The larger the organisation though, the more tricky the task. The GUI or web console just isn’t enough to cater for thousands of users. Insert powershell!- it is your friend.

The solution

Overall the process to add users to an in-place hold isn’t that much different from the process of removing users from a policy. Like the previous post (available here), I’ll keep the process short and sweet to outline the steps required:

Read More

Consideration for multi-forest synchronisation with a resource Exchange forest

15th of December, 2015 / / 8 Comments

Azure AD Connect has come a long way from the early days of DirSync, and multi-forest directory synchronisation is a great step forward, with the ability to synchronise an account forest and Exchange resource forest to Office 365 meeting the needs of many organisations.

Joining linked mailboxes

To provide synchronisation of an account forest and an Exchange resource forest AAD Connect matches accounts across forests using the same attribute used by Exchange, matching the linked mailbox account’s msExchMasterAccount attribute value with the objectSID value of the account in the other forest to join them.… [Keep reading] “Consideration for multi-forest synchronisation with a resource Exchange forest”

Using PowerShell to remove users from an Exchange Online in-place hold policy

20th of November, 2015 / / No Comments

Originally blogged @ Lucian.Blog. Follow Lucian on Twitter @lucianfrango.

In-place hold, legal hold, compliance hold, journaling and/or select “D”: all of the above, when it’s simplified down to its simplest form is storing emails for X amount of time in case there’s a problem and these need to be reviewed. What’s great about Office 365 Exchange Online is that there is the ability to store those emails in the cloud for 2,555 days (or roughly speaking 7 years).

Let’s fast forward to having in-place hold enabled for an Exchange Online tenant. In my reference case I have roughly 10,500 users in the tenant and numerous in-place hold policies, with the largest containing 7,500 or so users. I’ve run into a small problem with this Hybrid based environment whereby I need to move a mailbox that is covered by an in-place hold policy (let’s call it “Lucians Mailbox Search Policy”) back to on-premises for a couple of reasons.

The following blog post outlines how to remove users from an in-place hold via PowerShell as the Office 365 / Exchange Online Control Panel may not let you do that when you have thousands of users in a single hold policy.
Read More

Hybrid Exchange Migration: Mailbox to Mail-User Conversion Fails

16th of June, 2015 / / 4 Comments

Occasionally after migrating a mailbox from an on-premises Exchange server to Exchange Online the user is unable access their mailbox using Outlook, however the Office 365 Outlook Web Access (OWA) application is functional. Often (but not always) the migration batch report will contain users that have “Completed with Errors” or “Completed with Warnings”.

Commonly this is caused by the migration process failing to update the on-premises object and convert it into a mail-enabled user, often due to issues with inheritable permissions or unsupported characters.… [Keep reading] “Hybrid Exchange Migration: Mailbox to Mail-User Conversion Fails”

Windows 10 – First Look: Scaling on the Surface Pro 3

10th of June, 2015 / / 2 Comments

As a fellow Surface user, I love my device.

The surface is a great device, which packs plenty of performance for heavy duty workloads such as running guest virtual machines or 3d rendering. It’s also extremely light which is great for work meetings and note taking on the go. You could say the Surface is great for any task that you can throw at it, almost…

Remember the first time you plugged your brand spanking new Surface into an external display to enable a little more desktop real estate in the office?… [Keep reading] “Windows 10 – First Look: Scaling on the Surface Pro 3”

Hybrid Exchange Connectivity with Azure Traffic Manager

31st of March, 2015 / / 3 Comments

Does your exchange hybrid architecture need to have redundancy? How about an active/passive solution using Azure Traffic Manager elimating the need for a HLB device in your DMZ.

Currently there is a few topologies for configuring Hybrid Exchange with Office 365;

  1. Single Hybrid Server
  2. 2+ Hybrid Server behind a load balancer
  3. 2+ Hybrid Server with DNS round robin

A simple solution to make a redundant Hybrid Exchange design without using a HLB is to leverage Azure Traffic Manager to monitor and service the DNS namespace configured in on-premises Exchange and Office 365 configuration.… [Keep reading] “Hybrid Exchange Connectivity with Azure Traffic Manager”

Australia’s leading wholesale distribution company transforms IT with Office 365

13th of November, 2014 / / No Comments

Customer Overview

Metcash is one of Australia’s leading wholesale distribution and marketing companies, specialising in grocery, fresh produce, liquor, hardware and automotive parts and accessories.

Business Situation

Metcash required the transition of a number of on-premises workloads to a cloud based service to alleviate infrastructure, support and performance issues experienced by the organisation.

Metcash evaluated several alternative SaaS options and requested to roll-out the Microsoft Office 365 suite of products in the form of a technology pilot.… [Keep reading] “Australia’s leading wholesale distribution company transforms IT with Office 365”