Using PowerShell to remove users from an Exchange Online in-place hold policy

20th of November, 2015 / / No Comments

Originally blogged @ Lucian.Blog. Follow Lucian on Twitter @lucianfrango.

In-place hold, legal hold, compliance hold, journaling and/or select “D”: all of the above, when it’s simplified down to its simplest form is storing emails for X amount of time in case there’s a problem and these need to be reviewed. What’s great about Office 365 Exchange Online is that there is the ability to store those emails in the cloud for 2,555 days (or roughly speaking 7 years).

Let’s fast forward to having in-place hold enabled for an Exchange Online tenant. In my reference case I have roughly 10,500 users in the tenant and numerous in-place hold policies, with the largest containing 7,500 or so users. I’ve run into a small problem with this Hybrid based environment whereby I need to move a mailbox that is covered by an in-place hold policy (let’s call it “Lucians Mailbox Search Policy”) back to on-premises for a couple of reasons.

The following blog post outlines how to remove users from an in-place hold via PowerShell as the Office 365 / Exchange Online Control Panel may not let you do that when you have thousands of users in a single hold policy.
Read More

Hybrid Exchange Migration: Mailbox to Mail-User Conversion Fails

16th of June, 2015 / / 4 Comments

Occasionally after migrating a mailbox from an on-premises Exchange server to Exchange Online the user is unable access their mailbox using Outlook, however the Office 365 Outlook Web Access (OWA) application is functional. Often (but not always) the migration batch report will contain users that have “Completed with Errors” or “Completed with Warnings”.

Commonly this is caused by the migration process failing to update the on-premises object and convert it into a mail-enabled user, often due to issues with inheritable permissions or unsupported characters.… [Keep reading] “Hybrid Exchange Migration: Mailbox to Mail-User Conversion Fails”

Hybrid Exchange Connectivity with Azure Traffic Manager

31st of March, 2015 / / 3 Comments

Does your exchange hybrid architecture need to have redundancy? How about an active/passive solution using Azure Traffic Manager elimating the need for a HLB device in your DMZ.

Currently there is a few topologies for configuring Hybrid Exchange with Office 365;

  1. Single Hybrid Server
  2. 2+ Hybrid Server behind a load balancer
  3. 2+ Hybrid Server with DNS round robin

A simple solution to make a redundant Hybrid Exchange design without using a HLB is to leverage Azure Traffic Manager to monitor and service the DNS namespace configured in on-premises Exchange and Office 365 configuration.… [Keep reading] “Hybrid Exchange Connectivity with Azure Traffic Manager”

Azure Active Directory Synchronization Tool: Password Sync as Backup for AD FS Federated Domains

9th of July, 2014 / / No Comments

Kloud has helped many Australian businesses leverage Microsoft cloud services such as Office 365, Intune and Microsoft Azure and most have implemented Active Directory Federation Services (AD FS) to provide a highly available Single Sign-On (SSO) user experience. In mid-2013, the Windows Azure Active Directory Synchronization Tool was updated to support password synchronisation with Azure Active Directory, which provided an alternative way to leverage on-premises authored identities with Microsoft’s cloud services.

Password synchronisation is a feature of the Azure Active Directory Sync Tool that will synchronise the password hash from your on-premises Active Directory environment to the Azure Active Directory.… [Keep reading] “Azure Active Directory Synchronization Tool: Password Sync as Backup for AD FS Federated Domains”

The Next Version of Forefront Identity Manager Is Coming in 2015

18th of May, 2014 / / No Comments

There has been a lot of speculation about the next version of Microsoft Forefront Identity Manager.  For those who follow Microsoft’s product roadmaps, a number of Forefront products have been cancelled by Microsoft.  Here is a brief list:

  • Forefront Protection 2010 for Exchange
  • Forefront Protection 2010 for SharePoint
  • Forefront Security 2010 for Office Communication Server
  • Forefront Threat Management Gateway 2010
  • Forefront Unified Access Gateway 2010

 

Other products in the Forefront family have been renamed and become a more integrated part of another product.  … [Keep reading] “The Next Version of Forefront Identity Manager Is Coming in 2015”

Exchange 365 – Transport Rules & Distribution Groups

29th of January, 2014 / / No Comments

One of our customers is transitioning from on premise Exchange 2010 to a hybrid Exchange 365 (wave 15) environment and user management for Office 365 done through on premise Active Directory. Customer had quite a few transport rules setup up which needed to be migrated. This worked fine except for the rules using a “redirect the message to” action using a distribution group.

The error displayed in Exchange 365 generated is: The transport rule can’t be created because TR-Marketing@Company.com,[Keep reading] “Exchange 365 – Transport Rules & Distribution Groups”

Wave 15 Shared Mailboxes in a Hybrid Configuration

8th of August, 2013 / / 1 Comment

Notes from the Field

I have been working on a customer site for some time now and have recently been migrated to Wave 15 of Exchange Online.

It was brought to my attention during the week, that since the migration, Shared Mailboxes which were created via the Exchange Online EAC could not receive external email. Shared mailboxes which were created in the on-premise environment and then migrated to Exchange Online are working as expected.

Note: The support staff have already created the Shared mailboxes using the Exchange online EAC and these mailboxes already have significant amounts of mail contained within.[Keep reading] “Wave 15 Shared Mailboxes in a Hybrid Configuration”

Exchange Online Inactive Mailboxes

20th of June, 2013 / / 5 Comments

In an enterprise deployment of Office 365 Wave 14, one of the recurring pain points was how to handle mailbox data retention once a user left the business and the data is required for compliance purposes. There were a number of options available to handle this:

  • Leave the mailbox in-situ and disable the user account
  • Change the license SKU to Kiosk Plan 2 as it’s a cheaper license cost and disable the user account
  • Migrate the departed user mailbox back to the on-premises hybrid Exchange platform
  • Use a 3rd party cloud archive solution

While all of these will work, on an enterprise scale they’re quite clunky and even with an identity management solution in place, they’re not particularly practical or cost effective.… [Keep reading] “Exchange Online Inactive Mailboxes”