Free/busy Exchange hybrid troubleshooting with Microsoft Edge

Those of you who have configured Exchange hybrid with Office 365 before know that free/busy functionality can be troublesome at times and not work correctly.
Instead of searching through Exchange logs I found that you can pin point the exact error message through Microsoft Edge to assist with troubleshooting.
To do so;

  1. Open Microsoft Edge and login to Office 365 OWA ( with an Office 365 account
  2. Create a new meeting request
  3. Press F12 to launch developer tools
  4. Conduct a free/busy lookup on a person with a mailbox on-premises
  5. Select the Network tab
  6. Select the entry with “GetUserAvailability”devtools-getuseravailability
  7. Select the body tab (on the right hand side)
  8. The MessageText element will display the exact error messagedevtools-messagetext

Delegate Mailbox Access using Groups in Exchange Online

A common misconception about granting mailbox access rights in Exchange Online is that you can only add access to the individual and not a group. You may have opened the Exchange Administrator Center (EAC), found the mailbox you wanted and looked at the delegated access tab. Only to be provided with a list of eligible user identity’s, but none of your on-premises security groups that have been created. Fear not, the on-premises groups just need a little remediation to the correct flavour to be seen in the picker and then applied.
[Keep reading] “Delegate Mailbox Access using Groups in Exchange Online”

Hybrid Exchange Migration: Mailbox to Mail-User Conversion Fails

Occasionally after migrating a mailbox from an on-premises Exchange server to Exchange Online the user is unable access their mailbox using Outlook, however the Office 365 Outlook Web Access (OWA) application is functional. Often (but not always) the migration batch report will contain users that have “Completed with Errors” or “Completed with Warnings”.

Commonly this is caused by the migration process failing to update the on-premises object and convert it into a mail-enabled user, often due to issues with inheritable permissions or unsupported characters.… [Keep reading] “Hybrid Exchange Migration: Mailbox to Mail-User Conversion Fails”

Hybrid Exchange Connectivity with Azure Traffic Manager

Does your exchange hybrid architecture need to have redundancy? How about an active/passive solution using Azure Traffic Manager elimating the need for a HLB device in your DMZ.

Currently there is a few topologies for configuring Hybrid Exchange with Office 365;

  1. Single Hybrid Server
  2. 2+ Hybrid Server behind a load balancer
  3. 2+ Hybrid Server with DNS round robin

A simple solution to make a redundant Hybrid Exchange design without using a HLB is to leverage Azure Traffic Manager to monitor and service the DNS namespace configured in on-premises Exchange and Office 365 configuration.… [Keep reading] “Hybrid Exchange Connectivity with Azure Traffic Manager”

AADSync – AD Service Account Delegated Permissions

Note: This applies to Azure AD Connect, previously referred to as AAD Sync or DirSync.

***UPDATED (04/07/2016): Includes Exchange Hybrid Object ‘msDS-ExternalDirectoryObjectID’ for Exchange 2016 environments. Thanks Dave Young.

***UPDATED (29/10/2015): Included two lines for Password Write-back as per Chris Lehr Comment

When you configure Azure AD Sync (AADSync), you need to provide credentials of an account that is used by AADSync’s AD DS Management Agent to connect to your on-premises Active Directory. In previous versions of DirSync this was achieved via running the configuration wizard as a ‘Enterprise Admin’ and thus allowing the installer to create a service account and apply permissions to the Directory on your behalf.… [Keep reading] “AADSync – AD Service Account Delegated Permissions”

Azure Active Directory Synchronization Tool: Password Sync as Backup for AD FS Federated Domains

Kloud has helped many Australian businesses leverage Microsoft cloud services such as Office 365, Intune and Microsoft Azure and most have implemented Active Directory Federation Services (AD FS) to provide a highly available Single Sign-On (SSO) user experience. In mid-2013, the Windows Azure Active Directory Synchronization Tool was updated to support password synchronisation with Azure Active Directory, which provided an alternative way to leverage on-premises authored identities with Microsoft’s cloud services.

Password synchronisation is a feature of the Azure Active Directory Sync Tool that will synchronise the password hash from your on-premises Active Directory environment to the Azure Active Directory.… [Keep reading] “Azure Active Directory Synchronization Tool: Password Sync as Backup for AD FS Federated Domains”

Hybrid Exchange 2007/2013 and Lync EWS Integration

I came across an interesting issue recently with a client currently running Exchange 2007 and looking to migrate to Exchange Online. Since Update Rollup 10 for Exchange 2007 Service Pack 3, it has become possible to coexist Exchange 2oo7 and Exchange 2013.

After installing Exchange 2013 as the Hybrid server, this particular client ran into an issue with the Lync 2013 client losing EWS integration with any mailboxes that still reside on Exchange 2007. The net effect of this is that any users that hadn’t been migrated from Exchange 2007 to Exchange 2013 or Office 365 would have to rely on Outlook MAPI (and Outlook being open) for anything to do with the Personal Information Manager feature of Lync.… [Keep reading] “Hybrid Exchange 2007/2013 and Lync EWS Integration”

Exchange 365 – Transport Rules & Distribution Groups

One of our customers is transitioning from on premise Exchange 2010 to a hybrid Exchange 365 (wave 15) environment and user management for Office 365 done through on premise Active Directory. Customer had quite a few transport rules setup up which needed to be migrated. This worked fine except for the rules using a “redirect the message to” action using a distribution group.

The error displayed in Exchange 365 generated is: The transport rule can’t be created because,[Keep reading] “Exchange 365 – Transport Rules & Distribution Groups”