Category Exchange Server

Jan 11 2018

Useful Powershell Commands for Exchange

One of my recent projects was to implement a new Highly Available Exchange 2016 environment for a customer who was upgrading from Exchange 2010. When Exchange 2016 was in place, we then had to create  hybrid to Office 365. Below are some really useful PowerShell Commands I used during the implementation.

Installing Exchange 2016 Pre Requisites 

Install-WindowsFeature AS-HTTP-Activation, Server-Media-Foundation, 
NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, 
RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, 
RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, 
Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, 
Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, 
Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, 
Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, 
Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, 
Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, 
RSAT-ADDS

Collecting Virtual Directory Details 

Outlook Anywhere

Get-OutlookAnywhere -AdPropertiesonly | Select server,Internalhostname,
Externalhostname

Outlook Web Access

Get-OWAVirtualDirectory -AdPropertiesOnly | Select Server,InternalURL,
ExternalURL

Exchange Control Panel

Get-ECPVirtualDirectory -AdPropertiesOnly | Select Server,InternalURL,
ExternalURL

Outlook Address Book

Get-OABVirtualDirectory -AdPropertiesOnly | Select Server,InternalURL,
ExternalURL

Web Services

Get-WebServicesVirtualDirectory -AdPropertiesOnly | Select Server,
InternalURL,ExternalURL

MAPI

Get-MAPIVirtualDirectory -AdPropertiesOnly | Select Server,InternalURL,
ExternalURL

Active Sync

Get-ActiveSyncVirtualDirectory -AdPropertiesOnly | Select Server,
InternalURL,ExternalURL

 

AutoDiscover

Collecting the AutoDiscover URI for Exchange 2010 Servers in the environment

Get-ClientAccessServer -identity SERVERNAME|select Name,
AutodiscoverServiceInternalURI |FL

Setting the AutoDiscover URI on the newly installed Exchange 2016 Server

Set-ClientAccessService -identity SERVERNAME -AutodiscoverServiceInternalURI 
https://mail.domainname.com/autodiscover/autodiscover.xml

 

Exchange 2016 CU7 Hybrid Gotcha!!!

So after a successful deployment of Exchange 2016 the next step was to create a hybrid to Office 365 Exchange Online, Simple as Exchange 2016 was “Born in the cloud” according to Microsoft. NOT SO!!! – I downloaded the latest version of Exchange 2016 which at the time was CU7, but when configuring the hybrid it would just sit at adding Federated Domain.

A bug slipped into Exchange 2016 CU7 which prevents the HCW from completing. The HCW fails to get past the domain ownership validation:


No matter how hard you try, you can’t get past this screen.

Fortunately CU8 was release 19th December 2017 – So I spent the next day patching my newly installed Exchange environment. – then completing the Hybrid configuration.

Advertisements
Nov 20 2017

Enabling Legacy On Premise Public Folders in Office 365

I have recently worked on numerous Office 365 migrations that require users that have been migrated to Office 365 to have access to legacy Exchange 2010 Public folders. By default this will not work so will require a few extra steps in order to make the magic happen. Hopefully the below will be simple enough to follow in order to enable Legacy public folders…

These instructions assume that you have used the Hybrid Configuration Wizard to configure and synchronise your on-premises and Exchange Online environments and that the DNS records used for most users’ Autodiscover references an on-premises end-point. For more information, see Hybrid Configuration wizard.

If your public folders are on Exchange 2010 servers, then you need to install Client Access services on all mailbox servers that have a public folder database. This allows the Exchange RpcClientAccess service to be running, which allows for all clients to access public folders. For more information, see Install Exchange Server 2010. – The Servers will require a reboot in order for this role to become available – so remember to plan the outage before starting this process.

Create an empty mailbox database on each public folder server.

For Exchange 2010, run the following command. This command excludes the mailbox database from the mailbox provisioning load balancer. This prevents new mailboxes from automatically being added to this database.

New-MailboxDatabase -Server <PFServerName_with_CASRole> -Name 
<NewMDBforPFs> -IsExcludedFromProvisioning $true

Create a proxy mailbox within the new mailbox database and hide the mailbox from the address book. The SMTP of this mailbox will be returned by AutoDiscover as the DefaultPublicFolderMailbox SMTP, so that by resolving this SMTP the client can reach the legacy exchange server for public folder access.

New-Mailbox -Name <PFMailbox1> -Database <NewMDBforPFs>
Set-Mailbox -Identity <PFMailbox1> -HiddenFromAddressListsEnabled $true

For Exchange 2010, enable Autodiscover to return the proxy public folder mailboxes.

For Exchange 2010, enable Autodiscover to return the proxy public folder mailboxes.

Set-MailboxDatabase <NewMDBforPFs> -RPCClientAccessServer 
<PFServerName_with_CASRole>

Repeat the preceding steps for every public folder server in your organisation.

Download the following files from Mail-enabled Public Folders – directory sync script:

  • Sync-MailPublicFolders.ps1
  • SyncMailPublicFolders.strings.psd1

Save the files to the local computer on which you’ll be running PowerShell. For example, C:\PFScripts.

On the legacy Exchange server with the public folders, run the following command to synchronise mail-enabled public folders from your local on-premises Active Directory to Office 365.

Sync-MailPublicFolders.ps1 -Credential (Get-Credential) 
-CsvSummaryFile:sync_summary.csv

Where Credential is your Office 365 user name and password, and CsvSummaryFile is the path to where you would like to log synchronisation operations and errors, in .csv format.

The final step in this procedure is to configure the Exchange Online organisation and to allow access to the legacy on-premises public folders. Make remote public folders discoverable to enable the Exchange Online organisation to access the on-premises public folders.

Set-OrganizationConfig -PublicFoldersEnabled Remote -
RemotePublicFolderMailboxes PFMailbox1,PFMailbox2,PFMailbox3

You must wait until Active Directory synchronisation has completed to see the changes. This process can take up to 3 hours to complete. If you don’t want to wait for the recurring synchronisations that occur every three hours, you can force directory synchronisation at any time. For detailed steps to force directory synchronisation, see Force directory synchronization. Office 365 randomly selects one of the public folder mailboxes that’s supplied in this command. – Make sure the PFUser that you created is also located in an OU that is synchronised to O365, if not the above command will not work.

How Do You Know If This Has Worked?

This last change can take a while to apply (Approx 1 Hour). To make sure that the change applied run the following cmdlet: Get-Mailbox <username> |fl *public*

defaultPFMBX.png

Aug 17 2016

Office 365 Hybrid – Federation Configuration Issues

Recently I have been faced with an issue for one of our customers running MS Windows Small Business Server 2011 – Exchange 2010 SP3.

When running the Hybrid Configuration wizard I got an error stating:
Unable to access the Federation Metadata document from the federation partner. Detailed information: “The remote server returned an error: (407) Proxy Authentication Required.”

This happened on the initial phase of the Hybrid config wizard which actually is an attempt to create a federation trust with the MS Federation Gateway.

I checked the IE settings and removed the proxy settings and tried again. Same thing. Not surprising really – Exchange uses the system account which would ignore IE settings. I turned to ‘netsh’ to see what settings the system account would use.

Run from a command prompt: netsh winhttp show proxy

This came back as ‘DIRECT’.
For good measure, I ran ‘netsh winhttp reset proxy
No difference.

The customer did have a proxy – I could have just configured the system to use the proxy with another netsh command (‘netsh winhttp import proxy source=ie’), however Exchange won’t allow this if your proxy requires authentication which was the case. Why was I being forced through the proxy?

I checked one last place using the Exchange Management Shell:

Get-ExchangeServer ‘SERVER’ |ft InternetWebProxy

This came back blank. There was surely no other place where a proxy could be specified?

Not quite – apparently the SYSTEM account will always attempt to use WPAD (Windows Proxy Auto Discovery). Surely nobody uses this anymore? WRONG! This particular customer so happened to have it configured.

Easy way to get rid of it? Simply disable the service (by default it sits in a manual startup mode).

After disabling WPAD, I restarted the IIS service (the w3wp process is responsible for performing the Hybrid Configuration wizard task) but this didn’t quite fix it. It looks like the proxy settings get cached – after a server reboot the problem was resolved.

I did also contact MS support to resolve this, but they drew a dead end.. they asked me to reapply service packs, check to make sure my internet connection was not filtered and there were no firewall rules blocking access.. this will be going down in my notes as one to remember.

Aug 3 2016

Exchange Distribution Group Members

A task that I am often required to do is to provide information about who is a member of what distribution group in Exchange.

Below is a PowerShell snippet that you must run in the Exchange Management Shell to pull out all the required Distributions groups and the members:

foreach ($group in Get-DistributionGroup) { get-distributiongroupmember $group | ft @{expression={$_.displayname};Label=”$group”} | Out-File c:\temp\DistributionListMembers.txt -append}

 

The output looks something like this:
Info
—-
User1
User2
User3

Technicians
———–
Technician1