Jan 11 2018

Useful Powershell Commands for Exchange

One of my recent projects was to implement a new Highly Available Exchange 2016 environment for a customer who was upgrading from Exchange 2010. When Exchange 2016 was in place, we then had to create hybrid to Office 365. Below are some really useful PowerShell Commands I used during the implementation.

Installing Exchange 2016 Pre Requisites

Install-WindowsFeature AS-HTTP-Activation, Server-Media-Foundation, 
NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, 
RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, 
RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, 
Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, 
Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, 
Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, 
Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, 
Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, 
Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, 
RSAT-ADDS

Collecting Virtual Directory Details

Outlook Anywhere

Get-OutlookAnywhere -AdPropertiesonly | Select server,Internalhostname,
Externalhostname

Outlook Web Access

Get-OWAVirtualDirectory -AdPropertiesOnly | Select Server,InternalURL,
ExternalURL

Exchange Control Panel

Get-ECPVirtualDirectory -AdPropertiesOnly | Select Server,InternalURL,
ExternalURL

Outlook Address Book

Get-OABVirtualDirectory -AdPropertiesOnly | Select Server,InternalURL,
ExternalURL

Web Services

Get-WebServicesVirtualDirectory -AdPropertiesOnly | Select Server,
InternalURL,ExternalURL

MAPI

Get-MAPIVirtualDirectory -AdPropertiesOnly | Select Server,InternalURL,
ExternalURL

Active Sync

Get-ActiveSyncVirtualDirectory -AdPropertiesOnly | Select Server,
InternalURL,ExternalURL

AutoDiscover

Collecting the AutoDiscover URI for Exchange 2010 Servers in the environment

Get-ClientAccessServer -identity SERVERNAME|select Name,
AutodiscoverServiceInternalURI |FL

Setting the AutoDiscover URI on the newly installed Exchange 2016 Server

Set-ClientAccessService -identity SERVERNAME -AutodiscoverServiceInternalURI 
https://mail.domainname.com/autodiscover/autodiscover.xml

Exchange 2016 CU7 Hybrid Gotcha!!!

So after a successful deployment of Exchange 2016 the next step was to create a hybrid to Office 365 Exchange Online, Simple as Exchange 2016 was “Born in the cloud” according to Microsoft. NOT SO!!! – I downloaded the latest version of Exchange 2016 which at the time was CU7, but when configuring the hybrid it would just sit at adding Federated Domain.

A bug slipped into Exchange 2016 CU7 which prevents the HCW from completing. The HCW fails to get past the domain ownership validation:

No matter how hard you try, you can’t get past this screen.

Fortunately CU8 was release 19th December 2017 – So I spent the next day patching my newly installed Exchange environment. – then completing the Hybrid configuration.

Enabling Legacy On Premise Public Folders in Office 365

I have recently worked on numerous Office 365 migrations that require users that have been migrated to Office 365 to have access to legacy Exchange 2010 Public folders. By default this will not work so will require a few extra steps in order to make the magic happen. Hopefully the below will be simple enough to follow in order to enable Legacy public folders…

These instructions assume that you have used the Hybrid Configuration Wizard to configure and synchronise your on-premises and Exchange Online environments and that the DNS records used for most users’ Autodiscover references an on-premises end-point. For more information, see Hybrid Configuration wizard.

If your public folders are on Exchange 2010 servers, then you need to install Client Access services on all mailbox servers that have a public folder database. This allows the Exchange RpcClientAccess service to be running, which allows for all clients to access public folders. For more information, see Install Exchange Server 2010. – The Servers will require a reboot in order for this role to become available – so remember to plan the outage before starting this process.

Create an empty mailbox database on each public folder server.

For Exchange 2010, run the following command. This command excludes the mailbox database from the mailbox provisioning load balancer. This prevents new mailboxes from automatically being added to this database.

New-MailboxDatabase -Server <PFServerName_with_CASRole> -Name 
<NewMDBforPFs> -IsExcludedFromProvisioning $true

Create a proxy mailbox within the new mailbox database and hide the mailbox from the address book. The SMTP of this mailbox will be returned by AutoDiscover as the DefaultPublicFolderMailbox SMTP, so that by resolving this SMTP the client can reach the legacy exchange server for public folder access.

New-Mailbox -Name <PFMailbox1> -Database <NewMDBforPFs>

Set-Mailbox -Identity <PFMailbox1> -HiddenFromAddressListsEnabled $true

For Exchange 2010, enable Autodiscover to return the proxy public folder mailboxes.

Set-MailboxDatabase <NewMDBforPFs> -RPCClientAccessServer 
<PFServerName_with_CASRole>

Repeat the preceding steps for every public folder server in your organisation.

Download the following files from Mail-enabled Public Folders – directory sync script:

Sync-MailPublicFolders.ps1
SyncMailPublicFolders.strings.psd1

Save the files to the local computer on which you’ll be running PowerShell. For example, C:\PFScripts.

On the legacy Exchange server with the public folders, run the following command to synchronise mail-enabled public folders from your local on-premises Active Directory to Office 365.

Sync-MailPublicFolders.ps1 -Credential (Get-Credential) 
-CsvSummaryFile:sync_summary.csv

Where Credential is your Office 365 user name and password, and CsvSummaryFile is the path to where you would like to log synchronisation operations and errors, in .csv format.

The final step in this procedure is to configure the Exchange Online organisation and to allow access to the legacy on-premises public folders. Make remote public folders discoverable to enable the Exchange Online organisation to access the on-premises public folders.

Set-OrganizationConfig -PublicFoldersEnabled Remote -
RemotePublicFolderMailboxes PFMailbox1,PFMailbox2,PFMailbox3

You must wait until Active Directory synchronisation has completed to see the changes. This process can take up to 3 hours to complete. If you don’t want to wait for the recurring synchronisations that occur every three hours, you can force directory synchronisation at any time. For detailed steps to force directory synchronisation, see Force directory synchronization. Office 365 randomly selects one of the public folder mailboxes that’s supplied in this command. – Make sure the PFUser that you created is also located in an OU that is synchronised to O365, if not the above command will not work.

How Do You Know If This Has Worked?

This last change can take a while to apply (Approx 1 Hour). To make sure that the change applied run the following cmdlet: Get-Mailbox <username> |fl *public*

Jan 21 2016

Exchange 2010–Office 365 Hybrid Setup – Remote Powershell

Recently I have been getting issues with performing a hybrid configuration from an on premise Exchange 2010 Server running the latest services packs and meeting all the required pre requisites to perform a Hybrid configuration to Office 365.

One of the first steps is to connect your on Premise exchange server to Office 365 using remote PowerShell, following the how to guide it tells you to connect to the following URI in the command below:

$session = new-pssession -configurationname microsoft.exchange -connectionuri https//ps.outlook.com/powershell/ -credential $o365cred -authentication basic

When you run this command you will get the following error:

ps.outlook.com] The WinRM service cannot process the request because the request needs to be sent to a different machine. Use the redirect information to send the request to a new machine. Redirect location reported: https://ps.outlook.com/PowerShell-LiveID?PSVersion=2.0 . To automatically connect to the redirected URI, verify “MaximumConnectionRedirectionCount” property of session preference variable “PSSessionOption” and use “AllowRedirection” parameter on the cmdlet.+ CategoryInfo : OpenError: (System.Manageme….RemoteRunspace:RemoteRunspace) [], PSRemotingTransportRed
irectException + FullyQualifiedErrorId : PSSessionOpenFailed

After speaking with Microsoft I have identified the URI has changed to https://outlook.office365.com/powershell-liveid/

and the Powershell command is slightly different to include the –AllowRedirection as there are multiple servers to connect to.

The command that worked for me was the following:

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

Sep 16 2015

Office 365 Credential Issues

If you’ve ever connected a workstation to Office 365 and then been constantly prompted for your credentials you know how frustrating it can be. Have you ever checked that box in Outlook to “Remember Password” and then screamed in frustration as yet another logon prompt came up?

Below is a collection of sites that can help you troubleshoot issues logging into your Office 365 account.

ADFS / SSO issues:
- Troubleshoot federated users being prompted at http://support.microsoft.com/kb/2461628
Autodiscover issues:
- Troubleshoot: Looping Credential Prompts When Signing In to Office 365 Using ADFS at http://www.youtube.com/watch?v=cfEQFK1SgU8
- Coming from Exchange environments: make sure your Autodiscover DNS records (internal and external both) point to the correct place. See also the Troubleshooting Autodiscover video.
- Coming from BPOS (and possibly other Exchange systems) follow the instructions at http://support.microsoft.com/kb/2644437 to remove registry entries on clients that stubbornly don’t update their Autodiscover.
Missing Updates:
- Manually push out the updates using the instructions at http://community.office365.com/en-us/w/administration/manually-install-office-365-desktop-updates.aspx. SCCM, WSUS and other configuration management systems will work just fine also. There are download links of the bits for each package. Make sure you get at least these three:
  - Microsoft Online Services Sign-In Assistant (IDCRL7)
  - Microsoft Office 2010 Update (KB2435954) – ALSO change the registry key noted in the link
  - Microsoft Outlook 2010 Update (KB2597011)
Outlook Issues:
- Uncheck “Always prompt for logon credentials” in Outlook (see http://community.office365.com/en-us/f/172/t/15620.aspx for details)
- Recreate your Outlook profile – good steps at http://community.office365.com/en-us/f/170/t/22353.aspx
- If Outlook discovers the wrong (old) Exchange system you have problems. Use “outlook /rpcdiag” to ensure Outlook is connecting to Office 365. You can also control-right-click on your Outlook icon in your system tray and choose the option for “Connection Status.” You should see connections to the cloud-based e-mail servers, not legacy servers. Good steps at http://www.petri.co.il/testing_rpc_over_http_connection.htm.
- Outlook prompts for credentials when Exchange 2003 mailboxes access Free/Busy information for Office 365 mailboxes – http://community.office365.com/en-us/forums/162/t/3567.aspx
- C:\Users\\AppData\Local\Microsoft\Sign In\Config\\Autodiscovery.xml.old not updating – rename or delete it as per http://www.brucebnews.com/2012/01/persistent-outlook-password-prompts-from-office-365/
Windows, Networking & General:
- Good Basic Troubleshooting: follow the instructions for Rich Authentication at http://support.microsoft.com/kb/2637629
- Run (or reboot and rerun) the desktop setup wizard – steps at http://onlinehelp.microsoft.com/en-us/office365-smallbusinesses/ff637537.aspx
- Change Internet Explorer security settings for Trusted sites & Windows Firewall to allow the sites listed at http://support.microsoft.com/kb/2637629
Windows Stored Credential Conflicts & Issues:
- Clearing out the Windows stored passwords for the user account under Control Panel – Users – Advanced or in the Credential Manager (depending on Windows version) – good troubleshooting at http://community.office365.com/en-us/f/172/p/52489/188561.aspx
  - XP see http://support.microsoft.com/kb/306541
  - Windows 7 see http://windows.microsoft.com/en-US/windows7/remove-stored-passwords-certificates-and-other-credential

Feb 4 2015

Connect to Exchange Online using remote PowerShell

What do you need to know before you begin?

You can use the following versions of Windows:
- Windows 8 or Windows 8.1
- Windows Server 2012 or Windows Server 2012 R2
- Windows 7 Service Pack 1 (SP1)*
- Windows Server 2008 R2 SP1*

* You need to install the Microsoft .NET Framework 4.5 or 4.5.1 and then either the Windows Management Framework 3.0 or the Windows Management Framework 4.0. For more information, see Installing the .NET Framework 4.5, 4.5.1 and Windows Management Framework 3.0 or Windows Management Framework 4.0.

Connect to Exchange Online

On your local computer, open Windows PowerShell and run the following command.
```
$UserCredential = Get-Credential
```
In the Windows PowerShell Credential Request dialog box, type your Exchange Online user name and password, and then click OK.

Run the following command.

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

Note If you are an Office 365 operated by 21Vianet customer in China, use the following value for the ConnectionUri parameter: https://partner.outlook.cn/PowerShell.

Run the following command.
```
Import-PSSession $Session
```

Note Note:

Be sure to disconnect the remote PowerShell session when you’re finished. If you close the Windows PowerShell window without disconnecting the session, you could use up all the remote PowerShell sessions available to you, and you’ll need to wait for the sessions to expire. To disconnect the remote PowerShell session, run the following command.

Remove-PSSession $Session

How do you know this worked?

After Step 3, the Exchange Online cmdlets are imported into your local Windows PowerShell session as tracked by a progress bar. If you don’t receive any errors, you connected successfully. A quick test is to run an Exchange Online cmdlet—for example, Get-Mailbox—and see the results.

If you receive errors, check the following requirements:

A common problem is an incorrect password. Run the three steps again and pay close attention to the user name and password you enter in Step 1.
To help prevent denial-of-service (DoS) attacks, you’re limited to three open remote PowerShell connections to your Exchange Online organization.
Windows PowerShell needs to be configured to run scripts. You only need to configure this setting once on your computer, not every time you connect. To enable Windows PowerShell to run signed scripts, run the following command in an elevated Windows PowerShell window (a Windows PowerShell window you opened by selecting Run as administrator).
```
Set-ExecutionPolicy RemoteSigned
```
The account you use to connect to Exchange Online must be enabled for remote Shell. For more information, see Manage remote PowerShell access in Exchange Online.
TCP port 80 traffic needs to be open between your local computer and Exchange Online. It’s probably open, but it’s something to consider if your organization has a restrictive Internet access policy.

	Richard C. Lambert on New OWA for iPhone and OWA for…
	michel jon on Exchange 2010/2007 to 2013 Mig…
	Tom Brown on PowerShell Script to List Acti…
	Victor Benz on Exporting and Importing site,…
	Mr WordPress on Hello world!

Malcolm Plested IT Blogs

IT Professional, Gadget fan, Techy Nerd and Family man

Tag Archives: Exchange