Enabling Legacy On Premise Public Folders in Office 365

I have recently worked on numerous Office 365 migrations that require users that have been migrated to Office 365 to have access to legacy Exchange 2010 Public folders. By default this will not work so will require a few extra steps in order to make the magic happen. Hopefully the below will be simple enough to follow in order to enable Legacy public folders…

These instructions assume that you have used the Hybrid Configuration Wizard to configure and synchronise your on-premises and Exchange Online environments and that the DNS records used for most users’ Autodiscover references an on-premises end-point. For more information, see Hybrid Configuration wizard.

If your public folders are on Exchange 2010 servers, then you need to install Client Access services on all mailbox servers that have a public folder database. This allows the Exchange RpcClientAccess service to be running, which allows for all clients to access public folders. For more information, see Install Exchange Server 2010. – The Servers will require a reboot in order for this role to become available – so remember to plan the outage before starting this process.

Create an empty mailbox database on each public folder server.

For Exchange 2010, run the following command. This command excludes the mailbox database from the mailbox provisioning load balancer. This prevents new mailboxes from automatically being added to this database.

New-MailboxDatabase -Server <PFServerName_with_CASRole> -Name 
<NewMDBforPFs> -IsExcludedFromProvisioning $true

Create a proxy mailbox within the new mailbox database and hide the mailbox from the address book. The SMTP of this mailbox will be returned by AutoDiscover as the DefaultPublicFolderMailbox SMTP, so that by resolving this SMTP the client can reach the legacy exchange server for public folder access.

New-Mailbox -Name <PFMailbox1> -Database <NewMDBforPFs>
Set-Mailbox -Identity <PFMailbox1> -HiddenFromAddressListsEnabled $true

For Exchange 2010, enable Autodiscover to return the proxy public folder mailboxes.

For Exchange 2010, enable Autodiscover to return the proxy public folder mailboxes.

Set-MailboxDatabase <NewMDBforPFs> -RPCClientAccessServer 
<PFServerName_with_CASRole>

Repeat the preceding steps for every public folder server in your organisation.

Download the following files from Mail-enabled Public Folders – directory sync script:

  • Sync-MailPublicFolders.ps1
  • SyncMailPublicFolders.strings.psd1

Save the files to the local computer on which you’ll be running PowerShell. For example, C:\PFScripts.

On the legacy Exchange server with the public folders, run the following command to synchronise mail-enabled public folders from your local on-premises Active Directory to Office 365.

Sync-MailPublicFolders.ps1 -Credential (Get-Credential) 
-CsvSummaryFile:sync_summary.csv

Where Credential is your Office 365 user name and password, and CsvSummaryFile is the path to where you would like to log synchronisation operations and errors, in .csv format.

The final step in this procedure is to configure the Exchange Online organisation and to allow access to the legacy on-premises public folders. Make remote public folders discoverable to enable the Exchange Online organisation to access the on-premises public folders.

Set-OrganizationConfig -PublicFoldersEnabled Remote -
RemotePublicFolderMailboxes PFMailbox1,PFMailbox2,PFMailbox3

You must wait until Active Directory synchronisation has completed to see the changes. This process can take up to 3 hours to complete. If you don’t want to wait for the recurring synchronisations that occur every three hours, you can force directory synchronisation at any time. For detailed steps to force directory synchronisation, see Force directory synchronization. Office 365 randomly selects one of the public folder mailboxes that’s supplied in this command. – Make sure the PFUser that you created is also located in an OU that is synchronised to O365, if not the above command will not work.

How Do You Know If This Has Worked?

This last change can take a while to apply (Approx 1 Hour). To make sure that the change applied run the following cmdlet: Get-Mailbox <username> |fl *public*

defaultPFMBX.png

Advertisements

Exchange 2010–Office 365 Hybrid Setup – Remote Powershell

Recently I have been getting issues with performing a hybrid configuration from an on premise Exchange 2010 Server running the latest services packs and meeting all the required pre requisites to perform a Hybrid configuration to Office 365.

One of the first steps is to connect your on Premise exchange server to Office 365 using remote PowerShell, following the how to guide it tells you to connect to the following URI in the command below:

$session = new-pssession -configurationname microsoft.exchange -connectionuri https//ps.outlook.com/powershell/ -credential $o365cred -authentication basic

When you run this command you will get the following error:

ps.outlook.com] The WinRM service cannot process the request because the request needs to be sent to a different machine. Use the redirect information to send the request to a new machine. Redirect location reported: https://ps.outlook.com/PowerShell-LiveID?PSVersion=2.0 . To automatically connect to the redirected URI, verify “MaximumConnectionRedirectionCount” property of session preference variable “PSSessionOption” and use “AllowRedirection” parameter on the cmdlet.+ CategoryInfo : OpenError: (System.Manageme….RemoteRunspace:RemoteRunspace) [], PSRemotingTransportRed
irectException + FullyQualifiedErrorId : PSSessionOpenFailed

After speaking with Microsoft I have identified the URI has changed to https://outlook.office365.com/powershell-liveid/

and the Powershell command is slightly different to include the –AllowRedirection as there are multiple servers to connect to.

The command that worked for me was the following:

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

Office 365 Credential Issues

If you’ve ever connected a workstation to Office 365 and then been constantly prompted for your credentials you know how frustrating it can be.  Have you ever checked that box in Outlook to “Remember Password” and then screamed in frustration as yet another logon prompt came up?

Below is a collection of sites that can help you troubleshoot issues logging into your Office 365 account.

Connect to Exchange Online using remote PowerShell

What do you need to know before you begin?

  • You can use the following versions of Windows:
    • Windows 8 or Windows 8.1
    • Windows Server 2012 or Windows Server 2012 R2
    • Windows 7 Service Pack 1 (SP1)*
    • Windows Server 2008 R2 SP1*

* You need to install the Microsoft .NET Framework 4.5 or 4.5.1 and then either the Windows Management Framework 3.0 or the Windows Management Framework 4.0. For more information, see Installing the .NET Framework 4.5, 4.5.1 and Windows Management Framework 3.0 or Windows Management Framework 4.0.

Connect to Exchange Online

  1. On your local computer, open Windows PowerShell and run the following command.
    $UserCredential = Get-Credential

    In the Windows PowerShell Credential Request dialog box, type your Exchange Online user name and password, and then click OK.

  2. Run the following command.

    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

    Note   If you are an Office 365 operated by 21Vianet customer in China, use the following value for the ConnectionUri parameter: https://partner.outlook.cn/PowerShell.

  3. Run the following command.

    Import-PSSession $Session

NoteNote:

Be sure to disconnect the remote PowerShell session when you’re finished. If you close the Windows PowerShell window without disconnecting the session, you could use up all the remote PowerShell sessions available to you, and you’ll need to wait for the sessions to expire. To disconnect the remote PowerShell session, run the following command.

Remove-PSSession $Session

How do you know this worked?

After Step 3, the Exchange Online cmdlets are imported into your local Windows PowerShell session as tracked by a progress bar. If you don’t receive any errors, you connected successfully. A quick test is to run an Exchange Online cmdlet—for example, Get-Mailbox—and see the results.

If you receive errors, check the following requirements:

  • A common problem is an incorrect password. Run the three steps again and pay close attention to the user name and password you enter in Step 1.
  • To help prevent denial-of-service (DoS) attacks, you’re limited to three open remote PowerShell connections to your Exchange Online organization.
  • Windows PowerShell needs to be configured to run scripts. You only need to configure this setting once on your computer, not every time you connect. To enable Windows PowerShell to run signed scripts, run the following command in an elevated Windows PowerShell window (a Windows PowerShell window you opened by selecting Run as administrator).

    Set-ExecutionPolicy RemoteSigned
  • The account you use to connect to Exchange Online must be enabled for remote Shell. For more information, see Manage remote PowerShell access in Exchange Online.
  • TCP port 80 traffic needs to be open between your local computer and Exchange Online. It’s probably open, but it’s something to consider if your organization has a restrictive Internet access policy.