Resource Mailboxes show availability as Busy

When you create a Resource Mailbox in Exchange 2010, 2013 or Office 365, the default permissions applied to the calendar for the Default user group is ‘AvailabilityOnly’. This means that you can see appointments in the calendar, however you cannot see the subject, attendees, or any further details. When this is being used for a piece of equipment or a meeting room, this configuration appears to be counterproductive.

After all, if you desperately need that piece of equipment (the corporate skipping rope for instance), how do you know who has booked it so you can go and argue with them about who should be able to use it that lunchtime? If you are on the board of a company, how do you know which of your minions have mistakenly booked the meeting room during your monthly board meetings so you can go and give them a verbal warning?

Almost all of my customers ask me these important questions, and the answer is simple. You run the following Powershell command against the Resource Mailbox and set the Default access rights to the more informative ‘Reviewer’ permission. Users can now see the subject, the attendees and the details of the booking.

Set-MailboxFolderPermission alias:\calendar -User Default -AccessRights Reviewer

Powershell. Helping you achieve the unachievable.

Exchange 2013 CU7 and more!

Today Microsoft have released a new slew of updates for On Premise Exchange environments!

There have been various hotfixes and scripts released to fix a multitude of sins in Exchange 2013 CU6, and Microsoft have rolled these hotfixes and more into their latest CU7 release. This update does require a Schema Update, so please run setup /prepareschema first. See https://support.microsoft.com/kb/2986485 for more information. Additionally there are some UM Language Packs for Exchange 2013 CU7 available.

In other news, the Exchange 2010 CU8 update has been recalled at the time of writing and is not available for download. This is because deployment of said update can lead to Outlook being unable to connect to Exchange :-/ If you have already installed, it is recommended that you rollback the update.

Lastly is the Exchange 2007 SP3 UR15 for all those retro Exchange nerds still running Exchange 2007. See KB here for information http://support2.microsoft.com/?kbid=2996150.

Check out http://blogs.technet.com/b/exchange/archive/2014/12/09/exchange-releases-december-2014.aspx for the full rundown!

Powershell – Automatically Update E-mail Address based on Recipient Policy

During a recent large Office 365 Hybrid Deployment, I came across the issue of many users (400+) having the ‘Automatically Update E-mail Address based on Recipient Policy’ option unticked. This meant that the users in question did not have the correct routing address of username@domain.mail.onmicrosoft.com specified. When attempting to migrate the mailboxes of said user accounts, they failed with the following error:

The target mailbox doesn't have an SMTP proxy matching 'domain.mail.onmicrosoft.com'

This address is required for mail routing between On Premise users and Office 365 users, therefore without if the mailbox move cannot take place. This address is added to all Email Address Policies which contain the hybrid domains during the Hybrid Configuration, in order to put the correct routing in place.

The company in question only had one email address per user in the format of firstname.lastname@domain.com so there was no reason not to have this option enabled. The only exception were a few users who had a different SMTP suffix (domain2.com), so these users needed to be left alone. The first thing I had to do was identify which users had the email address policy disabled. To do this I ran the following command:

get-mailbox | Where {$_.EmailAddressPolicyEnabled -eq $false} > C:\Temp\emailpolicy.txt

After realising there were 400+ mailboxes to enable this on, it became obvious that this was a problem which only Powershell could solve. Before I started, I first used the command listed on a previous blog http://doubledit.co.uk/2014/12/02/how-to-export-a-list-of-all-primary-smtp-addresses-and-aliases/ to export a list of all Primary SMTP addresses as a reference. I then ran the following command to find all users with a particular SMTP suffix and enable the ‘Automatically Update E-mail Address based on Recipient Policy’ option:

Get-mailbox | Where {$_.EmailAddresses -like ‘*@domain.com’} | Set-mailbox -EmailAddressPolicyEnabled $true

If you just wanted to apply the policy to all users, you would use the following command:

Get-mailbox | Set-mailbox -EmailAddressPolicyEnabled $true

Change Office 365 Start Page

When a user logs into the Office 365 portal, they will be presented with the below screen. But what if they want to be faced with their Newsfeed when logging in?

Office 365 Start Page

In that case, the user simply goes to their Office 365 Settings page:

Office 365 Settings

And then to the Start Page option. The user can then decide what page they would like the portal to default to when signing in:

Office 365 Start Page Customisation

You can also provide users with separate URLs for different services. For example, the OWA URL would be:

https://outlook.com/contoso.com

This could be configured as a Favourite in the users internet browser. Other options include SharePoint Online URLs such as:

Newsfeed: https://tenantname-my.sharepoint.com

OneDrive: https://tenantname-my.sharepoint.com/personal/username_contoso_com

Team Site: https://tenantname.sharepoint.com

N.B. Replace tenantname with your own Office 365 tenant name.

Synchronised User not Provisioned in Lync Online

Today I came across an issue with Lync Online during an implementation of Office 365. We synchronised the user accounts and password hashes using AADSync and applied E3 licenses to a few test users in the IT team. Their testing was successful with the exception of Lync Online, which they could not login to with their synchronised @contoso.com account. The error returned to them was as follows:

Lync couldn't find a Lync Server for contoso.com. There might be an issue with the Domain Name System (DNS) configuration for your domain. Please contact your support team.

Lync Online DNS Error

I tested using my own testuser@contoso.com account and could successfully login to Lync Online internally and externally, which showed me that the DNS records were created correctly. After looking at the firewall logs it appeared that the DNS name lyncdiscoverinternal.contoso.com was being unsuccessfully looked up. This DNS record is used for On Premise Lync installations. I also noted that in the Office 365 Lync Admin centre, the user had not been provisioned.

After quizzing the customer, we discovered that a proof of concept Lync server had been installed a while back and enabled for a few test users in the IT department. This server was not properly decommissioned so AD attributes still existed for these test users. In order to get Lync Online to provision the accounts we had to go into ADSIEdit and clear the following attributes so that they were empty:

msRTCSIP-DeploymentLocator
msRTCSIP-FederationEnabled
msRTCSIP-InternetAccessEnabled
msRTCSIP-Line
msRTCSIP-OptionFlags
msRTCSIP-PrimaryHomeServer
msRTCSIP-PrimaryUserAddress
msRTCSIP-UserEnabled
msRTCSIP-UserPolicies

We then ran a delta sync and hey presto, our user accounts were provisioned in Lync Online and the users could successfully login. The error message we initially given was fairly misleading, but this just shows you how important proper decommissioning is when it comes to essential services like Lync and Exchange.

Modify UPN to match Primary SMTP address

 

You may have read a previous blog I wrote in which I explained a new feature in AADSync which allows you to use the Primary SMTP address as a username in Office 365, therefore allowing you to leave the UPN value unchanged. However this method is not without it’s problems, and during a recent Hybrid Deployment of Office 365 it was decided to instead change the UPN prefix and suffix to match the users Primary SMTP address.

The risk to be aware of here is that if one of your LOB applications or a Service Account is using the UPN for authentication, you will break authentication for this app/service.The customer in question was confident that this wasn’t the case, but just to be sure we changed the UPN for a few test users prior to rolling this change out.

To clarify, the users Pre-Windows 2000 and UPN logon prefixes were firstinitialsurname, for example, ECoates, whereas the Primary SMTP address was firstname.lastname@contoso.com, for example, Emily.coates@contoso.com. We wanted users to be able to login to Office 365 using their ’email address’, so we decided to change all UPNs to match. There are 2 commands that could be used to accomplish this. The end result of the commands was that the users UPN would be changed from ddixon@contoso.local to Emily.coates@contoso.com. We also only wanted to change to be made to user accounts with a Primary SMTP address specified.

Pre-Requisites

Either of the two below commands can be run to achieve this goal. However, before either of these commands are run, it is important to make sure that the UPN suffix you wish to be populated exists in AD Domains and Trusts. To do this, open AD Domains & Trusts, and right click on Properties.

ADDT

Then enter the required domain, such as contoso.com and click Add and Apply. This makes the alternate UPN suffix available for use in the domain.

Alternate UPN Suffix

The below commands need to be run from an elevated Exchange Management Shell prompt. It is up to you which to run.

Command 1

This command finds all users who have a Primary SMTP address and then sets the UPN to be identical to this. It will ignore any user who does not have a Primary SMTP Address.

$users = Get-User | Where {-Not [string]::IsNullOrEmpty($_.WindowsEmailAddress) } 
$users | ForEach {Set-User –Identity $_.Guid.ToString() –UserPrincipalName $_.WindowsEmailAddress.ToString()}

I found this command to be a little hit or miss, but this may be due to the size of the user base I was working with.

Command 2

This command finds all users who have the specified UPN suffix (such as a non-routable suffix like contoso.local) and changes their UPN to match their Primary SMTP address. If a user has no Primary SMTP address, it will not change the properties of that user.

$users = Get-User –Filter {(UserPrincipalName –like '*@contoso.local')} 
$users | ForEach {Set-User –Identity $_.Guid.ToString() –UserPrincipalName $_.WindowsEmailAddress.ToString()}

My personal preference is to use Command 2 as I had the most success with it, however I would love to hear your feedback on which one worked best for you!

Once you have run the command you can then use the following command to discover if any users were not successfully modified:

Get-User –Filter {(UserPrincipalName –like '*@contoso.local')}

Edit

I have also used the following command after having some problems with command 2 on Exchange 2013 (errors regarding the filter expression):

$mbxs = Get-Mailbox | Where {$_.UserPrincipalName -like '@contoso.local'}
$mbxs | ForEach {Set-User –Identity $_.Guid.ToString() –UserPrincipalName $_.WindowsEmailAddress.ToString()}

 

How to export a list of all Primary SMTP addresses and aliases

I was about to upgrade an Email Address Policy from Exchange 2003 version to support the modern version of Email Address Policies. Due to problems I have had in the past with these policies, I wanted to export a list of all Primary SMTP addresses and any other email aliases present for each user, and I wanted it in an easy to read CSV format. This is the command I ended up using, which is a slightly modified version of the command provided by the Enterprise IT blog http://enterpriseit.co/microsoft-exchange/export-list-of-all-exchange-email-addresses-and-aliases/

Get-Mailbox -ResultSize Unlimited |Select-Object DisplayName,PrimarySmtpAddress, @{Name=“EmailAddresses”;Expression={$_.EmailAddresses |Where-Object {$_.PrefixString -ceq “smtp”} | ForEach-Object {$_.SmtpAddress}}} | Export-CSV c:\exportsmtp.csv -NoTypeInformation

This can prove useful to do at the start of an Exchange deployment, ensuring you have a copy of the email addresses in use at the start of the project. It can also be useful for auditing purposes. This script will work in Exchange 2007, 2010 or 2013.