Jump to content

proximagr

Moderators
 View Profile  See their activity

  • Posts

    2468

  • Joined

  • Last visited

  • Days Won

    12

 Content Type 

Blog Entries posted by proximagr

  1. proximagr
    Καλησπέρα στην κοινότητα. Θέλω να μοιραστώ μαζί σας τα προβλήματα που αντιμετώπισα σήμερα σε ένα Hybrid Configuration με Exchange 2010 SP3 UR6. Δεν είναι κάτι τραγικό, ούτε κάτι που δεν έχουμε αντιμετωπίσει στο παρελθόν αλλά πιστεύω ότι όσο μοιραζόμαστε τόσο μαθαίνουμε.
     
    Παραλείπω τα αρχικά, Domain verification, DirSync, Certificate request, το Outlook Anywhere ενεργό, όλα τα virtual directories φαίνονται μια χαρά, telnet 443 μια χαρά, OWA μια χαρά, γενικώς καλά και φτάνω στο Hybrid Wizard. Δημιουργία και πρώτο τρέξιμο για να φτιαχτεί το private certificate όλα καλά. Πάμε τώρα στο update για να βάλουμε credentials, IP, FQDN κλπ. Ξεκίνησα και εγώ όλο χαρά να τελειώσω το Hybrid Wizard. Αμ δε.
     
    Έχουμε και λέμε, φυσικά έσκασε, και ο πρώτος λόγος ήταν «Execution of the Get-FederationInformation cmdlet had thrown an exception” ή αλλιώς «βγάλε άκρη».
     
    Πολλά άρθρα, πολύ ωραία και όμορφα, κυρίως κατέληγαν στο εξής απλο… κάνε όλα τα test στο connectivity analyzer ευχαριστούμε τη Microsoft πολλά χρόνια για αυτό το πολυεργαλείο
     
    Θυμήθηκα που έλεγε ο Admin τους ότι «εμείς χρησιμοποιούμε VPN για να βλέπουμε τα mail από το Outlook από το σπίτι" και ξεκινάω με Outlook Connectivity, έπρεπε να το ψυλλιαστώ....
     
    The HTTP authentication test failed.
    Additional Details
    An HTTP 500 response was returned from Unknown
     
    Το https://mail.MyDomain.com/rpc/rpcproxy.dllέφερνε το 500 άρι. Με τα πολλά καταλήγω να κάνω επανεγκατάσταση RPC over HTTP με τα εξής βήματα:
    1.Απενεργοποίησα το Outlook Anywhere
    2.Απεγκατέστησα το RPC proxy (Σε 2012 & R2 Uninstall-WindowsFeature rpc-over-http-proxy)
    3.Επανεκκίνηση (Φυσικά)
    4.Εγκατάσταση RPC Proxy (Install-WindowsFeature rpc-over-http-proxy)
    5.Ενεργοποίηση Outlook Anywhere
    6.Επανεκκίνηση του Microsoft Active Directory Topology service
     
    Φυσικά και δεν έλυσε το πρόβλημα…. Ευτυχώς βρήκα αυτό το άρθρο https://support.microsoft.com/en-us/kb/2015129και πήγα με το χέρι και πρόσθεσα το "runtimeVersionv2.0" στο Applicationhost.config. Γιατί το aspnet_regiis.exe δεν παίζει σε 2012 και δεν βρήκα κάτι καλύτερο. Ως δια μαγείας έπαιξε με τι μία !!!!!
     
    Τι ωραία, τι καλά , τραλαλά, τρέχω τον Hybrid Wizard και .... ακριβώς το ίδιο error!
     
    Πάμε πάλι στον connectivity analyzer, τώρα έτρεξα το autodiscover test. Μια χαρά… όλα καλά, τρέχω και EWS test όλα καλά. Με τα πολλά λέω να κάνω reset το autodiscover, το λέγαν διάφοροι με πρόβλημα στο get-federatedinformation. Με τα πολλά τα βήματα είναι αυτά:
     
    •Reset the Autodiscover Virtual Directory
    •Reset the WSSecurityAuthentication to $true
    •IIS reset, then the get-federatedinformation worked!
     
    Ωραία λέω, πάμε από GUI να κάνω reset το autodiscover virtual directory http://technet.microsoft.com/en-us/library/ff629372.aspx. ΧΑΧΑΧΑΧΑΧΑΧΑΧΑ, ο exchange γελούσε με την πάρτη μου. Με το που πατάς το “reset virtual directories” από το GUI σκάει το Exchange Management Console (Exchange 2010 SP3 UR6). Έτσι απλά. Οπότε η δουλειά έγινε με Powershell και όλα καλά, έτρεξα το παρακάτω γιατι ήταν όλα Default:
     
    Get-AutodiscoverVirtualDirectory | Remove-AutodiscoverVirtualDirectory
    New-AutodiscoverVirtualDirectory -Websitename "Default Web Site" -BasicAuthentication:$true -WindowsAuthentication:$true
     
    Μετά το IISreset τρέχω να τρέξω το Hybrid Wizard!!! Όλο χαρά και πάλι, και φυσικά έσκασε!!! Αλλά αυτήν την φορά με άλλο error, το περάσαμε το get-federatedinformation!!!!
    Το νέο μας error: Subtask ValidateConfiguration execution failed: Configure Mail Flow, Ok λέω, αυτό το έχουμε ξαναδεί, όταν έχεις wildcard certificate φτιάχνει τους connectors με default server address, mail.domain.com, στην περίπτωσή μου τους έφτιαξε mail.xxxxx.gr αντί για mailx.xxxxx.gr που ήθελα.
     
    Πάω να τους διορθώσω, και στο check στον Outbound του Office 365 (mail flow/connectors/Hybrid Mail Flow Outbound Connector ) με κόβει στο verify. 450 4.4.101 Proxy session setup failed on Frontend with ‘451 4.4.0 Primary target IP address responded with: “451 5.7.3 STARTTLS is required to send mail.
     
    Χμ, μιλάω με τον Administrator τους να δει αν το Firewall Κάνει ESMTP inspection και μου λέει, «ααααα ξέρεις, το mail flow περνάει από το Symantec gateway μέσα και έξω…» όμορφα και ωραία το κάναμε bypass και από exchange και από firewall και διόρθωσα τους connectors. Μια χαρά.
     
    Με τα πολλά έκανα move ένα test mailbox στο office 365 και πήγε μια χαρά! Μεγάλες χαρές, στέλνει mail, λαμβάνει mail, κυριλέ. Mail flow πάνω κάτω, δεξιά αριστερά μια χαρά. Μεταφέραμε και μερικά ακόμα και η ζωή συνεχίζεται....
  2. proximagr
    When we create a VM on Azure, at the same time we create a Cloud Service. Later we can create more VMs on the same cloud service. Each cloud service has a unique Public IP. For as long the Cloud Service has at least one VS running this Public IP remains the same. If all VMs of a Cloud Service are off then the Public IP is released and next time the VM is powered on it will take a new Public IP.
     
    Using PowerShell we can reserve a Public IP for as long as the Cloud Service exists, with or without VMs.
     
    First we need to create a Virtual Network from the portal. Go to “Networks” and create a new Virtual Network. We can use the “Quick Create”.
     
    Second we need the Azure PowerShell installed, it can be found here: http://azure.microsoft.com/en-us/documentation/articles/install-configure-powershell/ and we connect using the username/password method, the command is Add-AzureAccount

    #Create the Public IP Reservation:$reservedIP = "reserved ip name"$location = "West Europe"New-AzureReservedIP -ReservedIPName $reservedIP -Location $location #Collect the configuration settings for the new VM:$serviceName = "azure service name for VM"$adminUser = "VM admin user name"$password = "VM admin password"$location = "West Europe"$reservedIP = "reserved ip name"$vmName = "VM name" #Choose the size of the VM. Use this list: https://msdn.microsoft.com/en-us/library/dn168976%28v=nav.70%29.aspx#$vmSize = "Medium" #Provide the Operating System. Use this post to get a list of the available images: https://msdn.microsoft.com/en-us/library/azure/jj157191.aspx?f=255&MSPPError=-2147217396$imageFamily = "Windows Server 2012 R2 Datacenter"$imageName = Get-AzureVMImage | where { $_.ImageFamily -eq $imageFamily } | sort PublishedDate -Descending | select -ExpandProperty ImageName -First 1 #Add the configuration settings for the new VM to a variable:$vm1 = New-AzureVMConfig -Name $vmName -InstanceSize $vmSize -imagename $imagename | Add-AzureProvisioningConfig -Windows -AdminUsername $adminUser -Password $password | set-azuresubnet subnet-1 #Create the VM and the Cloud Service with the Reserved Public IPNew-AzureVM -Location $location -VMs $vm1 -vnetname testnet2 -servicename $servicename -reservedipname $reservedipname Δίνουμε την εντολή για να ξεκινήσει η δημιουργία.
  3. proximagr
    Today I received my copy of the Lync Server Cookbook, from Packt Publications. I am one of the reviewers of the book.
     

     
    The link to the book is: https://www.packtpub.com/networking-and-servers/lync-server-2013-cookbook
     
    http://www.e-apostolidis.gr/everything/lync-server-cookbook-packt/
  4. proximagr
    The DirSync by default runs every three hours. And you will realized that there is no GUI way to change that. To change the sync interval we need to change a configuration file.
    1. Go to the below directory on your DirSync Server:
    C:\Program Files\WindowsAzureActiveDirectorySync
    (there are two similar directories, one with spaces between the words and one without. We want the one without spaces)
    Here we will find the main executable of the DirSync Scheduler, the “Microsoft.Online.DirSync.Scheduler.exe” and its assosiated Config file, the “”Microsoft.Online.DirSync.Scheduler.exe.Config”.
    2. Open the “Microsoft.Online.DirSync.Scheduler.exe.Config” file using notepad
    Find the line with key=”SyncTimeInterval”, the default is the below:
    <add key=”SyncTimeInterval” value=”3:00:0″ />
     
    The “value” is the frequency of the schedule. The default “3:00:0″ means 3 hours.
    We can change the value to what best fits our organization’s needs and based to how often we make changes to Active Directory. To reduce it to one hour change it to:
    <add key=”SyncTimeInterval” value=”1:00:0″ />
     
    3. Once we finish changing the file, save and close it. Then go to the Services (services.msc) and restart the “Windows Azure Active Directory Sync Service” service, Service name: “MSOnlineSyncScheduler”.

    Source: http://www.e-apostolidis.gr/microsoft/alter-the-office-365-dirsync-schedule/
  5. proximagr
    This is a fast way to manage Calendar permissions of a mailbox. Same commands are for both Exchange on-premises and Exchange Online (Office 365). For Exchange Online first connect Powershell to Office365, as described to previous posts.
     

    # To check current permissions
    Get-MailboxFolderPermission -Identity "[email protected]":\calendar
    # To add calendar permissions, permission can be Editor,Reviewer,Author etc
    Add-MailboxFolderPermission -Identity "[email protected]":\calendar -User "manager@mydomain" -AccessRights Editor
    # To change the calendar permission of an existing access (thi swill change the access to Author
    Set-MailboxFolderPermission -Identity "[email protected]":\calendar -User "manager@mydomain" -AccessRights Author
    # To remove calendar permissions
    Remove-MailboxFolderPermission -Identity "[email protected]":\calendar -User "manager@mydomain"
    source: http://www.e-apostolidis.gr/microsoft/exchange-calendar-permissions-using-powershell/
  6. proximagr
    You can easily provide Full Access Permissions using the GUI, just Edit the mailbox you want, go to Mailbox Delegation and provide Full Access. Both Exchange 2013 and Online is the same. But if you have to provide Full Access massively then you need PowerShell.
     
    The command for a single user is:
    Add-MailboxPermission -Identity "employee" -User "manager" -AccessRights FullAccess
    with that command user “manager” will be granded with Full Access permissions to user “employee”
     
    Now lets see how the user “manager” can take Full Access to many users, lets say “all Sales department”. The steps are two, first we need to query the “Sales Department” users and then we need to pipeline it to provide access to user “manager”
    example 1: Using Active Directory OU container

    get-mailbox -OrganizationalUnit domain.local/users/salesdpt | Add-MailboxPermission -User "manager" -AccessRights FullAccess
    example 2: Using a txt list. As usual create a txt file and make a per-line list with title “employee” like this:
    employeeusername1username2username3
    Save it as c:\access.txt and then run this command:
    Import-CSV c:\access.txt | Foreach { Add-MailboxPermission -User "manager" -AccessRights FullAccess }
    To view the permission change the “Add-MailboxPermission” with “Get-MailboxPermission”
     
    To remove the permission change the “Add-MailboxPermission” with “Remove-MailboxPermission”
     
    Just a final addition, when you provide Full Access permission to a user, at my example the “manager”, Outlook auto-maps the accounts that the manager gains access. So the next time he will open outlook, all mailboxes will be visible. You can force to don’t auto-map by adding -AutoMapping:$false at the end of the script, like this:
    Add-MailboxPermission -Identity "employee" -User "manager" -AccessRights FullAccess -AutoMapping:$false
    Be careful: with great power comes great responsibility!
     
    source: http://www.e-apostolidis.gr/microsoft/exchange-2013-online-grand-full-access-to-mailboxes/
  7. proximagr
    1. Check if the password is set to never expire for one user:
     
    Get-MSOLUser -UserPrincipalName username | Select PasswordNeverExpires
     
    2. Check if the password is set to never expire for all users:
     
    Get-MSOLUser | Select UserPrincipalName, PasswordNeverExpires
     
    3. Check if the password is set to never expire for a list of users:
     
    create a txt file listing the required users, line by line with title “username”, and save it as c:\pwdexpire.txt, like this:
     
    username
    testuser1
    testuser2
    testuser3
     
    then run:
     
    Import-csv c:\pwdexpire.txt | for each { Get-MSOLUser -UserPrincipalName $_.username | Select PasswordNeverExpires }
     
    4. Set password to never expire for one user:
     
    Set-MsolUser -UserPrincipalName username -PasswordNeverExpires $true
     
    5. Set password to never expire for all users:
     
    Get-MSOLUser | Set-MsolUser -PasswordNeverExpires $true
     
    6. Set password to never expire for a list of users:
     
    like before create a txt list and run:
     
    Import-csv c:\pwdexpire.txt | for each { Set-MsolUser -UserPrincipalName $_.username -PasswordNeverExpires $true }
     
    7. to re-set the password to expire just replace the $true with $false (please note that is the organization’s password expiration period has passed then the user/users will be locked and you will need to reset their passwords)
     
    source: http://www.e-apostolidis.gr/microsoft/manage-office-365-password-expiration/
  8. proximagr
    Αυτό το post είναι οι σημειώσεις μου από διάφορα migrations Exchange 2007 & 2010 σε Office 365 Hybrid Deployment. Για Exchange 2013 είναι σχεδόν το ίδιο, αλλά αρκετά πιο εύκολο!
    Όπως είπα είναι οι σημειώσει μου μαζί με διάφορες προσθέσεις από διάφορα blogs, κάτι σαν Checklist και όχι Tytorial ή Guide.
     
    1. Τι χρειάζεται:
    2 x ADFS NLB (for identity federation)
    2 x ADFS Proxy Servers NLB (for identity federation)
    1 x domain member server for DIrSync
    1 x SQL 2008 R2 server that will store the DirSync database
    1 x Exchange 2010 Service Pack 2 + based hybrid deployment server (for rich coexistence with Exchange Online)
    Access to public DNS of Domain (company.com)
    3rd Party Certificates (if you have on old exchange 2007 a wildcard export and import to 2010)
    Domain User for ADFS service account
    Configure UPN for company.com domain
     
    2. Γενικά τα βήματα:
    1. Add Domain (company.com) to Office 365
    2. Add TXT record to DNS for verification
    3. Specify domain cervices (Exchange, Lync, Sharepoint)
     
    4. ADFS (&/or Farm)
    Add IIS Role, Configure NLB sts.company.local (add hosts, add A record, enable MAC spoofing), add Certificate (SelfSigned or 3rd Party) & bind default site to 443
    Setup ADFS Federation server
    AD FS 2.0 Federation Server Configuration Wizard
    Domain User for ADFS service account
     
    5. ADFS Proxy (&/or Farm)
    Add IIS Role, Configure NLB sts.company.com (add hosts, add A record, enable MAC spoofing), add Certificate (SelfSigned or 3rd Party) & bind default site to 443
    Add host A to Public DNS (sts.company.com)
    Add host record to proxy servers for sts.company.local local IP (ADFS NLB Address)
    Setup ADFS Federation server proxy
    AD FS 2.0 Federation Server Configuration Wizard
     
    6. Convert Domain to a Federated Domain
    On Office 365 portal then downloads then step 3 “Set up and configure your office desktop apps”
    de-select everything (only to install MOSM for powershell)
    On office 365 portal then users then manage (SSO), install MOSM for powershell
    Open MOSM and “$Cred=Get-Credential” add creds, then “Connect-Msolservice –Credentials $Cred” then “Convert-MsolDomainToFederated –DomainName “office365lab.dk”” and “Get-MsolDomain | fl”
    Configure UPN for company.com domain
    Go to login.microsoftonline.com and check SSO login
     
    7. DirSync
    o365 portal then users then set up under directory synchronization (after activate needs some hours)
    o365 portal then users then set up ude active directory synchronization under step 4 download DirSync tool
    Verify dirsync:
    o365 portal then users then set up under actice directory synchronization check “active directory synchronization is activated” or powershell: “Get-MsolCompanyInformation | fl DirectorySynchronizationEnabled”
    Sync:
    run “Directory Sync Configuration”, add creds, check “Enable Exchange hybrid deployment”. If you want to select OU, groups, users, etc then dont check “synchronize directories now”
    Edit sync: “C:\Program Files\Microsoft Online Directory Sync\SYNCBUS\Synchronization Service\UIShell” and run “miisclient” guide (http://blogs.msdn.com/b/denotation/archive/2012/11/21/installing-and-configure-dirsync-with-ou-level-filtering-for-office365.aspx)
    Force Sync:
    With powershell go to C:\Program Files\Microsoft Online Directory Sync” folder and from here run the “DirScConfigshell.psc1” script and on the new windows run “Start-ynOnlineCoexistenceSync”
     
    8. Hybrid Deployment
    Configure NLB on Exchange 2010 HUB/CAS
    ADD 3rd party certificate (if you have on old exchange 2007 a wildcard export and import to 2010)
    assign services SMTP & IIS
    Configure URLS
    OWA
    Set-OwaVirtualDirectory -Identity “EX03\OWA (Default Web Site)” -InternalURLhttps://hybrid.office365lab.dk/OWA -ExternalURL https://hybrid.office365lab.dk/OWA
    Set-OwaVirtualDirectory -Identity “EX04\OWA (Default Web Site)” -InternalURLhttps://hybrid.office365lab.dk/OWA -ExternalURL https://hybrid.office365lab.dk/OWA
    ECP
    Set-EcpVirtualDirectory -Identity “EX03\ECP (Default Web Site)” -InternalURLhttps://hybrid.office365lab.dk/ECP -ExternalURL https://hybrid.office365lab.dk/ECP
    Set-EcpVirtualDirectory -Identity “EX04\ECP (Default Web Site)” -InternalURLhttps://hybrid.office365lab.dk/ECP -ExternalURL https://hybrid.office365lab.dk/ECP
    Active Sync
    Set-ActivesyncVirtualDirectory -Identity “EX03\Microsoft-Server-ActiveSync (Default Web Site)” -InternalURL https://hybrid.office365lab.dk/Microsoft-Server-Activesync -ExternalURLhttps://hybrid.office365lab.dk/Microsoft-Server-Activesync
    Set-ActivesyncVirtualDirectory -Identity “EX04\Microsoft-Server-ActiveSync (Default Web Site)” -InternalURL https://hybrid.office365lab.dk/Microsoft-Server-Activesync -ExternalURL https://hybrid.office365lab.dk/Microsoft-Server-Activesync
    OAB
    Set-OABVirtualDirectory -Identity “EX03\oab (Default Web Site)” -InternalUrlhttps://hybrid.office365lab.dk/oab -ExternalURL https://hybrid.office365lab.dk/oab
    Set-OABVirtualDirectory -Identity “EX04\oab (Default Web Site)” -InternalUrlhttps://hybrid.office365lab.dk/oab -ExternalURL https://hybrid.office365lab.dk/oab
    EWS
    Set-WebServicesVirtualDirectory -Identity “EX03\EWS (Default Web Site)” -InternalUrlhttps://hybrid.office365lab.dk/ews/exchange.asmx -ExternalURLhttps://hybrid.office365lab.dk/ews/exchange.asmx
    Set-WebServicesVirtualDirectory -Identity “EX04\EWS (Default Web Site)” -InternalUrlhttps://hybrid.office365lab.dk/ews/exchange.asmx -ExternalURLhttps://hybrid.office365lab.dk/ews/exchange.asmx
    Autodiscover
    Set-ClientAccessServer –Identity EX03 -AutoDiscoverServiceInternalUri:https://hybrid.office365lab.dk/Autodiscover/Autodiscover.xml
    Set-ClientAccessServer –Identity EX04 -AutoDiscoverServiceInternalUri: https://hybrid.office365lab.dk/Autodiscover/Autodiscover.xml
     
    9. Configure DNS to Exchange 2010
    Configure SPF Record (http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/)
    Add public DNS v=spf1 ip4:192.168.6.220 ip4:192.168.6.221 include:outlook.com -all
    o365 portal then domains then SMTP domain properties under DNS management create SPF TXT record (name @ value v=spf1 ip4:192.168.6.220 ip4:192.168.6.221 include:outlook.com -all)
     
    10. Add o365 Tenant to EMC
    from EMC add exchange forest
    Connect to Exchange Online with powershell “$TenantCreds = Get-Credential” then “$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUrihttps://ps.outlook.com/powershell/ -Credential $TenantCreds -Authentication Basic –AllowRedirection” then “Import-PSSession $Session” then to test “Get-Mailbox | Get-MailboxStatistics | ft -a” or “Get-AcceptedDomain”
     
    11. Configuring Exchange 2010 Hybrid
    EMC – on premises – Organization Configuration” – “Hybrid Configuration” – “New Hybrid Configuration”
    Add TXT record to public DNS
    Add transport certificate (3rd party)
     
    12. Now on can use EMS Get-HybridConfiguration για έλεγχο ότι όλα είναι OK.
    Checklist:
    EMC on-premises
    A federation trust with the Microsoft Federation Gateway (MFG) has been established for the specified domain | On-Premises Org Configuration – federation trust
    an organizational relationship has been established with the Exchange Online organization in Office 365 | On-Premises Org Configuration | organization relationships
    “tenant_name.mail.onmicrosoft.com” has been added as an accepted domain | on-premisis – org conf – hub – accepted domains
    “tenant_name.mail.onmicrosoft.com” and “office365lab.dk” has been added as a remote domain | on-premises – org conf – hub – remote domains
    The default E-Mail Address policy has been updated, so that it stamps a secondary proxy address (alias@tenant_name.mail.onmicrosoft.com) on mailbox user objects | on-premisis – org conf – hub – e-mail address policies
    The HCW also creates a receive connector on each of the hybrid servers | on-premiss – server conf – HUB – receive connectors
    the HCW will create a send connector that will route all e-mail messages destined for “tenant_name.mail.onmicrosoft.com” to Exchange Online in Office 365 | on-premisis – org conf – hub – send connectors
    EMS: Get-OrganizationRelationship | fl
    EMC online
    Org conf – HUB – remote domains
    Org conf – Organization Relationships
    FOPE (forerfront access form ECP – Mail Control
    check Two connectors (inbound & outbound)
     
    Move mailbox = new remote move request | it will move to Mail Contact
    New mailbox online: Mail Contact – new remote mailbox
     
    13. After move
    Generally, Windows Phone 8 and iOS clients will be able to automatically update the ActiveSync profile, while Android based clients must have their ActiveSync profile recreated.
    Outlook will need to close with admin message, re-open and add credentials
     
    14. Decommission
    Move all mailboxes to Exchange Online, point all on-premise line of business applications, network devices and so on to Exchange Online, configures mail flow to go directly in and out of Exchange Online. In this scenario, you decommission all on-premise Exchange servers, but still use DirSync and ADFS for federation. With DirSync, the on-premise Active Directory is the source of authority, which means you should provision users in the on-premise Active Directory and then have them synchronized to Office 365/Exchange Online. In this cae, it’s usually a good idea to keep a single Exchange 2010 server on-premise, so you can use the Exchange 2010 EMC or cmdlets for the provisioning. Alternatively, you remove all Exchange 2010 servers and have an identity solution such as FIM provision the on-premise Active Directory objects with the required mail attributes in order for Exchange Online to treat them as mail enabled users. Bear in mind that with DirSync enabled, most user/mailbox attributes in Exchange Online are read-only meaning you must write to them via the on-premise Active Directory user/group object.
     
    source: http://www.e-apostolidis.gr/everything/exchange-20072010-hybrid-deployment-migrating-to-office-365/
  9. proximagr
    To move a mailbox to Exchange Online from Exchange 2013 first connect Windows PowerShell to Exchange Online with a Global Administrator:
     
    $UserCredential = Get-Credential
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/-Credential $UserCredential -Authentication Basic -AllowRedirection
    Import-PSSession $Session
    Provide the on-premise administrator credential
     
    Then connect to the local Exchange 2013:
     
    Run $RemoteCredential= Get-Credential
    Start the move request
     
    Finally initiate the move:
     
    New-MoveRequest -Identity “useralias” -Remote -RemoteHostName “mail.mydomain.com” -TargetDeliveryDomain mydomain.mail.onmicrosoft.com -BadItemLimit 10000 -AcceptLargeDataLoss -RemoteCredential $RemoteCredential
     
    source: http://www.e-apostolidis.gr/microsoft/exchange-2013-online-grand-full-access-to-mailboxes/
  10. proximagr
    This post is bout Exchange/Office 365 Hybrid Deployments, when for some reason we need to completely delete a user account and mailbox from Office 365 in order to re-sync it.
     
    First you need to exclude the user from DirSync
    Open the “Synchronization Service Manager” (cn be fount at “C:\Program Files\WindowsAzureActiveDirectorySync\SYNCBUS\Synchronization Service\UIShell\miisclient.exe”) Navigate to “Metaverse Search” and click on “Add Clause” Be sure that you choose Displayname as Attribute, and then configure your search Double click an entry, and open the tab connectors Activate the line with the “Active Directory Connector” Management Agent and click on “Disconnect… In the disconnect object accept question, choose “Disconnector (Default)” to remove the connector. Explicit Disconnector will lock the object to be a connector again.

    You can then rerun your search, and the specific account will not be shown anymore. And after a sync, the object will also be removed from the azure Directory
     
    Then you need to remove the user object from the Office 365 portal using the PowerShell
    Open PowerShell “Windows Azure Active Directory Module” $msolcred = get-credential connect-msolservice -credential $msolcred Get-MsolUser -ReturnDeletedUsers | FT UserP*,ObjectId Remove-MsolUser -ObjectId abc1234-12abc-123a-ab12-a12b3c4d5f6gah -RemoveFromRecycleBin -Force Get-MsolUser -ReturnDeletedUsers | Remove-MsolUser -RemoveFromRecycleBin -Force

    Then at the next scheduled sync of te DirSync the user will be recreated. Also you can force the DirSync to creaate the user faster.
     

    soure: http://www.e-apostolidis.gr/microsoft/delete-user-from-office-365-with-dirsync/
  11. proximagr
    To connect PowerShell to Exchange Online, open the PowerShell and run:

    $UserCredential = Get-Credential $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/-Credential $UserCredential -Authentication Basic -AllowRedirection Import-PSSession $Session

    source: http://www.e-apostolidis.gr/microsoft/connect-to-exchange-online/
  12. proximagr
    Microsoft offers for free it’s antimalware service. When you create a new VM you have the option to enable it. This will install the System Center Endpoint Protection client to the VM managed by Azure. If you have added this but now you want to remove it and add some other antivirus/antimalware solution you cannot do it by just uninstalling the client from the VM. The client will auto re-insalled by Azure. There are two ways to completely uninstall the program and remove it from Azure. One is using the new Portal and one using PowerShell.
     
    Using the Portal
    Go to https://portal.azure.com/ Browse the VM Go to the Configuration section and click on Extensions Click the Microsoft.Azure.Security extension You can delete it using he Delete button At any time you can re-add it, by clicking the Add button at the Extensions window


     
    Using PowerShell
     
    First connect PowerShell to your Azure subscription, as described to this post and then:
     
    # First check the Antimalware Service Status, you need to select the Azure VM and then get the status:
    $servicename = "myVMservice"
    $vmname = "myVMname"
    $vm = Get-AzureVM –ServiceName $servicename –Name $vmname
    Get-AzureVMExtension -Publisher Microsoft.Azure.Security -ExtensionName IaaSAntimalware -Version 1.* -VM $vm
     
    #First remove the service from Azure
    Remove-AzureVMExtension -Publisher Microsoft.Azure.Security -ExtensionName IaaSAntimalware -VM $vm
     
    # Then uninstall the Antimalware Client from the VM
    Get-AzureVM -ServiceName $servicename -Name $vmname | Set-AzureVMExtension -Publisher Microsoft.Azure.Security -ExtensionName IaaSAntimalware -Version 1.* -Uninstall | Update-AzureVM
     
    source: http://www.e-apostolidis.gr/microsoft/remove-microsoft-antimalware-service-from-a-vm/
  13. proximagr
    I was looking for a free solution to have an email notifications for Azure backup. After reading other blogs and technet site I end up to use PowerShell Send-MailMessage attached to the Azure Backup Logs. In short, when the Azure Backup log is created, the script lists the last 2 days events, creates an html file and mails the report with the html as attachment to you.
     
    First find the Azure backup Event Log, it under “Applications and Services Logs, CloudBackup, Operational” and select to attach a task to the log. This will trigger the task on every event created under this log. On the other hand you can attach the task to a specific event.
     
    Create a Task and attach the below PowerShell script. Here you will find the powershell.exe “C:\Windows\System32\WindowsPowerShell\v1.0″
     
    Crate a folder c:\IT and Copy the below script on a text file and name it “eventemail.ps1″. Finally change the required fields.
     
    $date = (Get-Date).AddDays(-2)
    $event = Get-WinEvent -FilterHashtable @{ LogName = "cloudbackup"; StartTime = $date; }
    $event | ConvertTo-Html message,timecreated | Set-Content c:\it\backup.html
     
    if ($event.EntryType -eq "Error")
    {
    $PCName = $env:COMPUTERNAME
    $EmailFrom = "FROM_EMAIL_HERE"
    $EmailTo = "YOUR_EMAIL_HERE"
    $EmailSubject = "Server $PCName Backup Failure report"
    $SMTPServer = "SMTP_SERVER_HERE"
    Write-host "Email Sent"
    Send-MailMessage -From $EmailFrom -To $EmailTo -Subject $EmailSubject -body "$($event.Message) $($event.TimeCreated)" -Attachments "c:\it\backup.html" -SmtpServer $SMTPServer
    }
    else
    {
    write-host "There is no error. Below the logs files."
    $event
    $PCName = $env:COMPUTERNAME
    $EmailFrom = "FROM_EMAIL_HERE"
    $EmailTo = "YOUR_EMAIL_HERE"
    $EmailSubject = "Server $PCName Backup Success report"
    $SMTPServer = "SMTP_SERVER_HERE"
    Write-host "Sending Email"
    Send-MailMessage -From $EmailFrom -To $EmailTo -Subject $EmailSubject -body "$($event.Message) $($event.TimeCreated)" -Attachments "c:\it\backup.html" -SmtpServer $SMTPServer
    }
     
    The “write-host ” lines can be removed. They are useful only for troubleshooting by running the script manually on powershell.
     
    source: http://www.e-apostolidis.gr/microsoft/azure-backup-email-notification/
  14. proximagr
    There are many reasons to have your Disks stored at separate Storage Accounts, per Cloud Service. One is that a Storage Account in Azure provides 20000 IOPS and every disk in Standard Tier 500 IOPS. Azure support suggests to don’t have more than 40 disks per Storage Account. Also you may want to have your disks lined (go to Azure, Cloud Services, selsect a Cloud Service and you can see the “Lined Resources” tab, there you can link storage accounts to the Cloud Service) to the same Cloud Services as their VMs. The problem is that if you have an Azure VM and you try to “attach an empty disk” you will realize that the disk will be created at the default Storage Account of the Subscription and there is no option to change this.
     
    Here is a PowerShell command that creates a VHD at a specified Storage Account, creates a Disk and attaches it to a VM:
     
    Get-AzureVM "servicename -Name "vmname" | Add-AzureDataDisk -CreateNew -DiskSizeInGB XXX -DiskLabel "diskname" -MediaLocation "https://storageaccountname.blob.core.windows.net/vhds/vhdname.vhd"-LUN X | Update-AzureVM
     
    Some more info on this command:
     
    First of all you need to connect to your Azure Subscription, you can follow this Post on how to do it.
    Then create a Storage Account using the GUI or PowerShell, here is the Microsoft’s link http://azure.microsoft.com/en-us/documentation/articles/storage-create-storage-account/
    Then you need to list the disks that are already connected to your VM in order to view the LUN number that you will use. The OS disk is not listed on this command. The first data disk consumes the LUN 0, the second the LUN 1 and so on. The command is:
     
    Get-AzureVM -ServiceName "servicename" -Name "vmname" | Get-AzureDataDisk
     
    source: http://www.e-apostolidis.gr/microsoft/create-a-disk-in-specific-storage-account-and-attach-it-to-a-vm-in-azure/
  15. proximagr
    Copy AZURE VHD to other storage account
     
    #Source storage account
    $context1 = new-azurestoragecontext -storageaccountname "name_source_account" -storageaccountkey "key_source_account"
     
    #Destination storage account
    $context2 = new-azurestoragecontext -storageaccountname "name_destination_account" -storageaccountkey "key_destination_account"
     
    #Initiate copy this might take a while
    Start-AzureStorageBlobCopy -SrcContainer "vhds" -SrcBlob "name_as_found_in_step_one.vhd" -SrcContext $context1 -DestContainer "vhds" -DestBlob "my_destination_name.vhd" -DestContext $context2
     
    Track Azure VHD copy process
     

    $context = new-azurestoragecontext -storageaccountname "name_destination_account" -storageaccountkey "key_destination_account"
     
    Get-AzureStorageBlobCopyState -Blob "file_name.vhd" -Container "vhds" -Context $context
     
    source: http://www.e-apostolidis.gr/microsoft/copy-azure-vhd-to-other-storage-account/
  16. proximagr
    First of all, the VM must be within a virtual network to be able to add a static Private IP address
     
    There are two ways to set a static private IP. One is using the new Azure Portal "portal.azure.com" and one via PowerShell.
     
    Using the new Portal, browse a VM, select settings and then IP addresses. There at the Private IP address you can select "Static" and add the IP address.
     
    Using PowerShell, first connect to the Azure (details on this post), and use the following commands:
     
    #Test IP availability:
    Test-AzureStaticVNetIP -VNetName XXXXXXX -IPAddress
     
    #Set the VM that will take the static IP
    $static = Get-AzureVM -ServiceName xxxxx -Name xxxxxx
     
    #Set the static IP
    Set-AzureStaticVNetIP -VM $static -IPAddress xx.xx.xx.xx | Update-AzureVM
     
    #Check the static IP
    Get-AzureStaticVNetIP -VM $staticVM
     
    source: http://www.e-apostolidis.gr/microsoft/set-static-ip-to-azure-vm/
  17. proximagr
    First we need to install the Azure PowerShell module from http://go.microsoft.com/fwlink/p/?linkid=320376&clcid=0x409
     
    Then open PowerShell and follow the below commands:
     
    #Get your subscription file - The browser will open, you will need to login to the Azure Subscription and finally it will download the <subscriptonname>.publishsettings file
    Get-AzurePublishSettingsFile
     
    #Connect to your Subscription
    Import-AzurePublishSettingsFile -PublishSettingsFile "full path to downloaded file"
    Source: http://www.e-apostolidis.gr/microsoft/connect-powershell-to-azure/
×
×
  • Create New...