Category Archives: Exchange

Office 365 migrations

I just spent the weekend working performing some SBS to Office 365 migrations.

Here are some useful links that make the process a whole lot easier.

Export mailboxes to PST for Exchange 2010 (SBS 2011 Standard)

Export mailboxes to PST for Exchange 2007 (SBS 2008)

Import PST files to Office 365

Enabling Autodiscover for Outlook in SBS Exchange Environments

Getting Outlook 2007 and Outlook 2010 to work with Office 365

  • The following link lists the minimum requirements needed to quickly get your Outlook desktop client running with Office 365.
  • http://www.netdummy.net/office365-client-updates.html
  • With SBS 2011, it is necessary to remove the Service Connection Point (SCP)
    • Show SCP information: Get-ClientAccessServer | Select Name, AutoDiscoverServiceInternalUri
    • Remove SCP information: Set-ClientAccessServer -Identity “[Servername]” -AutoDiscoverServiceInternalUri $NULL

Importing LegacyDN information

Problems connecting Outlook to Office 365 

AND if you happen to still be using SBS 2003 (I certainly hope not!), you can use Exmerge or Outlook to output individual mailboxes to PST. Do it soon!

Exchange TLS & SSL Best Practices

For those using Exchange on-premises (including SBS 2011), here are some best practice recommendations from the Exchange Team.

http://blogs.technet.com/b/exchange/archive/2015/07/27/exchange-tls-amp-ssl-best-practices.aspx

In a nutshell,

  • Deploy supported operating systems, clients, browsers, and exchange versions
  • Test everything by disabling SSL 3.0 on Internet Explorer
  • Disable support for SSL 3.0 on the client
  • Disable support for SSL 3.0 on the server
  • Prioritize TLS 1.2 ciphers, and AES/3DES above others
  • Strongly consider disabling RC4 ciphers
  • Do NOT use MD5/MD2 certificate hashing anywhere in the chain
  • Use RSA-2048 when creating new certificate keys
  • When renewing or creating new requests, request SHA 256-bit or better
  • Know what your version of Exchange supports
  • Use tools to test and verify
  • Do NOT get confused by explicit TLS vs. implicit TLS
  • (For now) Wait to disable TLS 1.0 on the Exchange server

Reading, Viewing, Recovering files – OST, PST, PDF, MDF, DOCX, XLSX, PPTX, MPP and more

It has been a while since I looked into these kinds of tools.

For example, the OST File Viewer – http://curah.microsoft.com/60115/use-ost-file-viewer-to-open-and-read-ost-files – is a simple and effictive tool to reading OST files where the Exchange server is offline or has been damaged.

To recover these types of data files, it is best to purchase a decent product. There are a number of products that handle a variety of files. Most will allow you to view the recoverable data before you purchase the product.

One such product that appears to cover a number of file types is http://www.viewertool.com/

Another company, http://www.kerneldatarecovery.com/, provides numerous recovery and conversion tools.

If you are totally stuck with a failed Exchange server, Ontrack PowerControls http://www.ontrackdatarecovery.com.au/email-recovery-microsoft-exchange/, will be a very useful tool. However, it can be fairly expansive for a once off operation to recover a single mailbox.

StorageCraft’s Shadow Protect Granular Recovery for Exchange – http://www.storagecraft.com/products/shadowprotect-granular-recovery-exchange – is a great tool for easily recovering Exchange server mailboxes from ShadowProtect backups. Once great benefit is that you can license this on a project based 60 day version, which is quite inexpensive.

Migrating Email from SBS Exchange to Office 365

In the past few months, I have been working with some clients on moving their existing Small Business Server (SBS) systems over to the Microsoft cloud based Office 365 email system. There are a number of issues and possible gotchas in making this transition which will be discussed here. Note that this blog post is targeted to the small business community with existing SBS 2003, SBS 2008 or SBS 2011 deployments that are looking to move their email services to Office 365, while maintaining their existing network. We will not be considering Office365 migration method in this move as the costs and complexity of implementing this in a small business are prohibitive.

The pre-requisite when performing such a migration, is to plan and work out a migration path for email services. Questions to be considered are:

  1. Do we need to migrate all the old email data, or should some be archived?
  2. Are there old accounts that can be decommissioned?
  3. What distribution groups and contacts need to be migrated across?
  4. Are there any Send As and Send on Behalf of permissions that need to be addressed?
  5. Are there individual permissions on Calendars and Folders that need to be recreated?
  6. How will we move the old email data from Exchange on premises to Office 365?

Moving Email data from On-premises Exchange to Office 365

Central to the entire issue is retaining old emails and settings. There are a number of ways to move the data across to Office365.

  • Export-Import. This method involves exporting the current emails to PST and re-importing them into Office 365 once Outlook has been configured.
  • Migrationwiz.com is a fast and easy way to move mailboxes at a low cost.
  • Office365 Migration wizard. This is a built in tool from Microsoft to help in performing a migration from on-premises Exchange. It requires an Azure subscription and the installation of the Directory Sync tool and has some tough pre-requisites for SMBs. The process is detailed on technet here – http://technet.microsoft.com/en-us/library/jj573653.aspx

One main drawback from using any method that does not synchronize the Office 365 platform to your existing Active Directory is dealing with the issue of Auto-Complete or Suggested Contacts. After the migration, it is quite likely that replies on old emails or emails sent using the stored contact information in Auto-Complete or Suggested Contacts will result in a Undeliverable error as follows:

IMCEAEX-_O=MyDomain_OU=First+20Administrative+20Group_cn=Recipients_cn=bOldLastName@domain.com

#550 5.1.1 RESOLVER.ADR.ExRecipNotFound; not found ##

Create Users and Set up Domain in Office 365

In this step, you need to set up and recreate all the users, distribution groups, and domains to match what you have on-premises. In the public DNS, set the MX records to point to your on-premises Exchange until you are ready to receive emails at the Office 365 service. Ensure that the Autodiscover and other DNS services are set up properly.

Setting up the Outlook Profile

One of the main issues with setting up Outlook for Office 365 on an existing SBS domain is the existing autodiscover configuration set up for each user account. The following steps should be followed to ensure a simple, incident free set up of Outlook on Office 365.

  1. Log in to the PC as the user. The configuration is done per user.
  2. Update your PC with a the latest patches, especially Microsoft Office patches and Service Packs.
  3. Log in to the Office 365 portal using the users email address and assigned password.
  4. Install software and connect it to Office 365

  5. You will need to sign in to Office 365 again using the user’s credentials.

  6. The Office 365 setup application will note that manual steps will be required (which involves setting up the Outlook profile as detailed here).

  7. For Office 2007, the registry key is [HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]

    For Office 2010, the registry key is [HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\AutoDiscover]

    The six entries are all DWORD. (NOTE: all but one entry are set to 1)

    “PreferLocalXML”=dword:00000001

    “ExcludeHttpRedirect”=dword:00000000

    “ExcludeHttpsAutoDiscoverDomain”=dword:00000001

    “ExcludeHttpsRootDomain”=dword:00000001

    “ExcludeScpLookup”=dword:00000001

    “ExcludeSrvRecord”=dword:00000001

    They should be displayed among other entries like this.

  8. Download and run the two AgileIT tools from http://www.agileit.com/news/office-365-autodiscover-xml-tool-released/. Just enter the domain name and click OK.

  9. Now you can Add a new Outlook Profile from Control Panel-Mail (32-bit). You will see the existing Outlook Profile there, which can be kept as a backup, as you may need it later for export to PST purposes.

  10. The local autodiscover settings that have been configured earlier will kick in and set up the account. You will need to log in using the Office 365 credentials.

You can also add the on-premises Exchange profile to this new profile, if you are planning to export the old email data or manually transfer information over to the office 365 account.

With smaller sites, this is a quick and easy way to manage your Office 365 migration. With larger installations, the Office 365 migration wizard using Azure and Directory Sync may be a more efficient method. In the end, it is up to the business owner, with advice from the IT consultant, to work out which method is preferred.

UPDATE: There is a really good article on how to use Azure Active Directory to handle password sync between your local AD and the new Office 365 AD – www.infostream.cc/dirsync-aadsync

How to set up an Internal SMTP Service for Windows Server 2012 Essentials

Windows Server 2012 Essentials does not come with Microsoft Exchange Server as its predecessor Small Business Server 2011 did. However, many small businesses still use a copier or multifunction device that has the ability to scan to email. Some units also allow a fax to email forwarding service. Unfortunately, many of these devices rely on some form of internal SMTP service to enable them to relay emails to recipients.

Fortunately, you can enable a SMTP service that is built into the core operating system for Windows Server 2012. Here how to do this.

Install the SMTP Service

  1. Launch the Server Manager. From the Search charm, type in Server Manager to find it.

     

  2. From the Dashboard, Add Roles and Features. The Add Roles and Features Wizard will begin. Click Next on the first screen.

     

  3. Select Role-based or feature-based installation.

     

  4. Select the Essentials Server (which should be highlighted by default).

     

  5. Click Next to bypass the Roles selections.

     

  6. Scroll down the list and tick the SMTP Server feature.

     

  7. A new window will pop up to inform you that some other services will also be installed. Click Add Features to confirm and continue. Click Next to continue past the features selection screen.

     

  8. Click Install to complete the Installation.

     

  9. Click Close when the installation has completed.

     

Configure the SMTP Service

  1. From the Search charm, type IIS. Hover your mouse over one of the selections, and run the Internet Information Services (IIS) 6.0 Manager.

     

  2. Click Yes to the UAC Prompt.

     

  3. Expand to SMTP Virtual Server #1, right click and select Properties.

     

  4. General Tab: Set the IP Address to the server’s IP address.

     

    Note: You can also enable logging is required.

     

  5. Access Tab: Set the IP for the internal devices in the connection button.

     

    Add the same IP to the Relay list.

     

  6. Delivery Tab: Set an external domain – you can use the free customised domain from Microsoft, and you can also optionally add a Smart host, if required. Tick the Attempt direct delivery box, if you want the server to attempt to deliver the email directly first before trying the Smart host.

     

  7. From the Search charm, type Firewall to locate and run the Windows Firewall with Advanced Security console.

     

  8. Add a new Inbound Rule. (Right Click on Inbound Rule, and select New Rule)

     

  9. Select Port.

     

  10. Type in 25 as the local port.

     

  11. Click Next (Allow the Connection).

     

  12. Uncheck Public. (Prevents external access to the server)

     

  13. Give the rule a name, and click Finish to create the rule.

     

  14. You should now see a new rule enabled in the firewall management console.

     

  15. Restart the SMTP Service and set the service for Automatic Start. Open up the Services Management Console. Double Click on the Simple Mail Transfer Protocol service. Stop and then Start the service. Set the Startup type to Automatic.

     

That’s it. The service is ready and waiting.

NOTE: You can also do this with Small Business Server 2011 Essentials, and also with Windows Server 2012 or Windows Server 2008 R2. With SBS2011 Essentials and Server 2008 R2, there is a slight difference in adding the SMTP Service role, but it is a fairly straightforward task.

Check your IP against global email blacklists

Here are two good online tools to check an IP address against the number of DNS anti-spam databases.

  1. MX Toolbox – http://www.mxtoolbox.com/blacklists.aspx
  2. WhatIsMyIPAddress – http://whatismyipaddress.com/blacklist-check

Both of these online tools also provide other useful IP based tools.

I need help with Office 365!

The Microsoft Online Portal is a wealth of information, but now easy to navigate. Here is a direct link to the help page where you can find information on how to set up Outlook, setting up your iPhone for Office 365 and many other articles.

http://onlinehelp.microsoft.com/en-us/office365-enterprises/ff637580.aspx

The Getting Started page is a very good place to start!

Configuring the iPhone for Microsoft Online Services (BPOS)

With a bigger push towards Cloud based services, I have decided to put down a quick reference on how to configure the iPhone to work with Microsoft’s Onlince Services (BPOS).

The starting place is to read Microsoft’s Help and How to section – http://www.microsoft.com/online/help/en-us/helphowto/914df3cf-0135-46a7-a975-fd767b6d9a96.htm

  1. On the iPhone, go to Settings> Mail Contacts, Calendar> Add Account…> Microsoft Exchange
     
  2. Fill in the relevant details
    • Email: Your email address
    • Domain: Leave blank
    • Username: Your email address (the login to your BPOS account)
    • Password: Your Password
    • Description: Put in the email address or give it a friendly name
       
  3. The iPhone will Verify the information and will bring up a new field. Type in the relevant field depending on the location of your region in the Mobile Device URLs section here – http://www.microsoft.com/online/help/en-us/helphowto/c0a1a4b9-111f-4bd4-8fab-8147344cd278.htm. Remove the “https://” ie. For Australia, use “red003.mail.apac.microsoftonline.com”
     
  4. Select the information you want to synchronise. That’s it.

PowerShell Not Your Father’s Command Line

There is a great 31 part blog post on PowerShell that is in developement (part 23 of 31 at this moment). Everything you wanted to know about PowerShell and some great scripts that can be used.

The main landing page for the blog is here – http://blogs.technet.com/b/matthewms/p/powershell.aspx

Here are the titles.

Part 1 of 31: Why PowerShell?
Part 2 of 31: The Basics on How to Read PowerShell
Part 3 of 31: Where Did All the Good Cmdlets Go?
Part 4 of 31: Who Ya Gonna Call For Help?
Part 5 of 31: What’s in it for Devs?
Part 6 of 31: A Cmdlet By Any Other Name Would Be An Alias
Part 7 of 31: Conjunction Function PowerShell What Are Functions?
Part 8 of 31: Won’t You Take Me To Functiontown?
Part 9 of 31: Another Side of PowerShell Profiles
Part 10 of 31: PowerShell Protecting You From Yourself
Part 11 of 31: PowerShell Providers and You!
Part 12 of 31: PowerShell and The Registry
Part 13 of 31: The Provider Active Directory Style
Part 14 of 31: Sorry I’m Not Home Right Now, Walking into IIS Webs…
Part 15 of 31: ISE, ISE Baby…
Part 16 of 31: PowerShell Take Me Out To The Grid
Part 17 of 31: Who Wants to Manage Active Directory?
Part 18 of 31: So You Deleted A User…On Purpose
Part 19 of 31: Small Business Server, PowerShell, and Me
Part 20 of 31: Hanging with Hyper-V
Part 21 of 31: Knock Knock PowerShell Calling!
Part 22 of 31: Good PowerShell Things Come in Nifty Packages
Part 23 of 31: HUGE Announcements, Disagreements, Best Practices and A Party…Oh My!
Part 24 of 31: PowerShell Did What!?!? How to Mitigate Risk!
Part 25 of 31: Did You Know PowerShell Can Talk VMware?
Part 26 of 31: Start Spreading the News…
Part 27 of 31: It Takes a Community to Raise a Language
Part 28 of 31: What is the .NET Framework?
Part 29 of 31: Demystifying MSDN and PowerShell static syntax
Part 30 of 31: PowerShell Likes the Pretty Blue Eyes of Azure Too
Part 31 of 31: That’s a Wrap and We are Not Done Yet!

Exchange Store Size checks

Here are a couple of scripts to check the size of the Exchange Stores. With the 75GB limit in Exchange 2003 and possible personal store located in various areas for Exchange 2007 and beyond, it is useful to have a quick overall glance at the Exchange information all at a go.

For Exchange 2003 and below, you can use Michael B Smith’s (Exchange MVP) scripts found here – http://theessentialexchange.com/blogs/michael/archive/2007/11/13/finding-disk-space-used-by-exchange.aspx. For a self installing version of this script, you can download it here – http://www.petri.co.il/reporting_storage_size_in_exchange.htm

In Exchange 2007, the STM file was elimited according to Michael, and so the script terminates with an AD error. He has supplied a really quick and dirty Exchange PowerShell script to output the sizes of the stores. Cut and past the following code into notepad and save the file with a .PS1 extension and run this from the Exchange Management Shell.

$totalArray = @()
$totalArray += get-mailboxdatabase -ea 0 |% { dir -ea 0 $_.EdbFilePath | select Name, Length }
$totalArray += get-publicfolderdatabase -ea 0 |% { dir -ea 0 $_.EdbFilePath | select Name, Length }
$totalArray | out-string -width 70
[int64]$totalSize = 0
$totalArray |% { $totalSize += $_.Length }
"Total size of databases {0} bytes, {1} GB" -f  $totalSize.ToString("N0"), ($totalsize / 1GB).ToString("N3")

There are many other scripts out there, which can produce nicely formatted output and possibly more information if required. But I found that this gave me the information I needed quickly.

UPDATE 8/1/2011: Michael has updated his script to work with Exchange 2007 and 2010. You can access the script here – http://theessentialexchange.com/blogs/michael/archive/2011/01/07/finding-disk-space-used-by-exchange-v2.aspx

Michael’s blog contains a depth of great articles and scripts on everything about Exchange – www.TheEssentialExchange.com