Tuesday, April 23, 2013

Handy Office 365 PowerShell Cmdlets

Here are some handy Cmdlets that you may find useful when managing Office 365.

- Connect to the Microsoft Online Services interface for account management tasks.
import-module MSOnline
$cred = Get-Credential
Connect-MSOLService -credential $cred

- Connect to the Microsoft Exchange Online interface for Exchange-related tasks.
$cred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri
https://ps.outlook.com/powershell -Credential $cred -Authentication Basic -AllowRedirection
Import-PSSession $Session

- Set Office 365 passwords for all accounts to P@ssword1 and clear Change Password Flag (not valid for ADFS customers)
Get-MsolUser | Set-MsolUser -NewPassword P@ssword1 -ForceChangePassword $False

- Set Office 365 passwords for all accounts to never expire (not valid for ADFS customers)
Get-MsolUser | Set-MsolUser -PasswordNeverExpires $True

- Set Time Zone to Eastern Time and Language to English (US) for all users
get-mailbox -Filter {RecipientTypeDetails -eq 'UserMailbox'} | Set-MailboxRegionalConfiguration -Language "en-US" -TimeZone "Eastern Standard Time" -DateFormat "M/d/yyyy" -TimeFormat "h:mm tt"

- Get a user's mailbox permissions on a selected mailbox
Get-MailboxPermission -Identity <mailbox@domain.com> | Where {_.User -like '*user*'}
Get-RecipeintPermission -Identity <
mailbox@domain.com> | Where {_.Trustee -like '*user*'}

- Get a list of Directly-granted rights, excluding "SELF"
Get-Mailbox | Get-MailboxPermission | Where-Object { ($_.AccessRights -like '*full*') -and ($_.IsInherited -eq $false) -and -not ($_.User -like '*nt authority\self*') }
Get-Mailbox | Get-RecipientPermission | Where-Object { ($_.AccessRights -like '*send*') -and ($_.IsInherited -eq $false) -and -not ($_.User -like '*nt authority\self*') }

- Set Shared Mailbox quota at 4.5GB
Get-Mailbox -RecipientTypeDetails SharedMailbox | Set-Mailbox -ProhibitSendQuota 4500MB -ProhibitSendReceiveQuota 5000mb -IssueWarningQuota 4400mb

- Get Distribution Group Members
$Groups| foreach {
 $Report=Get-distributionGroupMember -identity $_.identity| select @{Name='Distribution Group'; Expression={[String]::join(";", $GroupName)}}, DisplayName, PrimarySmtpAddress
$Reports | Export-csv -NoType -Path .\"output.csv" -ErrorAction SilentlyContinue

- Add Alias Domain to All Mailboxes (not valid for ADFS customers)
$users = Get-Mailbox
$aliasdomain = newdomain.com
foreach ($a in $users) {$a.emailaddresses.Add("$($a.alias)@$aliasdomain")}
$users | %{Set-Mailbox $_.Identity -EmailAddresses $_.EmailAddresses}

- Set Usage Location to United States for All users
Get-MsolUser | Set-MsolUser -UsageLocation "US"

- Assign "Exchange Online Plan 1" License to All Users for organization TestOrg
Get-MsolUser | Set-MsolUserLicense -addlicenses "testorg:EXCHANGESTANDARD"

- Force Removal of deleted mailboxes from Recycle Bin
Get-MsolUser -ReturnDeletedUsers | Remove-MsolUser -RemoveFromRecycleBin -Force

- Get All User Mailbox Sizes
Get-Mailbox -Resultsize Unlimited | Get-MailboxStatistics | Select-Object DisplayName,TotalItemSize

- Convert User mailbox to Room Mailbox
Set-Mailbox -Identity ConferenceRoom -Type Room

Set-MailboxFolderPermission -Identity ConferenceRoom:\Calendar -user Default -AccessRights Author
Let me know if there are other tasks you might like to see demonstrated!

Thursday, April 11, 2013

Cannot create Exchange Online Migration Endpoint with Exchange 2007 Server using only NTLM Authentication

I've been battling an issue for a few days now and finally stumbled upon a workable solution via PowerShell.


Client has an existing Exchange 2007 deployment.  The OWA instance is configured to only use NTLM authentication.  ExRCA (http://www.testexchangeconnectivity.com) comes back clean, and I can proxy log in to any mailbox on the server.

When configuring the migration endpoint through the EAC, I would receive an error that the migration endpoint could not be discovered, even after entering the credentials, server, and RPC proxy server values manually.


The solution ended up with my old friend PowerShell.  You can create migration endpoints through it using the New-MigrationEndpoint cmdlet.  The key was forcing the authentication to NTLM.

New-MigrationEndpoint -ExchangeOutlookAnywhere -Name NewEndPointName -ExchangeServer EXCHSERVER.DOMAIN.local -RpcProxyServer OWA.DOMAIN.com -Credentials (get-credential onpremiseaccount@domain.com) -EmailAddress onpremiseaccount@domain.com -SkipVerification -Authentication NTLM