This week, while prepping two different customers for single-signon to Office 365, I ran into the same issue--the userPrincipalName attribute was correctly populated (username@domain.com), but the email address was blank. So, to rectify this problem, I put together a script that reads the UPN attribute and then copies to the the mail attribute.
Leave me a comment if you find it useful!
# Populate "mail" attribute with UPN
Import-Module ActiveDirectory
Get-ADUser -LDAPFilter '(userPrincipalName=*)' `
-Properties userPrincipalName,mail | Select-Object * | `
ForEach-Object { Set-ADObject -Identity `
$_.DistinguishedName -Replace `
@{mail=$($_.userPrincipalName)} }
Showing posts with label Office 365. Show all posts
Showing posts with label Office 365. Show all posts
Monday, September 16, 2013
Tuesday, April 23, 2013
Handy Office 365 PowerShell Cmdlets
Here are some handy Cmdlets that you may find useful when managing Office 365.
- Connect to the Microsoft Online Services interface for account management tasks.
import-module MSOnline
$cred = Get-Credential
Connect-MSOLService -credential $cred
- Connect to the Microsoft Exchange Online interface for Exchange-related tasks.
$cred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $cred -Authentication Basic -AllowRedirection
Import-PSSession $Session
- Set Office 365 passwords for all accounts to P@ssword1 and clear Change Password Flag (not valid for ADFS customers)
Get-MsolUser | Set-MsolUser -NewPassword P@ssword1 -ForceChangePassword $False
- Set Office 365 passwords for all accounts to never expire (not valid for ADFS customers)
Get-MsolUser | Set-MsolUser -PasswordNeverExpires $True
- Set Time Zone to Eastern Time and Language to English (US) for all users
get-mailbox -Filter {RecipientTypeDetails -eq 'UserMailbox'} | Set-MailboxRegionalConfiguration -Language "en-US" -TimeZone "Eastern Standard Time" -DateFormat "M/d/yyyy" -TimeFormat "h:mm tt"
- Get a user's mailbox permissions on a selected mailbox
Get-MailboxPermission -Identity <mailbox@domain.com> | Where {_.User -like '*user*'}
Get-RecipeintPermission -Identity <mailbox@domain.com> | Where {_.Trustee -like '*user*'}
- Get a list of Directly-granted rights, excluding "SELF"
Get-Mailbox | Get-MailboxPermission | Where-Object { ($_.AccessRights -like '*full*') -and ($_.IsInherited -eq $false) -and -not ($_.User -like '*nt authority\self*') }
Get-Mailbox | Get-RecipientPermission | Where-Object { ($_.AccessRights -like '*send*') -and ($_.IsInherited -eq $false) -and -not ($_.User -like '*nt authority\self*') }
- Set Shared Mailbox quota at 4.5GB
Get-Mailbox -RecipientTypeDetails SharedMailbox | Set-Mailbox -ProhibitSendQuota 4500MB -ProhibitSendReceiveQuota 5000mb -IssueWarningQuota 4400mb
- Get Distribution Group Members
$Reports=@()
$Groups=Get-DistributionGroup
$Groups| foreach {
$GroupName=$_.DisplayName
$Report=Get-distributionGroupMember -identity $_.identity| select @{Name='Distribution Group'; Expression={[String]::join(";", $GroupName)}}, DisplayName, PrimarySmtpAddress
$Reports=$Reports+$Report
}
$Reports | Export-csv -NoType -Path .\"output.csv" -ErrorAction SilentlyContinue
- Add Alias Domain to All Mailboxes (not valid for ADFS customers)
$users = Get-Mailbox
$aliasdomain = newdomain.com
foreach ($a in $users) {$a.emailaddresses.Add("$($a.alias)@$aliasdomain")}
$users | %{Set-Mailbox $_.Identity -EmailAddresses $_.EmailAddresses}
- Set Usage Location to United States for All users
Get-MsolUser | Set-MsolUser -UsageLocation "US"
- Assign "Exchange Online Plan 1" License to All Users for organization TestOrg
Get-MsolUser | Set-MsolUserLicense -addlicenses "testorg:EXCHANGESTANDARD"
- Force Removal of deleted mailboxes from Recycle Bin
Get-MsolUser -ReturnDeletedUsers | Remove-MsolUser -RemoveFromRecycleBin -Force
- Get All User Mailbox Sizes
Get-Mailbox -Resultsize Unlimited | Get-MailboxStatistics | Select-Object DisplayName,TotalItemSize
- Convert User mailbox to Room Mailbox
Set-Mailbox -Identity ConferenceRoom -Type Room
Set-MailboxFolderPermission -Identity ConferenceRoom:\Calendar -user Default -AccessRights Author
Let me know if there are other tasks you might like to see demonstrated!
- Connect to the Microsoft Online Services interface for account management tasks.
import-module MSOnline
$cred = Get-Credential
Connect-MSOLService -credential $cred
- Connect to the Microsoft Exchange Online interface for Exchange-related tasks.
$cred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $cred -Authentication Basic -AllowRedirection
Import-PSSession $Session
- Set Office 365 passwords for all accounts to P@ssword1 and clear Change Password Flag (not valid for ADFS customers)
Get-MsolUser | Set-MsolUser -NewPassword P@ssword1 -ForceChangePassword $False
- Set Office 365 passwords for all accounts to never expire (not valid for ADFS customers)
Get-MsolUser | Set-MsolUser -PasswordNeverExpires $True
- Set Time Zone to Eastern Time and Language to English (US) for all users
get-mailbox -Filter {RecipientTypeDetails -eq 'UserMailbox'} | Set-MailboxRegionalConfiguration -Language "en-US" -TimeZone "Eastern Standard Time" -DateFormat "M/d/yyyy" -TimeFormat "h:mm tt"
- Get a user's mailbox permissions on a selected mailbox
Get-MailboxPermission -Identity <mailbox@domain.com> | Where {_.User -like '*user*'}
Get-RecipeintPermission -Identity <mailbox@domain.com> | Where {_.Trustee -like '*user*'}
- Get a list of Directly-granted rights, excluding "SELF"
Get-Mailbox | Get-MailboxPermission | Where-Object { ($_.AccessRights -like '*full*') -and ($_.IsInherited -eq $false) -and -not ($_.User -like '*nt authority\self*') }
Get-Mailbox | Get-RecipientPermission | Where-Object { ($_.AccessRights -like '*send*') -and ($_.IsInherited -eq $false) -and -not ($_.User -like '*nt authority\self*') }
- Set Shared Mailbox quota at 4.5GB
Get-Mailbox -RecipientTypeDetails SharedMailbox | Set-Mailbox -ProhibitSendQuota 4500MB -ProhibitSendReceiveQuota 5000mb -IssueWarningQuota 4400mb
- Get Distribution Group Members
$Reports=@()
$Groups=Get-DistributionGroup
$Groups| foreach {
$GroupName=$_.DisplayName
$Report=Get-distributionGroupMember -identity $_.identity| select @{Name='Distribution Group'; Expression={[String]::join(";", $GroupName)}}, DisplayName, PrimarySmtpAddress
$Reports=$Reports+$Report
}
$Reports | Export-csv -NoType -Path .\"output.csv" -ErrorAction SilentlyContinue
- Add Alias Domain to All Mailboxes (not valid for ADFS customers)
$users = Get-Mailbox
$aliasdomain = newdomain.com
foreach ($a in $users) {$a.emailaddresses.Add("$($a.alias)@$aliasdomain")}
$users | %{Set-Mailbox $_.Identity -EmailAddresses $_.EmailAddresses}
- Set Usage Location to United States for All users
Get-MsolUser | Set-MsolUser -UsageLocation "US"
- Assign "Exchange Online Plan 1" License to All Users for organization TestOrg
Get-MsolUser | Set-MsolUserLicense -addlicenses "testorg:EXCHANGESTANDARD"
- Force Removal of deleted mailboxes from Recycle Bin
Get-MsolUser -ReturnDeletedUsers | Remove-MsolUser -RemoveFromRecycleBin -Force
- Get All User Mailbox Sizes
Get-Mailbox -Resultsize Unlimited | Get-MailboxStatistics | Select-Object DisplayName,TotalItemSize
- Convert User mailbox to Room Mailbox
Set-Mailbox -Identity ConferenceRoom -Type Room
Set-MailboxFolderPermission -Identity ConferenceRoom:\Calendar -user Default -AccessRights Author
Let me know if there are other tasks you might like to see demonstrated!
Wednesday, August 29, 2012
Error uninstalling Exchange Server 2003: One or more users currently use a mailbox store on this server.
So, you're transitioning your Exchange 2003 environment to an Office 365 environment and desparately want to drop kick your Exchange 2003 server out the door. After migrating everyone's email, you open ESM, delete all of the mailboxes and start to uninstall Exchange. But then, this frustrating message shows up:
The component "Microsoft Exchange Messaging and Collaboration Services" cannot be assigned the action "Remove" because:
- One or more users currently use a mailbox store on this server. These users must be moved to a mailbox store on a different server or be mail disabled before uninstalling this server.
Thanks for leaving me the fun part of trying to guess who you think still has a mailbox.
Fortunately, there's an easy way to do this.
Let's say your server name is EXCH01.
The component "Microsoft Exchange Messaging and Collaboration Services" cannot be assigned the action "Remove" because:
- One or more users currently use a mailbox store on this server. These users must be moved to a mailbox store on a different server or be mail disabled before uninstalling this server.
Thanks for leaving me the fun part of trying to guess who you think still has a mailbox.
Fortunately, there's an easy way to do this.
Let's say your server name is EXCH01.
- Launch Active Directory Users and Computers.
- In the navigation pane, right-click on your domain and select Find from the context menu.
- In the Find Users, Contacts, and Groups window, click the Advanced tab.
- Click the Field button, point to User, and then select Exchange Home Server.
- Set the Condition field to Ends With.
- Enter the Exchange mailbox server you're decommissioning in the Value field (in our example, EXCH01).
- Click Add.
- Click Find Now.
- Once the list of users is displayed, you can right-click on the user, select Exchange Tasks, and then select Remove Exchange Attributes from the list of options. Acknowledge the warning, and repeat for each user.
- Restart Exchange setup.
Monday, July 23, 2012
Office365 Migrations and the legacyExchangeDN
I ran across
this problem for a customer and thought I would share my experience/resolution.
Migration Scenario:
- Customer runs Exchange 2003 environment and RPC/HTTP is non-functional for the migration
- Using 3rd-party tools to migrate accounts
- When an internal user replies to messages from another internal user prior to migration, the sender receives an NDR with the X400 address of the legacy Exchange system
Tools required:
- ADFind (joeware.net)
- Microsoft Online Services PowerShell Module
- Text editor
1. Run ADFIND on the customer's server. This is the syntax I used:
adfind -csv -h -b "" -f
"objectClass=user" -nodn mail legacyexchangedn > userlist.csv
2. Clean up the email addresses in the userlist.csv file (to make sure they match the Office 365 addresses).
3. Connect to the Office 365 tenant using PowerShell.
4. Run the following script:
$csv = import-csv .\userlist.csv -header Username
foreach ($line in $csv)
{
$user=Get-Mailbox -Identity $line.Username
$user.EmailAddresses+="X500:"+$line.legacyExchangeDN
Set-Mailbox -Identity $line.Username -EmailAddresses $user.EmailAddresses
}
Let me know if this helped you out by leaving a comment.
Cheers.
Migration Scenario:
- Customer runs Exchange 2003 environment and RPC/HTTP is non-functional for the migration
- Using 3rd-party tools to migrate accounts
- When an internal user replies to messages from another internal user prior to migration, the sender receives an NDR with the X400 address of the legacy Exchange system
Tools required:
- ADFind (joeware.net)
- Microsoft Online Services PowerShell Module
- Text editor
1. Run ADFIND on the customer's server. This is the syntax I used:
adfind -csv -h
2. Clean up the email addresses in the userlist.csv file (to make sure they match the Office 365 addresses).
3. Connect to the Office 365 tenant using PowerShell.
4. Run the following script:
$csv = import-csv .\userlist.csv -header Username
foreach ($line in $csv)
{
$user=Get-Mailbox -Identity $line.Username
$user.EmailAddresses+="X500:"+$line.legacyExchangeDN
Set-Mailbox -Identity $line.Username -EmailAddresses $user.EmailAddresses
}
Let me know if this helped you out by leaving a comment.
Cheers.
Wednesday, May 23, 2012
Office 365 DirSync Setup Error 1603
During your journey of Office 365 nirvana, you may decide to install DirSync (or, as the setup window title more verbosely describes it, "Microsoft Online Services Directory Synchronization"). So, you spin up a new Windows Server 2008 R2 VM, join it to your domain, and, start the setup.
And then it happens.
ErrorCoexistence MSI installation failed. msiexec returned 1603 Unable to uninstall the Microsoft Online Services Directory Synchronization tool. Use the Control Panel to remove the Directory Synchronization tool.
What the heck?
Oh, you must have forgotten to install the .NET Framework 3.5.1 Features feature. How silly of you.
You know what to do.
And then it happens.
ErrorCoexistence MSI installation failed. msiexec returned 1603 Unable to uninstall the Microsoft Online Services Directory Synchronization tool. Use the Control Panel to remove the Directory Synchronization tool.
What the heck?
Oh, you must have forgotten to install the .NET Framework 3.5.1 Features feature. How silly of you.
You know what to do.
Monday, April 2, 2012
Quick-n-Dirty User Management for Office 365 Hybrid Deployments
Over the past several months, we have deployed Office 365 to dozens of organizations. Several of the larger environments have asked for integration between the on-premise Active Directory environment and the Office 365 environment. For this, Microsoft has provided a roadmap using Active Directory Federation Services (ADFS) and Directory Synchronization (DirSync). This is a great solution for end users, but can be onerous for the system administrator--especially if the customer has been migrated from Exchange 2003.
When running in any sort of Hybrid mode (or having transitioned from Exchange 2003 on-premise), there are two attributes that need to be updated/maintained with the on-premise AD in order to keep things moving along:
- proxyAddresses
- targetAddress
The proxyAddresses multi-valued attribute is used to store all of the various addresses that are bound to a user. These include (but are not limited to) SMTP and X.400 addresses. In an on-premise Exchange environment, this attribute is used to store the addresses assigned by various recipient policies.
The targetAddress attribute stores the unique "onmicrosoft.com" address assigned to each user. During a transition, mail intended for the @domain.com address skips local mailbox delivery and is automatically forwarded to the address stored in this attribute. If the local Exchange server is kept on-line for local SMTP routing, these attributes *must* be populated for each new user, otherwise mail delivery to them from on-premise services utilizing the Exchange environment will fail.
To work around this, I've put together a very low-end script utilizing the Quest ActiveRoles cmdlets. You will need to install these on either a workstation or server in your environment and then then save the follwing script as a .ps1 file (replacing the placeholders with your own) on the same computer where you have installed the ActiveRoles PowerShell environment.
Write-Host "Please enter the Active Directory ID of the user to update:"
$SamID = Read-Host
$PrimaryDomain = "domain.com"
$SecondaryDomain = "domain2.com"
$Office365Domain = "domain.onmicrosoft.com"
Get-QADuser $SamID Set-QADUser -ObjectAttributes @{targetaddress="SMTP$SamID@$Office365Domain"}
Get-QADUser $SamID Add-QADProxyAddress -Address $SamID@PrimaryDomain -Primary
Get-QADUser $SamID Add-QADProxyAddress -Address $SamID@SecondaryDomain
Get-QADUser $SamID Add-QADProxyAddress -Address $SamID@Office365Domain
When running in any sort of Hybrid mode (or having transitioned from Exchange 2003 on-premise), there are two attributes that need to be updated/maintained with the on-premise AD in order to keep things moving along:
- proxyAddresses
- targetAddress
The proxyAddresses multi-valued attribute is used to store all of the various addresses that are bound to a user. These include (but are not limited to) SMTP and X.400 addresses. In an on-premise Exchange environment, this attribute is used to store the addresses assigned by various recipient policies.
The targetAddress attribute stores the unique "onmicrosoft.com" address assigned to each user. During a transition, mail intended for the @domain.com address skips local mailbox delivery and is automatically forwarded to the address stored in this attribute. If the local Exchange server is kept on-line for local SMTP routing, these attributes *must* be populated for each new user, otherwise mail delivery to them from on-premise services utilizing the Exchange environment will fail.
To work around this, I've put together a very low-end script utilizing the Quest ActiveRoles cmdlets. You will need to install these on either a workstation or server in your environment and then then save the follwing script as a .ps1 file (replacing the
Write-Host "Please enter the Active Directory ID of the user to update:"
$SamID = Read-Host
$PrimaryDomain = "domain.com"
$SecondaryDomain = "domain2.com"
$Office365Domain = "domain.onmicrosoft.com"
Get-QADuser $SamID Set-QADUser -ObjectAttributes @{targetaddress="SMTP$SamID@$Office365Domain"}
Get-QADUser $SamID Add-QADProxyAddress -Address $SamID@PrimaryDomain -Primary
Get-QADUser $SamID Add-QADProxyAddress -Address $SamID@SecondaryDomain
Get-QADUser $SamID Add-QADProxyAddress -Address $SamID@Office365Domain
Subscribe to:
Posts (Atom)