[IAM] Explaining Security Assertion Markup Language ( SAML 2.0 )

What is SAML? Security Assertion Markup Language (SAML) is an open standard federation protocol. SAML was introduced in 2001 SAML 2.0 superseded SAML in 2005 SAML protocol is used for authentication (AUTHN), and authorization (AUTHZ), and is often used for SSO (Single Sign-on) to web-based applications. The SAML specification defines three entities or roles: The   →

[EXO] Inbox Rule Issues Post Migration

In some instances, users with client side rules may  break as they do not get touched in the migration. For any client rules that reference a specific sender/folder/etc they will normally use X500/LegacyDN to identify conditions and will stop working. There is no set limit for the amount of Inbox rules a user can have.   →

[EXO] Identifying Validation Errors

$errors = (Get-MsolContact –ObjectID <Object_ID>).Errors $errors | foreach-object {“nService: ” + $_.ErrorDetail.Name.split(“/”)[0]; “Error Message: “+ $_.ErrorDetail.ObjectErrors.ErrorRecord.ErrorDescription} $errors = (Get-MsolGroup –ObjectID <Object_ID>).Errors $errors | foreach-object {“nService: ” + $_.ErrorDetail.Name.split(“/”)[0]; “Error Message: “+ $_.ErrorDetail.ObjectErrors.ErrorRecord.ErrorDescription} $errors = (Get-MsolUser -UserPrincipalName “<User_ID>”).Errors $errors | foreach-object {“`nService: ” + $_.ErrorDetail.Name.split(“/”)[0]; “Error Message: ” + $_.ErrorDetail.ObjectErrors.ErrorRecord.ErrorDescription} Get-MsolUser -HasErrorsOnly -All | ft DisplayName,UserPrincipalName,@{Name=”Error”;Expression={($_.errors[0].ErrorDetail.objecterrors.errorrecord.ErrorDescription)}}   →

[EX2010] Identifying Cmd-let associated with Role, and who has it.

$Perms = Get-ManagementRole -Cmdlet remove-remotemailbox $Perms | Foreach {Get-ManagementRoleAssignment -Role $_.Name -Delegating $false | Format-Table -Auto Role,RoleAssigneeType,RoleAssigneeName} Role RoleAssigneeType RoleAssigneeName —- —————- —————- Mail Recipient Creation RoleGroup Recipient Management Mail Recipient Creation RoleGroup Organization Management Get-ManagementRoleAssignment -Role “Mail Recipient Creation” get-rolegroupmember “organization management”

[EXO] The client and server cannot communicate, because they do not possess a common algorithm

Windows Server 2008 can’t do beyond TLS 1.0. Newer versions can, but don’t have TLS 1.1 or 1.2 turned on by default. Best pratice to disable 1.0, 1.1 – mostly depreciated and not supported Check supported protocols: https://www.ssllabs.com/ssltest/index.html Turn off TLS and SSL

Enabling TLS 1.2 Use


[EXO][EX2010] Removing dual mailboxes

Ensure you have a user mailbox backup prior to starting the following process as there is potential risk of data loss.  Options are to have a third party solution to perform a mailbox backup or export to PST (see new-mailboxexport cmdlet). Capture relevant information from on-premise exchange and exchange online. Grab the mailbox information (primary   →

[EX2010][EXO] Forwarding Address Export and Import


Single mailbox export to PST file

Add member of a role group which has the Mailbox Import Export role

Export primary mailbox:

  Export archive mailbox:

  More details https://docs.microsoft.com/en-us/powershell/module/exchange/mailboxes/New-MailboxExportRequest?redirectedfrom=MSDN&view=exchange-ps

Exam MS-200: Planning and Configuring a Messaging Platform – Skills Measured

Exam MS-200: Planning and Configuring a Messaging Platform – Skills Measured Manage modern messaging infrastructure (45-50%) Manage databases • plan mailbox database requirements • create mailbox databases • configure mailbox databases • troubleshoot mailbox databases Manage Database Availability Groups (DAGs) • plan DAG settings and members • create a DAG • manage DAG members •   →

[MS-200] Exchange System Requirements

Supported co-existence for Exchange 2019 Exchange 2010, not supported Exchange 2013, supported with 2013 CU21 or later, including Edge Transport Servers Exchange 2016, Supported with 2016 CU11 or later, including Edge Transport Servers Mixed 2013 and 2016, Supported if 2013 and 2016 meeting previous requirements Network and directory server requirements for Exchange 2019 Domain Controller,   →