Assumptions: Conditional Access Policies (CA) do not have sessions properties listed below enabled: Since we do not to use CA to manage sign-in frequency, refresh and session tokens will be set to the default configuration with no option to change their lifetimes. Property Policy property string Affects Default Refresh Token Max Inactive Time MaxInactiveTime Refresh tokens 90 →
Summary: This article documents the what’s, why’s and the how’s of setting up Room Finder and Workspaces in a hybrid Office 365 Exchange Environment. The on-premise environment uses ADC with no write-back enabled. Buildings, Cities, Types, and Filters (Capacity, Floors, Features) A room list is a distribution group. A room list is a collection of room mailboxes. →
If you havent heard already, Microsoft is taking huge steps to improve the overall security in Exchange Online and Office 365 by disabling basic authentication for legacy authentication protocols therein lies the question of “how” to prepare and shift your organization to adopting modern authentication protocols. In the second half of 2021, Microsoft had planned →
Try saying “new line”, “new paragraph,” “delete”, “bold that”, and “start list”. Other supported punctuation, commands, and symbols are below. Requirements – microphone access and reliable internet connection – Windwos 10+ – Office 2016+ with Office 365 subscription Supported: Word for Microsoft 365 Outlook for Microsoft 365 PowerPoint for Microsoft 365 Word for Microsoft 365 for Mac PowerPoint for →
In some instances, users with client side rules may break as they do not get touched in the migration. For any client rules that reference a specific sender/folder/etc they will normally use X500/LegacyDN to identify conditions and will stop working. There is no set limit for the amount of Inbox rules a user can have. →
$errors = (Get-MsolContact –ObjectID <Object_ID>).Errors $errors | foreach-object {“nService: ” + $_.ErrorDetail.Name.split(“/”)[0]; “Error Message: “+ $_.ErrorDetail.ObjectErrors.ErrorRecord.ErrorDescription} $errors = (Get-MsolGroup –ObjectID <Object_ID>).Errors $errors | foreach-object {“nService: ” + $_.ErrorDetail.Name.split(“/”)[0]; “Error Message: “+ $_.ErrorDetail.ObjectErrors.ErrorRecord.ErrorDescription} $errors = (Get-MsolUser -UserPrincipalName “<User_ID>”).Errors $errors | foreach-object {“`nService: ” + $_.ErrorDetail.Name.split(“/”)[0]; “Error Message: ” + $_.ErrorDetail.ObjectErrors.ErrorRecord.ErrorDescription} Get-MsolUser -HasErrorsOnly -All | ft DisplayName,UserPrincipalName,@{Name=”Error”;Expression={($_.errors[0].ErrorDetail.objecterrors.errorrecord.ErrorDescription)}} →
Windows Server 2008 can’t do beyond TLS 1.0. Newer versions can, but don’t have TLS 1.1 or 1.2 turned on by default. Best pratice to disable 1.0, 1.1 – mostly depreciated and not supported Check supported protocols: https://www.ssllabs.com/ssltest/index.html Turn off TLS 1.0.1.1 and SSL
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client] "DisabledByDefault"=dword:00000001 "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server] "DisabledByDefault"=dword:00000001 "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client] "DisabledByDefault"=dword:00000001 "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server] "DisabledByDefault"=dword:00000001 "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client] "DisabledByDefault"=dword:00000001 "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server] "DisabledByDefault"=dword:00000001 "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client] "DisabledByDefault"=dword:00000001 "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server] "DisabledByDefault"=dword:00000001 "Enabled"=dword:00000000 |
Enabling TLS 1.2 Use
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 REG_DWORD value of: SchUseStrongCrypto with a value of 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 REG_DWORD value of: SystemDefaultTLSVersions with a value of 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v3.0 REG_DWORD value of: SchUseStrongCrypto with a value of 1 HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.5.23026 REG_DWORD value of: SchUseStrongCrypto with a value of 1 HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.5.1 REG_DWORD value of: SchUseStrongCrypto with a value of 1 HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319 REG_DWORD value of: SchUseStrongCrypto with a value of 1 |
Ensure you have a user mailbox backup prior to starting the following process as there is potential risk of data loss. Options are to have a third party solution to perform a mailbox backup or export to PST (see new-mailboxexport cmdlet). Capture relevant information from on-premise exchange and exchange online. Grab the mailbox information (primary →
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 |
#Load Exchange 2010 Module Add-PSSnapin Microsoft.Exchange.Management.Powershell.E2010 -ErrorAction SilentlyContinue #Setup Variables $Filename = "C:\temp\tasks\fowarding_address\export.csv" $header = "UPN,ForwardingSmtpAddress,DeliverToMailboxAndForward" $header | Out-File $Filename #Grab Data $Users = Get-Mailbox -ResultSize Unlimited -Filter { (ForwardingAddress -ne $null) -or (ForwardingSmtpAddress -ne $null) } ForEach ($User in $Users) { if ($user.ForwardingSmtpAddress -ne $null) { $forwardingSmtpAddress = $user.ForwardingSmtpAddress $DeliverToMailboxAndForward = $User.DeliverToMailboxAndForward.ToString() $logstring = "$($user.PrimarySmtpAddress),$($forwardingSmtpAddress),$($DeliverToMailboxAndForward)" $logstring | Out-File $Filename -Append } else { if ($user.ForwardingAddress -ne $null) { $forwardingContact = $user.ForwardingAddress $forwardingContactAddress = (Get-Recipient $forwardingContact).PrimarySmtpAddress $DeliverToMailboxAndForward = $User.DeliverToMailboxAndForward.ToString() $logString = "$($user.PrimarySmtpAddress),$($forwardingContactAddress),$($DeliverToMailboxAndForward)" $logString | Out-File $Filename -Append } } } #Remove Exchange 2010 Module Remove-PSSnapin Microsoft.Exchange.Management.Powershell.E2010 #Connect to Exchange Online $username = "<user name>" $targetdir = (dir $env:LOCALAPPDATA”\Apps\2.0\” -Include CreateExoPSSession.ps1,Microsoft.Exchange.Management.ExoPowershellModule.dll -Recurse | Group Directory | ? {$_.Count -eq 2}).Values | sort LastWriteTime -Descending | select -First 1 | select -ExpandProperty FullName import-Module $targetdir\CreateExoPSSession.ps1 $PasswordFile = "Password.txt" $KeyFile = "AES.key" $key = Get-Content $KeyFile $MyCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $username, (Get-Content $PasswordFile | ConvertTo-SecureString -Key $key) connect-exopssession -credential $MyCredential #Reapply forwarding to migrated EXO mailboxes $Users = Import-Csv $Filename ForEach ($user in $users) { $DeliverToMailboxAndForward = [System.Convert]::ToBoolean($User.DeliverToMailboxAndForward) Set-Mailbox -Identity $($user.UPN) -DeliverToMailboxAndForward $DeliverTomailboxAndForward -ForwardingSmtpAddress $($user.ForwardingSmtpAddress) -whatif } #Kill Session and Remove Module Get-PSSession | Remove-PSSession Get-Module | Remove-Module |
Example 1:
|
1 2 3 4 5 6 7 8 9 |
Import-Module (Get-ChildItem -Path $($env:LOCALAPPDATA+"\Apps\2.0\") -Filter '*ExoPowershellModule.dll' -Recurse | Foreach{(Get-ChildItem -Path $_.Directory -Filter CreateExoPSSession.ps1)} | Sort-Object LastWriteTime | Select-Object -Last 1).FullName $User = "epic@onmicrosoft.com" $PasswordFile = "c:\o365\Password.txt" $KeyFile = "c:\o365\AES.key" $key = Get-Content $KeyFile $MyCredential = New-Object -TypeName System.Management.Automation.PSCredential ` -ArgumentList $User, (Get-Content $PasswordFile | ConvertTo-SecureString -Key $key) $proxysettings = New-PSSessionOption -ProxyAccessType IEConfig connect-exopssession -pssessionoption $proxysettings -credential $MyCredential |
Example 2:
|
1 2 3 4 5 6 7 8 9 |
$targetdir = (dir $env:LOCALAPPDATA”\Apps\2.0\” -Include CreateExoPSSession.ps1,Microsoft.Exchange.Management.ExoPowershellModule.dll -Recurse | Group Directory | ? {$_.Count -eq 2}).Values | sort LastWriteTime -Descending | select -First 1 | select -ExpandProperty FullName import-Module $targetdir\CreateExoPSSession.ps1 $User = "elau@onmicrosoft.com" $PasswordFile = "c:\o365\Password.txt" $KeyFile = "c:\o365\AES.key" $key = Get-Content $KeyFile $MyCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, (Get-Content $PasswordFile | ConvertTo-SecureString -Key $key) $proxysettings = New-PSSessionOption -ProxyAccessType IEConfig connect-exopssession -pssessionoption $proxysettings -credential $MyCredential |
Troubleshooting Errors: New-ExoPSSession : user_realm_discovery_failed: User realm discovery failed
|
1 2 3 4 5 6 |
New-ExoPSSession : user_realm_discovery_failed: User realm discovery failed At C:\Users\adm_elau\AppData\Local\Apps\2.0\806D2EJM.EAP\C421GW28.ARQ\micr..tion_1975b8453054a2b5_0010.0000_b9d3168c8e461adc\CreateExoPSSession.ps1:301 char:30 + ... PSSession = New-ExoPSSession -UserPrincipalName $UserPrincipalName.Va ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [New-ExoPSSession], AdalServiceException + FullyQualifiedErrorId : Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException,Microsoft.Exchange.Management.ExoPowershellSnapin.NewExoPSSession |
Check proxy settings in IE New-ExoPSSession: The SSL certificate could not be checked for revocation.
|
1 2 3 4 5 6 7 |
New-ExoPSSession : [outlook.office365.com] Connecting to remote server outlook.office365.com failed with the following error message : The server certificate on the destination computer (outlook.office365.com:443) has the following errors: The SSL certificate could not be checked for revocation. The server used to check for revocation might be unreachable. For more information, see the about_Remote_Troubleshooting Help topic. At line:1 char:12 + $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri ht ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportException + FullyQualifiedErrorId : 12175,PSSessionOpenFailed |
Set winhttpbyusingsetproxycommand: Show: netsh winhttp show proxy Set Proxy: netsh winhttp set proxy <proxy url or ip>:<port> Reset Proxy: netsh winhttp reset proxy →
Recent Comments