SuperTekBoy

Practical Help for Exchange & Office 365

Exchange Tutorials

Add external sender disclaimer in Office 365

By 2 Comments

8 Shares
Share
Tweet
Share
Reddit
Email

Adding an external sender notification to the top of an email is an important distinction for many companies. This disclaimer quickly identifies to its end users when a message is sourced from an external sender. This eliminates the guesswork for internal users, helping them to identify potential phishing attacks but also a great reminder when it comes to data loss prevention as they reply.

Companies approach this disclaimer in many different ways. Two common examples are a disclaimer prepended at the top of the email, or, adding a keyword in the message subject.

Thankfully, adding this is a simple process in Office 365 (and also Exchange on-premises – the instructions are identical).

For this article, our example company, Time Travel Research, wishes that all inbound email from external senders is prepended with a disclaimer stating the sender is external to the organization. Time Travel Research wants to ensure that every instance of an external email, even those in the same email chain, is prepended with this disclaimer.

Let’s get started!

Add an external sender disclaimer to all inbound email

Log in to the Exchange Admin Center. Once logged in, navigate to Mail Flow >> Rules. Click the New (Excchange 2016 New) button.

From the drop-down menu, you will notice several choices. These choices are predefined rule templates. We will create a rule from scratch. Select Create a new rule.

Create a new transport rule in Office 365
[Read more…] about Add external sender disclaimer in Office 365

Using Exchange Cmdlets in Azure Cloud Shell

By Leave a Comment

36 Shares
Share
Tweet
Share
Reddit
Email

The Exchange Team has announced the general availability of the Exchange Online PowerShell Module in Azure Cloud Shell.

Azure Cloud Shell is a web-based version of PowerShell that can be launched from within any web browser by navigating to shell.azure.com, or, clicking the PowerShell icon in the Azure portal (portal.azure.com).

In this article, we will explore how to initially configure Azure Cloud Shell, cover the basics of the interface, connect to Exchange Online, and perform some basic Cloud Shell tasks, such as managing files and running some Exchange cmdlets.

Let’s get started!

Running the Azure Cloud Shell for the first time

To get started with Azure Cloud Shell you can either navigate to shell.azure.com or, click the PowerShell icon in the Azure Portal. The icon is at the top of the screen, to the right of the search box (pictured in the screenshot below)

Access Azure Cloud Shell

The first time you open Cloud Shell you will be asked if you want to connect to PowerShell or Bash. Click PowerShell.

Cloud Shell PowerShell or Bash

You will then be prompted to create storage for use with Cloud Shell. You will be given a drop down of all your available Azure subscriptions. Pick an Azure subscription with active credit and click Create Storage.

[Read more…] about Using Exchange Cmdlets in Azure Cloud Shell

The F12 easter-egg in Hybrid Configuration Wizard

By 1 Comment

30 Shares
Share
Tweet
Share
Reddit
Email

One of the best-kept secrets in the hybrid configuration wizard (“HCW”)
 is the F12 easter-egg. Jeff Kizner demonstrated this feature during his Ignite session back in September.

Tip: For a break down of Jeff’s session, with notes and timers, I highly recommend checking out 15 Ignite sessions every Exchange admin should see.

If you press F12 this enables a new section called Diagnostic Tools. This section provides shortcuts to the following tools or folders.

Hybrid Configuration Wizard F12 Diagnostic Tools HCW
  • Open Exchange Management Shell opens a remote PowerShell session to your on-premises Exchange servers.
  • Open Exchange Online PowerShell opens a PowerShell connection to Exchange Online. This supports MFA-enabled admin accounts.
  • Open Log File opens the active HCW log file in Notepad. The logs are stored in the profile of the user running the HCW. For example, C:\Users\<user>\AppData\Roaming\Microsoft\Exchange Hybrid Configuration
  • Create Support Package will combine your HCW log files into a single ZIP file which can easily be sent to Microsoft support. This link actually opens a second screen where you can specify to ZIP logs from the last 24 hours, or, between a certain date range. You then have the option to copy the file to the clipboard so it can be easily attached to an email.
  • Open Logging Folder opens the folder location of the HCW logs. 
    The HCW logs are stored in the profile of the user running the HCW. For example, C:\Users\<user>\AppData\Roaming\Microsoft\Exchange Hybrid Configuration
  • Open Process Folder opens a Command Prompt to the HCW process directory.

Pressing F12 a second time will hide these tools.

Twitter

What do you think about this easter-egg? Have you run into any cool easter-eggs in other Microsoft products? Drop a comment below or join the conversation on Twitter

Free Exchange chapters – Manage Users, Groups & Public Folders

By Leave a Comment

28 Shares
Share
Tweet
Share
Reddit
Email

Last year I was invited to write an Exchange 2016 book with a few fellow MVPs. Unfortunately, due to unforeseen circumstances, the book was later canceled

Rather than have my chapters go to waste (combined these chapters are 40,000 words) I wanted to offer them to you for free.

Below you will find three chapters covering the management of mailboxes, groups, contacts, mail-enabled users, and public folders.

That said I do want to warn you that these chapters only received a brief technical review. They did not go through any formal editorial process, so I apologize in advance for any errors. Please read these at your own risk.

While I offer these for free I would like to state that my work is under copyright. By viewing or downloading these chapters you agree to the copyright notice below.

Chapter 6 – Managing MailboxesDownload
Chapter 7 – Managing Groups, Contacts & Mail-Enabled UsersDownload
Chapter 8 – Managing Public FoldersDownload

Copyright © 2018 by Gareth Gudger

All rights reserved. No part of these chapters may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the publisher, except in the case of brief quotations embodied in critical reviews and certain other noncommercial uses permitted by copyright law. For permission requests, please email info@supertekboy.com.

Required Exchange exclusions for Windows Defender Antivirus

By 3 Comments

47 Shares
Share
Tweet
Share
Reddit
Email

In prior releases of Windows Server, Microsoft shipped basic malware protection through its Windows Defender software. For full protection either System Center Endpoint Protection, or, a third-party antivirus solution was required. With Windows Server 2016, Windows Defender matured into a fully-fledged antivirus solution. It has now been re-branded as Windows Defender Antivirus.

Regardless of whether you choose Windows Defender Antivirus, or, a third-party antivirus solution you need to be sure these products are not scanning critical Exchange components. Microsoft publishes an extensive list of file, folder and, process exclusions to include in your antivirus configuration.

There are eighty-four exclusions in total.

Adding these exclusions are critical to the health and performance of Exchange. Without these exclusions, antivirus software could lock or quarantine files and processes critical to the operation of Exchange.

In this article, we explore how to add the required 84 exclusions to Windows Defender Antivirus. We also have a basic script to automate adding these exclusions for you.

Let’s get started!

Adding Exchange exclusions with PowerShell

Adding 84 exceptions manually through the graphical user interface would be time-consuming, tedious and, prone to human error. This only magnifies the number of Exchange servers we need to deploy. Windows Defender can be managed through multiple methods (such as System Center or Group Policy). However, for this article, we will explore adding the required exclusions using PowerShell.

To add an exclusion via PowerShell we can use the Add-MpPreference cmdlet. For a folder exclusion, we combine this with the -ExclusionPath parameter. For example, a folder exclusion may look like this.

 C:\> Add-MpPreference -ExclusionPath %SystemRoot%\Cluster

A folder exclusion not only excludes the folder and its files but also all sub-folders.

[Read more…] about Required Exchange exclusions for Windows Defender Antivirus

How to create an Office 365 mailbox (in hybrid)

By 19 Comments

111 Shares
Share
Tweet
Share
Reddit
Email

When a company has implemented Exchange hybrid and has moved some or all their users to Office 365, the question “How do I create a mailbox in Office 365?” frequently comes up.

In this article, we explore how to create a mailbox in Exchange Online when directory synchronization is in place. For this article, we will explore this process using Exchange 2016. We will look at how to complete this task with the GUI and PowerShell. Note that these steps are identical for Exchange 2013.

Using the Exchange Admin Center

This is the simplest and quickest way to create a mailbox in Office 365. The drawback of this solution is that it only allows you to create an entirely new Active Directory user. A preexisting user without a mailbox cannot be enabled for an Office 365 mailbox using the GUI. To grant an existing user an Office 365 mailbox you will need to use PowerShell. Alternatively, that user could be given an on-prem mailbox and then move that mailbox to Office 365.

If your current process is to create a new account in Active Directory first and then enable the mailbox in Exchange second, I would recommend reversing these steps. Using the method below allows you to create a basic user in Active Directory with a mailbox in Office 365. Then you can go back into Active Directory to make any additional changes to the new account, such as group memberships.

For our example, we are going to create a new user called Wilfred Mott who will have a mailbox in Office 365. Wilfred does not currently have a user account in Active Directory so we can use this method. Wilfred’s email will be wilfred.mott@exchangeservergeek.com.

From your on-premises Exchange 2016 server, log into the Exchange Admin Center. Select the Recipients tab and Mailboxes sub-tab. Click the New (plus sign) and select Office 365 mailbox.

Note: If you do not see this option you may be missing the required RBAC permissions, or, there is an issue with your hybrid configuration.

Create a new Office 365 mailbox

Selecting this option walks you through the process of creating a remote mailbox in Office 365. The benefit here is that you do not need to migrate the mailbox after it is created as it already exists as an object in the cloud. Keep in mind that you will not see this mailbox in the Office 365 tenant until directory synchronization has run.

[Read more…] about How to create an Office 365 mailbox (in hybrid)

Recover Exchange Server after total loss

By 3 Comments

451 Shares
Share
Tweet
Share
Reddit
Email

Being able to recover an Exchange Server is key to business continuity. This is magnified in environments where there is only a single Exchange server. Rebuilding an Exchange environment from scratch would be an arduous and monumental task. Luckily Exchange saves much of its configuration settings in Active Directory. As long as Active Directory is healthy you can recover an Exchange Server to its former configuration. This process saves a massive amount of time.

That said there are some items that are not stored in Active Directory. This includes the databases where the user and public folder data is stored, third-party certificates and, customizations made outside of the Exchange management tools.

Certificates are easy. If you don’t have a backup you can have your certificate re-keyed by your provider. This may take some time so it is much better to export your Exchange server certificate and save it to a safe location. Then it can be quickly imported in the event of a failure. This will reduce downtime.

Databases are a little more difficult. Depending on the nature of the failure they may need to be restored from backup. The time required for restore largely depends on the size of the database. With the Exchange standard license you get five databases. So, rather than one large database, go with five smaller ones. These greatly aides your recovery time objective (RTO). Exchange enterprise allows up to a hundred databases giving you even greater capacity.

I always recommend that you architect a database availability group (DAG) where possible. Even if your budget can only cover two Exchange servers–creating a two-member DAG with two copies of each database–will put you miles ahead when it comes to disaster recovery. The instructions to recover a DAG member differ and we will cover that in a later article.

Configuration outside of the Exchange tools is going to be a little tougher. You will either need documentation so the changes can be repeated, or, a backup of the changes. Customizations outside of Exchange can include the registry, IIS, or, text-based configuration files.

[Read more…] about Recover Exchange Server after total loss

Quickly copy an Anonymous Receive Connector “Relay” between servers

By Leave a Comment

69 Shares
Share
Tweet
Share
Reddit
Email

In this article, we are going to take a look at just how easy it can be to copy an anonymous receive connector from one server to another using PowerShell.

Anonymous Receive Connector Relay

This is especially important in scenarios where a receive connector may have dozens–if not hundreds–of IPs. Adding each IP using the graphical user interface would be insanely time-consuming. It would also be prone to human error. This challenge only multiplies if you have many servers to repeat this process on. With PowerShell, we can cut this task down to mere seconds.

The first part of this article is a primer on how to configure an anonymous receive connector. If you are just interested in how to copy all IPs from one connector to another jump to the section titled Copying an Anonymous “Relay” Connector between servers.

Note: While this article focuses on moving an anonymous receive connector it can be adapted for any custom receive connector you have created.

A quick primer on anonymous receive connectors

Before we explore how to move a receive connector let’s take a refresher on how we create a receive connector with PowerShell. For this task, we use the New-ReceiveConnector cmdlet. For example, to create an anonymous receive connector our command might look like this.

 C:\> New-ReceiveConnector -Name "Anonymous Relay" -Server EX16-01 -Usage Custom -TransportRole FrontEndTransport -PermissionGroups AnonymousUsers -Bindings 0.0.0.0:25 -RemoteIPRanges 10.0.0.25, 10.0.0.26, 10.0.0.50-10.0.0.59

In this command, we create a receive connector named “Anonymous Relay”. We use the -Server parameter to identify which server we want the connector to be created on. We identify that the -Usage of the connector will be Custom. Custom is one of five connector types and is used for anonymous relays.

[Read more…] about Quickly copy an Anonymous Receive Connector “Relay” between servers