SuperTekBoy

Practical Help for Exchange & Office 365

Exchange Tutorials

Using Exchange Cmdlets in Azure Cloud Shell

By Leave a Comment

35 Shares
Share
Tweet
Share
Reddit
Email

The Exchange Team has announced the general availability of the Exchange Online PowerShell Module in Azure Cloud Shell.

Azure Cloud Shell is a web-based version of PowerShell that can be launched from within any web browser by navigating to shell.azure.com, or, clicking the PowerShell icon in the Azure portal (portal.azure.com).

In this article, we will explore how to initially configure Azure Cloud Shell, cover the basics of the interface, connect to Exchange Online, and perform some basic Cloud Shell tasks, such as managing files and running some Exchange cmdlets.

Let’s get started!

Running the Azure Cloud Shell for the first time

To get started with Azure Cloud Shell you can either navigate to shell.azure.com or, click the PowerShell icon in the Azure Portal. The icon is at the top of the screen, to the right of the search box (pictured in the screenshot below)

Access Azure Cloud Shell

The first time you open Cloud Shell you will be asked if you want to connect to PowerShell or Bash. Click PowerShell.

Cloud Shell PowerShell or Bash

You will then be prompted to create storage for use with Cloud Shell. You will be given a drop down of all your available Azure subscriptions. Pick an Azure subscription with active credit and click Create Storage.

[Read more…] about Using Exchange Cmdlets in Azure Cloud Shell

The F12 easter-egg in Hybrid Configuration Wizard

By 1 Comment

30 Shares
Share
Tweet
Share
Reddit
Email

One of the best-kept secrets in the hybrid configuration wizard (“HCW”)
 is the F12 easter-egg. Jeff Kizner demonstrated this feature during his Ignite session back in September.

Tip: For a break down of Jeff’s session, with notes and timers, I highly recommend checking out 15 Ignite sessions every Exchange admin should see.

If you press F12 this enables a new section called Diagnostic Tools. This section provides shortcuts to the following tools or folders.

Hybrid Configuration Wizard F12 Diagnostic Tools HCW
  • Open Exchange Management Shell opens a remote PowerShell session to your on-premises Exchange servers.
  • Open Exchange Online PowerShell opens a PowerShell connection to Exchange Online. This supports MFA-enabled admin accounts.
  • Open Log File opens the active HCW log file in Notepad. The logs are stored in the profile of the user running the HCW. For example, C:\Users\<user>\AppData\Roaming\Microsoft\Exchange Hybrid Configuration
  • Create Support Package will combine your HCW log files into a single ZIP file which can easily be sent to Microsoft support. This link actually opens a second screen where you can specify to ZIP logs from the last 24 hours, or, between a certain date range. You then have the option to copy the file to the clipboard so it can be easily attached to an email.
  • Open Logging Folder opens the folder location of the HCW logs. 
    The HCW logs are stored in the profile of the user running the HCW. For example, C:\Users\<user>\AppData\Roaming\Microsoft\Exchange Hybrid Configuration
  • Open Process Folder opens a Command Prompt to the HCW process directory.

Pressing F12 a second time will hide these tools.

Twitter

What do you think about this easter-egg? Have you run into any cool easter-eggs in other Microsoft products? Drop a comment below or join the conversation on Twitter

Free Exchange chapters – Manage Users, Groups & Public Folders

By Leave a Comment

28 Shares
Share
Tweet
Share
Reddit
Email

Last year I was invited to write an Exchange 2016 book with a few fellow MVPs. Unfortunately, due to unforeseen circumstances, the book was later cancelled

Rather than have my chapters go to waste (combined these chapters are 40,000 words) I wanted to offer them to you for free.

Below you will find three chapters covering the management of mailboxes, groups, contacts, mail-enabled users, and public folders.

That said I do want to warn you that these chapters only received a brief technical review. They did not go through any formal editorial process, so I apologize in advance for any errors. Please read these at your own risk.

While I offer these for free I would like to state that my work is under copyright. By viewing or downloading these chapters you agree to the copyright notice below.

Chapter 6 – Managing MailboxesDownload
Chapter 7 – Managing Groups, Contacts & Mail-Enabled UsersDownload
Chapter 8 – Managing Public FoldersDownload

Copyright © 2018 by Gareth Gudger

All rights reserved. No part of these chapters may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the publisher, except in the case of brief quotations embodied in critical reviews and certain other noncommercial uses permitted by copyright law. For permission requests, please email info@supertekboy.com.

Required Exchange exclusions for Windows Defender Antivirus

By 2 Comments

50 Shares
Share
Tweet
Share
Reddit
Email
In prior releases of Windows Server, Microsoft shipped basic malware protection through its Windows Defender software. For full protection either System Center Endpoint Protection, or, a third-party antivirus solution was required. With Windows Server 2016, Windows Defender matured into a fully fledged antivirus solution. It has now been re-branded as Windows Defender Antivirus.

Regardless of whether you choose Windows Defender Antivirus, or, a third-party antivirus solution you need to be sure these products are not scanning critical Exchange components. Microsoft publishes an extensive list of file, folder and, process exclusions to include in your antivirus configuration.

There are eighty-four exclusions in total.

Adding these exclusions are critical to the health and performance of Exchange. Without these exclusions, antivirus software could lock or quarantine files and processes critical to the operation of Exchange.

In this article, we explore how to add the required 84 exclusions to Windows Defender Antivirus. We also have a basic script to automate adding these exclusions for you.

Let’s get started!

Adding Exchange exclusions with PowerShell

Adding 84 exceptions manually through the graphical user interface would be time-consuming, tedious and, prone to human error. This only magnifies with the number of Exchange servers we need to deploy. Windows Defender can be managed through multiple methods (such as System Center or Group Policy). However, for this article, we will explore adding the required exclusions using PowerShell.

To add an exclusion via PowerShell we can use the Add-MpPreference cmdlet. For a folder exclusion, we combine this with the -ExclusionPath parameter. For example, a folder exclusion may look like this.

 C:\> Add-MpPreference -ExclusionPath %SystemRoot%\Cluster

A folder exclusion not only excludes the folder and its files but also all sub-folders. [Read more…] about Required Exchange exclusions for Windows Defender Antivirus

How to create an Office 365 mailbox (in hybrid)

By 14 Comments

111 Shares
Share
Tweet
Share
Reddit
Email
When a company has implemented Exchange hybrid and has moved some or all their users to Office 365, the question “How do I create a mailbox in Office 365?” frequently comes up.

In this article, we explore how to create a mailbox in Exchange Online when directory synchronization is in place. For this article, we will explore this process using Exchange 2016. We will look at how to complete this task with the GUI and PowerShell. Note that these steps are identical for Exchange 2013.

Using the Exchange Admin Center

This is the simplest and quickest way to create a mailbox in Office 365. The drawback to this solution is that it only allows you to create an entirely new Active Directory user. A preexisting user without a mailbox cannot be enabled for an Office 365 mailbox using the GUI. To grant an existing user an Office 365 mailbox you will need to use PowerShell. Alternatively, that user could be given an on-prem mailbox and then move that mailbox to Office 365.

If your current process is to create a new account in Active Directory first and then enable the mailbox in Exchange second, I would recommend reversing these steps. Using the method below allows you to create a basic user in Active Directory with a mailbox in Office 365. Then you can go back into Active Directory to make any additional changes to the new account, such as group memberships.

For our example, we are going to create a new user called Wilfred Mott who will have a mailbox in Office 365. Wilfred does not currently have a user account in Active Directory so we can use this method. Wilfred’s email will be wilfred.mott@exchangeservergeek.com.

From your on-premises Exchange 2016 server, log into the Exchange Admin Center. Select the Recipients tab and Mailboxes sub tab. Click the New (plus sign) and select Office 365 mailbox.

Note: If you do not see this option you may be missing the required RBAC permissions, or, there is an issue with your hybrid configuration.

Create a new Office 365 mailbox

Selecting this option walks you through the process of creating a remote mailbox in Office 365. The benefit here is that you do not need to migrate the mailbox after it is created as it already exists as an object in the cloud. Keep in mind that you will not see this mailbox in the Office 365 tenant until directory synchronization has run. [Read more…] about How to create an Office 365 mailbox (in hybrid)

Recover Exchange Server after total loss

By 2 Comments

451 Shares
Share
Tweet
Share
Reddit
Email
Being able to recover an Exchange Server is key to business continuity. This is magnified in environments where there is only a single Exchange server. Rebuilding an Exchange environment from scratch would be an arduous and monumental task. Luckily Exchange saves much of its configuration settings in Active Directory. As long as Active Directory is healthy you can recover an Exchange Server to its former configuration. This process saves a massive amount of time.

That said there are some items that are not stored in Active Directory. This includes the databases where the user and public folder data is stored, third-party certificates and, customizations made outside of the Exchange management tools.

Certificates are easy. If you don’t have a backup you can have your certificate re-keyed by your provider. This may take some time so it is much better to export your Exchange server certificate and save it to a safe location. Then it can be quickly imported in the event of a failure. This will reduce downtime.

Databases are a little more difficult. Depending on the nature of the failure they may need to be restored from backup. The time required for restore largely depends on the size of the database. With the Exchange standard license you get five databases. So, rather than one large database, go with five smaller ones. These greatly aides your recovery time objective (RTO). Exchange enterprise allows up to a hundred databases giving you even greater capacity.

I always recommend that you architect a database availability group (DAG) where possible. Even if your budget can only cover two Exchange servers–creating a two-member DAG with two copies of each database–will put you miles ahead when it comes to disaster recovery. The instructions to recover a DAG member differ and we will cover that in a later article.

Configuration outside of the Exchange tools is going to be a little tougher. You will either need documentation so the changes can be repeated, or, a backup of the changes. Customizations outside of Exchange can include the registry, IIS, or, text-based configuration files. [Read more…] about Recover Exchange Server after total loss

Quickly copy an Anonymous Receive Connector “Relay” between servers

By Leave a Comment

69 Shares
Share
Tweet
Share
Reddit
Email
In this article, we are going to take a look at just how easy it can be to copy an anonymous receive connector from one server to another using PowerShell.

Anonymous Receive Connector Relay

This is especially important in scenarios where a receive connector may have dozens–if not hundreds–of IPs. Adding each IP using the graphical user interface would be insanely time-consuming. It would also be prone to human error. This challenge only multiplies if you have many servers to repeat this process on. With PowerShell, we can cut this task down to mere seconds.

The first part of this article is a primer on how to configure an anonymous receive connector. If you are just interested in how to copy all IPs from one connector to another jump to the section titled Copying an Anonymous “Relay” Connector between servers.

Note: While this article focuses on moving an anonymous receive connector it can be adapted for any custom receive connector you have created.

A quick primer on anonymous receive connectors

Before we explore how to move a receive connector let’s take a refresher on how we create a receive connector with PowerShell. For this task, we use the New-ReceiveConnector cmdlet. For example, to create an anonymous receive connector our command might look like this.

 C:\> New-ReceiveConnector -Name "Anonymous Relay" -Server EX16-01 -Usage Custom -TransportRole FrontEndTransport -PermissionGroups AnonymousUsers -Bindings 0.0.0.0:25 -RemoteIPRanges 10.0.0.25, 10.0.0.26, 10.0.0.50-10.0.0.59

In this command, we create a receive connector named “Anonymous Relay”. We use the -Server parameter to identify which server we want the connector to be created on. We identify that the -Usage of the connector will be Custom. Custom is one of five connector types and is used for anonymous relays. [Read more…] about Quickly copy an Anonymous Receive Connector “Relay” between servers

Renew a Certificate in Exchange

By Leave a Comment

174 Shares
Share
Tweet
Share
Reddit
Email

How to renew a certificate in Exchange

In this article, we explore the process of renewing a certificate in Exchange. We demonstrate how to accomplish this using the Exchange Admin Center and PowerShell. The high-level steps include:

  • Create a new certificate signing request
  • Upload the certificate signing request to your certificate provider
  • Download the processed certificate from your certificate provider
  • Install the certificate on Exchange
  • Export the new certificate to a PFX file
  • Import the certificate to all other Exchange servers
  • Assign Exchange services to the new certificate on each server
  • Delete the old certificate

Let’s get started!

Note: These steps work for Exchange 2013, 2016 & 2019.

Renew a Certificate with Exchange Admin Center

Log into the Exchange Admin Center (EAC). Select the Servers tab and Certificates sub tab.

This page displays all currently installed Exchange certificates. In our example, we see four self-signed certificates. We also see the certificate that we acquired from a trusted certificate authority (affiliate). This certificate is named webmail.exchangeservergeek.com. This is the certificate we will be renewing.

Renewing an Exchange certificate

Select the certificate to be renewed (in our case webmail.exchangeservergeek.com) and click the Renew link in the task pane to the right.

Renewing an Exchange certificate 2

The renewal process will create a new certificate request to submit to our certificate authority. Specify a location to save this certificate request. This location must be in the form of a UNC path. In our example, we specify a file called certreq.txt at the path \\ex16-01\c$\users\supertekboy\desktop\. This will create a text file on our server’s desktop. Click Ok.

Renewing an Exchange certificate 3

[Read more…] about Renew a Certificate in Exchange