Duplicate Exchange Online and Exchange Server Mailboxes

With a hybrid Exchange Online deployment, where you have Exchange Server on-premises and Exchange Online configured in the cloud, and utilising AADConnect to synchronize the directories, you should never find that a synced user object is configured as both a mailbox in Exchange Online and a mailbox on-premises. When Active Directory is synced to Azure… Continue reading Duplicate Exchange Online and Exchange Server Mailboxes

DMARC Quarantine Issues

I saw the following error with a client the other day when sending emails from the client to any of the Virgin Media owned consumer ISP email addresses (virginmedia.com, ntlworld.com, blueyonder.com etc.) mx3.mnd.ukmail.iss.as9143.net gave this error:vLkg1v00o2hp5bc01Lkg9w DMARC validation failed with result 3.00:quarantine In the above, the server name (…as9143.net) might change as will the value… Continue reading DMARC Quarantine Issues

XOORG, Edge and Exchange 2010 Hybrid

So you have found yourself in the position of moving to Exchange Online from a legacy version of Exchange Server, namely Exchange 2010. You are planning to move everyone, or mostly everyone to Exchange Online and directory synchronization plays a major part (can it play a minor part?) in your plans. So you have made… Continue reading XOORG, Edge and Exchange 2010 Hybrid

OWA and Conditional Access: Inconsistent Error Reports

Here is a good error message. Its good, because I could not find any references to it on Google and the fault was nothing to do with the error message: The error says “something went wrong” and “Ref A: a long string of Hex Ref B: AMSEDGE0319 Ref C: Date Time”. The server name in… Continue reading OWA and Conditional Access: Inconsistent Error Reports

Administrators, AADConnect and AdminSDHolder Issues (or why are some accounts having permission-issue)

[Scripts updated 5th October 2017 to support updates for Exchange Hybrid Writeback. If you ran earlier versions of these scripts you will need to run them again] AdminSDHolder is something I come across a lot, but find a lot of admins are unaware of it. In brief it is any user that is a member… Continue reading Administrators, AADConnect and AdminSDHolder Issues (or why are some accounts having permission-issue)

Exchange Edge Server and Common Attachment Blocking In Exchange Online Protection

Both Exchange Server Edge role and Exchange Online Protection have an attachment filtering policy. The default in Edge Server is quite long, and the default in EOP is quite short. There is also a few values that are common to both. So, how do you merge the lists so that your Edge Server attachment filtering… Continue reading Exchange Edge Server and Common Attachment Blocking In Exchange Online Protection

Exchange Online Archive–Counting Archives

If you are using Exchange Online Archive and what to get a count of the number of users with an archive, or a list of the users with an archive, then the following PowerShell scripts will give you this info: List all users with an Exchange Online Archive: Get-MailUser -ResultSize Unlimited | where {$_.ArchiveName -ilike… Continue reading Exchange Online Archive–Counting Archives

Exchange Server and Missing Root Certificates

I came across an issue with a clients Exchange Server deployment today that is not well documented – or rather it is, but you need to know where to look. So I thought I would document the troubleshooting steps and the fix here. We specifically came across this error when testing Free/Busy for an Office… Continue reading Exchange Server and Missing Root Certificates

Qualifications in Exchange Signatures

In a recent project I was working with iQ.Suite from GBS and specifically the component of this software that add signatures to emails. The client are an international organization with users in different geographies and we needed to accommodate the users qualifications in their email signature. The problem with this is that in Germany qualifications… Continue reading Qualifications in Exchange Signatures

DSC for Exchange Server

At DevConnections 2015 and at UCDay I delivered talks on DSC for Exchange Server 2013. The sample files are available from my OneDrive 

Configuring Sync and Writeback Permissions in Active Directory for Azure Active Directory Sync

[Last updated 9th November 2022 – note that Microsoft now include this functionality in their own product as written at https://learn.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-adsyncconfig#set-adsyncexchangehybridpermissions] [Last updated 11th November 2019 – added support for Exchange Server automapping support, which was announced during Microsoft Ignite 2019 and will be supported in the first half of calendar year 2020. This is… Continue reading Configuring Sync and Writeback Permissions in Active Directory for Azure Active Directory Sync

Unable To Send Exchange Quota Message

In Exchange 2013 you can sometimes see the following event log error (MSExchange Store Driver Submission, ID 1012): The store driver failed to submit event <id> mailbox <guid> MDB <database guid> and couldn’t generate an NDR due to exception Microsoft.Exchange.MailboxTransport.StoreDriverCommon.InvalidSenderException   at Microsoft.Exchange.MailboxTransport.Shared.SubmissionItem.SubmissionItemUtils.CopySenderTo(SubmissionItemBase submissionItem, TransportMailItem message)   at Microsoft.Exchange.MailboxTransport.Submission.StoreDriverSubmission.MailItemSubmitter.GenerateNdrMailItem()   at Microsoft.Exchange.MailboxTransport.Submission.StoreDriverSubmission.MailItemSubmitter.<>c__DisplayClass1.<FailedSubmissionNdrWorker>b__0()   at Microsoft.Exchange.MailboxTransport.StoreDriverCommon.StorageExceptionHandler.RunUnderTableBasedExceptionHandler(IMessageConverter converter, StoreDriverDelegate workerFunction). And… Continue reading Unable To Send Exchange Quota Message

Managing Office 365 Groups With Remote PowerShell

Announced during Microsoft Ignite 2015, there are now PowerShell administration cmdlets available for the administration of the Groups feature in Office 365. The cmdlets are all based around “UnifedGroups”, for example Get-UnifiedGroups. Create a Group Use New-UnifiedGroup to do this. An example would be New-UnifiedGroup -DisplayName “Sales” -Alias sales –EmailAddress sales@contoso.com The use of the… Continue reading Managing Office 365 Groups With Remote PowerShell

Exchange OWA and Multi-Factor Authentication

This article is now out of date Multi-factor authentication (MFA), that is the need to have a username, password and something else to pass authentication is possible with on-premises servers using a service from Windows Azure and the Multi-Factor Authentication Server (an on-premises piece of software). The Multi-Factor Authentication Server intercepts login request to OWA,… Continue reading Exchange OWA and Multi-Factor Authentication

SSL and Exchange Server

In October 2014 or thereabouts it became known that the SSL protocol (specifically SSL v3) was broken and decryption of the encrypted data was possible. This blog post sets out the steps to protect your Exchange Server organization regardless of whether you have one server or many, or whether or not you use a load… Continue reading SSL and Exchange Server