Brian Reid – Microsoft 365 Subject Matter Expert

Brian Reid – Microsoft MVP and Microsoft Certified Master

  • Exchange Server Object ID Error With Windows Server 2016 Domain Controllers

    Saw this error the other day: When you open Exchange Control Panel and view the Mailbox Delegation tab of any user account you get the following: The object <name> has been corrupted, and it’s in an inconsistent state. The following validation errors happened: The access control entry defines the ObjectType ‘9b026da6-0d3c-465c-8bee-5199d7165cba’ that can’t be resolved..…

  • Copy Links and Backlinks Between Users and Shared Mailboxes (automapping)

    Automap for shared mailboxes does not work across forests when moving mailboxes. When the user is granted permission to a shared mailbox, the default behaviour of automapping means that the shared mailbox has msExchDelegateListLink set to the DN of the user, and the backlink (hidden in AD by default) on the user is populated with…

  • Anonymous Emails Between On-Premises and Exchange Online

    When you set up Exchange Hybrid, it should configure your Exchange organizations (both on-premises and cloud) to support the fact that an email from a person in one of the organizations should appear as internal to a recipient in the other organization. In Outlook that means you will see “Display Name” at the top of…

  • Azure AD Single Sign-On Basic Auth Popup

    When configuring Azure AD SSO as part of Pass-Through Authentication (PTA) or with Password Hash Authentication (PHA) you need now (since March 2018) to only configure a single URL in the Intranet Zone in Windows. That URL is https://autologon.microsoftazuread-sso.com and this can be rolled out as a registry preference via Group Policy. Before March 2018…

  • Send-On-Behalf Permissions in Exchange Online

    This document is up to date as of November 2018 and is therefore unlike many earlier documents on this issue as this feature set is in the process of changing. First, Send-On-Behalf is changing so that it is supported across a hybrid Exchange Server to Exchange Online connection. At the time of writing this is…

  • New Underlying Search Functionality in Exchange Online

    Mentioned during Microsoft Ignite 2017, there is a new search functionality in place within Exchange Online. Not all mailboxes are able to make use of the new functionality, such as hit highlighting and search results being shown in-line with the results highlighted in context with the results. The reason that the functionality is not available…

  • 420 4.2.0 RESOLVER.ADR.Ambiguous; ambiguous address

    This error can turn up in Exchange Server when Exchange Server is trying to resolve the object that it should deliver a message to. Exchange queries Active Directory and expect that if the object exists in the directory, that the object exists only once. If the object exists more than once, this is the error…

  • Exchange Online Migration Batches–How Long Do They Exist For

    When you create a migration batch in Exchange Online, the default setting for a migration is to start the batch immediately and complete manually. So how long can you leave this batch before you need to complete it? As you can see from the below screenshot, the migration batch here was created on Feb 19th,…

  • Office 365 Retention Policies and Hybrid Public Folders

    If you create an Office 365 Retention Policy (in the Security and Compliance Center) that applies to all Exchange Online content then you might find that after the retention policy has been deployed (a day or so later usually) that the policy is in error and there is a message at the top of the…

  • Journal Rule Testing In Exchange Online

    I came across two interesting oddities in journaling in Exchange Online in the last few weeks that I noticed where not really mentioned anyway (or anywhere I could find that is). The first involces routing of journal reports and the second the selection of the journal target. The journal report, that is the message that…

  • Outbound Email Via Exchange Online Protection When Using Hybrid Exchange Online

    In a long term hybrid scenario, where you have Exchange Online and Exchange Server configured and mailboxes on both, internet bound email from your on-premises servers can route in two general ways. The first is outbound via whatever you had in place before you moved to Office 365. You might have configured Exchange Online to…

  • Duplicate Exchange Online and Exchange Server Mailboxes

    With a hybrid Exchange Online deployment, where you have Exchange Server on-premises and Exchange Online configured in the cloud, and utilising AADConnect to synchronize the directories, you should never find that a synced user object is configured as both a mailbox in Exchange Online and a mailbox on-premises. When Active Directory is synced to Azure…

  • Enable Report Message Add-In For Office 365

    There is a new add-in available for Outlook and OWA in Office 365 that can simplify spam and phishing reporting to Microsoft for content in your mailbox. I recommend rolling this add-in out to everyone in your Office 365 tenant and for Office 365 consultants to add this as part of the default steps in…

  • SSPT RRAS VPN with Wildcard Certificate–Client Issues

    If you set up an SSTP VPN on Windows RRAS server and are using a wildcard certificate, there are client settings to fix before the client can connect. If you run the Windows 10 client through the default setup for a VPN you get the following error. This reads “The remove access connection completed, but…

  • Office 365 Advance Threat Protection Attachment Preview

    It is now possible to preview attachments that Advanced Threat Protection (ATP) is currently in the process of checking. This was enabled on my tenant recently and so will come to all tenants soon. It was mentioned at Microsoft Ignite 2017. It looks like this. You get the email with the standard ATP attachment saying…

  • Configuring Hybrid Device Join On Active Directory with SSO

    The instructions from Microsoft at https://docs.microsoft.com/en-us/azure/active-directory/device-management-hybrid-azuread-joined-devices-setup are missing some of the steps on setting up hybrid device join to Azure AD. This is a complete list of steps when Pass-Thru auth with SSO is enabled on the domain. Enable SSO – this is covered elsewhere. You can also do hybrid device join on a federated…

  • Conversation Red Number in Skype For Business That Won’t Go Away

    Conversation Red Number in Skype For Business That Won’t Go Away

    I have had this issue for ages, but could not find any answer for it on the internet that did not involve resetting Skype for Business or other complex stuff when in fact the answer is so easy it hurts! Finding it was one of those Duh! moments. You have this: Skype for Business shows…

  • Office 365 and ACDC

    The best connectivity to Office 365 is achieved with local internet breakout and local DNS egress. This means things like each branch office should connect directly to the internet and not via the Head Office and then to the internet and that DNS lookups are done local as well. The reason for DNS lookups is…

  • Outlook Authentication Broken–Username and Password Missing

    I came across an issue recently where the Outlook security dialog box popup was broken. Rather than looking as below, the username and password fields where missing: The dialog box appeared as: Notice that the username and password fields are missing! Also missing, and the key to this issue, is the picture is missing too.…

  • Unexpected Security and Compliance Center Changes

    In the last few days the layout of the Security and Compliance Center with regard to the Threat Management section appears to have changed. In the middle of the week just gone, and for a long while previously, you could access Mail Filtering, Anti-malware, and DKIM from Security and Compliance > Threat Management and see…