Tuesday, February 23. 2010Microsoft Exchange Online Mailbox Backup and Restore
A somewhat common question that we get from our Clients is, "How can we backup our Exchange Online mailbox data"? In this post we'll show you one way using the Microsoft Online Migration Tools.
The first thing we'll demonstrate is how to export the mailbox data from an Exchange Online mailbox to a local file. Let's say we want to export the ExonlineTest@messageopsdemo.com mailbox to a local file. To do this you'll need to go to the migration command shell and run: Get-XsHostedExchangeMailboxdata -sourceserver "red001.mail.microsoftonline.com" -sourcelocation "https://red001.mail.microsoftonline.com/exchange" -sourceidentity exonlineTest@messageopsdemo.com | export-transporterbinary -targetfilepath c:\export -targetfileprefix "exonlinetest" (Note: the command above should be a single line) After typing the above command it will ask you for your Microsoft Online admin credentials and proceed to export the mailbox to a .tbin file. So we now have the mail data locally, unfortunately it's in a .tbin file that you can't do much with. All you can do with it is reimport it into a Microsoft Exchange Online Mailbox. In this restore example, let's assume we have a backup from two months ago, and the user wants to recover a single message that they can't find. We'll restore the backup file to a mailbox called restore@messageopsdemo.com and then give the user access to the mail so they can try and track down their missing message. To do the restore we would need to run the following command, specifying the path to the backup file and the identity of the mailbox we want to restore the file to: Import-TransporterBinary -Sourcefilename "C:\export\exonlinetest 2010-02-23T10_08_17.tbin" | Add-XsExchangeOnlineItem -identity restore@messageopsdemo.com (Note: the command above should be a single line) After typing the above command it will ask you for your Microsoft Online admin credentials and proceed to import the .tbin file into the restore mailbox. You could then grant the user rights to that mailbox and they could try and find their missing message. This is a very basic example of a backup and restore using the Migration Tools. It would be easy to create a script which backs up all mailboxes on a routine basis. If you'd like assistance creating such a script, or have questions or comments about this post, please contact MessageOps at support@messageops.com and we'd be happy to assist. Saturday, February 6. 2010The new Get-MSOnlineUser Command
On 2/2/2010 Microsoft released an updated version of the migration tools. One of the highlights of the release is the new information you can get with Get-MSOnlineUser command. Examples of the type of information you can now query are Activation Status, Allocated Mailbox Size, and Last Signed In Date. Unfortunately, it does not appear that you can query mailbox size or item count at the time of this writing.
The Get-MSOnlineUser command also supports the use of switches to control what users are returned. The switches correspond to the different views you have of users in the Administration Console. The available switches are: -Administrators -Disabled -Enabled -Identity -InvalidLicense -NeverSignedIn So if you wanted to get a list of all the users with Admin rights in Microsoft Online, you could simply run: get-msonlineuser -Administrators To highlight some of the new features, we put together this little PowerShell script, which will dump information for all your enabled users to a CSV file. A common request that people have is they want to see the mailbox size of their Microsoft Online users, so we went ahead and included that information in the report by using the get-xshostedExchangeMailbox command. The only thing you should have to modify before running the script is $owaserver variable, and you'll only have to do that if you are hosted on the EMEA or APAC servers. Also make sure you've installed the new version of the migration tools. You can download a properly formatted version of the script here. If you have any questions, please contact us at support@messageops.com. Improved Password Expiration Notification Script
With the recent release of the new migration tools, it is now possible to directly query Microsoft Online for enabled users. This functionality makes it possible to simplify the original Password Notification Script and it is now possible to run the script if you aren't running Directory Synchornization.
Below is the script. First, ensure you have the latest version of the migration tools installed (released on 2/2/2010). Next, make sure you modify the appropriate variables and test it without sending mail before running it against everyone in your environment. If run improperly it has the potential to really confuse the end users, so please contact MessageOps, at support@messageops.com, if you have any questions prior to running it. We'll be glad to help you implement or customize the script in your environment. You can download the properly formatted script here.
Monday, January 25. 2010Attributes Synchronized by Microsoft Online Directory Synchronization
If you are running Directory Synchronization, you probably know the basics of what attributes are synchronized from your local Active Directory to Microsoft Online. Things like names, group membership, address and contact information are all synchornized. In this post we'll take a look some of the more unusual, but very useful attributes, that are synchronized to Microsoft Online.
Before we get started it is important to note that the majority of these attributes will only appear in your Active Directory if you have the schema extended for Exchange. First let's take a look at the interesting attributes which you can set on user objects: msExchHideFromAddressLists Setting the msExchangeHideFromAddressLists attribute to True on an object in your local Active Directory will hide it from the Global Address List in Microsoft Online. This also applies to Groups. TargetAddress If the account is enabled in Microsoft Online, you can set the TargetAddress of the object in your local Active Directory. Setting the target address on an objects redirects all mail sent to that object to another address. You can even use this to redirect mail to an external recipient. For those of you not familiar with the TargetAddress attribute, the format is SMTP:user@domain.com. A word of warning on this attribute, this probably isn't supported, as things like mailbox moves do wipe out targetaddresses on mailboxes, so use this with extreme caution. Groups have a few more attributes that you can modify in AD: (This information is from the very useful BPositive Blog) AuthOrig (Authorized Originators: Only these Users can send to the DL) UnauthOrig (Unauthorized Originators: Anyone BUT these users can send to the DL) dLMemRejectPerms (Unauthorized DLs: Anyone but members of these DLs can send to this DL) dLMemSubmitPerms (Authorized DLs: No one but members of these DLs can send to this DL) msExchRequireAuthToSendTo (Only Authenticated Senders can send to the DL, blocks External senders) The attribute that most people typically want to modify is AuthOrig. That will allow only those users specified to send to the DL. If you don't have Exchange Management Tools installed, the tricky part is when populating the attribute in AD you have to enter the Distinguished Name of of the object you want to give the right to. To get the DN you’ll have to open the user you want to give rights to in ADSIEdit and copy the Distinguised Name Attribute out. The DN will look like: CN=Bob,OU=Users,DC=Dev,DC=Local You then enter that value in the AuthOrig attribute on the Group. When complete only Bob will be able to send to that DL. The other common attribute that people set is msExchRequireAuthToSendTo. If this is set to False or Not Set in your local Active Directory the check mark in the "Allow External Senders" checkbox will be checked in the Microsoft Online Administration Console. Setting it to True in your local Active Directory will cause the checkbox to be Checked in Microsoft Online. For the dLMemRejectPerms and dLMemSubmitPerms, you must enter the DN(s) of the Group(s) that you want to deny or grant access to. Additional Attributes you can set are: hideDLMembership Setting this attribute to TRUE on a group in your local Active Directory will hide the group membership in Microsoft Exchange Online. ManagedBy This is another attribute that you must populate with the DN of the object you want to use. In this case the user specified in the ManagedBy attribute in AD will appear as the owner of the group in Exchange Online. Unfortunately, this does not allow the user to update the group's membership in Exchange Online. For additional information about what information is sychronized with Microsoft Online Directory Synchronization, you can request a copy of MessageOps Directory Sync In Depth Whitepaper. Monday, January 18. 2010"Object reference not set to an instance of an object" error when running Microsoft Online Powershell Commands
This error has stumped me for the past couple weeks so I had to write a post when I finally figured it out. Here's the basic scenario. You install the Microsoft Online Migration Tools on a server and when someone logs into the server and issues any of the Microsoft Online PowerShell commands, they get an error which states:
Object reference not set to an instance of an object After much trial and error I was able to figure out this error is caused by the Internet Explorer settings. It appears you have to configure Internet Explorer before you can run the Microsoft Online PowerShell commands. In my cases, the users that couldn't run the commands were users who had logged into the server for the time, and thus IE was not configured. The fix was to open IE and run through the configuration wizard. If simply opening IE and configuring the settings doesn't work for you, you can try these steps to reset the IE configuration: To use the Reset Internet Explorer Settings feature from Control Panel, follow these steps: 1. Exit all programs, including Internet Explorer (if it is running). 2. If you use Windows XP, click Start, and then click Run. Type the following command in the Open box, and then press ENTER: inetcpl.cpl The Internet Options dialog box appears. 3. Click the Advanced tab. 4. Under Reset Internet Explorer settings, click Reset. Then click Reset again. 5. When Internet Explorer finishes resetting the settings, click Close in the Reset Internet Explorer Settings dialog box. 6. Start Internet Explorer again. Then, if it's still not working: 1. Right Click on the Command Prompt Shortcut on the Start Menu and Choose Run As Administrator. 2. In the Command Prompt window, enter this text and press Enter: regsvr32 actxprxy.dll 3. Restart your computer. Thursday, January 14. 2010Advanced Conference Room Options in Microsoft Exchange Online
In Microsoft Exchange Online when configuring Conference Rooms through the Administration Console, the options are pretty basic. You can configure whether or not to automatically accept meeting requests or have them approved by a Delegate. If you want to make futher modifications, you can, but you must log in through Outlook Web Access. Since it's a resource you can't log directly into the mailbox via OWA, you need to first log into OWA using an account which has Service Admin rights in Microsoft Online. You can then open the resource mailbox as shown in the image below.
![]() Once in the resource mailbox, go into Options and in the left pane you'll see Resource Settings. Clicking on Resource Settings will reveal many more options that can be used to customize the behavior of the resource mailbox as shown in the image below. Wednesday, January 13. 2010ExMon and Recent Mail Delivery Delays
On 1/11/2010 mail delivery was delayed was for some Microsoft Online Clients.
Source: http://rss.messaging.microsoft.com/network_alerts.xml In most cases the delays weren't that bad, but the MessageOps Exchange Online Monitor (Exmon) did catch these delays early on and record some interesting information. Probably the most interesting was the average round trip time for they day. Typically the daily average is around 20 seconds, but on the 11th it was over 300 seconds. ![]() The other interesting thing was that Exmon started reporting alerts around 10 AM EST on the 11th. At that point, it appears that some of the messages starting getting delayed. Out of the roughly 30 messages that Exmon was sending an hour it appears that around 5 an hour were delayed. So if you had Exmon configured and running in your environment it's likely you would have known there were issues before the formal notification went out in the afternoon. For more information about Exmon, visit http://www.messageops.com/ExmonDownload.html Tuesday, January 5. 2010Troubleshooting Microsoft Online Directory Synchronization Setup
If you've setup Microsoft Online Directory Synchronization in many different environments, chances are you've come across this error more than once when configuring Directory Synchronization for the first time:
Set-CoexistenceConfiguration was unable to modify the source properties. See the event logs for more detailed information. Upon examination of the event log, you'll probably see a sequence of events similar to: Event Type: Warning Event Source: Directory Synchronization Event Category: None Event ID: 0 Date: 8/2/2009 Time: 1:34:59 PM User: N/A Computer: MSONLINE Description: Resetting password for MSOL_AD_Sync For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Event Type: Error Event Source: Directory Synchronization Event Category: None Event ID: 0 Date: 8/2/2009 Time: 1:35:00 PM User: N/A Computer: MSONLINE Description: A constraint violation occurred. (Exception from HRESULT: 0x8007202F) For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Event Type: Error Event Source: Directory Synchronization Event Category: None Event ID: 0 Date: 8/2/2009 Time: 1:35:00 PM User: N/A Computer: MSONLINE Description: Set-CoexistenceConfiguration was unable to modify the source properties. See the event logs for more detailed information. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Unfortunately, the "constraint violation occurred" message really doesn't give you a good idea of where the problem lies. Sure, it's typically permissions, but how can you tell for sure? Continue reading "Troubleshooting Microsoft Online Directory Synchronization Setup" Friday, December 18. 2009Microsoft Online Password Expiration Notification Script
With the recent addition of the Get-MsOnlineUser commandlet, it is now possible to create a PowerShell script which automatically notifies users when their Microsoft Online passwords are about to expire. This is huge feature, especially for deskless workers, since up until now there hasn't been a good way to let them know when their passwords are about to expire. Below is a script to automatically notify users of their upcoming password expiration, but first is quick overview of how it works.
You must first configure when you want to start notifying users that their Microsoft Online password is about to expire. The default is 15 days. If the script is scheduled to run nightly, 15 days from the date the user's password is set to expire, they will be sent an email which by default looks like: Message Subject: ACTION REQUIRED: Your Microsoft Online Password will expire in 15 days Message Body: Your Microsoft Online password will expire in 15 days. Please use the Microsoft Online Sign in Client to change your password. If you do not use the Sign In Client, browse to https://home.microsoftonline.com to reset your password. If they don't change their password, the script will run again the next night and notify them that they now have 14 days left to change their password. It will continue to do this every day until they change their password. Below is the script. Make sure you modify the appropriate variables and test it on a single user before running it against everyone in your environment. If run improperly it has the potential to really confuse the end users, so please contact MessageOps, at support@messageops.com, if you have any questions prior to running it. We'll be glad to help you implement or customize the script in your environment. You can download the properly formatted script here.
Thursday, December 17. 2009Enable-MSOnlineUser UsageLocation Country Codes
If you are going to use the Enable-MSOnlineUser command to bulk Activate users in Microsoft Online, one of the parameters you must specify is the UsageLocation. The only details the help file gives on the UsageLocation parameter is:
The location of the user—the location you select determines the available services. Currently the Cmdlet only accepts two-character country codes. It cannot activate users with three-character ISO country codes. The documentation falls a little short on what the available country codes are. After doing some testing, it appears that the following list: http://www.iso.org/iso/english_country_names_and_code_elements contains the 2 character country codes you can use for the usage location. Obviously we weren't able to test all the country codes, but from the 10 or so we did, all appeared correct in the Administration console after activing the users via PowerShell. Tuesday, December 8. 2009Exchange Online Monitor International Support
Given the high number of downloads of Exmon from people around the world, we wanted to take some time and explain how to configure Exmon to work with the Microsoft Online Datacenters outside of the US. In the very near future this will be part of the program, but for now you'll have to modify the configuration file if you want to use it against the EMEA or APAC datacenters.
First, you must open the Exmon.exe.config file located in the Program Files\Exmon Directory. Near the bottom of the file you should see a section, which looks like: < applicationSettings > < Messageops.ExMon.Properties.Settings > < setting name="Server" serializeAs="String" > < value>red001.mail.microsoftonline.com< /value > You will need to replace red001.mail.microsoftonline.com with the appropriate server, based on your location: APAC - red003.mail.apac.microsoftonline.com EMEA - red002.mail.emea.microsoftonline.com After making the change you can then save the configuration file and restart the program. The remaining changes can be made in the GUI. If you want to use the Bulk Login test you should replace the existing mail.microsoftonline.com with the appropriate server based on your location: APAC - red003.mail.apac.microsoftonline.com EMEA - red002.mail.emea.microsoftonline.com If you want to use the Network Latency, you should replace the echova3.microsoftonline.com with the appropriate server, based on your location: APAC - echosg1.microsoftonline.com EMEA - echoIE2.micorosftonline.com A future release of Exmon will include the ability to choose your location which will automatically configure the appropriate settings. Friday, November 27. 2009Migrating from Hosted Exchange to Microsoft Exchange Online
Lately we've done a few migrations for clients who have their email currently hosted by a Microsoft Exchange hosting provider and want to move to Microsoft Exchange Online. These migrations have presented a few unique challenges, so we thought we'd share our experiences.
One of the biggest challenges you face right from the start is determing how to gain access to the mailboxes. Ideally you'd have an account which has access to all your organization's mailboxes on the source server. Some hosting providers can set that up, others can't or won't. If you are unable to get an account which has access to all the mailboxes you need to migrate, you will need to know all the individual user's passwords to gain access to their mailbox. This can typically be accomplished in one of two ways. You can either ask the users for their password or you can reset the user's passwords, so you know what the password is set to. If you have a very small number of users, you might be able to round up all the passwords, but in most cases, you'll probably need to develop a migration plan which resets the users when they are migrated. In some cases, this could have the added benefit of denying the user access to the source mailbox after they have been migrated. The next challenge you face is coexistence. Again, a lot of things depend on what is possible with your current hoster, in this case it's whether or not they'll let you setup forwarders on the mailboxes. If they do let you setup forwarders, you'll typically need to create contact objects which have a target address of user@company.microsoftonline.com. Right before you get ready to migrate a user, you will go in and manually set the forwarder on their account and then begin the migration. This ensures all new mail sent to their mailbox will be delivered to their Microsoft Online Mailbox. If they don't let you setup forwarders, it gets a little trickier. Basically that all but forces you to do a one time cutover. If you don't do a one time cutover, mail sent from an unmigrated user to a migrated user will be delivered to the migrated user's mailbox on the source server since forwarding is not in place. If you are going to do a one time cutover it's very important that you test the throughput of the migration tools prior to the migration. You might discover that's it's simply not possible to migrate all data over the course of a weekend and you instead need to migrate a subset of data, such as calendar and contacts. Once those items are complete you can begin moving the mail data in stages. Maybe the first run would be all mail newer than 7 days. The second run new mail newer than 30 days. The final run everything old than 30 days. Other options include having users archive more of their mailbox to PST. If your bandwidth seems to be the bottleneck(mail has to be copied from the hosting provider to the migration workstation and then to Microsoft Exchange Online) contact MessageOps about using our datacenter access to host your migration workstations so the traffic goes from the current hosting provider to the datacenter and then to Microsoft Online....the traffic doesn't have to go over your local network. Another consideration if doing a one time cutover is the OST rebuild. If you migrate all the users over a weekend and they are in cached mode, on Monday morning they are all going to have to download all their mail to rebuild their Outlook OST file. This can often times bring an organization's internet connection to a halt. These are just a few things to consider when moving from your current hosted Exchange environment to Microsoft Exchange Online. If you have any questions or would like free assistance with your migration, please contact us at www.messageops.com Friday, November 6. 2009Multiple Address Books in Microsoft Exchange Online
One commonly used feature of Exchange that Microsoft Exchange Online does not support is the ability to have multiple address books. Companies use seperate address books to segment users by location, department, or even house external recipients. There are a several different ways to go about creating this same functionality with Microsoft Online. We'll explore a couple different options. First, if you have purchased SharePoint Online, you can create a SharePoint list containing contacts. If you don't have SharePoint, another more complicated way to work around this limitation is to use the LDAP address book functionality in Outlook along with your local Active Directory.
First we'll demonstrate the SharePoint method as it would be the preferred method in most cases. Step 1 is to create a Contact List within SharePoint. From the Actions Menu choose Create. Then choose Contacts under the Communications category. ![]() After it has been created, you can begin entering the contact information in SharePoint. ![]() Once the information is in SharePoint, you will need to connect the list to Outlook. From the Actions Menu choose Connect to Outlook. ![]() Once connected to Outlook, you will be able to go to Contacts and see the SharePoint contact list as show below. ![]() The contacts will also be availble when opening the Address Book. ![]() If you haven't purchased SharePoint Online, there is another method to create multiple address books when on Microsoft Online. It's a lot more complicated, but is an option if you really need multiple address books. This option creates contacts in Active Directory which Outlook can use as LDAP address book. Continue reading for the details. Continue reading "Multiple Address Books in Microsoft Exchange Online" Sunday, November 1. 2009(401) Unauthorized when Migrating Mailbox to Exchange Online
The other day when using the Microsoft Online Transporter to migrate Exchange mailboxes to Microsoft Exchange Online, the following error was being returned on several of the mailboxes:
(401) Unauthorized Typically when you see an error like that, you assume it's a permissions issue. In this case, the strange thing was that the mailbox migration had actually begun copying data to the Microsoft Exchange Online Mailbox and failed in the middle of the migration. After reviewing the migration logs, there were numerous warnings about timeout issues. To get around the issues, we simply reduced the number of simultaneous migrations, and reran the migrations. In other cases we just reran the migration and/or waited until off hours to retry the migration. Monday, October 26. 2009Sign In Client Error: The client was unable to establish a secure connection with the server
We recently ran into some clients that were displaying the following error when trying to sign into the Sign In Client:
The client was unable to establish a secure connection with the server. Please try signing in again. If the problem persists, please contact your system administrator. After some investigation, it turns out the problem was the client's clock was too far out of sync with the Microsoft Online servers. When this occurs you'll also see the following logged in the Sign In Client log: 10/26/2009 9:22:29 AM Exception SingleSignOn.ParseSSOException System.ServiceModel.Security.MessageSecurityException 10/26/2009 9:22:29 AM Exception SingleSignOn.ParseSSOException Fault code: Sender 10/26/2009 9:22:29 AM Info SingleSignOn.ParseSSOException Generic MessageSecurityException caught. FaultCode is Sender. Most likely cause is bad system clock 10/26/2009 9:22:29 AM Exception SingleSignOn.ParseSSOException An error occurred when verifying security for the message. 10/26/2009 9:22:29 AM Info SingleSignOn.ResetConnectionsToService Closing all open connections
(Page 1 of 2, totaling 17 entries)
» next page
|
About MessageOpsIf you are interested in learning more about MessageOps services and how we can help your organization evaluate or migrate to Microsoft Online, please visit our website at www.messageops.com.
Calendar
ArchivesCategoriesSyndicate This BlogBlog AdministrationStatisticsLast entry: 2010-02-23 09:05
17 entries written
2 comments have been made
|
|||||||||||||||||||||||||||||||||||||||||||||||||