Script: Set Exchange 2013 Name Space & Virtual Directories


This script Set-VirtualDirectory.ps1 automate configure all Exchange 2013 virtual directories:

o OWA

o ECP

o OAB

o ActiveSync

o Web Services

o AutoDiscover

o Outlook Anywhere

You just type the External Url and Internal Url you want to set, and automatically Url’s are set

Let’s have a quick look how to execute the script Set-VirtualDirectory.ps1 on Windows PowerShell and what this script do for us.

1. Login to Windows Server with Enterprise Administrator credentials

2. Start Windows PowerShell “As Administrator”

3. Next step, copy the script Get-ActiveMailboxList.ps1 on (C:\) drive

clip_image002

4. Let’s start with running scripts from within Windows PowerShell itself.
In case you get weird error messages when you try to run a script, the reason is only one, security settings built into Exchange PowerShell include something called the “execution policy” the execution policy determines how (or if) PowerShell runs scripts. By default, PowerShell’s execution policy is set to Restricted that means that scripts – including those you write yourself – won’t run.
Navigate back to Exchange PowerShell and set the Execution policy to unrestricted in order to be able to run the script, in that case, use this command to set your execution policy to RemoteSigned or Unrestricted

clip_image004

Note: The Set-ExecutionPolicy cmdlet enables you to determine which Windows PowerShell scripts (if any) will be allowed to run on your computer.

Windows PowerShell has four different execution policies:

o Restricted – No scripts can be run. Windows PowerShell can be used only in interactive mode.

o AllSigned – Only scripts signed by a trusted publisher can be run.

o RemoteSigned – Downloaded scripts must be signed by a trusted publisher before they can be run.

o Unrestricted – No restrictions; all Windows PowerShell scripts can be run.

5. The most common (default) way to run a script is by calling it:

PS C:\> & “C:\Admin\My first Script.ps1”

If the path does not contain any spaces, then you can omit the quotes and the ‘&’ operator

PS C:\> C:\Admin\Myscript.ps1

If the script is in the current directory, you must indicate this using .\ (or ./ will also work)

PS C:\> .\Myscript.ps1

In our case scenario we run the script in the current directory “C:\” so, we must indicate this using & ‘.\’ and we click Enter

If you’re running some command and the command path has spaces in it, then you need the command invocation operator ‘&’ (see help about_operators, look for “call operator”).

The call operator (&) allows you to execute a command, script or function.

Many times you can execute a command by just typing its name, but if the command (or the path) contains a space then this will fail.

Putting the command in quotes would make PowerShell treat it as a string, so in addition to quotes, use the call operator to force PowerShell to treat the string as a command to be executed.

Syntax
& “[path] command” [arguments]

6. Our script now it starts running, automatically on C:\ drive

clip_image006

7. You have to “Set” type the External and Internal Url you want to use

clip_image008

As you can see now, the Name Spaces are set with the External and Internal Url you set

You can download it here

Script: Install Exchange Server 2010 SP3 Prerequisites on Windows Srv 2012 and Windows 2012 R2


This script automate execute steps for installing the necessary Windows Server 2012 and Windows Server 2012 R2 operating system prerequisites for the Microsoft Exchange 2010 SP3 Mailbox, Client Access, HUB Transport, Multirole and Edge Transport server roles. The prerequisites that are needed to install Exchange 2010 SP3 on a Windows Server 2012 and Windows Server 2012 R2 computer depends on which Exchange roles you want to install.

What do you need to know before you begin?

  • The Edge Transport server role is available starting with Exchange 2010 SP3.
  • Make sure that the functional level of your forest is at least Windows Server 2003, and that the schema master is running Windows Server 2003 with Service Pack 2 or later.
  • The full installation option of Windows Server 2012 and Windows Server 2012 R2 must be used for all servers running Exchange 2010 server roles or management tools.
  • You must first join the computer to the appropriate internal Active Directory forest and domain.
  • You must check and be sure your server has access to the internet
  • Some prerequisites require you to reboot the server to complete installation.

Let’s have a quick look how to execute the script Exchange2010SP3Prerequisites on Windows PowerShell and what this script do for us.

  1. Login to Windows Server 2012 and Windows Server 2012 R2 with Enterprise Administrator credentials
  2. Start Windows PowerShell “As Administrator”

clip_image001

3. Next step, copy the script Exchange2010SP3Prerequisites on (C:\) drive

clip_image002

4. Let’s start with running scripts from within Windows PowerShell itself.
In case you get weird error messages when you try to run a script, the reason is only one, security settings built into Windows PowerShell include something called the “execution policy” the execution policy determines how (or if) PowerShell runs scripts. By default, PowerShell’s execution policy is set to Restricted that means that scripts – including those you write yourself – won’t run.
Navigate back to Windows PowerShell and set the Execution policy to unrestricted in order to be able to run the script, in that case, use this command to set your execution policy to RemoteSigned or Unrestricted

clip_image003

Note: The Set-ExecutionPolicy cmdlet enables you to determine which Windows PowerShell scripts (if any) will be allowed to run on your computer.

Windows PowerShell has four different execution policies:

  • Restricted – No scripts can be run. Windows PowerShell can be used only in interactive mode.
  • AllSigned – Only scripts signed by a trusted publisher can be run.
  • RemoteSigned – Downloaded scripts must be signed by a trusted publisher before they can be run.
  • Unrestricted – No restrictions; all Windows PowerShell scripts can be run.

5. The most common (default) way to run a script is by calling it:

PS C:\> & “C:\Admin\My first Script.ps1”

If the path does not contain any spaces, then you can omit the quotes and the ‘&’ operator

PS C:\> C:\Admin\Myscript.ps1

If the script is in the current directory, you must indicate this using .\ (or ./ will also work)

PS C:\> .\Myscript.ps1

In our case scenario we run the script in the current directory “C:\” so, we must indicate this using .\ and we click Enter

clip_image004

6. Our script now it starts running, select an option from the menu. In my case scenario, I will select option 4 (E2010 Typical installation) and click Enter

clip_image005

7. As you can easy check bellow, my Multirole Prerequisites are in progress to be download and install

clip_image006

8. After the Prerequisites successfully installed, we have to choose the option 20 or 21 in order to restart our server

clip_image007

9. After restart your server, login as EA and proceed to install your Microsoft Exchange Server 2010 SP3

clip_image008

clip_image009

 

 You can download the script from here

Enjoy Winking smile

Office 365 Administrator Daily & Weekly Tasks Automate Tool


    Today, I manage to complete the bellow script, in order some basic Office 365 Administrator Task Daily & Weekly to be automate with one click

    This script automate execute steps for Office 365 Administrator Daily & Weekly Tasks.
    By choosing only a number, you can manage your Office 365 Daily & Weekly Tasks
    You can download the Script here.

    imagesCAYLL5MZ 

    What do you need to know before you begin?

    • Make sure you have already installed Windows Azure AD PowerShell
    • You must check and be sure your server or your computer has access to the internet

    Let’s have a quick look how to execute the script O365_DailyAdminTasks_v1.0 on Windows PowerShell and what this script do for us.

  • 1. Login to your computer with Administrator credentials
  • 2. Start Windows Azure AD PowerShell “As Administrator”

    clip_image001

  • 3. Next step, copy the script O365_DailyAdminTasks_v1.0 on (C:\) drive

    clip_image002

  • 4. Let’s start by running the script from Windows Azure AD PowerShell itself.
    In case you get weird error messages when you try to run a script, the reason is only one, security settings built into Windows PowerShell include something called the “execution policy” the execution policy determines how (or if) PowerShell runs scripts. By default, PowerShell’s execution policy is set to Restricted that means that scripts – including those you write yourself – won’t run.
    Navigate back to Windows PowerShell and set the Execution policy to unrestricted in order to be able to run the script, in that case, use this command to set your execution policy to RemoteSigned or Unrestricted

    clip_image003

    Note: The Set-ExecutionPolicy cmdlet enables you to determine which Windows PowerShell scripts (if any) will be allowed to run on your computer.

    Windows PowerShell has four different execution policies:

    • Restricted – No scripts can be run. Windows PowerShell can be used only in interactive mode.
    • AllSigned – Only scripts signed by a trusted publisher can be run.
    • RemoteSigned – Downloaded scripts must be signed by a trusted publisher before they can be run.
    • Unrestricted – No restrictions; all Windows PowerShell scripts can be run.
  • 5. The most common (default) way to run a script is by calling it:

    PS C:\> & “C:\Admin\My first Script.ps1”

    If the path does not contain any spaces, then you can omit the quotes and the ‘&’ operator

    PS C:\> C:\Admin\Myscript.ps1

    If the script is in the current directory, you must indicate this using .\ (or ./ will also work)

    PS C:\> .\Myscript.ps1

    In our case scenario we run the script in the current directory “C:\” so, we must indicate this using .\ and we click Enter

    clip_image004

  • 6. Type your Global Admin credentials, Username and Password in order to login

    clip_image005

  • 7. Our script now it starts running, select an option from the menu. In my case scenario, I will select option 4 (Change User/s Password) and click Enter

    The 4th choice Change User’s Password, let’s see together how we can change user or users password with one click

    clip_image006

  • 8. When you press Enter, automatically its appear a window with all the users in Office 365.
    Just choose the user or the users by clicking on the user and click OK

    clip_image007

  • 9. Password change and automatically a new pass is generate

    clip_image008

  • 10. Next step, you can choose another option without to need to type again your Office 365 credentials

The Code:
#######################################################################################################

<#
   DESCRIPTION                                                                                                              
   *************                                                                                                                
    This script automate execute steps for Office 365 Administrator daily tasks
                                                                                                                           
   SYNOPSIS                                                                                                                 
   ***********                                                                                                                                                                                                                                           
   Daily:  Mailbox Administrators are constantly responding to any addition, change, and removal requests for their Office365 accounts. 
   According to the data that we analyzed from 365Command, the most common daily tasks are:
  
    Menu
   *******
   1. Create a new User in Office 365                  
   2. Remove a User or User’s from Office 365          
   3. Restore a User or User’s in Office 365            
   4. Change User or User’s Password in Office 365     
   5. Set User/User’s Password never Expires in Office 365
   6. Export License Statistics in Office 365             
   7. Export List for SMTP address & Last connection time 
   8. Export Recipient Statistics in Office 365           
   9. Export Mailbox Usage Report from Office 365         
  10. Export Connection By Client Type Report in Office 365                                                                 

Disclaimer
     Important Note Test it first on Lab environment                                           
     THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE                        
     RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE USER                     
#########################################################################
#       To run the script                                                                                                             #
#      *******************                                                                                                             #
#                                                                                                                                              #
# .\O365_DailyAdminTasks_v1.0.ps1                                                                                    # 
# Author: Joanna Vathis                                                                                                        #
# Blog1: https://catastrophicerrors.wordpress.com/                                                        #
# Blog2: http://autoexec.gr/blogs_autoexec_gr/b/cf/default.aspx?pi516=2                   #
# Version: 1.0                                                                                                                        #
# Last Modified Date: 31/03/2014                                                                                        #
# Last Modified By:  Joanna Vathis                                                                                        #                                                                                     
#########################################################################
#>

Function LoginOffice365 {
     # Connect to Office 365 and Exchange Online
      Clear;
      Import-Module Msonline
      $GA_UserName = Read-Host “Please enter your GA Username for Office 365 account”;
      $GA_Password = Read-Host “Please enter your GA Password for Office 365 account” -AsSecureString;
      Write-Host “Don’t press any key, wait until connect……” -ForegroundColor Yellow;
      $GA_Credentials = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $GA_UserName, $GA_Password;
      $Connect = Connect-MsolService -Credential $GA_Credentials;
      Start-Sleep -Seconds 10
      $Error = $Connect | ?{$_.gettype().Name -eq “ErrorRecord”}
             If($Error){
                        Write-Host ” $Connect” -ForegroundColor Red;   
                        Read-Host;
                       }
             Else{
      Write-Host ” Succesfully login in Office 365…” -ForegroundColor Green;
  }
  } # End LoginO365  

[string] $menu = @’
    ============================================================
       Office 365 Administrator Daily & Weekly Tasks Tool
    ============================================================
     
      1. Create a new User in Office 365                  
      2. Remove a User or User’s from Office 365          
      3. Restore a User or User’s in Office 365            
      4. Change User or User’s Password in Office 365     
      5. Set User/User’s Password never Expires in Office 365
      6. Export License Statistics in Office 365             
      7. Export List for SMTP address & Last connection time 
      8. Export Recipient Statistics in Office 365           
      9. Export Mailbox Usage Report from Office 365         
     10. Export Connection By Client Type Report in Office 365
 
     21. Exit                                   
    ============================================================
    Select an option from the menu…(1-21)
‘@ # Menu List

Function SmtpReport {
  Clear;
        Write-Host ” ==============================================” -ForegroundColor Cyan;
        Write-Host ”  List for SMTP address & Last connection time ” -ForegroundColor White;
        Write-Host ” ==============================================” -ForegroundColor Cyan;
        Write-Host ” ”   
  # List for SMTP address and Last connection time for all the users
    Get-Mailbox | fl EmailAddresses, identity | Export-Csv -Path ‘C:\Emailaddress.csv’ -NoTypeInformation
    Get-Mailbox -ResultSize unlimited | Get-MailboxStatistics | Select-Object identity,lastlogontime,lastlogofftime,DisplayName | Sort-Object DisplayName -Descending | Export-Csv -Path ‘C:\Lastlogontime.csv’ -NoTypeInformation
} # End SMTP Report

Function CreateUser {
  Clear;
        Write-Host ” =======================================” -ForegroundColor Cyan;
        Write-Host ”    Create a new User in Office 365     ” -ForegroundColor White;
        Write-Host ” =======================================” -ForegroundColor Cyan;
        Write-Host ” ”   
        $DisplayName = Read-Host “Display Name”;
        $FirstName = Read-Host “First Name”;
        $LastName = Read-Host “Last Name”;
        Write-Host “Type the username@yourdomain.onmicrosoft.com” -ForegroundColor Yellow;
        $UserName = Read-Host “User Name”;
        $UserPrincipalName = $UserName;
        #$Role = Read-Host “Assign Role”;
        $Department = Read-Host “Department”;
        $Location = Read-Host “Set user Location”;
        $PassWord = Read-Host “New Password”;
        $Proce = New-MsolUser -FirstName $FirstName -LastName $LastName -UserPrincipalName $UserPrincipalName -DisplayName $DisplayName -UsageLocation $Location -Password $PassWord -ForceChangePassword $false;
        $Error = $Proce | ?{$_.gettype().Name -eq “ErrorRecord”};
       
        If($Error){
             Write-Host $Error -BackgroundColor Black -ForegroundColor Red;
         }
         else{
        Set-MsolUser -UserPrincipalName $UserPrincipalName -UsageLocation $UsageLocation;
        Get-MsolUser | FT DisplayName,UsageLocation,Licenses,IsLicensed -AutoSize | Out-GridView;
        Get-MsolUser | FT DisplayName,UsageLocation,Licenses,IsLicensed -AutoSize | Export-Csv -Path C:\UserStatistics.csv -NoTypeInformation;
        Get-MsolAccountSku |FT AccountSkuId,ActiveUnits,ConsumedUnits;
        Write-Host “User was succesfully created…” -BackgroundColor DarkBlue -ForegroundColor White;
   
      # Proceed to Assign License for the User 
        $SkuPartNumber = Read-Host;
        $LicensesType = Read-Host;
             Write-Host ” ==============================================” -ForegroundColor Cyan;
             Write-Host ”    Office 365 Service Plans AccountSkuID      ” -ForegroundColor White;
             Write-Host ” ==============================================” -ForegroundColor Cyan;
             Write-Host ”                                               “
             Write-Host ”     1. Windows Azure AD Rights                “
             Write-Host ”     2. Office 365 ProPlus                     “
             Write-Host ”     3. Lync Online                            “
             Write-Host ”     4. Office Web Apps                        “
             Write-Host ”     5. SharePoint Online                      “
             Write-Host ”     6. Exchange Online                        “
             Write-Host ”     7. Yammer                                 ”             
             Write-Host “===============================================” -ForegroundColor Cyan;
             Write-Host  “Select a License type to assign…(1-7):”-ForegroundColor White;
            
             # 1. Windows Azure AD Rights
             If($LicensesType -eq “1”){
                  $ServicePlans = Get-MsolAccountSku | Where {$_.SkuPartNumber -eq “RMS_S_ENTERPRISE”} $s.ServiceStatus;
             }
             # 2. Office 365 ProPlus
             elseif($LicensesType -eq “2”){
                     $ServicePlans = Get-MsolAccountSku | Where {$_.SkuPartNumber -eq “OFFICESUBSCRIPTION”} $s.ServiceStatus;
             }
             # 3. Lync Online
             elseif($LicensesType -eq “3”){
                      $ServicePlans = Get-MsolAccountSku | Where {$_.SkuPartNumber -eq “MCOSTANDARD”} $s.ServiceStatus;
             }
             # 4. Office Online
             elseif($LicensesType -eq “4”){
                      $ServicePlans = Get-MsolAccountSku | Where {$_.SkuPartNumber -eq “SHAREPOINTWAC”} $s.ServiceStatus;
             }
             # 5. SharePoint Online   
             elseif($LicensesType -eq “5”){
                     $ServicePlans = Get-MsolAccountSku | Where {$_.SkuPartNumber -eq “SHAREPOINTENTERPRISE”} $s.ServiceStatus;
             }
             # 6. Exchange Online
             elseif($LicensesType -eq “6”){
                     $ServicePlans = Get-MsolAccountSku | Where {$_.SkuPartNumber -eq “EXCHANGE_S_ENTERISE”} $s.ServiceStatus;
             }
             # 7. Yammer
             elseif($LicensesType -eq “7”){
                     $ServicePlans = Get-MsolAccountSku | Where {$_.SkuPartNumber -eq “YAMMER_ENTERPRISE”} $s.ServiceStatus;                     
             }
             ForEach ($LicensesType in $ServicePlans){                       
                Set-MsolUserLicense -UserPrincipalName $UserPrincipalName -AddLicenses $LicenseType.AccountSkuId;
                  }
              
            Write-Host “License was succesfully assigned to the user…” -BackgroundColor DarkBlue -ForegroundColor White;
  }
  }# End CreateUser

Function LicenseStatistics {
    # Export License Statistics   
        Clear;
        Write-Host ” ===================================” -ForegroundColor Cyan;
        Write-Host ”   Office 365 License Statistics    ” -ForegroundColor White;
        Write-Host ” ===================================” -ForegroundColor Cyan;
        Write-Host ” ”   
        $a = Get-MsolAccountSku
        $all = $a.ActiveUnits
        $consumed = $a.ConsumedUnits
        $left = $all – $consumed
       
        # Get Report for All Licensed users in Office 365
          Get-MsolUser -All | Where-Object { $_.isLicensed -eq “True” } | Select-Object UserPrincipalName, DisplayName, Country, Department | Export-Csv C:\LicensedUsers.csv -NoTypeInformation;
          Get-MsolUser -All | Where-Object { $_.isLicensed -eq “True” } | Select-Object UserPrincipalName, DisplayName, Country, Department | Out-GridView;
       
        # Get Report for All UnLicensed users in Office 365
          Get-MsolUser -All | Where-Object { $_.isLicensed -eq “False” } | Select-Object UserPrincipalName, DisplayName, Country, Department | Export-Csv C:\UnLicensedUsers.csv -NoTypeInformation;
          Get-MsolUser -All | Where-Object { $_.isLicensed -eq “False” } | Select-Object UserPrincipalName, DisplayName, Country, Department | Out-GridView;
       
        # Check if we have availiable License in Office 365 Tenant
          If ($all -eq $consumed) { “There are no licences available”}
              Else { “There $left licences available”}
} # End LicenseStatistics

Function RemoveUser {
      # Remove a user from Office 365   
        Clear;
        Write-Host ” ===================================” -ForegroundColor Cyan;
        Write-Host ”   Remove a User from Office 365    ” -ForegroundColor White;
        Write-Host ” ===================================” -ForegroundColor Cyan;
        Write-Host ” ”   
       
        # Proceed to Remove user or users from Office 365
        Get-MsolUser -All | Out-GridView -Title “Choose users from the list you want to delete” -PassThru | ForEach-Object {Remove-MsolUser -UserPrincipalName  $_.UserPrincipalName -force}
        Write-Host “User was succesfully removed….” -ForegroundColor Green;

       # Proceed to Remove user or users from RecycleBin in Office 365
        Get-MsolUser -All | Out-GridView -Title “Choose users from the list you want to Remove from RecycleBin” -PassThru | ForEach-Object {Remove-MsolUser -UserPrincipalName $_.UserPrincipalName -RemoveFromRecycleBin}
        Write-Host “User was succesfully removed from RecycleBin….” -ForegroundColor Green;
} # End RemoveUser

Function RestoreUser{
      # Remove a user from Office 365   
        Clear;
        Write-Host ” ===================================” -ForegroundColor Cyan;
        Write-Host ”   Restore a User from Office 365   ” -ForegroundColor White;
        Write-Host ” ===================================” -ForegroundColor Cyan;
        Write-Host ” ”   
       
        # Proceed to Recover user or users from Office 365
          Get-MsolUser -ReturnDeletedUsers | Out-GridView -Title “Choose users from the list you want to Recover” -PassThru | ForEach-Object {Restore-MsolUser -UserPrincipalName  $_.UserPrincipalName -AutoReconcileProxyConflicts}   
          Write-Host “User was succesfully Recovered…” -ForegroundColor Green;
}# End RestoreUser

Function ChangeUserPass {
        # Change users Password in Office 365   
        Clear;
        Write-Host ” =====================================” -ForegroundColor Cyan;
        Write-Host ”  Change Users Password in Office 365 ” -ForegroundColor White;
        Write-Host ” =====================================” -ForegroundColor Cyan;
        Write-Host ” ”   
       
        # Proceed to change user or users from Office 365
          Get-MsolUser -All | Out-GridView -Title “Choose user from the list you whish to change the Password” -PassThru | ForEach-Object {Set-MsolUserPassword -UserPrincipalName $_.UserPrincipalName -NewPassword $Password}  
          Write-Host “Password was change succesfully. Please type the New Password was automaticaly generate…” -ForegroundColor Green;
     
        # In case you want to set your Password for the User and not the auto-generate pass, disable the previews command, and enable the command bellow
        # $Password = “P@ssword1”
        # Get-MsolUser -All | Out-GridView -Title “Choose user from the list you whish to change the Password” -PassThru | ForEach-Object {Set-MsolUserPassword -UserPrincipalName $_.UserPrincipalName -NewPassword $Password}  
        # Write-Host “Password was change succesfully. Please try to login to the portal with the New Password…” -ForegroundColor Green;
 
} # End ChangeUserPass

Function SetPassNeverExpires {
   # Change users Password NeverExpires in Office 365   
        Clear;
        Write-Host ” ==========================================” -ForegroundColor Cyan;
        Write-Host ”  Users Password NeverExpiresin Office 365 ” -ForegroundColor White;
        Write-Host ” ==========================================” -ForegroundColor Cyan;
        Write-Host ” ”   
       
        # Proceed to change user or users from Office 365
          Get-MsolUser -All | Out-GridView -Title “Choose user from the list you whish to change the Password to Never Expire” -PassThru | ForEach-Object {Set-MsolUser -UserPrincipalName $_.UserPrincipalName -PasswordNeverExpires $true}  
          Write-Host “Password was change succesfully to Never Expires…” -ForegroundColor Green;

       # To view all users and their “Password never expires setting true”
          Get-MSOLUser | Select UserPrincipalName, PasswordNeverExpires | Export-Csv C:\PasswordNeverExpiresUsersTrue.csv -NoTypeInformation
          Write-Host “Recipient Statistics Report was exported succesfully as PasswordNeverExpiresUsers.csv..” -ForegroundColor Green;
          Get-MSOLUser | Select UserPrincipalName, PasswordNeverExpires | Out-GridView

       # To view all users and their “Password never expires setting false”
          Get-MSOLUser | Select UserPrincipalName, PasswordNeverExpires | Export-Csv C:\PasswordNeverExpiresUsersFalse.csv -NoTypeInformation
          Write-Host “Recipient Statistics Report was exported succesfully as PasswordNeverExpiresUsers.csv..” -ForegroundColor Green;
          Get-MSOLUser | Select UserPrincipalName, PasswordNeverExpires | Out-GridView
         
} # End SetPassNeverExpires

Function MailboxUsageReport{
     
      # This command retrieves details for mailboxes that were near or over the maximum mailbox size in Office 365   
        Clear;
        Write-Host ” ===========================================” -ForegroundColor Cyan;
        Write-Host ”  Mailbox Usage Detail Report in Office 365 ” -ForegroundColor White;
        Write-Host ” ===========================================” -ForegroundColor Cyan;
        Write-Host ” ”  

       # This command retrieves details for mailboxes that were near or over the maximum mailbox size       
         Get-MailboxUsageDetailReport | Out-GridView -Title “Mailbox Reports…….”;   
       
} # End MailboxUsageReport

Function RecipientStatisticsReport {
     # We use the Get-RecipientStatisticsReport cmdlet to view the recipient statistics report in Office 365   
        Clear;
        Write-Host ” ===========================================” -ForegroundColor Cyan;
        Write-Host ”  Recipient Statistics Report in Office 365 ” -ForegroundColor White;
        Write-Host ” ===========================================” -ForegroundColor Cyan;
        Write-Host ” ”   
      
       Get-RecipientStatisticsReport | Out-GridView -Title “Recipient Statistics Report…….”;
       Get-RecipientStatisticsReport | Export-Csv -Path C:\RecipientStatisticsReport.csv -NoTypeInformation;
       Write-Host “Recipient Statistics Report was exported succesfully as RecipientStatisticsReport.csv..” -ForegroundColor Green;

} # End RecipientStatisticsReport

Function ConnectionByClientTypeDetailReport {
    # This command retrieves details about the different types of clients used to connect to mailboxes Office 365   
        Clear;
        Write-Host ” ============================================” -ForegroundColor Cyan;
        Write-Host ”  Connect Mailboxes Types Stat in Office 365 ” -ForegroundColor White;
        Write-Host ” ============================================” -ForegroundColor Cyan;
        Write-Host ” ”      
    # This command retrieves details about the different types of clients used to connect to mailboxes 
      Get-ConnectionByClientTypeDetailReport | Out-GridView -Title “Statistics Report…….”;
      Get-ConnectionByClientTypeDetailReport | Export-Csv -Path C:\ConnectionByClientTypeDetailReport.csv -NoTypeInformation;
      Write-Host “Statistics Report was exported succesfully as ConnectionByClientTypeDetailReport.csv..” -ForegroundColor Green;

} # End ConnectionByClientTypeDetailReport

Function ConnectionByClientTypeReport {
    # This command retrieves details about the different types of clients used to connect to mailboxes in Office 365   
        Clear;
        Write-Host ” ============================================” -ForegroundColor Cyan;
        Write-Host ”  Connect Mailboxes Types Stat in Office 365 ” -ForegroundColor White;
        Write-Host ” ============================================” -ForegroundColor Cyan;
        Write-Host ” ”   
    # This command retrieves details about the different types of clients used to connect to mailboxes 
      Get-ConnectionByClientTypeReport | Out-GridView -Title “Statistics Report…….”;
      Get-ConnectionByClientTypeReport | Export-Csv -Path C:\ConnectionByClientTypeReport.csv -NoTypeInformation;
      Write-Host “Statistics Report was exported succesfully as ConnectionByClientTypeReport.csv..” -ForegroundColor Green;
} # End ConnectionByClientTypeReport
 
  LoginOffice365;
Do {
    $existingSession = Get-PSSession -Verbose:$false | Where-Object {$_.ConfigurationName -eq “Microsoft.Exchange”}
    If ($existingSession -eq $null) {Write-Host ” “}
    If ($existingSession -eq $true) {Write-Host “Already connect to Office 365..” -ForegroundColor Green}
    $opt = Read-Host $menu

  Switch ($opt)    {
         1  {# Change Users Password
             CreateUser;
            }
         2  {# Change Folder Permissions
             RemoveUser;
            }
         3  {# Mailbox Forwoarding
             RestoreUser;
            }
         4  {# Create a Shared Mailbox
             ChangeUserPass;
            }
         5  {# Check Mailboxs Report
             SetPassNeverExpires;
            }
         6  {# Give Users Send As Permission
             LicenseStatistics;
            }     
         7  {# Export List for SMTP address & Last connection time
             SmtpReport;
            }     
         8  {# Share calendar in Office 365
             RecipientStatisticsReport;
            }
         9  {# Share calendar in Office 365
             MailboxUsageReport;
            }                  
        10  {# Logout from Office 365
            ConnectionByClientTypeDetailReport;
            ConnectionByClientTypeReport;
            }
        21  {# Exit
            If ($choose -ne -21){
            Write-Host “Exiting from Office 365…..” -ForegroundColor Cyan
            }
            {……………………………..}
            }
}
} While ($opt -ne 21) # Execute cmdlets from the script in order

#########################################################################################################################

    Enjoy…..Winking smile

     

How to hide and unhide all hidden contacts from GAL by using PowerShell script


How to hide contacts from GAL by using PowerShell

1.Follow the article to access Exchange Online through PowerShell:

Connect Windows PowerShell to the Service
http://help.outlook.com/en-us/140/cc952755.aspx

clip_image001

  1. To hide a contact from Global Address List, type the cmdlet bellow

Command:
Set-Mailbox -Identity jv@itprodev.onmicrosoft.com -HiddenFromAddressListsEnabled $true

clip_image002

  1. To check if your contact is hidden for the address list, type the command bellow

Command:
Get-Mailbox -Identity jv@itprodev.onmicrosoft.com | fl

clip_image003

How to unhide all hidden contacts from GAL by using PowerShell script

Summary
Contacts that are hidden from Global Address List (GAL) are not visible to Office 365 Exchange Online users. This article provides a method that unhide all hidden contacts from GAL by using PowerShell script.

1.Follow the article to access Exchange Online through PowerShell:

Connect Windows PowerShell to the Service
http://help.outlook.com/en-us/140/cc952755.aspx

clip_image001[1]

2. Export a list for contacts hidden from GAL by running the following cmdlet:

Command:
Get-Mailcontact -Filter {HiddenFromAddressListsEnabled -eq $true} | Select identity,alias,HiddenFromAddressListsEnabled | Export-Csv -Path C:\HiddenContacts.csv -NoTypeInformation

clip_image004

3. Unhide the contacts from C:\HiddenContacts.csv file by running the following cmdlet:

Command:
$users = import-csv C:\HiddenContacts.csv
Foreach($_ in $users) {Set-mailcontact $_.identity -HiddenFromAddressListsEnabled $false}

clip_image005

OR

Command:
Set-Mailbox -Identity jv@itprodev.onmicrosoft.com -HiddenFromAddressListsEnabled $false

clip_image006

More Information

Get-MailContact
http://technet.microsoft.com/en-us/library/bb124717.aspx

Set-MailContact
http://technet.microsoft.com/en-us/library/aa995950.aspx

Where is the message that someone claims to have sent me? “Inbound mail flow” and “Outbound mail flow”


Scenario: In this scenario an Office 365 mailbox is not receiving a message sent from outside of the Office 365 organization.

Step 1: See if Office 365 received the message and was able to deliver it

Since you don’t have the item, you will need to enter the delivery report center though Outlook Web App (OWA).  Log in to OWA, go to Options

clip_image002

Find the Delivery Reports under Organize Email:

clip_image004

Highlight the Search for messages that were sent to me from button and then in the box that pops up, type the SMTP address of the user you sent mail to:

clip_image005

Things to consider for inbound messages when looking at the Delivery Report results:

· If the message doesn’t appear in the report results, it may never have made it to Office 365. 

· If the message appears in the report results, check to make sure it was delivered.  If it was delivered, check to see if an inbox rule rerouted or deleted the message.  Check to see if the email was moved to the Junk folder.  For more information on inbox rules, see Learn About Inbox Rules.

· Administrators: If the message was not delivered, did a transport rule act on the message? For more information on Transport Rules, see Create a new Rule.

Step 2: Work with the sender to determine what happened to the message

Assuming that you still have not solved the issue, this is about as far as you can go right now from the receiving side.  If the sender just sent you the message, you may need to give it some time to arrive or timeout.  If the message times out, then the sender will get a notification and be able to skip to the troubleshooting notifications section.  If, however, the sender does not receive a notification, then the sending side should perform message tracking.  In most cases, the remote side should be able to provide you with information to help you make sure that the message was handed off properly.  One data point that will be extremely useful is the IP address of the system to which they handed off the message.  Frequently, the problem is that a DNS configuration problem causes the sending system to hand off the message to the wrong email server.  Having an IP address will help you in this case.

One last thing you can try as a test: have the sender email your onmicrosoft.com email address instead of using your custom domain address.  This test can help prove if the issue is with DNS.

Common problems

Here we’ll add links to helpful Knowledge Base articles or other documentation that pertains to this scenario.   

· Use of more than one MX record with Office 365 is not recommended or supported by Microsoft.  The options are as follows:

o MX record points to Office 365 ONLY

o MX record points to other email server which forwards some/all email to Office 365 (e.g. Hybrid or Simple Shared).  Multiple MX records can be used in this scenario, but only if one of the MX records is NOT pointing to Office 365.

Trying to use multiple records can result in:

· Missing email

· Rejected email

· Inconsistent results with spam

To verify that you only have one MX record, open a Command Prompt and type: nslookup -type=MX contoso.com

Where contoso.com is your domain. You should ONLY get one result, like this:
Server:  test.contoso.com
Address:  10.2.3.7
Non-authoritative answer: contoso.com  MX preference = 5, mail exchanger = contoso_com.mail.eo.outlook.com

If you previously used your domain with BPOS, FOPE, or Exchange Hosted Archive then even after you have verified your domain, you will find that messages sent to your domain may bounce with either a 550 5.4.1 Relay Access Denied or possible mail loop.  If both of these conditions are true, you need to contact FOPE support and have them remove your duplicate domain.

· If you recently moved your domain (Professional) or MX records (Enterprise or Education), there is a DNS caching period where some servers may still deliver your email to your old provider.  If you have recently moved the domain to Office 365 and are missing email, one thing you should try to do is check the old provider and see if they are still getting some of your email.  The problem may be isolated to some senders.

· If you have Office 365 Professional and are having trouble receiving email from your old email provider, the problem may be that the old provider is still hosting stale DNS records for your domain.  If the domain you are using was hosted somewhere other than the domain registrar you were using, then you may also need to contact your old DNS provider and have them remove the stale entries for your domain. For more information see Domains in Office 365.

Outbound mail flow

Why is my message taking so long to arrive at its destination?

Scenario: You sent a message from your Office 365 mailbox.  One or more recipients are complaining either that they haven’t received the message or that the message took a long time to arrive.

Steps:

Open a delivery report for your message

If you have Outlook 2010, go to your Sent Items folder, and find the message you want to track.  Open the message.  In the message window, click the File tab.  Under Message Delivery Report, click Open Delivery Report

clip_image007

As an administrator or someone with the ability to track messages (helpdesk), you can also search directly from the Exchange Administrator Control. In the EAC (Exchange Administrator Control) go to Mail flow > Message trace.

clip_image008

Common problems

Here we’ll add links to helpful Knowledge Base articles or other documentation that pertains to this scenario.

· If you are having trouble sending mail to certain domains, you may want to verify that you have the recommended DNS record types for sending mail.  Specifically, you want an A record for the domain (example: @.contoso.com – this record should generally point to the same address as your www record), an MX record, and SPF record that designates Outlook.com as a sender.  For more information see Domains in Office 365.

Export Email Messages from OWA in Office 365 Exchange Online


Introduction
This script can export email messages from Outlook Web App to a specific folder.
These email messages will be saved in .eml format. You need to find the email messages by using search folder.

Download the Script from here

Important Note:
Scripting is NOT supported by Microsoft Technical Support.
You have to use this script on your own risk as each environment is different for each user. 

Scenarios
Microsoft Outlook allows you to export email messages very easily.
However, this feature is not available in the Outlook Web App (OWA).
Therefore, in order to export email messages from OWA, you must find a workaround.

Prerequisites
This script requires Exchange Web Service Managed API 2.0. Please download and install the package from Microsoft Download Center.
This script cannot work correctly without this package. 

Let’s start and execute the script… 

1.Open Windows Azure Active Directory PowerShell

2.Run Import-Module cmdlet to import this module file

Import-Module filepath\scriptname.psm1

Example:
Import-Module C:\Export\ExportOSCEXOEmailMessage.psm1

To display help about this function, run this command.
Get-Help Export-OSCEXOEmailMessage -Full

To initiate a connection to Office 365 Exchange Online, please run this command.
You must run this example before any other step.
Connect-OSCEXOWebService -Credential (Get-Credential joannav@losgrecos.onmicrosoft.com)

Note
The Connect-OSCEXOWebService function creates a new variable called exService. This variable is in the global scope of the current Windows PowerShell session. This variable is used by other functions in the script.

To create a search folder that contains the email messages with specific subject, please run this command.
New-OSCEXOSearchFolder -DisplayName “Subject contains ‘Backup'” -Subject “Backup” -StartDate “07/20/2013 12:00:00 AM” -EndDate “09/25/2013 12:00:00 PM”

To export email messages in a search folder and keep this search folder after exporting, please run this command.
Get-OSCEXOSearchFolder -DisplayName “Subject contains ‘Backup'” | Export-OSCEXOEmailMessage -Path C:\Backup -KeepSearchFolder

To export email messages in a temporary search folder, please run this command.
New-OSCEXOSearchFolder -Subject “Test email” | Export-OSCEXOEmailMessage -Path C:\Backup

Additional Resources Technical Resources:

Office 365 Hybrid Deployment (Part IV) – Configuring a Microsoft Exchange Online Hybrid Deployment


In Part 4 we will enabling Exchange Federation and we will see, how to configure the on-premises Exchange organization for Federation trust and Organization Relationship.
In order to do that, we have to import a trusted certificate in to the local computer certificate store.  That is we will import and assign a third party certificate to IIS and SMTP on the Exchange 2010 hybrid server.
Let’s get going…

Import a trusted certificate in to the local computer certificate store
When configuring a hybrid deployment, one of the requirements is a SSL certificate from a trusted 3rd party certificate provider.
This certificate will be used to secure the communication between the on premise Exchange 2010 hybrid servers, Exchange clients and Exchange Online.


Note:
In my case scenario, I’m using TMG 2010 Server for my on premise environment

First I will switch to O365-EX1 Virtual Machine to Export the certificate

Start and click Exchange Management Console (EMC)

On EMC navigate to Server Configuration and in the right site you will see the Exchange Certificates

Select the server that contains the certificate, and then select the certificate you want to export (mine is ex1.onprem.local), right click in the certificate you want to export, and click Export Exchange Certificate
The services that are checked are currently assigned to the certificate

When you click Export, the Progress Page will confirm your selections and try to export the certificate

The Completion page will display the status of the request together with the syntax of the Shell cmdlet needed to export the certificate

Create a new firewall rule on O365-TMG1 and Import the certificate

Note:
If you do not use TMG to publish Exchange in your environment, you just need to update the autodiscover and EWS DNS records in external DNS to point to the public IP address

Importing the Certificate
Before we can publish OWA, we first need to import the SSL certificate for the site on the TMG firewall.
To accomplish this, click Start / Run and then type mmc.exe. From the drop down menu choose File / Add/Remove Snap-in. Select Certificates, then click Add >

Select the Computer Account option

Select the option to manage the Local computer.

In the console tree, expand the Certificates node. Expand the Personal folder, then right-click the Certificates folder and choose Import…

Enter the location of the certificate file you exported previously.
Enter the password and optionally mark the private key exportable.

Accept the default option to Place all certificates in the following store.

Create a new firewall rule on O365-TMG1

On TMG1, click Start, point to All Programs, click Microsoft Forefront TMG, and then click Forefront TMG Management.
In the console tree, click Firewall Policy (TMG has already been configured with an SMTP (port 25) rule)
In the actions pane, on the Tasks tab under Firewall Policy Tasks, click Publish Exchange Web Client Access

On the Welcome to the New Exchange Publishing Rule Wizard page, in the Exchange Publishing rule name, type name and then click Next

On the Select Services page, click the Exchange version menu and click Exchange Server 2010 and then select the option to publish Outlook Web Access

For demonstration purposes we are publishing a single CAS server, so we’ll choose the option to Publish a single web site or load balancer.

Select the option to Use SSL to connect to the published web server or server farm.

Enter the name of the internal web site.
Select the option to accept requests for a specific domain, and then enter the public name of the web site.
Create a web listener for the site by selecting New…, and then enter a descriptive name for the listener.
Select the option to Require SSL secure connection with clients.

Select the network to listen for incoming web requests.

Choose Select Certificate… and select the certificate you imported previously.

Select the option to use No Authentication

On the Authentication Delegation page, click the menu, click No delegation, but the client may authenticate directly, and then click Next

If you wish to grant access to OWA only to specific users and/or groups, add them here. Otherwise accept the default All Authenticated Users group.

To confirm operation, click the Test Rule button.

In the results pane, double-click the Exchange Web Access rule.
In the Exchange Web Access Properties window, on the Paths tab, click Add.
And check the Paths

Be in tune for Part 5…

Office 365 "W15" Hybrid Deployment (Part III ) – Installing and Configuring Active Directory Synchronization


    In part 2 we installed and configures Active Directory Federation Service (ADFS) 2.0 .

    After we configured the servers, we also verified they worked as expected.

    In this part 3, we will continue where we left off in part 2 that are we convert our Office 365 domain to a federated domain as well as install the Directory Synchronization (DirSync) tool.

    If you are already using Active Directory in your on premise environment, you probably have invested a lot of time creating user accounts, populating their attributes and adding them to the appropriate groups. 

    Directory Synchronization takes all that information, users, groups, contacts, email addresses, phone numbers, names, etc and synchronizes it from your Active Directory to Office 365. 

    The synchronization is ongoing which allows you to continue to manage users, groups and contacts from your local Active Directory.  The synchronization is 1 way (from Active Directory to Office 365) and at this time, once enabled, cannot be disabled.

    Directory Synchronization is required if you want to use Active Directory Federation Services (AD FS).  A couple other things to note, Directory Synchronization cannot be used if you are going to do a cutover migration and it’s recommended if you are going to use AD FS that you enable that before enabling Directory Sync.

    As an administrator, you need to do some preparation before you synchronize your local Active Directory to Windows Azure Active Directory (Windows Azure AD).

    If you are deploying single sign-on, then we recommend that you set up single sign-on before you set up directory synchronization.

    After you’ve set up single sign-on, verify that the following statements are true:

    • You have the required software.
    • You have set up the correct permissions.
    • You understand the performance considerations related to directory synchronization.

    Activating directory synchronization should be considered a long-term commitment. After you have activated directory synchronization, you can only edit synchronized objects by using your on-premises Active Directory management tools. For more information, see Directory synchronization and source of authority.

    What is Azure Active Directory Dirsync with Password Sync?

    Formerly known as Dirsync, this tool has been updated to allow for the synchronization of local Active Directory passwords to Azure Active Directory. In addition to the syncing of users, groups and contacts.  This new feature will allow for Same Sign In with Microsoft cloud services such as Office 365 Education powered by Azure Active Directory since the username and the password from local AD will by synced up to Azure AD. 

    See here on TechNet for more details.

    Where can I get the new Dirsync with Password sync bits?

    You can grab the latest version of Dirsync here or it is available in the Office 365 portal under ‘users’  and then Dirsync.

    Synchronize and Verify Synchronization of Active Directory Objects

    a. Switch to the O365-SRV1 Virtual Machine (in my case I named O365-SRV1 my machine which I will install DirSync Tool) and on then. click Start and then click Internet Explorer

    b. In Microsoft Internet Explorer, in the Address box, type https://portal.microsoftonline.com and then press Enter.

    c. On the Microsoft Online Services page, under sign in, click your online services ID.

    d. In the Password box, type your password and then click Sign in.

    clip_image001

    e. On the Admin page, click users and groups

    clip_image002

    f. On the Users page, next to Active Directory synchronization, click Set up

    clip_image003

    g. On the Set up and manage Active Directory synchronization page, under Step 3 Activate Active Directory synchronization, click Activate (in my case I Activate already the Synchronization)

    clip_image004

    h. In the Do you want to activate Active Directory synchronization dialog box, read the warning information and then click Yes.

    i. Close Internet Explorer.

    Install the Active Directory Synchronization (DirSync) tool

    a. Switch to the O365-SRV1 Virtual Machine and on then. click Start and then click Internet Explorer

    b. In Microsoft Internet Explorer, in the Address box, type https://portal.microsoftonline.com and then press Enter.

    c. On the Microsoft Online Services page, under sign in, click your online services ID

    d. In the Password box, type your password and then click Sign in

    clip_image005

    e. On the Admin page, click users and groups

    f. On the Users page, next to Active Directory synchronization, click Set up

    clip_image006

    g. On the Set up and manage Active Directory synchronization page, next to step 4 Install and configure the Directory Synchronization tool, click Download

    clip_image007

    f. In the File Download – Security Warning window, click Run.

    i. In the Internet Explorer –Security Warning dialog box, click Run.

    j. On the Welcome page, click Next

    k. On the Microsoft Software License Terms page, click the I accept the Microsoft Software License Terms radio button and then click Next

    l. On the Select Installation Folder page, accept the default location and then click Next (The installation will take several minutes to complete)

    m. When the installation is complete, click Next

    n. On the Finish page, clear the Start Configuration Wizard now check box and then click Finish.

    Synchronize Active Directory

    The first time you synchronize your directories, a copy of your local users and groups is written to your Office 365 directory.

    From then on, Active Directory synchronization checks for changes to your local Active Directory and updates your Office 365 directory with those changes.

    The Microsoft Online Services Directory Synchronization Configuration Wizard creates the MSOL_AD_SYNC account in your Active Directory forest, in the standard Users organizational unit in the Root Domain.

    Directory synchronization uses this service account to read and synchronize your local

    a. Switch to the O365-SRV1 Virtual Machine

    b. Click Start, point to All Programs, click Directory Sync Configuration

    c. On the Welcome page, click Next

    clip_image008

    d. On the Microsoft Online Services Credentials page, in the User name box, type your Microsoft Online Services user name

    e. In the Password box, type your password and then click Next.

    clip_image009

    f. On the Active Directory Credentials page, in the User name box, type Onprem\Administrator (domain credential’s)

    clip_image010

    g. On the Hybrid Deployment page, read the information regarding Hybrid Deployment

    Select the Enable Hybrid Deployment check box and then click Next

    clip_image011

    h. On the Password Synchronization page, read the information regarding Password Synchronization

    Select the Enable Password Synchronization check box and then click Next

    clip_image012

    i. On the Configuration page, wait until the Configuration finalize and click Next

    clip_image013

    j. On the Finished page, verify that the Synchronize directories now check box is selected, and then click Finish

    k. Review the information in the Microsoft Online Services Directory Synchronization Configuration Wizard dialog box and then click OK.

    clip_image014

    Verify directory synchronization

    clip_image015

Office 365 Hybrid Deployment (Part II ) – Installing and Configuring Active Directory Federation Services


In this Part 2, we will continue where we left off in Part 1. That is we will install and configure Active Directory Federation Service (ADFS) 2.0 on ADFS serve.
After we have configured the servers, we will verify they work as expected.

Create a new ADFS certificate

In my case scenario, I will create a Domain Certificate for ADFS.
In order to create a Domain Certificate follow the steps bellow:

a. On DC (Domain Controller), click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

b. In the navigation pane, click Name of the DC (domain\Administrator).

c. In the results pane, under IIS, double-click Server Certificates.

d. In the actions pane, click Create Domain Certificate (The local domain certification authority will be used for this certificate)

e. In the Create Certificate window, on the Distinguished Name Properties page, in the Common name box, type sts.yourchilddomainname (for example: sts.onprem.contoso.com).

f. Type your information in the Organization, Organization Unit, City/locality State/province boxes, and then click Next.

g. On the Online Certification Authority page, under Specify Online Certification Authority, click Select.

h. In the Select Certification Authority window, click your Certification Authority (onprem-DC1-CA) and then click OK.

i. On the Online Certification Authority page, in the Friendly name box, type sts.yourchilddomainname.

j. Click Finish

Assign the certificate to the Default Website into IIS  

Since all client authentication against ADFS occurs via SSL, we need to import a server authentication certificate on each ADFS server.
Because all clients should trust this certificate, it’s recommended to import a certificate from a 3rd party certificate provider.
Although we use a wildcard certificate in this article series, a single name SSL certificate is sufficient.
If you use a single name certificate, the FQDN included should match the FQDN we configured in the previous article (in this example sts.losgrecos.cloudns.org).

To assign the certificate to the Default Website follow the steps bellow:

a. In the Internet Information Services (IIS) Manager, in the navigation pane, expand DC1 (ONPREM\Administrator), expand Sites, and then click Default Web Site

b. In the actions pane, click Bindings

c. In the Site Bindings window, click Add.

d. In the Add Site Binding window, click the Type drop-down menu and then click https.

e. Click the SSL certificate drop-down menu and then click sts.yourchilddomainname

f. In the Add Site Binding window, click OK.

g. In the Site Bindings window, click Close.

h. Close the IIS Manager.

Installing the Active Directory Federation Services

Download Active Directory Federation Services 2.0 RTW from Microsoft Download Center

After the download finish launch “AdfsSetup.exe” and then accept the license agreement

On the “Server Role” page, we need to specify which to configure. Since these are the two internal ADFS servers, we wish to configure a “Federation server” so select that and click “Next”

On the “Welcome to the AD FS 2.0 Setup Wizard” page, click “Next”

As you can see on the next page, the wizard will now install a couple of prerequisites on the server. Click “Next”

After a minute or so the wizard will complete successfully and we can now click “Finish”
Make sure to uncheck “Start AD FS 2.0 Management snap-in when this wizard closes” as we want to install Update 2 for AD FS 2.0 before we continue.

When the update has been applied, launch the AD FS 2.0 management console by going to “Start”–> “Administrative tools” and in here selecting “AD FS 2.0 Management”
In the AD FS 2.0 Management console, click “AD FS 2.0 Federation Server Configuration Wizard”

Configure Active Directory Federation Services

a. On DC, click Start, point to Administrative Tools, and then click AD FS 2.0 Management

b. In the AD FS 2.0 management console, in the results pane, click AD FS 2.0 Federation Server Configuration Wizard

c. On the Welcome page, verify that the Create a new Federation Service radio button is selected and then click Next

d. On the Select a Stand-Alone or Farm Deployment page, click the Stand-alone federation server radio button and then click Next

e. On the Specify the Federation Service Name page, verify that the SSL Certificate and Federation Service name are sts.yourchilddomainname and then click Next

If the certificate name is not correct, do not continue. You must cancel the wizard and create the correct certificate using the procedure in tasks 5 and 6.

f. On the Ready to Apply Settings page, review the configuration and then click Next

Wait for the configuration to complete.

g. On the Configuration Results page, review the results and click Close

h. Close the AD FS 2.0 management console and log off DC

Be in tune for Part 3….

Office 365 "W15" Hybrid Deployment Exchange Server 2010 SP3 (Part I ) – Prerequisites


Introduction

Office 365’s Exchange Online is a compelling product from Microsoft that can be integrated with your existing on-premises Exchange Server 2010 organization to extend your Exchange deployment to the cloud.

In this five-part series, we’ll be looking more into Microsoft’s Hybrid Configuration Wizard (HCW), new in Exchange 2010 Service Pack 3 , which automates the process of configuring both your existing Exchange organization and Exchange Online to interact smoothly with little impact on your end-users.

A Hybrid Exchange deployment allows Office 365 to act as an extension of your existing on-premises deployment. This means users don’t necessarily need to know where their mailbox is hosted, and can continue to connect to Exchange in the same way they’ve always done. Mail routing can flow through your existing Exchange on-premises deployment, the process to configure clients like Outlook and ActiveSync clients remains the same, and end-users use existing Outlook Web App web addresses to sign in with a browser. In addition, services like Exchange Online Archives can be deployed to allow a user’s primary mailbox to be hosted on premise, whilst the archive mailbox is located in the cloud. In part one, we’re going to look at the pre-requisites required for a hybrid configuration and perform necessary checks against your Exchange deployment to help ensure a successful configuration.

Before we begin

There are a few pre-requisites to consider before we run the Hybrid Configuration Wizard. First, we’ll need an Office 365 subscription, known as a tenant. If you’ve not got one yet, and want to try it out – I’d recommend signing up for trial of the service. Even if you’ve already signed up for your production tenant, you’ll find a trial useful to allow you set things up in your test lab.

Once we’ve got the tenant, you’ll need to work through the basics covered in the Office 365 deployment guide, including executing the Office 365 Deployment Readiness Tool to check for any organizational issues and registering the accepted domains in Office 365 and Exchange that you’re going to use for your hybrid deployment.

I’d also recommend setup of Active Directory Federation Services 2.0 to provide authentication of your Office 365 mailboxes against your local Active Directory, a must for any Hybrid Deployment. Finally, you’ll need to setup and configure the Microsoft Online Services Directory Synchronization Tool (DirSync) so that local Active Directory accounts will be synchronized to Office 365.

Ensuring you are running the right Exchange 2010 Service Pack

If you are running a Wave 15 tenant – that’s an Office 365 tenant that’s running the latest version of Office 365 available -you’ll need to make sure you are running Exchange 2010 Service Pack 3 on the servers you’ll use for your Hybrid Configuration. As a minimum this will mean an upgrade to Service Pack 3 across all Exchange Servers within your Internet-facing site. You can tell which version your tenant is by logging onto the Office 365 portal easily, as illustrated below:

Figure  1

Hybrid Deployment Prerequisites

Before you create and configure a hybrid deployment using Microsoft Exchange Server 2013 and the Hybrid Configuration wizard, your existing on-premises Exchange organization must meet certain requirements. If you don’t meet these requirements, you won’t be able to complete the steps within the Hybrid Configuration wizard and you won’t be able to configure a hybrid deployment between your on-premises Exchange organization and the Exchange Online organization in Microsoft Office 365.

Important:

This feature of Exchange   Server 2013 is currently not compatible with Office 365 operated by 21Vianet   in China. For more information, see Learn about Office 365 operated by   21Vianet.

Prerequisites for hybrid deployment

The following prerequisites are required for configuring a
hybrid deployment:

  • On-premises Exchange organization   Hybrid deployments can be configured for on-premises Exchange 2007-based organizations or later. For Exchange 2007 and Exchange 2010 organizations, at least one Exchange 2013 Client Access and one Exchange 2013 Mailbox server must be installed in the on-premises organization to run the Hybrid Configuration wizard and support Exchange 2013-based hybrid deployment functionality. We recommend combining the Exchange 2013 Client Access and Mailbox server roles on a single server when configuring hybrid deployments with Exchange 2007 and Exchange 2010 environments. All on-premises Exchange 2013 servers must have installed Cumulative Update 1 (CU1) or greater for Exchange 2013 to support hybrid functionality with Office 365. For more information, see Cumulative Updates for Exchange 2013.
    For a complete listing of Exchange Server and Office 365 for enterprises tenant hybrid deployment compatibility, see the requirements listed in the following table for Exchange 2013-based and Exchange 2010-based hybrid deployments.

Note: To verify your   Office 365 tenant version and status, see Verify Office 365   tenant version and status later in this topic.

Note:
1 Blocked in Exchange 2013   setup
2 Tenant upgrade   notification provided in Exchange Management Console
3 Requires at least one   on-premises Exchange 2010 SP2 server
4 Requires at least one   on-premises Exchange 2010 SP3 server
5 Requires at least one   on-premises Exchange 2013 CU1 or greater server

  • Office 365 for enterprises   An Office 365 for enterprises tenant and administrator account and user licenses available on the tenant service to configure a hybrid deployment. The Office 365 tenant version must be 15.0.620.28 or greater to configure a hybrid deployment with Exchange 2013. Additionally, your Office 365 tenant status must not be transitioning between service versions. For a complete summary, see the preceding table. To verify your Office 365 tenant version and status, see Verify Office 365 tenant version and status later in this topic.
    Learn more at Sign up for Office 365.
  • Custom domains   Register any custom domains you want to use in your hybrid deployment with Office 365. You can do this by using the Office 365 Administrative portal, or by optionally configuring Active Directory Federation Services (AD FS) in your on-premises organization.
    Learn more at Add your domain to Office 365.
  • Active Directory synchronization   Deploy Office 365 Active Directory synchronization in your on-premises organization.
    Learn more at Active Directory synchronization: Roadmap.
  • Autodiscover DNS records   Configure the Autodiscover public DNS records for your existing SMTP domains to point to an on-premises Exchange 2013 Client Access server.
  • Office 365 organization in the Exchange admin center (EAC)   The Office 365 organization node is included by default in the on-premises EAC, but you must connect the EAC to your Office 365 organization using your Office 365 tenant administrator credentials before you can use the Hybrid Configuration wizard. This also allows you to manage both the on-premises and Exchange Online organizations from a single management console.
    Learn more at Hybrid Management in Exchange 2013 Hybrid Deployments.
  • Certificates   Install and assign Exchange services to a valid digital certificate purchased from a trusted public certificate authority (CA). Although self-signed certificates should be used for the on-premises federation trust with the Microsoft Federation Gateway, self-signed certificates can’t be used for Exchange services in a hybrid deployment. The Internet Information Services (IIS) instance on the Client Access servers configured in the hybrid deployment must have a valid digital certificate purchased from a trusted CA. Additionally, the EWS external URL and the Autodiscover endpoint specified in your public DNS must be listed in Subject Alternative Name (SAN) of the certificate. The certificate installed on the Mailbox and Client Access (and Edge Transport if deployed) servers used for mail transport in the hybrid deployment must all use the same certificate (that is, they are issued by the same CA and have the same subject).
    Learn more at Certificate Requirements for Hybrid Deployments.
  • EdgeSync   If you’ve deployed Edge Transport servers in your on-premises organization and want to configure the Edge Transport servers for hybrid secure mail transport, you must configure EdgeSync prior to using the Hybrid Configuration wizard.

Important: Although EdgeSync is a   requirement in deployments with Edge Transport servers, additional manual   transport configuration settings will be required when you configure Edge   Transport servers for hybrid secure mail transport.
Learn more at Edge Transport Servers with Hybrid Deployments.

After you’ve made sure your Exchange organization meets these requirements, you’re ready to use the Hybrid Configuration wizard. For more detailed guidance, see Create a Hybrid Deployment with the Hybrid Configuration Wizard.

Recommended tools and services

In addition to the required prerequisites described earlier, other tools and services are beneficial when you’re configuring hybrid deployments with the Hybrid Configuration wizard:

  • Remote Connectivity Analyzer tool   The Microsoft Remote Connectivity Analyzer tool checks the external connectivity of your on-premises Exchange organization and makes sure that you’re ready to configure your hybrid deployment. We strongly recommend that you check your on-premises organization with the Remote Connectivity Analyzer tool prior to configuring your hybrid deployment with the Hybrid Configuration wizard.
    Learn more at Remote Connectivity Analyzer Tool.
  • Single sign-on   Although not a requirement for hybrid deployments, single sign-on enables users to access both the on-premises and Exchange Online organizations with a single user name and password. Single sign-on provides users with a familiar sign-on experience and allows administrators to easily control account policies for Exchange Online organization mailboxes by using on-premises Active Directory management tools.
    Single sign-on is also highly recommended for organizations that plan on deploying Exchange Online Archiving (EOA) in their Exchange organization.
    If you decide to deploy single sign-on with your hybrid deployment, we recommend that you deploy it with Active Directory synchronization and before using the Hybrid Configuration wizard.
    Learn more at Prepare for single sign-on.

Verify Office 365 tenant version and status

To verify the version and status of your Office 365 tenant, follow the steps below:

  • Connect to the Office 365 tenant using remote Windows PowerShell. For step-by-step connection instructions, see Connect Windows PowerShell to the Service.
  • After connecting to the Office 365 tenant, run the following command.
    Copy
    Get-OrganizationConfig | Format-List AdminDisplayVersion,IsUpgradingOrganization
    Verify that your Office 365 tenant and status meet the following requirements:
    • AdminDisplayVersion parameter value is equal to or greater than 15.0.620.28
    • IsUpgradingOrganization parameter is False
      For example, “0.20 (15.0.620.51)” and “False”.

Warning:

If your Office 365   tenant version and status don’t meet the hybrid deployment requirements, the   Hybrid Configuration wizard won’t complete successfully.

Pre-flight checks against your Exchange environment

With your Office 365 prerequisites in place, it’s time to check over your Exchange environment to verify that everything you need for the Hybrid Configuration Wizard to successfully execute is in place, and help ensure that features work after your hybrid configuration has been implemented.

Auto Discover and Exchange Web Services Checks

The first thing we need to check is connectivity to Auto Discover and Exchange Web Services from outside your organization. If you’ve already got external clients working correctly, there’s a fair chance this is already configured, but it doesn’t hurt to test.

To test Auto Discover and Exchange Web Services, we’ll use Microsoft’s Remote Connectivity Analyzer to simulate Exchange Web Services connectivity, using AutoDiscover as part of the process. First create a test Exchange mailbox, and then run the EWS General Test (as shown below) to verify connectivity, and remediate if necessary.


Figure 2

Reverse Proxy, ISA or TMG checks

If you’re using a reverse proxy that uses pre-authentication for your deployment, you’ll also need to examine it’s configuration. That’s because the federated components of Exchange use token-based authentication to connect from Office 365 to your Exchange On-Premises organization rather than traditional authentication against your Active Directory, and services such as the MRS Proxy don’t support SSL Offload for the EWS virtual directory.

Although there are more complicated ways of achieving it, the simplest way to ensure TMG doesn’t cause any problems is to move your rules for the EWS and AutoDiscover virtual directories into a dedicated rule, with the following key settings:

Allow All Users

Figure 3

Authentication Delegation set to “No delegation, but client may authenticate directly”
Figure 4

Publishing the paths /ews/* and /autodiscover/*
Figure 5

Hub Transport checks

Moving onto the Hub Transport components, we need to consider how Exchange will be able to route mail inbound and outbound to and from Office 365.

As part of the Hybrid Configuration Wizard, a new receive connector will be created, pre-populated with the correct IP address ranges to allow mail to be received from Office 365. We’ll also need to allow our Hybrid Server, or Exchange 2010 servers hosting the hub-transport role to send and receive mail to those IP address ranges at the network firewall level. The method to accomplish this varies based on your network design, but you will typically need to expose at least one Hub Transport server to the internet with a public IP address, with firewall restrictions to only allow Office 365 to communicate both to and from it on the SMTP port, TCP port 25.

Additionally, we’ll need to ensure the correct certificates are installed and in place for TLS-secured mail transport. When we tested EWS and AutoDiscover earlier, certificates were tested on the Client Access roles, but you’ll also need to ensure that a suitable certificate is available on the Hub Transport servers if they are on different Exchange Servers; and that the certificate name is suitable. This may mean you need to ensure the Fully Qualified Domain Name (FQDN) you use for your Hub Transport roles is present on the Subject Alternative Name (SAN) certificate. If you’re currently using a wildcard certificate, although it’s not a best practice, this should work fine.

Address Book Policy checks

If you’re in the process of upgrading to Exchange 2010, or have only installed the Exchange 2010 Hybrid server role into your existing environment, you will also need to give your Email Address Policies (or Recipient Policies in Exchange 2003 terminology) some consideration. During the Hybrid Configuration Wizard, your Default Email Address Policy will be upgraded and then one of your Office 365 tenant domains will be added to the policy, before applying it to your Exchange organization.

Therefore it’s important to make sure that the Email Address policies are in good order before you begin and you should be confident that when the Hybrid Configuration Wizard applies the Default Email Address policy it will complete successfully.

Outbound HTTP connection and proxy checks

Next, we need to consider any network infrastructure that might prevent our Exchange 2010 Hybrid servers from communicating with Office 365 via HTTPS. The number one issue I usually see is proxy server related, so it’s worth ensuring that you’ve tackled this up-front before you run into issues.

If at all possible, I’d recommend allowing the Exchange Servers to communicate with Office 365 directly via HTTPS and avoid proxy servers for this communication altogether, however if that’s not possible, ensure you do the following:

  • Ensure all Exchange servers participating in the Hybrid Configuration, and installations of the Exchange Management Console you’ll use to manage the environment can by-pass proxy servers for the Office 365 and Exchange Online IP addresses and URLs.
  • Configure the correct proxy settings using the netsh command. An easy way to do this is by configuring Internet Explorer on the server with the correct settings, testing the settings in IE and then using an elevated command prompt executing the following command:
    netsh winhttp import proxy source=ie
  • Configure the correct proxy server settings within the Exchange 2010 Hybrid servers, using the following Exchange Management Shell cmdlet:
    Set-ExchangeServer <servername> -InternetWebProxyURL:http://proxy:port

If you’re using a proxy server in your environment already, there’s a good chance you’ve already performed some of this configuration, but even if you think it’s right, it’s worth double checking settings before you continue.

Once making sure relevant proxy settings are configured correctly, you’ll need to make sure you can connect the Exchange Management Console to your Office 365 tenant. This will not only test proxy settings you’ve configured, but it’s also necessary later on when we use the Exchange Management Console to run the Hybrid Configuration Wizard.

To connect the Exchange Management Console to your Office 365 tenant:

  • Right click on the “Microsoft Exchange” root node, and choose “Add Exchange Forest”
  • Enter a friendly name, such as “Office 365”
  • From the drop-down, select “Exchange Online”

After entering your tenant credentials, you should see your tenant alongside your on-premises Exchange organization:


Figure 6

Summary
In part one, we’ve looked at the pre-flight checks we need to perform to help ensure a successful execution of the Hybrid Configuration Wizard. In the following parts of this series, we’ll take a quick look at what goes on under the hood of the Hybrid Configuration Wizard itself, walk through its execution and then finally test functionality.

To be continue Wink