Posts filed under ‘Exchange and O365’

How to create an O365 Mailbox when there is no On-Prem Exchange Servers.

In some cases the IT department decomission the On-Prem Exchange Server after migrating the mailboxes to O365. (For detailed steps for uninstallation of Exchange Please refer my previous article : https://vands.pro/2018/11/06/how-to-decomission-on-prem-exchange-server-after-migrating-the-mailboxes-to-o365/.

OK, Coming back to mailbox creation ; All these steps need to be done in the ADUC

 

+ Create an AD User.

+ Type the email address in the email field.

+ Go to the Account Tab and select the correct domain name.

+ In the Attributes Editor  modify the two parameter’s as below

proxyAddresses: SMTP: myemail@email.com

targetAddress: SMTP: myemail@companyname.onmicrosoft.com

+ Either perform a manual sync or wait for the next schedule.

+ After the Sync is completed you will be able to see the user in O365 Portal and need to assign the Exchange License to complete
the mailbox creation.

Credits: https://c7solutions.com/2014/07/creating-mailboxes-in-office-365-when-using-dirsync

 

Advertisements

November 6, 2018 at 11:45 am 1 comment

How to Decomission On-Prem Exchange Server after migrating the Mailboxes to O365

Few weeks ago, we had project to migrate the Exchange 2010 Mailboxes to O365. After the  migration completed  we had to remove the On-Prem Exchange Servers(Even though it is not a supported scenario from Microsoft , still you could do this.) This will lead you to to adopt non standard methods when creating new mailboxes(Refer my post https://vands.pro/2018/11/06/how-to-create-an-o365-mailbox-when-there-is-no-on-prem-exchange-servers/ for detailed steps). Also if you still needed an Exchange Server in your premises to avoid complication you could contact MS O365 Support to obtain a free Exchange Hybrid License and install an Exchange Server.

Coming back to the original goal of this article you need to follow the below steps if you have decided to remove the Exchange Servers; Also note that uninstallation of Exchange will not impact the O365 mailboxes in any manner.

+ By this time you should have changed the MX and related DNS records on 
    the on-prem DNS and Public DNS Servers.

+ Set the AD Internal URL to null
  Get-ClientAccessServer | Set-ClientAccessServer 
  -AutoDiscoverServiceInternalUri $Null

+  Then disable the AD Sync(Temporarily)
    Set-MsolDirSyncEnabled -EnableDirSync $false
    (Get-MsolCompanyInformation).DirectorySynchronizationEnabled – To
    view the current status.

+ Open Exchange Shell in one of the Exchange Server(uninstallation should
  be started in the order of MBOX,CAS,HUB & Edge)

+ Remove default Public folders

Get-PublicFolder “\” -Recurse -ResultSize:Unlimited |
Remove-PublicFolder -Recurse -ErrorAction:SilentlyContinue

+ Remove system Public folders

Get-PublicFolder “\Non_Ipm_Subtree” -Recurse -ResultSize:Unlimited |
Remove-PublicFolder -Recurse -ErrorAction:SilentlyContinue

+ Remove Offline Address Book

Get-OfflineAddressBook | Remove-OfflineAddressBook

+ Remove send connectors

Get-SendConnector | Remove-SendConnector

+ Remove Public Folder Database

Get-PublicFolderDatabase | Remove-PublicFolderDatabase

+ + Remove Arbitration Mailbox

Get-Mailbox -Arbitration | Disable-Mailbox -Arbitration -DisableLastArbitrationMailboxAllowed

+ Disable / Delete All non migrated Mailboxes

Get-Mailbox | Disable-Mailbox

+ Open CMD as Administrator and Go to the bin folder in the Exchange Installation Folder in your C: drive(Depend on your environment)
   
  setup.com /m:unistall.

+ Once all the Exchange Roles are uninstalled disjoin the servers from the AD.

+ Re-run the AD Sync Tool and remove the Tick on Exchange Hybrid Configuration.

+ Re-enable the AD Sync

  Set-MsolDirSyncEnabled -EnableDirSync $false

 

Credits: https://www.itpromentor.com/remove-hybrid-keep-sync/

Good Luck Guys.

 

 

 

 

 

November 6, 2018 at 11:34 am Leave a comment

Azure AD Password Sync Error with Event ID 611

Recently we faced an issue with the Password Sync from our On-Prem AD server . The strange issue was when we create/delete  an AD object the synchronization completes successfully except for the Password changes. In the event viewer on the AAD connect server we could see event ID 611.

Password synchronization failed for domain: test.com

Details:
System.DirectoryServices.Protocols.LdapException: The operation was aborted because the client side timeout limit was exceeded.

 

If you are facing the same issue , you need to modify the registy entry on the AAD connect server as below;

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Ldap

Modify the parameter LdapClientIntegrity to 0.

But I am still not sure , is it a Bug or not, If I come across any information about the cause of the error , I will update this post accordingly.

Good Luck.

 

October 23, 2018 at 4:06 pm Leave a comment

How to descommission the On-Prem Exchange server after the successful migration to O365.

When you performed a cutover or Hybrid migration to O365 , You need to uninstall the On-Prem Exchange Server. Even though MS recommends to keep at least one Exchange On-Prem Server(Does not require any license and special license available for this use cases), Some environments require them to be uninstall in that case we could follow the below steps.(Please note I have not included any screenshots because if you are reading this article you should have well familiarized with O365 Admin / EAC consoles.

  • Change the DNS records internally & externally to point it to O365.
  • Open EAC on Office365
  • Click on Mailflow -> Open Connectors
  • Disable or Delete the 2 Connectors ( Both Inbound & Outbound)
  • Click on Organization and remove the O365 to Onpremises …config.
  • Stop the AD Sync (Set-MsolDirSyncEnabled –EnableDirSync $false)
  • Remove all the unwanted or non migrated mailboxes from the On-Prem Server
  • Remove the Public Folders
  • Remove / Disable Arbitration Mailbox ( Get-Mailbox –Arbitration )
  • Optional(Remove OAB)
  • Uninstall Exchange
  • Re-enable ADSync (Set-MsolDirSyncEnabled –EnableDirSync $true)

http://galinlab.com/2017/07/06/decommissioning-exchange-after-cutover-migration-with-dirsyncadsync-is-enabled/Credits:

October 21, 2018 at 11:40 am Leave a comment

How to recover from FWS and DAG Member failure in 2 Node DAG

Hi Folks

Recently we had a situation where one of our customer was affected with a malware and  most of his servers became unusable. The impact caused the File Witness Servers( a Domain Controller) and one of the Exchange Node from the 2 Node DAG environment to become instable.

So after studying the impact we decided to do the below ;

  • Remove the Failed Node from the DAG and rebuild it from scratch and attach it to the DAG again.
  • Change the FWS to another server.

But unfortunately we were not able to proceed as we expected because the cluster service on the remaining node was not able to reach any cluster defined.  When I opened the Failover Cluster Manager I was not able to reach or connect it to the DAG Cluster (As it was not able to reach any the Quorum in our case it is the FWS.  The same was confirmed by the below command:

  • cluster node
    This will show the failed node as down and the survived DAG node in Joining state

To overcome the problem  you have to restart the cluster without quorum to do that type the below command on the  Exchange server

net stop clussvc

net start clussvc  /fq

 

Boom ..  everything  returned normal with Windows Clustering on the remaining node ( you could verify it with the same command ;  cluster node) . I was able to connect it to the DAG cluster via the Windows Clustering Manager.

Now the cluster is restored and I had to move the FWS to another server so I ran the command below which set the new FWS ( Source: https://practical365.com/exchange-server/recovering-a-failed-exchange-2016-database-availability-group-member/)

Set-DatabaseAvailabilityGroup -Identity “DAG-Name” -WitnessDirectory c:\FWS -WitnessServer “New Server Name”

Now  we were able to proceed with the remaining steps that is to
– remove the Mailbox Copies from the Failed Server
–  Move the Active Mailboxes from the Failed Server to the active Server

The commands I used are

  • Get-MailboxDatabaseCopyStatus -Server “Failed Exchange Server Name”  | Remove-MailboxDatabaseCopy -Confirm:$false
  • Move-ActiveMailboxDatabase “Mailbox Database Name” -ActivateOnServer “Exchange Server Name”  -SkipHealthChecks -SkipActiveCopyChecks -SkipClientExperienceChecks -SkipLagChecks -MountDialOverride:BESTEFFORT

Thereafter you could proceed with the remaining steps as mentioned below;

To remove the failed server from the DAG (-ConfigurationOnly switch will execute the command without trying to contact the failed server)

  • Remove-DatabaseAvailabilityGroupServer -Identity “DAG Name”  -MailboxServer “Failed Exchange Server Name” -ConfigurationOnly

Thereafter you need to remove the failed server from the Cluster Group to do that;

  • Get-ClusterNode “Failed Exchange Server Name”  | Remove-ClusterNode

Once you are able to pass through all the steps  , the only thing left is to rejoin the Failed Exchange Server to the same DAG. (Refer Article:https://practical365.com/exchange-server/recovering-a-failed-exchange-2016-database-availability-group-member/)

Hope this will help someone in a similar situation.

Good Luck

Muralee

November 21, 2017 at 12:28 pm Leave a comment

How to Allow Mail Relay on Exchange 2016

Hi All

Being an Exchange Administrator you would often come across requirements to allow mail relay from Internal Application or Some Appliances in order to send emails alerts through your Exchange Server. In this case you need to do the below;

  • Create a New Receive Connector with any name E.g: Anonymous  Relay
  • Select the Role as FrontEnd Transport
  • Select the Usage Type as Custom
  • Leave the bindings as default.
  • In the Remote IP addresses that are allowed to use this connector enter the IP addresses of your appliance of application server which wants to use the Exchange for Mail Relay

Once the above steps are done , you need to run the below PS Commands:

  • Set-ReceiveConnector "Anonymous Relay" -PermissionGroups AnonymousUsers
  • Get-ReceiveConnector "Anonymous Relay" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"
    

Source1 :https://technet.microsoft.com/en-us/library/mt668454(v=exchg.160).aspx

Source2:http://exchangeserverpro.com/exchange-2016-smtp-relay-connector/#comment-409194

UPDATE:1  With Exchange 2016 CU3 you will not be able to create this connector through the ECP , thus you need to use the below PS commands:

 

New-Receiveconnector -Name “Mail Relay” -RemoteIPRange (“Remote IP “) -TransportRole “FrontendTransport” -Bindings (“0.0.0.0:25”) -usage “Custom” -Server “Exchange Server Name”

 

 

December 27, 2016 at 8:48 am Leave a comment

Older Posts


Archives

Categories

Follow Hope you like it.. on WordPress.com

Blog Stats

  • 16,734 hits

%d bloggers like this: