Posts tagged ‘powershell’
How to offboard Exchange Online Mailboxes to Exchange On-Prem using Exchange Hybrid Environment
Recently , we had a project to offboard Exchange Online Mailboxes to On-Prem Exchange. In this environment customer already have Entra Connect Server. I would like to share the steps we followed during the project so it could be referred by anybody who is having a similar requirements.
However , I am not going to list out any commands here as it is freely available in many web sites.
- First we deployed Exchange On-Prem Server and completed all the configuration like DAG , Connector etc.
- Then we deployed the Exchange hybrid Configurations with Centralized Mail Transport.
- All the autodiscover,MX and other Exchange related DNS records were re-pointed to Exchange On-Prem Public IP’s.
- Created a TestMailbox in Exchange On-Prem and tested the email flow.
– Email sent to Exchange On-Prem Mailbox from Outside delivered successfully.
– Email sent to ExchangeOnline Mailbox from outside bounced back with an error user not found in the organization.
– Email tests sent from Exchange On-Prem to Exchange Online and vice versa failed. - After troubleshooting we found out the Exchange Online mailboxes were not visible on Exchange-On-Prem ECP. Further troubleshooting revealed that the AD user attribute for the AD synced users does not have Remote Routing Address.(e.g testdomain.mail.onmicrosoft.com)
- So we decided to do a bulk update of all the users to populate their Remote Routing Address.(You must do a Delta AD Sync after this process). Thereafter , we were able to see all the Exchange Online Mailboxes in the Exchange On-Prem ECP.
- Tested all the email scenarios and confirmed everything is working fine.
- The other obstacle we faced is that , when an email sent from Exchange Online Mailboxes to outside world the relaying was denied by the Exchange On-Prem server.Even though , we believed the default FrontEnd receive connector in Exchange On-Prem had all the requirement for this, we ended up creating a new Receive Connector and added all the Exchange Online IP’s to allow the email relay and resume the e-mail flow.
Hope it helps some one who is struggling to find a proper article for similar scenario. In case , if you want to reach out to me for detailed steps like commands used for bulk import/export/AD properties update , please feel free to reach out to me.
The public folder database ‘Public Folder Database 0206806109″ cannot be deleted
If you are migrating from an earlier version of Exchange to a newer version , you may come across a situation where you are not able to decommission the old exchange server due to the inability to delete the Public Folder databases with the below error message.
Public Folder Database 0206806109
Failed
Error:
The public folder database “Public Folder Database 0206806109” contains folder replicas. Before deleting the public folder database, remove the folders or move the replicas to another public folder database. For detailed instructions about how to remove a public folder database, see http://go.microsoft.com/fwlink/?linkid=81409&clcid=0x409.
You may opt to use the ADSI edit to forcibly delete the Public folder. But , I would not recommend this approach as the ADSI Tool there is no error check or validation is performed.
You can use the below powershell commands to safely delete the replicas of the remaining Public folders and System public folders after ensuring all the needed Public Folders are migrated to the new exchange servers.
Get-PublicFolder-ServerExch-2010 "\NON_IPM_SUBTREE"-Recurse-ResultSize:Unlimited | Remove-PublicFolder-ServerExch-2010-Recurse-ErrorAction:SilentlyContinue
Now you could remove the Publice folder dataabsae
Remove-PublicFolderDatabase “Public Folder Database 0206806109”
Source:https://blog.rmilne.ca/2020/09/30/unable-to-remove-exchange-2010-public-folder-database/
How to check the AD Schema version
We all know , how to check the FFL & DFL version using the AD Snap-ins.However , if you want to check the AD schema version , you need to run regsvr32 schmmgmt.dll to active the MMC snap-in to get the required details.
Most of the time this process will fail and need additional troubleshooting steps. Instead of that , you can use the below PowerShell command to easily get the AD schema version. In the meantime , you could still use the ADSI Edit as well.
Get-ADObject (Get-ADRootDSE).schemaNamingContext -Property objectVersion
Output of the above command will give you a value for the ObjectVersion. This value need to be compared with below to obtain the correct schema version.
Source: https://support.globalsign.com/aeg/aeg-how-check-active-directory-schema-version
How to import Users to Windows 2012 Active Directory using PowerShell
Hi Guys
In many AD installations I do come across requirements to create multiple users in Active Directory(More than 200 in many cases) .In these cases we could use the below mentioned CSV template and use the PS command to directly import the users in to Active Directory.
Here the Path value is pointing to the OU that you want to place the users in the Active Directory , which could be find using the Attribute Editor of the OU(We need to enable the Advance Feature in the ADUC Management Console)
PS Command Syntax
Import-CSV C:\anyname.csv | New-ADUser –AccountPassword (ConvertTo-SecureString –AsPlaintext “any complex password” –Force) –PassThru | Enable-ADAccount.
Example:
Import-CSV C:\Users_1.csv | New-ADUser –AccountPassword (ConvertTo-SecureString –AsPlaintext “P@ssw0rd” –Force) –PassThru | Enable-ADAccount
Update2:
I am including here another method to achieve the same.
# Prepare the CSV file as per below(You could any details as much as you want, by adding the correct attribute.)
firstname,lastname,username,email,department,password,jobtitle,company,ou,Mobile
# Then run the below powershell.
+ You must change the active directory domain name.
+ You must change the csv file name.
+ Ensure that , you have given the proper DN namespace for the OU Value. Otherwise , the script will fail with the below error messages:
“No superior reference has been configured for the directory”
“New-ADUser : The object name has bad syntax”
===================================================================================
# Import active directory module for running AD cmdlets
Import-Module activedirectory
#Store the data from ADUsers.csv in the $ADUsers variable
$ADUsers = Import-csv C:\test.csv
#Loop through each row containing user details in the CSV file
foreach ($User in $ADUsers)
{
#Read user data from each field in each row and assign the data to a variable as below
$Username = $User.username
$Password = $User.password
$Firstname = $User.firstname
$Lastname = $User.lastname
$OU = $User.ou #This field refers to the OU the user account is to be created in
$email = $User.email
$telephone = $User.Mobile
$jobtitle = $User.jobtitle
$company = $User.company
$department = $User.department
$Password = $User.Password
#Check to see if the user already exists in AD
if (Get-ADUser -F {SamAccountName -eq $Username})
{
#If user does exist, give a warning
Write-Warning “A user account with username $Username already exist in Active Directory.”
}
else
{
#User does not exist then proceed to create the new user account
#Account will be created in the OU provided by the $OU variable read from the CSV file
New-ADUser `
-SamAccountName $Username `
-UserPrincipalName “$Username@vands.pro” `
-GivenName $Firstname `
-Surname $Lastname `
-Name “$Firstname $Lastname” `
-DisplayName “$Lastname, $Firstname” `
-Enabled $True `
-Path $OU `
-Company $company `
-EmailAddress $email `
-Mobile $telephone `
-Title $jobtitle `
-Description $jobtitle `
-Department $department `
-AccountPassword (convertto-securestring $Password -AsPlainText -Force) -ChangePasswordAtLogon $True
}
}
===============================================================================
Hope you like it.. 