How to identify who accessed mailboxes in Exchange 2010

Introduction

In large organizations mailboxes may be accessed by a number of people besides the owners – including delegates and administrators. Because of this, proper auditing of mailbox access needs to be carried out in order to defend against the misuse of critical information. Mailbox audit logging (available from Exchange 2010 SP1 onwards) helps to track mailbox access and meet regulatory compliances mandates. Below are the steps you need to take to audit mailbox access:

Step 1 – To check whether mailbox audit logging is enabled

To verify whether auditing is enabled on a mailbox, run:

Get-Mailbox –Identity <mailbox name> | Format-List *audit*

Note: Mailbox auditing on mailboxes is disabled by default.

For example:

Get-Mailbox –Identity TestUser1 | Format-List *audit*

Step 2 – To enable mailbox audit logging for a mailbox

To enable mailbox audit logging, run the command in the following syntax in Exchange Management Shell:

Set-Mailbox -Identity “<mailbox name>” -AuditEnabled $True

 

Note: The audit logs are stored for 90 days by default.

For example:

Set-Mailbox -Identity “TestUser5” -AuditEnabled $True

 

 Step 3 – To enable mailbox audit logging for specified users and specified operations

 To enable mailbox auditing for specified operations by the administrator, delegates or owner, follow the syntax:

Set-Mailbox -Identity “<mailbox name>” -AuditAdmin <opeartion1>, <operation2> -AuditEnabled $True

 

Set-Mailbox -Identity “<mailbox name>” -AuditDelegate <opeartion1>, <operation2> -AuditEnabled $True

 

Set-Mailbox -Identity “<mailbox name>” -AuditOwner <opeartion1>, <operation2> -AuditEnabled $True

 

For example:

Set-Mailbox -Identity “TestUser3” -AuditAdmin HardDelete, SoftDelete -AuditEnabled $True
Set-Mailbox -Identity “TestUser3” -AuditDelegate SendAs, SendOnBehalf -AuditEnabled $True
Set-Mailbox -Identity “TestUser3” -AuditOwner MoveToDeletedItems -AuditEnabled $True

Step 4– To view the mailbox audit log data (for a single mailbox)

To view the mailbox audit log data, run:

Search-MailboxAuditLog -Identity <mailbox name> -LogonTypes <Admin, Delegate> -ShowDetails -StartDate <mm/dd/yyyy> -EndDate <mm/dd/yyyy> -ResultSize <size>

 

For example:

Search-MailboxAuditLog -Identity TestUser5 -LogonTypes Admin, Delegate -ShowDetails -StartDate 09/01/2016 -EndDate 09/06/2016 -ResultSize 1

Step 5 – To get the audit log data by email (as XML file) for one or more mailboxes

To get the audit log data by email (as XML file) for one or more mailboxes, run:

New-MailboxAuditLogSearch -Mailboxes “<mailbox1 name>”,”<mailbox2 name>” -LogonTypes <Admin, Delegate> -StartDate <mm/dd/yyyy> -EndDate <mm/dd/yyyy> -StatusMailRecipients “<email id>” -ShowDetails

 

 

For example:

New-MailboxAuditLogSearch  -Mailboxes “TestUser5” -LogonTypes Admin, Delegate -StartDate 09/01/2016 -EndDate 09/06/2016 -StatusMailRecipients administrator@www.vdoc.com -ShowDetails

Step 6 – To disable mailbox auditing

To disable mailbox auditing, use:

Set-Mailbox -Identity “<mailbox name>” -AuditEnabled $false

For example:

Set-Mailbox -Identity “TestUser1” -AuditEnabled $false

Conclusion:

From a security and compliance standpoint, it’s important for organizations to track who accesses mailboxes and what actions they take once inside. From 2010 SP1 onwards, Microsoft Exchange provides a mailbox auditing facility to make this a possibility. However, it can be time consuming and the reports generated are not very user friendly. Automated Exchange auditing solutions, like LepideAuditor for Exchange Server, provide more detailed and easy-to-read mailbox access reports to help organizations easily meet regulatory compliances challenges.

Author:
Ajit Singh is associated with Lepide Software as a Manager – Marketing Operations. Lepide Software provides solutions for change auditing and compliance, server migration and Exchange recovery.

Posted in Exchange | Tagged , , | Leave a comment

office 365 Hybrid email Routing

As engaged with office 365 migration therefore I am learning more & more about office 365 and one of the interesting topic is email routing to & from exchange online /on-premise.

There are two options that are suggested by Hybrid wizard

  • Typical
  • Centralized

8

When you select Typical , internal mail flow i.e

Exchange online to Exchange on-premise & vice versa happens thru Hybrid servers but internet email from  Exchange online routes using EOP & from Exchange on-premise routes whatever you have already defined in connectors (example: third party gateways). This is also known as Decentralized routing.

When you select “Enable Centralized mail transport” , internal mail flow i.e

Exchange online to Exchange on-premise & vice versa happens thru Hybrid servers along with internet email , That’s why it is called Centralized routing & is generally selected by enterprise customers as they want to control the flow for different security purposes.

When you run the hybrid wizard what it  does is create connectors in on-prem/ cloud environment based on the option you choose.

You can edit these connectors based on your requirements for mail routing.( be cautious as it will impact routing)

capture

For example:

In one configuration where we were using third-party cloud as email gateway , we have Chosen Typical mail flow & after that added a connector on EOP to route all the internet email via third party gateway ( you need to do settings on third party device so that it can accept email for relay from office 365). This configuration had removed the extra overhead of routing the email internally & than reaching third party.

You have to select Partner organization when configuring the out bound connector from EOP to Internet.

There are other solutions that happen while you work thru the setup for enterprises, As per Microsoft Recommendation they need direct connection(NAT ) from exchange online to hybrid hub servers , no devices should interfere in between the mailflow as that can alter the headers. Only supported device if your organization doesn’t want to direct NAT SMTP is having edge servers in the DMZ.

Here is what we have done for one organization & Microsoft told us that they will not assist in this configuration but if it will work than its fine.

We have reverse proxy the 443 as well as port 25 behind F5 & made it work , This can cause performance issues with large enterprises during mailbox moves as well as SMTP traffic performance can get affected that’s why MS or other cloud members always ask for direct connection but some time situation doesn’t favor because of security concerns raised by the organization so you need to think outside the box & mitigate the concerns.

 

Regards

Sukhija Vikas

http://msexchange.me

 

 

Posted in Exchange, Office 365 | Tagged , , | Leave a comment

Fix Office 365 UPN – Run Daily

This script is very useful & is extension to my other script Fix Office 365 UPN

Fix Office 365 UPN

What it does extra is :

  • It can be scheduled to run daily & process the incremental changes
  • If there is change in SMTP address than also it can detect & update UPN
  • It also has a logic to take care of Users without mailboxes to change the default suffix for them to internet routable suffix.
  • It can slo be used to process all the users (just change the variable $fullrun = “Sunday” to the current day & it will execute to change all the UPNs)

This script you can use when you are done with all the UPN fixing & now you want that further fix is done automatically.

This can be utilized in environments where changing user provisioning process is becoming a challenge & you need a temporary or permanent workaround to mitigate the limitation of provisioning tool.

This is the logic of the script:

Logic for mailboxes:

If (weekday) _ increment

  • Fetch mailboxes that have integer values in extension attribute4 (to check if mailbox is employee mailbox, change it according to your environment)
  • Further filter it with newly created mailboxes
  • If fetching has issues or error out, script will exit & will not process further (example not able to access dc)
  • Further check if UPN matches windows email
  • If number of changes is more than 100 than also script will exit.
  • Update the UPN with windowsemailaddress
  • Log & report
  • Recycle Log & report after 60 days

If(weekend)_ full

  • Fetch mailboxes that have integer values in extension attribute4  (to check if mailbox is employee mailbox, change it according to your enviornemnt 
  • If fetching has issues or error out, script will exit & will not process further(example not able to access dc)
  • Further check if UPN matches windows email
  • If number of changes is more than 100 than also script will exit.
  • Update the UPN with windowsemailaddress
  • Log & report
  • Recycle Log & report after 60 days

Logic for Users without mailboxes:

 If (weekday) _ increment

  •  Fetch Users without mailboxes that have integer values in extension attribute4  &  UPN matches internal domain
  •  Further filter it with newly created Users
  •  If fetching has issues or error out script will exit & will not process further(example not able to access dc)
  • If number of changes is more than 100than also script will exit.
  • Update the UPN — update @internetroutabledomain
  • Log & report
  • Recycle Log & report after 60 days 

If(weekend)_ full

  • Fetch Users without mailboxes that have integer values in extension attribute1 or employeeid &  UPN matches internal domain
  • If fetching has issues or error out script will exit & will not process further(example not able to access dc)
  • If number of changes is more than 100 than also script will exit.
  • Update the UPN  update @internetroutabledomain
  • Log & report
  • Recycle Log & report after 60 days

Note: Exchange Shell & AD Shell is required for executing this script.

Extract the zip file from below link & You can scheduled this script solution or run it using the batch file to see the results on the screen

https://gallery.technet.microsoft.com/scriptcenter/Fix-Office-365-UPN-Run-210f90ee

######################################################################### 
#            Author: Vikas Sukhija 
#            Reviewer: 
#            date: 7/6/2016 
#            Modified:7/11/2016                         
#            Description: Fix o365 UPN 
#            Update: Added reporting 
#            Update: modified to run daily on new users/full on weekends 
#            Update: error checking 
#            Update: included users without mailboxes 
#            Update: Added count logic (exit if changes are more than specified number) 
######################################################################### 
 
$date1 = get-date -format d 
$date1 = $date1.ToString().Replace("/","-"$time = get-date -format t 
 
$time = $time.ToString().Replace(":""-"$time = $time.ToString().Replace(" """) 
 
$logs = ".\Logs" + "\" + "Processed_PS_" + $date1 + "_" + $time + "_.log" 
$report = ".\report" + "\" + "Report_mailboxes" + $date1 + "_" + $time + "_.csv" 
 
$report1 = ".\report" + "\" + "Report_Users" + $date1 + "_" + $time + "_.csv" 
 
$limit = (Get-Date).AddDays(-60) #for report recycling 
$path1 = ".\report\" 
$path2 = ".\Logs\" 
 
$exdomain2 = "@internaldomain.com" 
 
$repdmain = "@internetdomain.com" 
 
$collection = @() 
$collection1 = @() 
 
$coll1 =@() 
$coll2=@() 
 
$fullrun = "Sunday" 
 
$regex = '^\d+$' 
 
$countofchanges = "100" 
 
 
$email1 = "VSukhija@labtest.com" 
$from = "DoNotReply@labtest.com" 
$smtpserver = "smtp.labtest.com" 
 
Start-Transcript -Path $logs 
 
get-date 
 
If ((Get-PSSnapin | where {$_.Name -match "Microsoft.Exchange.Management.PowerShell.E2010"}) -eq $null) 
{ 
    Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010 
} 
 
import-module activedirectory 
 
#########################update All users UPN##################### 
$day = get-date 
 
if($day.dayofweek -like $fullrun){ 
 
Write-host "Running Full Run fix UPN mailboxes" -foregroundcolor green 
 
$users = get-mailbox -resultsize unlimited | where{$_.CustomAttribute1 -match $regex} 
 
#############Exit if error in fetching users####### 
 
if ($error -ne $null) 
      { 
$msg = new-object Net.Mail.MailMessage 
$smtp = new-object Net.Mail.SmtpClient($smtpServer$msg.From = $from 
 
#mail recipient 
$msg.To.Add($email1$msg.Subject = "UPN Fix Script Error Full Run Mailbox exit" 
$msg.Body = $error 
$smtp.Send($msgexit 
}  
 
################################################## 
 
$users | foreach-object{ 
 
$user = $_.samaccountname 
 
$mbx=Get-User $user | Where { -Not [string]::IsNullOrEmpty($_.WindowsEmailAddress) }  
 
 
if($mbx){ 
 
    if($mbx.UserPrincipalName -eq $mbx.WindowsEmailAddress) {Write-host "$user is already setup as "$mbx.UserPrincipalName"" -foregroundcolor blue  
 
    } else{$coll1 +=$mbx} 
} 
 
else{ 
 
$mbx=Get-User $user 
write-host "$user ..doesn't have ..WindowsEmailAddress" -foregroundcolor magenta 
 
} 
 
} 
 
if($coll1.count -lt $countofchanges){ 
 
$count1=$coll1.count 
$count1 
 
$coll1 | foreach-object{ 
 
$sam$_.samaccountname 
 
$mbcoll = "" | select Name,ExistingUPN,WindowsEmailAddress,ModifiedUPN 
 
Set-User -identity $_ -UserPrincipalName $_.WindowsEmailAddress.ToString() 
 
if($error){Write-host "Error occured Updating UPN for $sam as "$_.WindowsEmailAddress"" -foregroundcolor yellow 
        $mbcoll.Name = $_.Name 
    $mbcoll.ExistingUPN = $_.UserPrincipalName 
    $mbcoll.WindowsEmailAddress = $_.WindowsEmailAddress 
    $mbcoll.ModifiedUPN = "Error" 
        $error.clear()} 
        Else{ 
    Write-host "Updating UPN for $sam as "$_.WindowsEmailAddress"" -foregroundcolor magenta 
    $mbcoll.Name = $_.Name 
    $mbcoll.ExistingUPN = $_.UserPrincipalName 
    $mbcoll.WindowsEmailAddress = $_.WindowsEmailAddress 
    $mbcoll.ModifiedUPN = $_.WindowsEmailAddress } 
$collection +=$mbcoll 
} 
} 
else{ 
 
$count1=$coll1.count 
$count1 
 
$msg = new-object Net.Mail.MailMessage 
$smtp = new-object Net.Mail.SmtpClient($smtpServer$msg.From = $from 
#mail recipient 
$msg.To.Add($email1$msg.Subject = "UPN Fix Full Run Script Exit as changes to process are $count1 more than $countofchanges" 
$msg.Body = "UPN Fix Full Run Script Exit as changes to process are $count1 more than $countofchanges" 
$smtp.Send($msgexit 
} 
 
if($collection.count -gt "0"){ 
$collection  | export-csv $report -notypeinfo 
 
$msg = new-object Net.Mail.MailMessage 
$smtp = new-object Net.Mail.SmtpClient($smtpServer$msg.From = $from 
$attach = new-object Net.Mail.Attachment($report)  
 
#mail recipient 
$msg.To.Add($email1$msg.Subject = "UPN Fix Full Run Mailbox Report" 
$msg.Body = "UPN Fix Full Run Mailbox Report" 
$msg.Attachments.Add($attach$smtp.Send($msg) 
 
} 
} 
 
################################Update only increment users mailboxes UPN###################### 
else{ 
 
Write-host "Running Incremental Run fix UPN mailboxes" -foregroundcolor green 
 
$users = get-mailbox -resultsize unlimited | where {($_.CustomAttribute1 -match $regex-and ($_.WhenMailboxCreated -gt (get-date).adddays(-1))} 
 
#############Exit if not able to fetch users################ 
if ($error -ne $null) 
      { 
$msg = new-object Net.Mail.MailMessage 
$smtp = new-object Net.Mail.SmtpClient($smtpServer$msg.From = $from 
 
#mail recipient 
$msg.To.Add($email1$msg.Subject = "UPN Fix Script Error incremental Run Mailbox exit" 
$msg.Body = $error 
$smtp.Send($msgexit 
}  
 
######################################################## 
 
$users | foreach-object{ 
 
$user = $_.samaccountname 
 
$mbx=Get-User $user | Where { -Not [string]::IsNullOrEmpty($_.WindowsEmailAddress) }  
 
 
if($mbx){ 
 
    if($mbx.UserPrincipalName -eq $mbx.WindowsEmailAddress) {Write-host "$user is already setup as "$mbx.UserPrincipalName"" -foregroundcolor blue  
    } else{$coll1 +=$mbx} 
} 
 
else{ 
 
$mbx=Get-User $user 
write-host "$user ..doesn't have ..WindowsEmailAddress" -foregroundcolor magenta} 
 
} 
 
if($coll1.count -lt $countofchanges){ 
 
$count1=$coll1.count 
$count1 
 
$coll1 | foreach-object{ 
 
$sam$_.samaccountname 
 
$mbcoll = "" | select Name,ExistingUPN,WindowsEmailAddress,ModifiedUPN 
 
Set-User -identity $_ -UserPrincipalName $_.WindowsEmailAddress.ToString() 
 
if($error){Write-host "Error occured Updating UPN for $sam as "$_.WindowsEmailAddress"" -foregroundcolor yellow 
        $mbcoll.Name = $_.Name 
    $mbcoll.ExistingUPN = $_.UserPrincipalName 
    $mbcoll.WindowsEmailAddress = $_.WindowsEmailAddress 
    $mbcoll.ModifiedUPN = "Error" 
        $error.clear()} 
        Else{ 
    Write-host "Updating UPN for $sam as "$_.WindowsEmailAddress"" -foregroundcolor magenta 
    $mbcoll.Name = $_.Name 
    $mbcoll.ExistingUPN = $_.UserPrincipalName 
    $mbcoll.WindowsEmailAddress = $_.WindowsEmailAddress 
    $mbcoll.ModifiedUPN = $_.WindowsEmailAddress } 
$collection +=$mbcoll 
} 
} 
else$count1=$coll1.count 
$count1 
$msg = new-object Net.Mail.MailMessage 
$smtp = new-object Net.Mail.SmtpClient($smtpServer$msg.From = $from 
 
#mail recipient 
$msg.To.Add($email1$msg.Subject = "UPN Fix Incremental Run Script Exit as changes to process are $count1 more than $countofchanges" 
$msg.Body = "UPN Fix Incremental Run Script Exit as changes to process are $count1 more than $countofchanges" 
$smtp.Send($msgexit 
} 
 
if($collection.count -gt "0"){ 
$collection  | export-csv $report -notypeinfo 
 
$msg = new-object Net.Mail.MailMessage 
$smtp = new-object Net.Mail.SmtpClient($smtpServer$msg.From = $from 
$attach = new-object Net.Mail.Attachment($report)  
 
#mail recipient 
$msg.To.Add($email1$msg.Subject = "UPN Fix Incremental Run Mailbox Report" 
$msg.Body = "UPN Fix Incremental Run Mailbox Report" 
$msg.Attachments.Add($attach$smtp.Send($msg) 
 
} 
} 
 
#######################Update UPN Of Users without mailboxes########################## 
 
$day = get-date 
 
if($day.dayofweek -like $fullrun){ 
 
Write-host "Running Full Run fix UPN Users" -foregroundcolor green 
 
$users1 = get-user -resultsize unlimited -WarningAction SilentlyContinue | where{($_.UserPrincipalName -like "*$exdomain2"-and ($_.RecipientTypeDetails -eq "User"-and ($_.UserAccountControl -notlike "*AccountDisabled*"-and ($_.UserAccountControl -notlike "*Trust*")}  
 
##################Exit if not able to fetch users################### 
 
if ($error -ne $null) 
      { 
$msg = new-object Net.Mail.MailMessage 
$smtp = new-object Net.Mail.SmtpClient($smtpServer$msg.From = $from 
 
#mail recipient 
$msg.To.Add($email1$msg.Subject = "UPN Fix Script Error Full Run users exit" 
$msg.Body = $error 
$smtp.Send($msgexit 
}  
#################################################################### 
 
$users1 | foreach-object{ 
 
$usrex = $_ 
$user1 = $_.samaccountname 
 
$usr = get-aduser $user1 -Properties extensionattribute4 
 
$emp2=$usr.extensionattribute4 
 
if($emp2 -match $regex){ $coll2 +=$usrex } 
else{ Write-host "$user1 ......is not employee" -foregroundcolor magenta} 
 
} 
 
if($coll2.count -lt $countofchanges){ 
 
$count2=$coll2.count 
$count2 
 
$coll2 | foreach-object{ 
 
$sam1 = $_.samaccountname 
$upn = $_.UserPrincipalName 
 
$upn1 = [string]$upn -replace "$exdomain2","$repdmain" 
 
$mbcoll1 = "" | select Name,ExistingUPN,ModifiedUPN 
 
Set-User -identity $sam1 -UserPrincipalName $upn1 
 
if($error){Write-host "$user1 UPN will not be fixed to $upn1" -foregroundcolor RED 
$mbcoll1.Name = $sam1 
$mbcoll1.ExistingUPN = $upn 
$mbcoll1.ModifiedUPN = "error"  
$error.clear()} 
 
else{ 
 
Write-host "$user1 UPN will be set to $upn1" -foregroundcolor green 
$mbcoll1.Name = $sam1 
$mbcoll1.ExistingUPN = $upn 
$mbcoll1.ModifiedUPN = $upn1$collection1+=$mbcoll1 
} 
 
} 
 
else$count2=$coll2.count 
$count2 
 
$msg = new-object Net.Mail.MailMessage 
$smtp = new-object Net.Mail.SmtpClient($smtpServer$msg.From = $from 
 
#mail recipient 
$msg.To.Add($email1$msg.Subject = "UPN Full USer Run Script Exit as changes to process are $count2 more than $countofchanges" 
$msg.Body = "UPN Full User Run Script Exit as changes to process are $count2 more than $countofchanges" 
$smtp.Send($msgexit 
} 
 
if($collection1){$collection1 | export-csv $report1 -notypeinfo 
 
$msg = new-object Net.Mail.MailMessage 
$smtp = new-object Net.Mail.SmtpClient($smtpServer$msg.From = $from 
$attach = new-object Net.Mail.Attachment($report1)  
 
#mail recipient 
$msg.To.Add($email1$msg.Subject = "UPN Fix Full Run User Report" 
$msg.Body = "UPN Fix Full Run User Report" 
$msg.Attachments.Add($attach$smtp.Send($msg)} 
 
} 
 
##############################Only incremental Users without mailboxes################### 
 
else { 
 
Write-host "Running Incremental Run fix UPN Users" -foregroundcolor green 
 
$users1 = get-user -resultsize unlimited -WarningAction SilentlyContinue |  where {($_.UserPrincipalName -like "*$exdomain2")-and ($_.RecipientTypeDetails -eq "User"-and ($_.UserAccountControl -notlike "*AccountDisabled*"-and ($_.UserAccountControl -notlike "*Trust*"-and ($_.WhenCreated -gt (get-date).adddays(-1))} 
 
 
if ($error -ne $null) 
      { 
$msg = new-object Net.Mail.MailMessage 
$smtp = new-object Net.Mail.SmtpClient($smtpServer$msg.From = $from 
 
#mail recipient 
$msg.To.Add($email1$msg.Subject = "UPN Fix Script Error incremental Run users exit" 
$msg.Body = $error 
$smtp.Send($msgexit 
}  
 
############################################## 
$users1 | foreach-object{ 
 
$usrex = $_ 
$user1 = $_.samaccountname 
 
$usr = get-aduser $user1 -Properties extensionattribute4 
 
$emp2=$usr.extensionattribute4 
 
if($emp2 -match $regex){ $coll2 +=$usrex } 
else{ Write-host "$user1 ......is not employee" -foregroundcolor magenta} 
 
} 
if($coll2.count -lt $countofchanges){ 
 
$count2=$coll2.count 
$count2 
 
$coll2 | foreach-object{ 
 
$sam1 = $_.samaccountname 
$upn = $_.UserPrincipalName 
 
$upn1 = [string]$upn -replace "$exdomain2","$repdmain" 
 
$mbcoll1 = "" | select Name,ExistingUPN,ModifiedUPN 
 
Set-User -identity $sam1 -UserPrincipalName $upn1 
 
if($error){Write-host "$user1 UPN will not be fixed to $upn1" -foregroundcolor RED 
$mbcoll1.Name = $sam1 
$mbcoll1.ExistingUPN = $upn 
$mbcoll1.ModifiedUPN = "error"  
$error.clear()} 
 
else{ 
 
Write-host "$user1 UPN will be set to $upn1" -foregroundcolor green 
$mbcoll1.Name = $sam1 
$mbcoll1.ExistingUPN = $upn 
$mbcoll1.ModifiedUPN = $upn1$collection1+=$mbcoll1 
} 
} 
else$count2=$coll2.count 
$count2 
 
$msg = new-object Net.Mail.MailMessage 
$smtp = new-object Net.Mail.SmtpClient($smtpServer$msg.From = $from  
 
#mail recipient 
$msg.To.Add($email1$msg.Subject = "UPN Incremental USer Run Script Exit as changes to process are $count2 more than $countofchanges" 
$msg.Body = "UPN Incremental User Run Script Exit as changes to process are $count2 more than $countofchanges" 
$smtp.Send($msgexit 
} 
 
if($collection1){$collection1 | export-csv $report1 -notypeinfo 
 
$msg = new-object Net.Mail.MailMessage 
$smtp = new-object Net.Mail.SmtpClient($smtpServer$msg.From = $from 
$attach = new-object Net.Mail.Attachment($report1)  
 
#mail recipient 
$msg.To.Add($email1$msg.Subject = "UPN Fix Incremental Run User Report" 
$msg.Body = "UPN Fix Incremental Run User Report" 
$msg.Attachments.Add($attach$smtp.Send($msg)} 
 
} 
 
########################Recycle reports & logs############## 
Get-ChildItem -Path $path1  | Where-Object {   
$_.CreationTime -lt $limit } | Remove-Item -recurse -Force  
 
Get-ChildItem -Path $path2  | Where-Object {   
$_.CreationTime -lt $limit } | Remove-Item -recurse -Force  
 
get-date 
 
stop-transcript 
##########################################################################

 

Regards

Sukhija Vikas

http://msexchange.me

Posted in Active Directory, Office 365, Scripting | Tagged , , | Leave a comment

Kernel for Exchange Server Recovery

This week I was reviewing the recovery software for Exchange environment & I can say that   Kernel for Exchange Server Recoveryis one of the best /economical software.

By using this software you can extract PST from edb database, save it to Exchange/o365, save it to Public folder/ Archive mailbox.

I have tested the SAVE it to PST option & it works like a charm, This software can also be used in the environment where you take backup of exchange using Snapshot technology & than you can use snapshot restore /extract the PST from edb to restore the particular mailbox.

Installation/Configuration is quite simple, I just grabbed the binary file of the software which was just 17.7 MB in size & started installation.

Here are the Step by step instructions along with screen shots(OS I have chosen is windows 2008 R2)

1

Click Next to follow the Wizard

2

Accept the License Agreement to move further

3

Select the installation path or just click next to choose the default location.

4

Click Next

5

Follow the wizard further

6

8

Click Finish & launch the Kernel for Exchange Recovery.

9

Now enter the activation details:

10

I received the below error because outlook was not installed on the system so I installed outlook 2010.

11

After outlook 2010 installation , I have launched the software again & this time there were no errors, select the EDB file from which you want to extract user PST.

13

I just followed the standard option as recommended.

14

After you will click finish you will be able to see all mailboxes inside the EDB file.

15

Now just click save to PST option & select the mailbox that you want to convert to PST file.

18

Follow the wizard & pst will be restored.

19

You can also check the HTML report on how many items were restored specific to particular folder.

Software is very simple & also have very simple Licensing requirements that you can find on below link: (prices are also not high)

http://www.nucleustechnologies.com/buy-exchange-server-recovery.php

There are three different types of Licenses:

Corporate License As the name suggests its for the single orgnaizations but they can install it on multiple machines.

Corporate License (Premium) with premium verison you get 24*7 support as well as added benefit of migrating data to office 365.

Technician License  This is for IT organizations that take Annual  maintenance contracts for other organizations. I think free lancers/Consultants will also benefit from this licensing model but do check with the vendor.

If you are using SAN & still using traditional backup for mailbox recovery/ single item recovery (example : thru backupexec/netbackup), you can get rid of them by implementing snapshot based backup & for restore mechanism just restore the snapshot ,map the LUN to the server where Kernel for Exchange recovery is installed & do a mailbox recovery.

This software supports outlook version from 97 to 2016 & exchange version from 5.0 to 2016. It is gold award winner from popular msexchange.org

Apart from Kernel for Exchange Recovery there is Kernel Exchange Suite as well, which includes OST to PST, PST & Bkf repair in addition to EDB recovery, I did’t got the chance to explore the other parts of the Suite but as I have worked thru EDB recovery so I can easily say that other recovery tools in the suite would be similar (simpler in installation, configuration & working).

Regards

Sukhija Vikas

http://msexchange.me

Posted in Exchange | Tagged , | 1 Comment

Roll back UPN Script

This is part 2 of Fix office 365 UPN script, Fix UPN Script can help organizations to fix the UPN in chunks

but if at anytime they feel the requirement to Rolback to the old UPN because something has broken

than this Rollback UPN script will assist.

Fix office 365 UPN Script:

https://gallery.technet.microsoft.com/scriptcenter/Fix-Office-365-UPN-abb1a62f

Download & extract the script zip from below link:

https://gallery.technet.microsoft.com/scriptcenter/Roll-back-UPN-Script-b1920fa1

Now just copy the report csv file that you want to rollback to old UPN from Fix office 365 UPN script & paste it inside the roll back script folder.

Now just execute the script in powershell as .\Fixo365upnRollback.ps1 Report_8-15-2016_9-22PM_.csv

All users inside the report will be rolled back to OLD UPN & new report will be placed inside report folder.

Note: Exchange management shell is requirement for running this script as well.

######################################################################### 
#            Author: Vikas Sukhija 
#            Reviewer: 
#            date: 7/6/2016 
#            Modified:7/11/2016                         
#            Description: Fix o365 UPN 
#            Update: Added reporting 
#            modified: Rollback capability based on csv 
######################################################################### 
 
$date1 = get-date -format d 
$date1 = $date1.ToString().Replace("/","-"$time = get-date -format t 
 
$time = $time.ToString().Replace(":""-"$time = $time.ToString().Replace(" """) 
 
$logs = ".\Logs" + "\" + "Processed_Rollback" + $date1 + "_" + $time + "_.log" 
$report = ".\report" + "\" + "Report_Rollback" + $date1 + "_" + $time + "_.csv" 
 
$collection = @() 
 
Start-Transcript -Path $logs 
 
If ((Get-PSSnapin | where {$_.Name -match "Microsoft.Exchange.Management.PowerShell.E2010"}) -eq $null) 
{ 
    Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010 
} 
 
 
$data = import-csv $args[0]     
 
foreach($i in $data){ 
 
 
$user = $i.Name 
$rollbkupn = $i.ExistingUPN 
$winupn = $i.WindowsEmailAddress 
 
$mbx=Get-User $user 
 
$mbcoll = "" | select Name,ExistingUPN,WindowsEmailAddress,RollbackedUPN 
 
if($mbx){ 
 
    if($mbx.UserPrincipalName -eq $winupn) { 
    Set-User -identity $mbx -UserPrincipalName $rollbkupn 
    Write-host "$user will be rolled back to $rollbkupn" -foregroundcolor blue  
    $mbcoll.Name = $mbx.Name 
    $mbcoll.ExistingUPN = $mbx.UserPrincipalName 
    $mbcoll.WindowsEmailAddress = $mbx.WindowsEmailAddress 
    $mbcoll.RollbackedUPN = $rollbkupn } 
 
    else{     
    Write-host "$user UPN will not be modified" -foregroundcolor green 
    $mbcoll.Name = $mbx.Name 
    $mbcoll.ExistingUPN = $mbx.UserPrincipalName 
    $mbcoll.WindowsEmailAddress = $mbx.WindowsEmailAddress 
    $mbcoll.RollbackedUPN = "Not Rolledback" } 
        } 
 
$collection +$mbcoll 
} 
 
$collection | export-csv $report -notypeinfo 
 
stop-transcript 
##########################################################################

Regards

Sukhija Vikas

http://msexchange.me

Posted in Office 365 | Tagged , | Leave a comment

Office 365 Users Service Usage Report

Lately working on office 365 exchange online, federation & other stuff so created this script for checking the Service usage across users.

This script is still evolving but does a prety good job on services part, below is the sample result that is available after script is executed.

 

Prerequisites:

Install Microsoft Online Services Sign-In Assistant for IT Professionals 32 bit/64 bit both are available when you will browse the link.

Install Microsoft Online Services Module for Windows PowerShell 32 bit/64 bit both are available when you will browse the link.

Refer:

Connecting Office 365 via PowerShell

Ones you are setup, connect to Connect-MsolService, enter your office 365 admin  credentials.

Change directory in the shell to where you have kept this downloaded script. (download from below link)

https://gallery.technet.microsoft.com/scriptcenter/Office-365-Users-Service-dcbd618b

type .\Get-Office365UsersServiceUasgeReportv1 & press enter to execute.

Script will start processing the results in csv file.

 

Resulting CSV will be in same folder:

Let me know if you want to add more information in the report.

############################################################### 
#            Author: Vikas Sukhija (http://msexchange.me) 
#            Date: 8/4/2016 
#            Reviewer: 
#            updated: 8/11/2016 (created heders/CSV logic) 
#            Updated: 8/15/2016 (fixed service status when m,ultiple licenses are there) 
#            Description: Office 365 users Report 
# 
############################################################### 
 
$collection = @() 
 
$output = new-item .\office365report.csv -type file -force 
 
$lict = Get-MsolAccountSku 
$services = $lict.ServiceStatus 
 
$csv = @() 
$csv1=$null 
 
foreach($service in $services){ 
$provisionstatus = $service.ProvisioningStatus 
$servicename = $service.ServicePlan.ServiceName 
$csv +$servicename} 
 
$expcsv=$csv | sort -Unique 
 
$countcs$expcsv.count 
 
foreach($cs in $expcsv){$csv1 += [string]$cs + ","} 
 
$csv2 = $csv1.Substring(0,$csv1.Length-1) 
 
add-content $output "FirstName,LastName,ImmutableId,SignInName,UserPrincipalName,License,$csv2" 
 
##################GEt values from users##################### 
 
$allusers = get-msoluser -all 
 
foreach($user in $allusers){ 
 
$FirstName = $user.FirstName 
$LastName = $user.LastName 
$signInname = $user.SignInName 
$UserPrincipalName = $user.UserPrincipalName 
 
Write-host "Processing..................$UserPrincipalName" -foregroundcolor green 
 
$ImmutableId=$user.ImmutableId 
$licenses = $user.Licenses.AccountSkuId 
$license=$null 
if($licenses -notlike $null){ 
foreach($lic in $licenses){$license +$lic + ","$license$license.Substring(0,$license.Length-1)} 
 
$serviceplan = $user.Licenses.ServiceStatus.serviceplan 
$provsts = $user.Licenses.ServiceStatus.provisioningstatus 
$spcount = $serviceplan.count 
 
[int]$spcount1=$spcount -1 
[int]$countcs1=$countcs -1 
 
################Compare the Header with Values################ 
 
$provval1=@(0..[int]$countcs1for($j=0;$j -le [int]$countcs1;$j++){$provval1[$j]="not found"} 
 
 
for($i=0;$i -le [int]$spcount1;$i++){ 
    for($j=0;$j -le [int]$countcs1;$j++){ 
    if($serviceplan[$i].serviceName -eq $expcsv[$j]){ 
    $provval1[$j] = [string]$provsts[$i]} } 
} 
 
$prov=$null 
for($j=0;$j -le [int]$countcs1;$j++){ 
$prov += [string]$provval1[$j+ ","} 
 
$prov1$prov.Substring(0,$prov.Length-1) 
 
#####################License values####################################### 
 
switch -Wildcard ($license){ 
    "*DESKLESSPACK*" {$licensevalue="Office 365 (Plan K1)"}  
        "*DESKLESSWOFFPACK*" {$licensevalue="Office 365 (Plan K2)"}  
        "*LITEPACK*" {$licensevalue="Office 365 (Plan P1)"}  
        "*EXCHANGESTANDARD*" {$licensevalue="Office 365 Exchange Online Only"}  
        "*STANDARDPACK*" {$licensevalue="Office 365 (Plan E1)"}  
        "*ENTERPRISEPACK*" {$licensevalue="Office 365 (Plan E3)"}  
        "*ENTERPRISEPACKLRG*" {$licensevalue="Office 365 (Plan E3)"} 
        "*ENTERPRISEWITHSCAL*" {$licensevalue="Office 365 (Plan E4)"} 
        "*STANDARDPACK_STUDENT*" {$licensevalue="Office 365 (Plan A1) for Students"} 
    "*ENTERPRISEPACK_STUDENT*" {$licensevalue="Office 365 (Plan A3) for Students"} 
    "*ENTERPRISEWITHSCAL_STUDENT*" {$licensevalue="Office 365 (Plan A4) for Students"} 
    "*STANDARDPACK_FACULTY*" {$licensevalue="Office 365 (Plan A1) for Faculty"} 
    "*STANDARDWOFFPACKPACK_FACULTY*" {$licensevalue="Office 365 (Plan A2) for Faculty"} 
    "*ENTERPRISEPACK_FACULTY*" {$licensevalue="Office 365 (Plan A1) for Students"} 
    "*STANDARDPACK_STUDENT*" {$licensevalue="Office 365 (Plan A1) for Students"}     
    "*ENTERPRISEPACK_FACULTY*" {$licensevalue="Office 365 (Plan A3) for Faculty"} 
    "*ENTERPRISEWITHSCAL_FACULTY*"{$licensevalue="Office 365 (Plan A4) for Faculty"} 
    "*ENTERPRISEPACK_B_PILOT*" {$licensevalue="Office 365 (Enterprise Preview)"} 
    "*STANDARD_B_PILOT*" {$licensevalue="Office 365 (Small Business Preview)"} 
        default {$licensevalue="not found"} 
} 
 
add-content $output "$FirstName,$LastName,$ImmutableId,$signInname,$UserPrincipalName,$licensevalue,$prov1" 
 
 
} 
######################################
Regards
Sukhija Vikas
Posted in Office 365 | Tagged , , , | Leave a comment

How to Merge User accounts in Office 365 with on-premise User accounts

While working with one of the customer who was already using office 365 for office proplus services but was having all user ids for example as @lab.onmicrosoft.com.

Now they are ready for synchronization with their on premise infrastructure but don’t want duplicate ids to be created so here are the summary of steps that needs to be done so that user accounts are merged.

  • ADD a domain to office365 installation by following ADD domain wizard, example lab.com.

Go to office 365 admin console –> Settings –> Domains –> ADD Domain

Capture

This will ask you to create a TXT record in the DNS for lab.com

Name:@

Value: MS=code for authorization

TTL: 3600 or provider default

This record assists Microsoft to check the authorization of the domain, this will not change any of the services that are already running in the environment so just create it.

Note: First You have to change the on-premise users UPN to Primary SMTP address, before synchronization of Active Directory to the cloud.

Ones the domain is added you need to change the UPN of Cloud user to match the UPN of on-premise user i.e. Primary SMTP address.

As UPN matches on both locations  so ones you synchronize AD by using Azure AD connect  display Sync Type will change from In cloud  to synced with Active directory as shown below.

Capture

Regards

Sukhija Vikas

http://msexchange.me

 

Posted in Active Directory, Office 365 | Tagged , , | Leave a comment