Category Archives: Office 365

Office 365 SMTP no SSL/TLS option

Having issues relaying mail from with SSL or TLS not being an option.  You can your the MX Points to Address as the SMTP Relay address.

Log into the Office 365 portal – https://portal.office.com

Click Domains > then select the domain and click ‘Manage DNS’

SMTP1

Select the full “Points to Address”
SMTP2

 

 

 
SMTP: domain-com.mail.protection.outlook.com
PORT: 25

Office 365 Shared Mailbox slow

After trying all of these options with no success – http://support.microsoft.com/kb/2441551/en-us

Add the Shared Mailbox as a separate account to the same Outlook profile.

Optional IT Step

If the mailbox is auto mapped, you may need to remove and re-add the permissions using Exchange Online Powershell with -AutoMapping:$false.

Remove-MailboxPermission SharedMailbox – User user@domain.com – AccessRights FullAccess

Add-MailboxPermission SharedMailbox -User user@domain.com – AccessRights FullAccess -AutoMapping:$false

Next Step

Add the Shared Mailbox to the profile using the Add Account Setup.

Click File > Account Settings > Account Settings… SharedMailbox-AccountSettings

Select New… Enter the email address of the Shared Mailbox into the “Your Name” and “E-mail Address” textbox.  Click Next.

SharedMailbox-AccountSettings-AddNew

When prompted for credentials, enter the same credentials as the primary Office 365 mailbox owner.

SharedMailbox-AccountSettings-EnterCredentials

After the email account is successfully configured, restart Outlook.                  

SharedMailbox-AccountSettings-RestartOutlook

Powershell Office 365 Calendar Permissions with Task Scheduler

Recently was requested to set the calendar permissions for all our Office 365 mailboxes.
Here are the instructions:

Create a password file for the Office 365 user

Read-Host -AsSecureString “Office 365 password?” | ConvertFrom-SecureString | Out-File C:\Scripts\Office365cred.txt

Create a powershell scritp file UpdateCalendar-O365.ps1


if ((Get-PSSnapin | Where-Object {$_.Name -like "Microsoft.Exchange.Management.PowerShell.E2010"})){
Remove-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
}
Write-Output "Loading O365 Environment"

Set-ExecutionPolicy RemoteSigned
$User = “o365admin@domain.com”

$Pass = Get-Content C:\Scripts\Office365cred.txt | ConvertTo-SecureString
$PSCred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, $Pass
$O365Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Authentication Basic -AllowRedirection -Credential $PSCred
$ImportSession = Import-PSSession $O365Session

Write-Output “Loaded O365 Environment”

Write-Output “Loading mailboxes”
#Custom variables
$mailboxes = Get-Mailbox -ResultSize Unlimited

Write-Output “Loaded mailboxes”
$AccessRights = “Reviewer”

#Loop through all mailboxes
foreach ($mailbox in $mailboxes) {

Write-Output “Looking up $mailbox”
$calendar = (($mailbox.Identity)+ “:\” + (Get-MailboxFolderStatistics -Identity $mailbox.Identity | where-object {$_.FolderType -eq “Calendar”} | Select-Object -First 1).Name)

$access = ((Get-MailboxFolderPermission $calendar | Where-Object {$_.User -like “Default”}).AccessRights)

#Check if calendar-permission for user “Default” is set to the default permission of “AvailabilityOnly”
if ($access -like “AvailabilityOnly” ) {
Write-Output ” Updating calendar permission for $mailbox…”
#Set calendar-permission for user “Default” to value defined in variable $AccessRights
Set-MailboxFolderPermission -User “Default” -AccessRights $AccessRights -Identity $calendar
} elseif ($access -like $AccessRights ) {
Write-Output ” $AccessRights calendar permission for $mailbox already set.”
} elseif ($access -like “None” ) {
Write-Output ” Changing calendar permission for $mailbox from None…”
#Set calendar-permission for user “Default” to value defined in variable $AccessRights
Set-MailboxFolderPermission -User “Default” -AccessRights $AccessRights -Identity $calendar
} else {

Write-Output ” Permission set to $access for $mailbox.”
}

}
Write-Output “Removing O365 Environment”
Remove-PSSession $O365Session
Write-Output “Removed O365 Environment”

Within Task Scheduler, Create New Task…
Specify the name, run whether user is logged on or not, and Run with highest privileges.

Set the triggers

Under the Actions Tab:

Program = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Add arguments = -command "C:\scripts\UpdateCalendar-O365.ps1" > "C:/scripts/UpdateCalendar-O365-Output.txt"

This should generate an output script text file so you can monitor the progress.

Remove Office 365 Archive mailbox user with Hybrid Deployment

The action ‘Disable-Mailbox’,’Archive’ can’t be performed on the object ‘name’ because the object is being synchronized from your on-premises organization. This action should be performed on the object in your on-premises organization.

From Exchange Management Shell

Disable-RemoteMailbox -Identity name@domain.com -Archive

This process takes a minute to run and does not show up instantly.

How to remove deleted users and mailboxes from Office 365

 

I recently had an instance where there was an on premise and cloud mailbox for the same user.  Accidentally after a DirSync the Exchange Online license was checked prior to initiating the mailbox migration to Office 365 from on premise.  Unchecking the checkbox results in a 30 day wait for Microsoft to permanently delete the mailbox.

See this article for more information – http://technet.microsoft.com/en-us/library/dn186233(v=exchg.150).aspx

When a mailbox is deleted, Exchange Online retains its contents for 30 days, by default. After 30 days, the mailbox is permanently deleted and is not recoverable.

So instead of waiting the 30 day period you can purge the Office 365 user mailbox with some powershell commands.  This even works with DirSync.

First you need to install the Windows Azure AD Module – http://technet.microsoft.com/en-us/library/jj151815.aspx

Then from the Windows Azure powershell (run in administrator mode).

$msolcred = get-credential
connect-msolservice -credential $msolcred
Remove-MsolUser –UserPrincipalName user@domain.com
Get-MsolUser -ReturnDeletedUsers | Remove-MsolUser –RemoveFromRecycleBin –Force

Then run another DirSync to get using the ‘start-onlinecoexistsync’ from powershell or wait the 3 hours for the synchronization to happen.

Microsoft Office 365 – Your organization could not sign you in to this service error 80041317 or 80043431

“Your organization could not sign you in to this service” error and “80041317” or “80043431” error code when a federated user tries to sign in to Office 365.

Resolution: Missing / at the end of the Federation Service Identifier.

I recently had the Token-decryption and Token-signing certificate expire on our Active Directory Federation Server (ADFS) and was getting an error that was stopping on the ADFS URL while logging into Office 365 services

After renewing the certificate with these instructions – http://support.microsoft.com/kb/2383983/en-us

To renew the token-signing certificate on the primary AD FS 2.0 server by using a self-signed certificate, follow these steps:

  1. In the same AD FS 2.0 management console, click Service, click Certificates, and then, under Certifications in the Actions pane, click Add Token-Signing Certificate.
  2. If a “Certificates cannot be modified while the AD FS automatic certificate rollover feature is enabled” warning appears, go to step 3. Otherwise, check the certificate Effective and Expiration dates. If the certificate is successfully renewed, you don’t have to perform steps 3 and 4.
  3. If the certificate isn’t renewed, click Start, point to All Programs, click Accessories, click the Windows PowerShell folder, right-click Windows PowerShell, and then click Run as administrator.
  4. At the Windows PowerShell command prompt, enter the following commands. Press Enter after you enter each command:
    • Add-PSSnapin Microsoft.Adfs.Powershell
    • Update-ADFSCertificate -CertificateType: Token-Signing

Then update the configuration of the Office 365 federated domain: – http://support.microsoft.com/kb/2647048/en-us

To update the configuration of the Office 365 federated domain on a domain-joined computer that has Windows Azure Active Directory Module for Windows PowerShell installed, follow these steps:

  1. Click Start, click All Programs, click Windows Azure Active Directory, and then click Windows Azure Active Directory Module for Windows PowerShell.
  2. At the command prompt, type the following commands, and press Enter after each command:
    1. $cred = get-credential
      Note When you’re prompted, enter your Office 365 administrator credentials.
    2. Connect-MSOLService –credential:$cred
    3. Set-MSOLADFSContext –Computer:<AD FS 2.0 ServerName>
      Note In this command, the placeholder <AD FS 2.0 Server Name> represents the Windows host name of the primary AD FS 2.0 server.
    4. Update-MSOLFederatedDomain –DomainName:<Federated Domain Name>

      or

      Update-MSOLFederatedDomain –DomainName:<Federated Domain Name> –supportmultipledomains

      Notes

      Using the –supportmultipledomains switch is required when multiple top-level domains are federated by using the same AD FS 2.0 federation service.

      In these commands, the placeholder <Federated Domain Name> represents the name of the domain that is already federated with Office 365 for SSO.

I was still getting the error above.

After some frantic google searching I found this article – http://community.office365.com/en-us/forums/613/t/63027.aspx
Near the bottom a user describes adding a slash (/) to the end of the Federation Service identifier.

Left click ADFS 2.0, left click “Edit Federation Service Properties…”, add a / to the end of the Federation Service identifier.

Then repeat the “Update-MSOLFederatedDomain –DomainName:<Federated Domain Name>” from powershell.

ADFSfederationserviceproperties

Get Office 365 Last Login Stats

$objUsers = get-mailbox -ResultSize Unlimited | select UserPrincipalName

#Iterate through all users

foreach ($objUser in $objUsers)

{

#Connect to the users mailbox
$objUserMailbox = get-mailboxstatistics -Identity $($objUser.UserPrincipalName) | Select LastLogonTime

#Prepare UserPrincipalName variable
$strUserPrincipalName = $objUser.UserPrincipalName

#Check if they have a last logon time. Users who have never logged in do not have this property
if ($objUserMailbox.LastLogonTime -eq $null)
{
#Never logged in, update Last Logon Variable
$strLastLogonTime = “Never Logged In”
}   else   {
#Update last logon variable with data from Office 365
$strLastLogonTime = $objUserMailbox.LastLogonTime

}

#Output result to screen for debugging
Write-host “$strUserPrincipalName : $strLastLogonTime”

}

Using ADSIEdit to change e-mail aliases on Office 365

  • Go to Start > Run and type adsiedit.msc
  • Now, find the unit where your AD user’s reside
  • Right click the user you want to edit and click Properties.
  • Find the variable proxyAddresses – this is the one you want to edit. When you add new e-mail aliases, you want to make sure that your primary e-mail address will start with upper-case SMTP. Your aliases, aka, secondary addresses should be lower-case smtp.

Setting Calendar permission Exchange 2010

To set the sharing permission for you, please refer the steps below,

1), connect to Exchange Online through PowerShell as administrator.

2), run Get-Mailbox to get the mailboxes you want to modify, you can use different filter to pick the user you want to configure, for example, Get-Mailbox -RecipientTypeDetails UserMailbox will return all user mailboxes(no shared mailboxes, room mailboxes and discovery mailbox). For detailed information, you can run Get-Help Get-Mailbox -Detailed | More.

3), prepare a text file, save the following content in 4 lines, you can customize the first line to the filter you want to set,

foreach($user in (Get-Mailbox -RecipientTypeDetails UserMailbox)) {

$cal = $user.alias+”:Calendar”

Add-MailboxFolderPermission -Identity $cal -User your@domain.com -AccessRights Reviewer

}

4), save the text file to d:exopscal.ps1 file, then run d:exopscal.ps1 in PowerShell. All the calendars’ permission in the mailboxes defined in the first line will be changed to full detailed.

Removing is this –

Remove-MailboxFolderPermission -Identity $cal -User your@domain.com

Setting Office 365 User with Send As permission

Connect to O365

$LiveCred = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection

Import-PSSession $Session

 

Send As

Add-RecipientPermission sendas@yourdomain.com -AccessRights SendAs -Trustee trustee@yourdomain.com

View all Send As permissions you’ve configured in your organization :  Get-RecipientPermission | where {($_.Trustee -ne ‘nt authorityself’) -and ($_.Trustee -ne ‘null sid’)}

Remove-RecipientPermission sendas@yourdomain.com -AccessRights SendAs -Trustee trustee@yourdomain.com