Managing MailContacts created in Exchange 2007 in our Exchange 2013

Hello,

Today, I will show you how to manage MailContacts in an exchange 2007 / exchange 2013 co-existence scenario and also how to easily migrate your bulk mail contacts from Exchange 2007 to Exchange 2013 , this can also be applied to Exchange version 2010 where you plan to move up to 2013/2016 or when you have co-existence and have to toggle managing MailContacts between the higher and lower Exchange version.

Always Note:-

You cannot use a lower version of Exchange server to modify an Exchange object that was created/upgraded in a higher version of Exchange, and likewise, from a higher version of Exchange you will be first asked to upgrade that Exchange object to a higher version before you can modify it.

Common errors you will face:-

Exchange 2007

Screenshot-20181018122532-446x509

Or via powershell:-

Screenshot-20181018122705-1106x228

From Exchange 2013 powershell when modifying a mailcontact originally created in Exchange 2007 you will get this warning:-

Screenshot-20181018115734-984x220

 

TIP:-  Always check the Exchange version of the object that you need to modify or migrate, this will make things easier..

In powershell you can run:-

Get-recipient mytest@contoso.de | fl exchangeversion, name, externalemailaddress

This outputs the Exchange version – Exchange 2013  0.20 {15.0.0.0} for the external mailcontact menothappy@contoso.de

Screenshot-20181018122425-698x131

You can check the different Exchange versions on Microsoft technet link here  – https://technet.microsoft.com/en-us/library/hh135098(v=exchg.150).aspx

To upgrade/migrate/modify a mailcontact that was created in Exchange 2007, we want to manage this mailcontact in our Exchange 2013 :-

Created in 2007:-

Screenshot-20181018115043-635x567

In Exchange 2013:-

Screenshot-20181018115236-754x338

 

We can run the following commands in Exchange Management Shell in Exchange 2013 to upgrade the mailcontact :-

  1. Get-MailContact ‘Happy, Me’ | fl ExchangeVersion,ExternalEmailAddress
  2. Get-mailcontact ‘Happy, Me’| Set-mailcontact -ExternalEmailAddress ‘mytest@contoso.de‘ -Force:$true
  3. Get-recipient ‘Happy, Me’ -ReadFromDomainController:$true| fl ExchangeVersion,ExternalEmailAddress

 

To do it from ECP Exchange 2013 (read and accept the warning message):-

Screenshot-20181018115401-621x505

Once completed you can now easily manage the mailcontact in 2013. Lets try to change the SMTP email address from mytest@contoso.de to menothappy@contoso.de :-

Screenshot-20181018120854-891x97

We can do it easily, no more warnings no more errors and in future we can easily change/modify/delete the mailcontact from Exchange 2013.

For Migrating mailcontacts in bulk, you can first use the commands I have provided above to gather information for their ExternalEmailAddress , displayname, put them all in a CSV, name the columns ExternalEmailAddress, DisplayName, then add your mailcontacts external emailaddress and their display names.

You can modify the powershell command above to something like:-

Import-CSV “D:\mycontactsbulk.csv” | foreach {Set-MailContact $_.DisplayName -ExternalEmailAddress $_.ExternalEmailAddress -Force:$true}

First test it with 1 contact and get the results and then you can do it in bulk.

Mount Point Icon shown as Folder instead of default Mount drive Icon – Windows server 2012r2

 

Mount point Icon shown as a yellow file folder :-

partitionicon4

Normal mount drive Icon should look like this :-

partitionicon

Solution:-

Make sure when you are creating a mount point, you need to create the mount point folder from the ‘New Simple Volume Wizard’ in disk management of your windows server, once created, do another quick format again after the first quick format during the wizard creation.

partitionicon7

Create a new mount point folder and follow the prompts to complete

partitionicon9

Once it is finished. Perform another quick format manually:-

Screenshot-20181113155003-445x225

Once it is done, your new mount point will appear with the correct mount drive icon :-

partitionicon

I hope this helps anyone who have encountered this issue :D.

Add domains to Internal Relay on Exchange 2010

Here is a quick step to add new domains to your internal relay on Exchange.

If you are not familiar with what internal relay means and what are its impact, you can head over to Microsoft technet and read more:- https://technet.microsoft.com/en-us/library/bb124423(v=exchg.150).aspx#Anchor_2

internaldomains

 

  1.  open up the EMC console and under Organization Configuration >> Hub Transport >> Accepted domains, in the actions menu, select New Accepted domain
  2.  Enter the display name, you can use a different name than the actual accepted domain or for me I prefer to keep it the same.
  3.  Select internal relay domain and save.

Via powershell command:-

new-AcceptedDomain -Name ‘contoso.com’ -DomainName ‘testdomain.com’ -DomainType ‘InternalRelay’

4. To verify that the new accepted domain is working, I usually like to test by sending a test message and then see the results, you can do this via powershell as follows:-

Send-MailMessage -From noreply@newcontoso.com -To “administrator@contoso.com” -Subject “Test internal relay ” -Body “Test only. Do not reply” -SmtpServer “name of your hub server”

View the result from message tracking log:-

Get-MessageTrackingLog -ResultSize unlimited -Start “08/06/2018 9:00AM” -Recipients “administrator@contoso.com” -sender noreply@newcontoso.com -Server”name of your hub server”

This will help you to know immediately if something was wrong with your configuration and you can go back and follow the steps again.

Cannot set the security descriptor of mailbox – Exchange PowerShell error when assigning permissions in Exchange 2010/2016 co-existence

You may come across this error especially if you have not fully migrated all user mailboxes to your new exchange 2016 servers, or you have a co-existence 2010/2013 or 2010/2016, and you still have to resolve help desk calls for those users not yet migrated or those who just got migrated.

Screenshot_1

“Cannot set the security descriptor of mailbox…….. in exchange mailbox database ……..”

Below command was executed to grant full access permission to userB on userA mailbox:-

Add-MailboxPermission -Identity “userA” -User “userB” -AccessRights FullAccess -InheritanceType All

And we got the error described above.

Cause:-

Powershell is throwing this error because the mailbox that you are trying to add the permission is hosted in a higher version of exchange than the server you are running the powershell command from.

That means you should be running the command in Exchange 2016 where the mailbox of userA is now hosted after it was migrated from Exchange 2010.

Solution:-

  1. Check which database the mailbox is currently on, and which version of Exchange server.

Get-Mailbox -Identity UserA | fl database,exchangeversion

2. Use powershell on a higher version of  exchange where the mailbox resides. In my case it is exchange 2016 powershell, it depends on your Exchange version result which you will get by running the command above.

You can always refer to this Microsoft technet link to know your versions of Exchange 🙂 https://technet.microsoft.com/en-us/library/hh135098(v=exchg.150).aspx

The proxy address “smtp:info@contoso.com” is already being used by “contoso.com/Microsoft Exchange System Objects/BI176-Folder”

Today one of my client encountered this error while trying to add a new SMTP address to an existing mailbox account and it failed. He mentioned that the new SMTP address has never been assigned to any other mailbox in the organization.

Error:-  The proxy address “smtp:info@contoso.com” is already being used by “contoso.com/Microsoft Exchange System Objects/BI176-Folder”. Please choose another proxy address.

errorsystemobjects

The user mailbox is hosted on an Exchange 2007 mailbox database.

I suspect one of the public folder child item could be using this SMTP address, either it’s still in use or it’s orphaned.

To troubleshoot, I used ADSIEdit.msc tool to find the Exchange object causing the error, and under the attribute “class”  it is marked “Public Folder”, on the properties dialog, I could see under “proxyAddresses” , the email address in the error was listed there.

Next is to use the tool PFDAVAdmin for exchange 2007,

errorsystemobjects2

Using PFDAVAdmin I was able to connect to the public folders in the organization and find one of the subfolders that was using the SMTP address shown in the error.

I requested user to choose another SMTP address, just as the error prompt suggested, and that solved it.

If the Exchange object is already orphaned and no longer in use in your organization you can delete it or rename the proxy-addresses attribute.

Powershell command to quickly check licenses assigned to an Office365 user – Office365

Today I will share with you my powershell command I use to quickly know what licenses are provisioned for a user in office365. It’s faster and saves the time to do it via the admin panel.

First you will need to have Microsoft Azure Active Directory Module installed for your windows powershell. You only need to do this once if you don’t already have this module installed.

To download this Module for your powershell,  here is the OS requirements:-

  • Windows 10, Windows 8.1, Windows 8 or Windows 7 Service Pack 1 (SP1)
  • Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 SP1

Follow the steps here to install it:- https://docs.microsoft.com/en-us/office365/enterprise/powershell/connect-to-office-365-powershell

msazurepowershellmodule

Connect to Azure AD for your office365 subscription:-

  1. In your powershell screen enter the below commands:-

$UserCredential = Get-Credential
Connect-MsolService -Credential $UserCredential

Type your Office 365 Administrator account user name and password, and then click OK. Now you are ready to check user license.

2. Enter the following command:-

(Get-MsolUser -UserPrincipalName myname@company.com).Licenses.ServiceStatus

getuserlicence

You can now see the service plans and licenses assigned to the user.

Powershell command to Create New Send connector for SmartHost – Exchange 2010

Today I was asked to create a new send connector. Its always good to have your information ready, or ask if not provided before getting started.

  • Name of send connector to be created
  • SMTP address space – e.g *.mail.contoso.com
  • Smart hosts IP address
  • Source servers that will route your emails.

Once ready you run the command in your Exchange powershell:-

new-SendConnector -Name ‘MYSENDCONNECTORNAME’ -Usage ‘Custom’ -AddressSpaces ‘SMTP:*.mail.contoso.com;1’ -IsScopedConnector $true -DNSRoutingEnabled $false -SmartHosts ‘[192.168.11.12]’,'[192.168.11.13]’ -SmartHostAuthMechanism ‘None’ -UseExternalDNSServersEnabled $false -SourceTransportServers ‘LAB-HCP01′,’LAB-HCP02′,’LAB2-HCP01′,’LAB2-HCP02’

 

You can refer to MSDN library link below for a full detail information about each important item to be configured on your send connector such as:-

Usage type:- For Send connectors, the usage type is basically a descriptive label that identifies what the Send connector is used for. All usage type values receive the same permissions.

Network settings:–  Configure how the Send connector routes mail: by using DNS or by automatically forward all mail to a smart host.

Address spaces :- Configure the destination domains that the Send connector is responsible for.

Scope :- Configures the visibility of the Send connector to other Exchange servers in the organization.

Source servers:– Configure the Exchange servers where the Send connector is hosted. Mail that needs to be delivered by using the Send connector is routed to one of the source servers.

(https://msdn.microsoft.com/en-us/library/aa998662(v=exchg.160).aspx)

 

NOTE:-  You can specify SMTP address spaces or non-SMTP address spaces on Send connectors that are configured on Hub Transport servers. You can only specify SMTP address spaces on Send connectors that are configured on Edge Transport servers.