Add domains to Internal Relay on Exchange 2010

Here is a quick step to add new domains to your internal relay on Exchange.

If you are not familiar with what internal relay means and what are its impact, you can head over to Microsoft technet and read more:- https://technet.microsoft.com/en-us/library/bb124423(v=exchg.150).aspx#Anchor_2

internaldomains

 

  1.  open up the EMC console and under Organization Configuration >> Hub Transport >> Accepted domains, in the actions menu, select New Accepted domain
  2.  Enter the display name, you can use a different name than the actual accepted domain or for me I prefer to keep it the same.
  3.  Select internal relay domain and save.

Via powershell command:-

new-AcceptedDomain -Name ‘contoso.com’ -DomainName ‘testdomain.com’ -DomainType ‘InternalRelay’

4. To verify that the new accepted domain is working, I usually like to test by sending a test message and then see the results, you can do this via powershell as follows:-

Send-MailMessage -From noreply@newcontoso.com -To “administrator@contoso.com” -Subject “Test internal relay ” -Body “Test only. Do not reply” -SmtpServer “name of your hub server”

View the result from message tracking log:-

Get-MessageTrackingLog -ResultSize unlimited -Start “08/06/2018 9:00AM” -Recipients “administrator@contoso.com” -sender noreply@newcontoso.com -Server”name of your hub server”

This will help you to know immediately if something was wrong with your configuration and you can go back and follow the steps again.

Cannot set the security descriptor of mailbox – Exchange PowerShell error when assigning permissions in Exchange 2010/2013 or 2016 co-existence

I would like to shed some light for some of you who have exchange 2010/2013 or 2016 co-existence or still slowly upgrading from 2010 to 2013/2016, you may come across this error especially if you have not yet migrated all mailboxes over to exchange 2013 or 2016, also could be that the migration is being handled by another team or 3rd part vendor and you are still performing your regular daily exchange administrative tasks on the 2010 server. As part of your task you might have to add or remove mailbox permissions for a mailbox user and if you have a habit of just getting the user information, replace it into your command-lets notepad and run it on the Exchange server, you may run into this error.

Screenshot_1

“Cannot set the security descriptor of mailbox…….. in exchange mailbox database ……..”

In this case the following command was executed, to grant full access permission to a mailbox account:-

Add-MailboxPermission -Identity “userA” -User “userB” -AccessRights FullAccess -InheritanceType All

And then we got the error above.

Cause:-

Powershell is throwing this error because the mailbox that you are trying to add permissions is hosted in a more higher version of exchange than the server you are running the command from. That means you should be running the command in Exchange 2016 where the mailbox of userA is hosted, rather than in Exchange 2010 powershell.

Simply to say:-  You can’t change the properties of a mailbox in Exchange Server 2013 or 2016 when you connect to a server that is running Exchange Server 2010 🙂

Solution:-

  1. Check which database the mailbox is currently hosted on and which version of Exchange server. Use this command to check:-

Get-Mailbox -Identity UserA | fl database,exchangeversion

2.  Use exchange 2016 powershell, or 2013 powershell depending on your result from step 1.

You can always refer here to know your versions of Exchange 🙂 :-

https://technet.microsoft.com/en-us/library/hh135098(v=exchg.150).aspx

The proxy address “smtp:info@contoso.com” is already being used by “contoso.com/Microsoft Exchange System Objects/BI176-Folder”

Today one of my users encountered this error while trying to add a new SMTP address to an existing account.

The proxy address “smtp:info@contoso.com” is already being used by “contoso.com/Microsoft Exchange System Objects/BI176-Folder”. Please choose another proxy address.

errorsystemobjects

This is an Exchange 2007 mailbox,  to troubleshoot, I used ADSIEdit.msc tool to find the Exchange object causing the error, and under “class”  it was marked “Public Folder”, on the properties dialog, I could see under proxyAddresses attribute, the email address mentioned in the error.

errorsystemobjects2

Using PFDAVAdmin I was able to connect to the public folders in the organization and find one of the subfolders that was using the SMTP address in the error. I requested user to choose another SMTP address just as the error prompt suggested and that solved it. If the Exchange object is already orphaned and no longer in use in your organization you can delete it or rename the proxy-addresses attribute.

Powershell command to quickly check licenses assigned to an Office365 user – Office365

Today I will share with you my powershell command I use to quickly know what licenses are provisioned for a user in office365. It’s faster and saves the time to do it via the admin panel.

First you will need to have Microsoft Azure Active Directory Module installed for your windows powershell. You only need to do this once if you don’t already have this module installed.

To download this Module for your powershell,  here is the OS requirements:-

  • Windows 10, Windows 8.1, Windows 8 or Windows 7 Service Pack 1 (SP1)
  • Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 SP1

Follow the steps here to install it:- https://docs.microsoft.com/en-us/office365/enterprise/powershell/connect-to-office-365-powershell

msazurepowershellmodule

Connect to Azure AD for your office365 subscription:-

  1. In your powershell screen enter the below commands:-

$UserCredential = Get-Credential
Connect-MsolService -Credential $UserCredential

Type your Office 365 Administrator account user name and password, and then click OK. Now you are ready to check user license.

2. Enter the following command:-

(Get-MsolUser -UserPrincipalName myname@company.com).Licenses.ServiceStatus

getuserlicence

You can now see the service plans and licenses assigned to the user.

Powershell command to Create New Send connector for SmartHost – Exchange 2010

Today I was asked to create a new send connector. Its always good to have your information ready, or ask if not provided before getting started.

  • Name of send connector to be created
  • SMTP address space – e.g *.mail.contoso.com
  • Smart hosts IP address
  • Source servers that will route your emails.

Once ready you run the command in your Exchange powershell:-

new-SendConnector -Name ‘MYSENDCONNECTORNAME’ -Usage ‘Custom’ -AddressSpaces ‘SMTP:*.mail.contoso.com;1’ -IsScopedConnector $true -DNSRoutingEnabled $false -SmartHosts ‘[192.168.11.12]’,'[192.168.11.13]’ -SmartHostAuthMechanism ‘None’ -UseExternalDNSServersEnabled $false -SourceTransportServers ‘LAB-HCP01′,’LAB-HCP02′,’LAB2-HCP01′,’LAB2-HCP02’

 

You can refer to MSDN library link below for a full detail information about each important item to be configured on your send connector such as:-

Usage type:- For Send connectors, the usage type is basically a descriptive label that identifies what the Send connector is used for. All usage type values receive the same permissions.

Network settings:–  Configure how the Send connector routes mail: by using DNS or by automatically forward all mail to a smart host.

Address spaces :- Configure the destination domains that the Send connector is responsible for.

Scope :- Configures the visibility of the Send connector to other Exchange servers in the organization.

Source servers:– Configure the Exchange servers where the Send connector is hosted. Mail that needs to be delivered by using the Send connector is routed to one of the source servers.

(https://msdn.microsoft.com/en-us/library/aa998662(v=exchg.160).aspx)

 

NOTE:-  You can specify SMTP address spaces or non-SMTP address spaces on Send connectors that are configured on Hub Transport servers. You can only specify SMTP address spaces on Send connectors that are configured on Edge Transport servers.

 

Modify SmartHost IP in Exchange Send-connector – Exchange 2010

Today I received an email to modify the smarthost IP address of a send connector.

To do this you can get the existing information of the smarthost either via powershell or EMC, i prefer to use powershell.

Get-SendConnector NAMEOFSENDCONNECTOR| fl identity, smarthosts, sourcetransportservers

Result:-

Identity: MYSENDCONNECTOR

SmartHosts : {[192.168.3.4]}

SourceTransportServers : {BB0-MOB4-HUB01, BB0-MOB2-HUB01}


From above result we can see the existing smarthost IP that we want to change and the source transport servers which this connector applies to.

Now set the new IP:-

Set-SendConnector NAMEOFSENDCONNECTOR -SmartHosts “192.168.3.5” -Confirm

Note:-
<smarthosts> parameter
This parameter takes one or more FQDNs, such as server.contoso.com, or one or more IP addresses, separated by commas. If you enter an IP address, you must enter the IP address as a literal as follows, for example: 10.10.1.1. The smart host identity can be the FQDN of a smart host server, a mail exchange (MX) record, or an address (A) record. If you configure an FQDN as the smart host identity, the source server for the Send connector must be able to use DNS name resolution to locate the smart host server.  (https://msdn.microsoft.com/en-us/subscriptions/aa998294(v=exchg.80).aspx)

In EMC:-   Click on Hub Transport -> Send Connectors -> double click on your send connector -> Network -> under route mail through the following send connector, edit to add the new IP and remove the old one if needed. Ok to accept changes, check that the new IP is added.

Screenshot-20180511114820-439x475