Tag: Powershell

MailNonUniversalGroup – Distribution List

Posted on by Josh U

Happy New year 2020. I wish you more progress this year from where you left off last year. Now let’s dive right to our topic on MailNonUniversalGroup distribution list. So i had a case where users where complaining of not receiving emails sent to a distribution list. After several minutes tracing the messages, it came to a halt with the following interesting details from the trace log:-

——–

Source : ROUTING
EventId : DROP

RecipientStatus : {[{LED=250 2.1.5 RESOLVER.GRP.Expanded; distribution list expanded};{MSG=};{FQDN=};{IP=};{LRT=}]}

——–

Some further digging and here is what i found for the distribution group that was not receiving emails:-

Get-DistributionGroup "nameofmydistributionlist" | fl recipienttypedetails

RecipientTypeDetails : MailNonUniversalGroup

Result shows my distribution group was of type: MailNonUniversalGroup

Further checking on when this group was first created in AD, shows far back as of 2012, and this must have been when it was migrated from previous legacy exchange 2003 to exchange 2010 but was not upgraded to a universal group at that time.

Microsoft recommends to convert all legacy exchange distribution groups to “universal” groups for use on Exchange 2010/2013/2016/2019 especially if you want to have all the features of distribution groups included.

In my case the distribution group members where on office365 and they needed to receive external email sent to the email address of the distribution list.

To solve, change the distribution group from MailNonUniversalGroup to Universal, I did this via exchange powershell:-

Get-DistributionGroup "nameofmydistributionlist" | Set-Group -Universal

wait a few minutes for replication and check again using:-

Get-DistributionGroup "nameofmydistributionlist" | fl recipienttypedetails

RecipientTypeDetails : MailUniversalDistributionGroup

It has now been converted to MailUniversalDistributionGroup

Now we can receive emails sent to the distribution list without any issues.

Tip: To do this in bulk for all your distribution groups that was just migrated over from legacy exchange versions 2003/2007, you can use the following command which will change all mailnonuniversalgroups to universal:-

Get-DistributionGroup -ResultSize unlimited -RecipientTypeDetails mailnonuniversalgroup | Set-Group universal

and then to apply the upgrade :

Get-DistributionGroup -ResultSize unlimited | Set-DistributionGroup -ForceUpgrade

Managing MailContacts created in Exchange 2007 in our Exchange 2013

Posted on by Josh U

Hello,

Today, I will show you how to manage MailContacts in an exchange 2007 / exchange 2013 co-existence scenario and also how to easily migrate your bulk mail contacts from Exchange 2007 to Exchange 2013 , this can also be applied to Exchange version 2010 where you plan to move up to 2013/2016 or when you have co-existence and have to toggle managing MailContacts between the higher and lower Exchange version.

Always Note:-

You cannot use a lower version of Exchange server to modify an Exchange object that was created/upgraded in a higher version of Exchange, and likewise, from a higher version of Exchange you will be first asked to upgrade that Exchange object to a higher version before you can modify it.

Common errors you will face:-

Exchange 2007

Screenshot-20181018122532-446x509

Or via powershell:-

Screenshot-20181018122705-1106x228

From Exchange 2013 powershell when modifying a mailcontact originally created in Exchange 2007 you will get this warning:-

Screenshot-20181018115734-984x220

 

TIP:-  Always check the Exchange version of the object that you need to modify or migrate, this will make things easier..

In powershell you can run:-

Get-recipient mytest@contoso.de | fl exchangeversion, name, externalemailaddress

This outputs the Exchange version – Exchange 2013  0.20 {15.0.0.0} for the external mailcontact menothappy@contoso.de

Screenshot-20181018122425-698x131

You can check the different Exchange versions on Microsoft technet link here  – https://technet.microsoft.com/en-us/library/hh135098(v=exchg.150).aspx

To upgrade/migrate/modify a mailcontact that was created in Exchange 2007, we want to manage this mailcontact in our Exchange 2013 :-

Created in 2007:-

Screenshot-20181018115043-635x567

In Exchange 2013:-

Screenshot-20181018115236-754x338

 

We can run the following commands in Exchange Management Shell in Exchange 2013 to upgrade the mailcontact :-

  1. Get-MailContact ‘Happy, Me’ | fl ExchangeVersion,ExternalEmailAddress
  2. Get-mailcontact ‘Happy, Me’| Set-mailcontact -ExternalEmailAddress ‘mytest@contoso.de‘ -Force:$true
  3. Get-recipient ‘Happy, Me’ -ReadFromDomainController:$true| fl ExchangeVersion,ExternalEmailAddress

 

To do it from ECP Exchange 2013 (read and accept the warning message):-

Screenshot-20181018115401-621x505

Once completed you can now easily manage the mailcontact in 2013. Lets try to change the SMTP email address from mytest@contoso.de to menothappy@contoso.de :-

Screenshot-20181018120854-891x97

We can do it easily, no more warnings no more errors and in future we can easily change/modify/delete the mailcontact from Exchange 2013.

For Migrating mailcontacts in bulk, you can first use the commands I have provided above to gather information for their ExternalEmailAddress , displayname, put them all in a CSV, name the columns ExternalEmailAddress, DisplayName, then add your mailcontacts external emailaddress and their display names.

You can modify the powershell command above to something like:-

Import-CSV “D:\mycontactsbulk.csv” | foreach {Set-MailContact $_.DisplayName -ExternalEmailAddress $_.ExternalEmailAddress -Force:$true}

First test it with 1 contact and get the results and then you can do it in bulk.

Cannot set the security descriptor of mailbox

Posted on by Josh U

You may come across this error in powershell – Cannot set the security descriptor of mailbox…. For me it was occurring in the beginning when we were doing a small number of mailbox migrations from Exchange 2010 to Exchange 2016 and assigning mailbox permissions.

Screenshot_1

“Cannot set the security descriptor of mailbox…….. in exchange mailbox database ……..”

Error appeared when I used below exchange powershell command to grant full access permission to userB on userA mailbox:-

Add-MailboxPermission -Identity "userA" -User "userB" -AccessRights FullAccess -InheritanceType All

Cause:-

Changes in user attributes in AD after migrating user from Exchange 2010 to Exchange 2016.

Powershell is throwing this error because the mailbox that you are trying to add the full access permission is now hosted in a higher version of exchange than the server you are running the powershell command from.

In my case, it means i should be running the Add-MailboxPermission command above in Exchange 2016 exchange management shell where the mailbox of userA is now hosted after it was migrated from Exchange 2010.

Solution:-

  1. Check which database the mailbox is currently on, and which version of Exchange server.

Get-Mailbox -Identity UserA | fl database,exchangeversion

2. Use Exchange powershell on a higher version of  exchange where the mailbox now resides after migration. If mailbox was migrated from Exchange 2010 to Exchange 2016, so you will have to run the command from Exchange 2016 management shell to add the permissions successfully.

Add-MailboxPermission -Identity "userA" -User "userB" -AccessRights FullAccess -InheritanceType All

You can always refer to this Microsoft technet link to know your versions of Exchange from the exchangeversion result you get 🙂 

https://technet.microsoft.com/en-us/library/hh135098(v=exchg.150).aspx

Leave a comment and let me know if it worked for you.

Powershell command to quickly check licenses assigned to an Office365 user – Office365

Posted on by Josh U

Today I will share with you my powershell command I use to quickly know what licenses are provisioned for a user in office365. It’s faster and saves the time to do it via the admin panel.

First you will need to have Microsoft Azure Active Directory Module installed for your windows powershell. You only need to do this once if you don’t already have this module installed.

To download this Module for your powershell,  here is the OS requirements:-

  • Windows 10, Windows 8.1, Windows 8 or Windows 7 Service Pack 1 (SP1)
  • Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 SP1

Follow the steps here to install it:- https://docs.microsoft.com/en-us/office365/enterprise/powershell/connect-to-office-365-powershell

msazurepowershellmodule

Connect to Azure AD for your office365 subscription:-

  1. In your powershell screen enter the below commands:-

$UserCredential = Get-Credential
Connect-MsolService -Credential $UserCredential

Type your Office 365 Administrator account user name and password, and then click OK. Now you are ready to check user license.

2. Enter the following command:-

(Get-MsolUser -UserPrincipalName myname@company.com).Licenses.ServiceStatus

getuserlicence

You can now see the service plans and licenses assigned to the user.