Giving access to Office 365 leavers email
paul | Friday, 15 February 2019 | Office365 | leavers

When an Office 365 user leaves the company their Active Directory account would be disabled and at some point deleted. When ADConnect next syncs this would remove their Office 365 account and any Exchange Online mailbox attached to it. The mailbox would then become an inactive mailbox and after a set time that would be removed unless the mailbox was on litigation hold or had a retention policy against it. The inactive mailbox can be accessed suing the following powershell commands.

Getting a list of inactive mailboxes:

Get-Mailbox -InactiveMailboxOnly | FL Name,DistinguishedName,ExchangeGuid,PrimarySmtpAddress

Get an inactive mailbox:
 
$InactiveMailbox = Get-Mailbox -InactiveMailboxOnly -Identity <identity of inactive mailbox>
 
Recovering an inactive mailbox - replaces inactive mailbox with active one:
 
New-Mailbox -InactiveMailbox $InactiveMailbox.DistinguishedName -Name annbeebe -FirstName Ann -LastName Beebe -DisplayName "Ann Beebe" -MicrosoftOnlineServicesID [email protected] -Password (ConvertTo-SecureString -String '[email protected]' -AsPlainText -Force) -ResetPasswordOnNextLogon $true
 
Restoring an inactive mailbox contents to an existing mailbox - copying and merging contents:
 
New-MailboxRestoreRequest -SourceMailbox $InactiveMailbox.DistinguishedName -TargetMailbox newemp[email protected] -AllowLegacyDNMismatch
 
Restoring to a specific folder rather than merging:
 
New-MailboxRestoreRequest -SourceMailbox $InactiveMailbox.DistinguishedName -TargetMailbox [email protected] -TargetRootFolder "Inactive Mailbox" -AllowLegacyDNMismatch
 
Restoring inactive mailboxes archive to existing users archive:
 
New-MailboxRestoreRequest -SourceMailbox $InactiveMailbox.DistinguishedName -SourceIsArchive -TargetMailbox [email protected] -TargetIsArchive -TargetRootFolder "Inactive Mailbox Archive" -AllowLegacyDNMismatch
 
The key is to ensure retention policy is applied, or litigation hold, before deletion to allow the inactive mailbox to be retained and recovered.

 

Display Comments...
Office 365 Security Alert: Elevation of Exchange admin privilege
paul | Thursday, 14 February 2019 | Office365 | Alerts

We recently received a worrying security alert about elevation of exchange admin priviledge.

A low-severity alert has been triggered

⚠ Elevation of Exchange admin privilege

Severity: ● Low

Time: 2/14/2019 3:15:00 PM (UTC)

Activity: GrantAdminPermission

User: [email protected]

Details: GrantAdminPermission. This alert is triggered whenever someone in your organization becomes an admin or gets new admin permissions.

   View alert details   

Thank you,
The Office 365 Team

 

A check of global admins confirmed that nobody had assigned the Exchange Admin role but a quick google returned a webpage explaining this alert occurs by design when either a Sharepoint/Skype for Business/Exchange role had been assigned.

https://support.microsoft.com/en-gb/help/4039823/boxserviceaccount-is-added-to-a-role-in-office-365-alerts

 

 

Display Comments...
Error accessing Outlook Web Access
paul | Thursday, 13 December 2018 | Office365 | OWA

When accessing Outlook Web Access the error below is displayed after login:

X-ClientId: 0DBF7AF36AB94DA722A9FB4D8D807

request-id a7c5806f-0929-41ac-84d4-d7f40ef7b2d0

X-Auth-Error OpenIdConnect Microsoft.Exchange.Clients.Security.AccountTerminationException

X-OWA-Version 15.20.1425.20

X-FEServer LO2P265CA0129

X-BEServer LO2P265MB1134

Date:13/12/2018 14:47:49

Everything looked ok with the account but it would not access the mailbox from the Outlook client or OWA.

Fixed by removing the Exchange Online license from the user and then readding it after a short while.

 

Display Comments...
SQL Server 2016 Database Mail not working
paul | Friday, 30 November 2018 | SQL Server | mail

After configuring SQL Server 2016 Database Mail then running a test the server fails to transmit the emails.

If you go to the binn folder for the SQL Server and then double click on the DatabaseMail.exe it displays the error message below:

Using Add/Remove roles, in Server Manager, to install .NET Framework 3.5 Features\.NET Framework 3.5 (includes .NET 2.0 and 3.0).

Once the framework has installed then Database Mail works when tested.

Display Comments...
Backup of Windows Certificate Authority
paul | Thursday, 29 November 2018 | Windows | Powershell

To backup the data for a Windows Certificate Authority you can run the powershell command below on the server with the role installed.

Backup-CARoleService "c:\backupfolder" -Password (Read-Host -prompt "Password:" -AsSecureString)

This will create a backup of the database and the certificate in case something goes wrong. To restore use the following command:

Restore-CARoleService "c:\backupfolder" -Password (Read-Host -Prompt "Password:" -AsSecureString)

To run as a scheduled task you can create a secure password file and feed that into the script below:

# Backup Certificate Authority
# To create password file run: (Get-Credential).Password | ConvertFrom-SecureString | Out-File "Password.txt"
$pass = Get-Content "Password.txt" | ConvertTo-SecureString
 
$date = Get-Date
$date = $date.ToString("dd-MM-yyyy")
Backup-CARoleService "c:\backups\$date" -Password $pass
 
Then the data can be restored easily if something goes wrong with your certificate authority server.
 
Display Comments...
Page 1 of 71 (355 Articles) << 1 2 3 4 5  Next >>