Skip to content
May 13, 2016 / Don

An easy way to start a set of VM’s in Azure

Here is an easy way to start a set of VM’s in Azure

I put a sleep between them so the DC has time to come online before Exchange.

$ServerArray = "DC-01","Ex-2016"
ForEach ($Server in $ServerArray) {
write-host $server
Start-AzureRMVM –Name $Server -ResourceGroupName dw-ResourceGroup
Start-Sleep -s 120

Advertisements
May 13, 2016 / Don

Getting the Status of all Azure VM’s

I wanted to make sure all my VM’s were shut off in my lab when I’ve completed. Since I’ve converted everything to the resource manager, I couldn’t just use “Get-AzureVM –status” so I came up with this.

 

cls
Get-AzureRmVM -ResourceGroupName dw-ResourceGroup | foreach{
$vm = Get-AzureRmVM -ResourceGroupName dw-ResourceGroup -name $_.name -status
write-host ".."
write-host ".."
write-host "Server  Name – " $_.name
$vm.Statuses.displaystatus[1]}
write-host ".."

 

You want to see “VM deallocated”

 

image

May 12, 2016 / Don

.NET Framework 4.6.1 is not supported on Exchange 2013/2016

.NET Framework 4.6.1 is not supported on Exchange 2013/2016.  Our customers that have updated .NET during their patch process have had it affected the performance on Exchange and also left several Exchange components in a dysfunctional state.

The following article provides guidance on the removal of .NET Framework 4.6.1: http://www.expta.com/2016/02/how-to-uninstall-net-framework-461.html

The beginning of the article provides a mechanism to prevent NET Framework 4.6.1 from being installed using the normal Microsoft update process, where I elected to create the following bat file to prevent the installation and subsequently remove it, if installed.

 

You Had Me At EHLO… The Microsoft Exchange Team Blog states: “As we have already stated in the Exchange Supportability Matrix, at this time, this version of .NET framework is not supported by Exchange. In fact, we know of some issues if it is installed. “

May 9, 2016 / Don

A script to get a count of the number of users per server per DAG

Shared from Ron Williams @ https://r0nwilliams.wordpress.com/

A script to get a count of the number of users per server per DAG:

##Script start

$AllData = New-Object System.Collections.ArrayList
$Dags = Get-DatabaseAvailabilityGroup
foreach ($Dag in $Dags)
{
foreach ($Server in $Dag.Servers)
{
$Count = (get-mailbox -Server $Server -ResultSize unlimited).count
$Object = New-Object PSCustomObject -Property @{
ServerName = $Server
Users =       $Count
DAGName = $Dag.Name
}
[void]$AllData.Add($Object)
}
}
$AllData

 

 

Looks like:

t

May 5, 2016 / Don

White list Office 365 for Individual users from a Spreadsheet

This script will ask what the users UPN is, then set the addresses in the spreadsheet as white listed.

##Start Script

$r = Read-Host "What is the users email address"
$allU = @()
$file = get-content c:\temp\user.csv
Foreach ($usr in $file){
$allU += $usr
}
Set-MailboxJunkEmailConfiguration -Identity $r -TrustedSendersAndDomains $allU -Enabled $true

##End Script

 

You can add a block list by adding the –BlockedSendersAndDomains  or changing to it.

 

Set-MailboxJunkEmailConfiguration -Identity <MailboxIdParameter> [-BlockedSendersAndDomains <MultiValuedProperty>] [-Confirm [<SwitchParameter>]] [-ContactsTrusted <$true | $false>] [-DomainController <Fqdn>] [-Enabled <$true | $false>] [-IgnoreDefaultScope <SwitchParameter>] [-TrustedListsOnly <$true | $false>] [-TrustedRecipientsAndDomains <MultiValuedProperty>] [-TrustedSendersAndDomains <MultiValuedProperty>] [-WhatIf [<SwitchParameter>]]

 

The csv is just a list of email addresses, no header.

 

image

April 27, 2016 / Don

Raising the Domain and Forest Functional Levels

This assumes you’ve already done the research, and you are fairly certain your environment is ready for the functional level upgrade. You are aware of all applications and services you have in your environment and are certain the upgrade will not break their authentication. If you have services in question, they should be tested.

Important

Raising the domain and forest functional levels to Windows Server 2003 is a nonreversible task and prohibits the addition of Windows NT 4.0–based or Windows 2000–based domain controllers to the environment. Any existing Windows NT 4.0 or Windows 2000–based domain controllers in the environment will no longer function. Before raising functional levels to take advantage of advanced Windows Server 2003 features, ensure that you will never need to install domain controllers running Windows NT 4.0 or Windows 2000 in your environment.

 

Note The new DFL(Domain Functional Level) and FFL(Forest Functional Level) only affects the way that the domain controllers operate together as a group.

With versions of Windows Server that are earlier than Windows Server 2008 R2, you cannot roll back or lower a functional level under any circumstances. If you have to revert to a lower functional level with a version of Windows Server that is earlier than Windows Server 2008 R2, you must rebuild the domain or forest or restore it from a backup copy.

Steps to take to raise the functional levels.

If the environment is still in Windows 2000 mode (you cannot go directly to Windows 2008 or Windows 2012) you must get to a Windows 2003 functional level first.

 

  • Build a new domain controller or use an existing DC to take offline. Make sure you give plenty of time for replication to complete if new. I like to wait at least a couple of hours, although it shouldn’t take that long. This will be used for roll back to the existing state if its required. Force replication with “repadmin /syncall”
  • It doesn’t hurt to also make a verified backup
  • Upgrade the forest and domain level to Windows 2003 native
  • It is suggested to leave this for a week or so to verify there are no dependencies.

Once at Window’s 2003 Mode (or if you already are at Windows 2003 Native mode or above)

  • Take an inventory of all Services running on all Existing DC’s (DNS, DHCP, WINS, etc)
      • Verify and document DNS configuration
      • Verify and document DHCP configuration
      • Confirm any other services that need to be moved off of the DC’s
  • Verify time sources.
  • Install a Windows 2012 R2 (its recommended at least 2 DC’s, but plan for your DC count)
  • Promote these to a Domain controller
  • Move all services as required. (keep in mind moving of DNS and DHCP takes some planning and coordination)
  • Move all FSMO roles to the new DC’s
  • Configure time source on the new PDC emulator.
  • Once again make a New DC that can be taken offline. Make sure you give plenty of time for replication to complete. I like to wait at least 12 hours, although it shouldn’t take that long.
  • Shut down the DC that will be used in case of rollback.
  • It doesn’t hurt to also make a verified backup as well
  • If you started in Windows 2000 mode, the DC’s we turned off above must be removed from the domain. In most cases you can right click and delete them in ADU&C. When ask for verification you’ll select yes, but be sure you do not check the “This is the last dc” check box.
  • The new domain controller (the one created on the second cluster) can now be shut down so we have a roll back point to the “now” state.
  • We can then raise the domain and forest functional level.
  • Once that is done, we can wait at least a couple of days, if all is well, turn on the third DC again (the one created for backup (rollback DC). Let it replicate and remain as an DC or demote it back to a member server as you wish

Note: Make sure you always have virtualized domain controllers on separate host and separate cluster in case of a virtualization failure.

Note: it’s not uncommon to find a DC in there nobody remembers that we need to get rid of. (see the ntdsutil link above)

In the rare instance you’ll need to roll back, all existing DC’s will need to be turned off, and the rollback DC turned on. Additional DC’s can be rebuilt if required. This can be quit an undertaking in large environments so it should be thought and planned out ahead of time. (I’ve only had to do this once, back in the Windows 2000 days)

You’ll then need to clean up the domain (remove all DC’s now shut off, and its best to delete them if virtual, or wipe them if hardware) and ensure they do not get turned back on as DC’s.

Next fix the issue that required the rollback and start over.

As you can see, its best to do a POC in a lab environment if at all possible.

Common Questions:

One of the most common questions I’ve had is “Can’t I just use a backup instead of taking DC’s offline”?

The Answer is “yes”. But keep in mind, (especially in smaller and mid-size environments) roll back with a DC offline is as quick as turning off all existing DC’s and turning one back on. At that point, you’re back to the forest domain state. In mid and large size environments you may need to add addition DC’s. See https://technet.microsoft.com/en-us/library/cc757662(v=ws.10).aspx

Common Mistakes: Raising DFL 2000 to 2003

https://support.microsoft.com/en-us/kb/555040

https://support.microsoft.com/en-us/kb/322692

https://technet.microsoft.com/en-us/library/cc787290(WS.10).aspx

 

More Risks:

https://technet.microsoft.com/en-us/library/hh994618.aspx#BKMK_AppCompat

https://blogs.technet.microsoft.com/askpfeplat/2012/04/09/a-few-things-you-should-know-about-raising-the-dfl-andor-ffl-to-windows-server-2008-r2/

 

Related Links

Install the Active Directory Schema snap-in ..  https://technet.microsoft.com/en-us/library/cc755885(v=ws.10).aspx

 

Moving FSMO roles ..  https://support.microsoft.com/en-us/kb/324801

I hope it helps

dw

April 20, 2016 / Don

How to connect Powershell to an Office 365 Tenant

Step 1: Install required software

These steps are only required once on each computer you will be running powershell from, not every time you connect.

Run this to connect:

$LiveCred = Get-Credential$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection

Import-PSSession $Session

Then to remove it:

Remove-PSSession $Session

If you close the Windows PowerShell window without disconnecting from the server-side session, your connection will remain open for 15 minutes. Your account can have only three connections to the server-side session at one time.

 

Hope it helps

dw

April 18, 2016 / Don

Mail Routing During a Dell-Quest Migration Manager Migration to O365

This describes mail routing during a Dell Quest Migration Manager Migration from On-Prem Exchange to Microsoft Office 365

Co-existence routing during the migration.

Step 1, add the user to the Dell Active directory Migration tool (DMA).

This step creates the GAL and sets initial mail routing.

When a user is added to the Dell Active directory Migration tool (DMA). A mailuser (similar to a contact) is added to Office 365 and the ExternalEmailAddress attribute set. This tells Office 365 to send the mail externally (back to on-prem) through a connector in O365 scoped to on-prem.

 

image

Step 2 Add the user to a Quest Mail or Calendar Sync

In office 365

Once the user is put into a Dell Migration Manager mail or calendar sync, they become licensed in O365 (licensing creates a mailbox).The Exchange Migration Manager (EMM) then adds an address using the users GUID to the ForwardingSmtpAddress in office 365. This forwards all mail back to on-prem from users in Office 365. (No outside mail is arriving in O365 yet)

The DeliverToMailboxAndForward attribute is left at “False” (default).

image

On-prem

On-prem the Exchange Migration Manager (EMM) adds a proxy address using the users GUID on-prem (same address that is stamped in the ForwardingSmtpAddress attribute in Office 365)

Note: if routing is not working for a user, verify these addresses match. This is mail from Office 365 to on-prem.

This can be set by running the following command in an Office 365 shell.

image

Mail from on-prem to office 365 is handled by the Dell Exchange Migration Manager. This allows for more than just mail forwarding, but also deletes, moves etc and keeps the mailbox in sync.

Step 3 Flip the user

In Office 365

When a user is “flipped” or switched as it is referred to in the tool, Dell Exchange Migration Manager removes the forwarding address in Office 365. All mail now remains in Office 365.

image

On-Prem

Once a user is flipped EMM sets the targetAddress attribute to the USI user account. This can be the GUID@mydomain.onmicrosoft.com or the username@mydomain.onmicrosoft.com, but the address in the targetAddress must be in the proxy list in O365. If routing for this user is an issue, make sure the addresses match. Check this with adsiedit.msc in USI.

Or

Get-QADUser username -IncludeAllProperties | select name,targetaddress

 

 

image

image

April 18, 2016 / Don

The Microsoft’s Consultant’s Road to Azure

CloudRanger’s Microsoft Azure Training (70-533): https://www.youtube.com/playlist?list=PLPie5drlGW25NnMjef7HRdSAqEjxz66Ky

These are well worth watching.

______________________________________

Intune and Exchange ActiveSync
http://www.msexchange.org/articles-tutorials/exchange-server-2013/mobility-client-access/intune-and-exchange-activesync-part1.html

______________________________________

Deploying a Highly Available AD FS 3.0 Solution in Windows Azure for Single Sign-on with Office365

http://office365support.ca/deploying-a-highly-available-ad-fs-3-0-solution-in-windows-azure-for-single-sign-on-with-office365/

______________________________________

Rights Management

Protecting documents with Azure Rights Management

https://blogs.technet.microsoft.com/msuspartner/2016/04/19/azure-partner-community-protecting-documents-with-azure-rights-management/

Azure Rights Management deployment roadmap

https://docs.microsoft.com/en-us/rights-management/plan-design/deployment-roadmap

______________________________________

April 18, 2016 / Don

Skype for cloud links

Skype for Business Cloud Connector Edition

http://blog.get-csjosh.com/2016/04/introducing-skype-for-business-cloud-connector-edition.html

____________________________________________

Latest updates and releases for Skype for Business

https://blogs.office.com/2016/03/09/expanding-the-reach-of-skype-for-business-meetings-and-voice-services-in-office-365/#.VuBJ80zzsRk.linkedin#DKXDvHYtj4x9rmy1.97

____________________________________________

Step By Step: Install and configure Skype for Business 2015 Edge Server

http://www.rtcpedia.com/Blogs/Action?blogId=10039&blogURL=StepByStepInstallEdgeServer

____________________________________________

Microsoft Test Lab Guides

http://blogs.technet.com/b/tlgs/

____________________________________________

The first 3-way TLG: Exchange Server 2013 TLG for Windows Server 2012 R2

http://blogs.technet.com/b/tlgs/archive/2014/06/25/the-first-3-way-tlg-exchange-server-2013-tlg-for-windows-server-2012-r2.aspx

____________________________________________

Skype for Business Cloud Connector Infrastructure Requirements Part I

https://insidemstech.com/2016/04/23/skype-for-business-cloud-connector-infrastructure-requirements-part-i/

____________________________________________

%d bloggers like this: