If you need to restrict access to Office365 for users outside your company at all or just for group of them then you need to use ADFS servers.
When you have set them properly and you can be authenticated by ADFS, then you can configure ADFS claims to restrict the Office 365 access.
First, I've tried use the solution provided in this link:
http://technet.microsoft.com/pl-pl/library/hh526961(v=ws.10).aspx
But, this not work in my environment.
I've been looking for article below, but can't find it as "limiting access".
Then when asked Microsoft they give me the right link.
Thanks!
Here is the right link:
http://blogs.technet.com/b/askds/archive/2012/06/26/an-adfs-claims-rules-adventure.aspx
Microsoft Exchange Admin Notebook Blog created to save time and nerves for Exchange admins. exchange.ittips.eu
Friday, 5 September 2014
Office365: Add new licence / subscription key to the tenant
Hi,
Today easy and short tip, but you could wander around for hours searching this:
When you have bought new licences you can easily add key to the subscription.
Go to the Volume Licencing Center at:
https://www.microsoft.com/Licensing/servicecenter/default.aspx
(If you have not logged in earlier here you need to register with e-mail account provided with licence order)
Get (copy) your subscription key from the license.
Next go to this link:
https://portal.office.com/Commerce/ProductKeyRedeem.aspx?paymenttype=1
and paste the key.
That's all!
If you have used trial licences you'll have to change your user's licences from trials to the new one.
Today easy and short tip, but you could wander around for hours searching this:
When you have bought new licences you can easily add key to the subscription.
Go to the Volume Licencing Center at:
https://www.microsoft.com/Licensing/servicecenter/default.aspx
(If you have not logged in earlier here you need to register with e-mail account provided with licence order)
Get (copy) your subscription key from the license.
Next go to this link:
https://portal.office.com/Commerce/ProductKeyRedeem.aspx?paymenttype=1
and paste the key.
That's all!
If you have used trial licences you'll have to change your user's licences from trials to the new one.
Monday, 2 June 2014
Office365: Cannot move, migrate mailbox. The operation couldn't be performed because object couldn't be found on...
The operation couldn't be performed because object couldn't be found on...
This error appears when you try to move (migrate) mailbox from on premises Exchange to the Office365. It means that object with same date exists in both sides and it differs in some way.
It could happen if you have created mailbox in Office365 without migration from on premises Exchange.
To resolve this issue, you need to remove user from Office365 side and synchronize it again and then migrate mailbox to the cloud.
So, connect to Office365 from Powershell.
Then run:
Remove-MsolUser -UserPrincipalName user@domain.com
Next, run:
Remove-MsolUser -UserPrincipalName user@domain.com -RemoveFromRecycleBin
Now, wait for dirsync replication or force it and you should have the ability to move the mailbox to Office365 from onprem Exchange.
This error appears when you try to move (migrate) mailbox from on premises Exchange to the Office365. It means that object with same date exists in both sides and it differs in some way.
It could happen if you have created mailbox in Office365 without migration from on premises Exchange.
To resolve this issue, you need to remove user from Office365 side and synchronize it again and then migrate mailbox to the cloud.
So, connect to Office365 from Powershell.
Then run:
Remove-MsolUser -UserPrincipalName user@domain.com
Next, run:
Remove-MsolUser -UserPrincipalName user@domain.com -RemoveFromRecycleBin
Now, wait for dirsync replication or force it and you should have the ability to move the mailbox to Office365 from onprem Exchange.
Friday, 30 May 2014
Office365: MRSProxy.svc issue - update
Some time ago I wrote a post about MRSProxy.svc problems:
http://exchange.ittips.eu/2014/01/office365-new-mailboxmoverequest-causes.html
http://exchange.ittips.eu/2014/01/office365-new-mailboxmoverequest-causes.html
I have not got into account migration endpoint settings.
When this issue appeared again and I cannot move mailboxes to the Office365 at all, then I have checked endpoint settings.
It seemed that the password used for migration endpoint has been changed by other administrator and was not refreshed in Office 365 panel.
After entering password again, I can again move mailboxes!
To change migration endpoint password, go to:
Exchange administrative panel, users, migration.
On the right, low corner, check migration endpoint , click Details
Change password for administrator or enter new admin credentials.
When this issue appeared again and I cannot move mailboxes to the Office365 at all, then I have checked endpoint settings.
It seemed that the password used for migration endpoint has been changed by other administrator and was not refreshed in Office 365 panel.
After entering password again, I can again move mailboxes!
To change migration endpoint password, go to:
Exchange administrative panel, users, migration.
On the right, low corner, check migration endpoint , click Details
Change password for administrator or enter new admin credentials.
Office365: Cannot remove custom domain
When you need to remove one of your custom domains from Office 365 you can find that you cannot do this.
One of possible issues with this is when you are working in hybrid environment and if you have DirSync working which synchronizes your AD to the Microsoft cloud.
This is one of undocumented behaviors of Office 365, that you cannot remove domains, i.e. not all of them, cause I have just done this without problems with some, but still cannot do this with others.
When I have searched for resolution on Office365 Community and other Google sites and blogs, I found nothing than "Before you remove a domain name from Office 365, you have to remove anything that is using the domain name":
http://office.microsoft.com/en-us/office365-suite-help/remove-a-domain-HA102818535.aspx
Fortunately, if you are working in hybrid environment, the shorter path exists.
First login to your Office 365 tenancy from powershell:
Connect-MSolService
Run:
Get-MsolUser -DomainName yourdomainname.com
If you get some entries here, then you have to disable this users licences in Office365 panel
If now Get-MsolUser -DomainName yourdomainname.com gives you empty return, then you can go further. If not, you have to disable licences assigned to users with your domain e-mail addresses.
After getting empty result for Get-MsolUser -DomainName yourdomainname.com , you can
Run:
Get-MsolGroup -All | where {$_.proxyaddresses -match "yourdomainname.com"}
You probably see some entries here.
You will need to remove addresses with your domain aliases from those groups.
If your company have dirsync configured, then you will need to remove those aliases from AD.
If you are running hybrid confirutation, with Exchange on-premises, you can remove those aliases from Exchange side.
After removal wait about 15 minutes, force DirSync synchronization and check on the Office 365 side, again running the:
Get-MsolGroup -All | where {$_.proxyaddresses -match "yourdomainname.com"}
If, finally you will get empty result, you can remove the domain from Office 365 side.
Wish you luck!
One of possible issues with this is when you are working in hybrid environment and if you have DirSync working which synchronizes your AD to the Microsoft cloud.
This is one of undocumented behaviors of Office 365, that you cannot remove domains, i.e. not all of them, cause I have just done this without problems with some, but still cannot do this with others.
When I have searched for resolution on Office365 Community and other Google sites and blogs, I found nothing than "Before you remove a domain name from Office 365, you have to remove anything that is using the domain name":
http://office.microsoft.com/en-us/office365-suite-help/remove-a-domain-HA102818535.aspx
Fortunately, if you are working in hybrid environment, the shorter path exists.
First login to your Office 365 tenancy from powershell:
Connect-MSolService
Run:
Get-MsolUser -DomainName yourdomainname.com
If you get some entries here, then you have to disable this users licences in Office365 panel
If now Get-MsolUser -DomainName yourdomainname.com gives you empty return, then you can go further. If not, you have to disable licences assigned to users with your domain e-mail addresses.
After getting empty result for Get-MsolUser -DomainName yourdomainname.com , you can
Run:
Get-MsolGroup -All | where {$_.proxyaddresses -match "yourdomainname.com"}
You probably see some entries here.
You will need to remove addresses with your domain aliases from those groups.
If your company have dirsync configured, then you will need to remove those aliases from AD.
If you are running hybrid confirutation, with Exchange on-premises, you can remove those aliases from Exchange side.
After removal wait about 15 minutes, force DirSync synchronization and check on the Office 365 side, again running the:
Get-MsolGroup -All | where {$_.proxyaddresses -match "yourdomainname.com"}
If, finally you will get empty result, you can remove the domain from Office 365 side.
Wish you luck!
Thursday, 17 April 2014
Exchange 2010: EMC initialization failed
When you remove one of your Exchange servers, then you have chance to encounter EMC initialization error.
This is because removed server was chosen as the best to be managed by EMC.
you can delete this mapping and enforce EMC to choose another server.
To erase MMC settings, do the following:
1. Go to the c:\Users\username\AppData\Roaming\Microsoft\MMC
2. Delete “Exchange Management Console” file:
3. Run regedit
4. Delete this key:
This is because removed server was chosen as the best to be managed by EMC.
you can delete this mapping and enforce EMC to choose another server.
1. Go to the c:\Users\username\AppData\Roaming\Microsoft\MMC
2. Delete “Exchange Management Console” file:
4. Delete this key:
Monday, 24 March 2014
Office365: Force DirSync to synchronize AD with the cloud
If you don't want to wait for dirsync to operate within its interval, you could force it to make instant synchronization.
To do this, follow the procedure:
1.Run Powershell
2.Go to the directory where you have installed dirsync tool.
In my case it was:
Program Files\Windows Azure Active Directory Sync
3.Run the script:
.\DirSyncConfigShell.psc1
4.In new window which will appear, run
Start-OnlineCoexistenceSync
The directory has been synchronized.
To do this, follow the procedure:
1.Run Powershell
2.Go to the directory where you have installed dirsync tool.
In my case it was:
Program Files\Windows Azure Active Directory Sync
3.Run the script:
.\DirSyncConfigShell.psc1
4.In new window which will appear, run
Start-OnlineCoexistenceSync
The directory has been synchronized.
Wednesday, 12 March 2014
Exchange 2010/2013: Reconnect mailboxes for deleted users
When you delete user account from AD and not delete mailbox itself, it is possible to reconnect this mailbox to the other user.
First find in which database this mailbox exists. If you remember only name of the user, you can use -match operator:
First find in which database this mailbox exists. If you remember only name of the user, you can use -match operator:
Get-MailboxDatabase|Get-MailboxStatistics|where {$_.displayname -match "Kowalski"}|fl displayname,mailboxguid
Then you should get MailboxGuid you need.
Next, select or create mail disabled user and point it with connect-mailbox command
Connect-Mailbox MailboxGuidhere -database databasename -user newuser
Office365: Cannot use connect-msolservice cmd-let
When I've tried to use Connect-MSolService to manage users in Office365 from powershell it turned out that I can't use this cmd-let.
I thought that I didn't install some of components probably, but this was not the case.
I'm in the middle of migration from on-premises to the cloud.
I have not finished configuring main domain and I've tried to connect to Office365 with the main domain which MX record still points to on-premises server.
If you need to manage user accounts in Office365 and you didn't moved your domain the cloud, use the WWW panel(EAC).
After migration I still cannot use MSolService module.
I've found the right reason: the module was in System32 path folder, which is used by 32bit systems.
After moving it to the same place in SysWow64 path, module has been loaded correctly.
So, the really fix is:
Copy folders MSOnline and MSOnlineExtended from C:\Windows\System32\WindowsPowershell\v1.0\Modules
to
C:\Windows\SysWow64\WindowsPowershell\v1.0\Module
I thought that I didn't install some of components probably, but this was not the case.
I'm in the middle of migration from on-premises to the cloud.
I have not finished configuring main domain and I've tried to connect to Office365 with the main domain which MX record still points to on-premises server.
If you need to manage user accounts in Office365 and you didn't moved your domain the cloud, use the WWW panel(EAC).
After migration I still cannot use MSolService module.
I've found the right reason: the module was in System32 path folder, which is used by 32bit systems.
After moving it to the same place in SysWow64 path, module has been loaded correctly.
So, the really fix is:
Copy folders MSOnline and MSOnlineExtended from C:\Windows\System32\WindowsPowershell\v1.0\Modules
to
C:\Windows\SysWow64\WindowsPowershell\v1.0\Module
Saturday, 1 March 2014
Exchange2013: SP1 has been released!
SP1 for Exchange 2013 has been released. You can download it h e r e
Some known issues are now fixed:
Some known issues are now fixed:
- 2860242 HTML format is lost after saving as an MSG file in Exchange 2013
- 2900076 Mailbox quota warning message uses an incorrect language in Exchange Server 2013
- 2910199 "Reply all by IM" chat window displays seven recipients in Outlook Web App
- 2913999 Meeting request body and instructions are lost in delegate's auto-forwarded meeting request
- 2918655 Microsoft.Exchange.Servicehost.exe crashes after you enable FIPS
- 2918951 Users cannot access public folders after you upgrade to Exchange Server 2013 Cumulative Update 3
- 2925281 Outlook connectivity issue if SSLOffloading is "True" in Exchange 2013
- 2925544 Empty ExternalURL value for ActiveSync virtual directory after build-to-build upgrade of Exchange Server 2013
- 2927708 Resource mailboxes that are created by EAC will not be updated by policies in Exchange Server 2013
- 2928748 Default from delegate's address in shared mailboxes in Exchange Server 2013
- 2928803 Long server connection for Outlook after a database failover in Exchange Server 2013
- 2930346 POP3 access does not work if the name of the resource mailbox differs from the user's name
- 2930348 Manual redirection occurs in Outlook Web App if External URLs in each site are the same
- 2930352 Outlook Web App cross-site silent redirection does not work in Exchange Server 2013
Wednesday, 26 February 2014
Office365: Outlook 2007 cannot connect / configure profile
During the migration to Office365 we've prepared many computers with Office2007 installed.
Some of them could connect to Office365 immediately and others not.
Because we've had set gpo's for Outlook settings and autodiscover worked properly it was hard to find what caused the problem.
Problem - authentication
The problem was with authentication. Problematic Outlook's didn't have anonymous option in the security settings on connections tab.
Solution - Microsoft Updates
Outlooks which caused problems were set to NOT get Microsoft Updates.
After check the option to automatically get updates in Outlook settings and install them - anonymous option was in place and profiles has been configured properly.
Monday, 10 February 2014
Office365: Manually configure Outlook profile
If you have problems configuring Outlook profile with Outlook.com autodiscover, then reading this should help you. If you need to resolve this, check this post:
http://exchange.ittips.eu/2014/02/office365-cannot-configure-outlook-with.html
Steps for configure Outlook Office 365 profile manually:
1. Logon to Office365 from powershell as described here:
http://exchange.ittips.eu/2014/01/office365-how-to-connect-to-from.html
2. Get your mailbox cloud ExchangeGuid:
Get-Mailbox mailboxname |fl ExchangeGuid, OriginatingServer, PrimarySmtpAddress,UserPrincipalName
3. Copy this data to your computer with Outlook.
4. Go to your computer with Outlook.
5. Open Mail in Control Panel options. Click Add New Account.
6. Choose Manually configure server settings or additional server types
7. Choose Microsoft Exchange or compatible service:
8. Click More Settings:
9. In the connection tab, select Connect to Microsoft Exchange using HTTP:
10. Click Exchange Proxy Settings...
11. Fill in the tabs:
12. Go to the Security tab and select "Anonymous Authentication" in Logon network security:
Click OK.
13. In the Add New Account window fill fields with data that you've gathered from Office365
ExchangeGuid@domain, for example
123456a1-1es1-22bb-33aa-a123a1a1234a@domain.com
OR
you can use Originating Server Name which will look for user name you provided, for example:
AMXAB01A001.mail.outlook.com
15. In the User Name, enter user PrimarySMTPAddress
Click Check Name
You should then get credential pop-up which is good sign:
16. In the user name field use the UserPrincipalName - probably the short alias.
17. Enter the password and...
Voila! You are in.
Well, you should, but... If you still have problems configuring this, then consider following, mostly if you had this profile earlier, for example after migration from on-premises to the cloud:
1. Delete all Outlook credentials from
Windows Credential Manager
2. Go to the Control Panel/Mail
3. Delete current profile
4. Create new profile
Subscribe to:
Posts (Atom)