de-DEen-GB
rss

Granikos Technology Blog

On August 26, 2019
388 Views

If you want to share free and busy details between two Exchange organizations, you usually use the Microsoft Federation Gateway. Sometimes this is not possible, e.g., for compliance reasons, or other business reasons. But there exists a way to do this, even without an Active Directory trust between two organizations.

Let us say we have two Exchange organizations: contoso.com and adatum.com.

The prerequisites are:

  • you can resolve and access the target AutoDiscover-endpoint from the source domain infrastructure (hint: you can use pin-point DNS zones)
  • you can resolve and access the Exchange Web Services (EWS) endpoint from the source domain infrastructure (note that the Availability Service (AS) accesses the InternalUrl)
  • you add an account in each Active Directory forest which does not have any specific permissions assigned (membership of "Domain Users" security group is sufficient, no mailbox needed). 

I will use user account freebusy in this example.

Execute the following in contoso.com Exchange organization using Exchange Management Shell:

$TargetSmtpDomain = 'adatum.com'
$TargetDomainAccount = 'adatum.com\freebusy'

Add-AvailabilityAddressSpace - Forest $TArgetSmtpDomain -AccessMethod OrgWideFB -Credentials (Get-Credentials -User $TargetDomainAccount) 

Set-AvailabilityConfig -OrgWideAccount $TargetDomainAccount.Split('\')[1]

 

Execute the following in adatum.com Exchange organization using Exchange Management Shell:

$TargetSmtpDomain = 'contoso.com'
$TargetDomainAccount = 'contoso.com\freebusy'

Add-AvailabilityAddressSpace - Forest $TargetSmtpDomain -AccessMethod OrgWideFB -Credentials (Get-Credentials -User $TargetDomainAccount) 

Set-AvailabilityConfig -OrgWideAccount $TargetDomainAccount.Split('\')[1]

 

Exchange Server in the source organization must be able to resolve the recipient address for requesting free/busy information from the target organization. Exchange Server can determine a target address accurately when you create the recipient object as a contact in the source Exchange organization. 

For this example, you create contact objects in adatum.com for all user in contoso.com and vice versa. You can use GalSync or any other identity management (IDM) software that can handle object synchronization.

 

Problem

When using Exchange Server 2013, or 2016, you may run into a problem.

The HttpProxy log of the requesting Exchange Server log will state that AutoDdiscover failed for generic mailbox 01B62C6D-4324-448f-9884-5FEC6D18A7E2@contoso.com (or adatum.com).

HttpProxy log excerpt:

2019-07-26T07:19:24.649Z,2827102f-75b1-4ecb-ae6c-36b075bb8e93,15,1,1779,2,,Autodiscover,autodiscover.contoso.com,/autodiscover/autodiscover.xml,,Basic,true,CONTOSO\freebusy,,MailboxGuid~01b62c6d-4324-448f-9884-5fec6d18a7e2,ASAutoDiscover/CrossForest/EmailDomain//15.01.1779.002,172.16.0.20,CONTOSO-EX1,404,,MailboxGuidWithDomainNotFound,POST,,,,,AnchorMailboxHeader-MailboxGuidWithDomain-NoUser,,,,381,,,,0,,,0,1;0;,1,,0,1,,0,4,0,,,,,,,,,0,3,0,,3,,3,3,,,,BeginRequest=2019-07-26T07:19:24.646Z;CorrelationID=<empty>;ProxyState-Run=None;AccountForestGuard_contoso.com=1;AccountForestGuard_contoso.com=1;ProxyState-Complete=CalculateBackEnd;SharedCacheGuard=0;EndRequest=2019-07-26T07:19:24.649Z;I32:ADS.C[CONTOSO-DC1]=2;F:ADS.AL[CONTOSO-DC1]=0.8201787,HttpProxyException=Microsoft.Exchange.HttpProxy.HttpProxyException: Cannot find mailbox 01b62c6d-4324-448f-9884-5fec6d18a7e2 with domain contoso.com.    
at Microsoft.Exchange.HttpProxy.AnchorMailbox.CheckForNullAndThrowIfApplicable[T](T ret)    
at Microsoft.Exchange.HttpProxy

 

Reason

If DNS is used to resolve the AutoDiscover endpoint of the target Exchange organization, the source Exchange organization queries AutoDiscover information for a mailbox with that uid. SCP-based AutoDiscover lookup does not use this dedicated uid-based email address.

 

Solution

To solve this issue, you add the required SMTP address found in the HttpProxy log to one user mailbox in the target organization.

In the contoso.com organization:

Set-Mailbox -Identity 'someuser@contoso.com' -EmailAddresses @{add='01B62C6D-4324-448f-9884-5FEC6D18A7E2@contoso.com'}

 

In the adatum.com organization:

Set-Mailbox -Identity 'someuser@adatum.com' -EmailAddresses @{add='01B62C6D-4324-448f-9884-5FEC6D18A7E2@adatum.com'}

 

Links

Weiterlesen »

When you configure an Outlook profile to use Cached Mode the client software uses a special address book to resolve email addresses and other information. This address book is named Offline Address Book (OAB) and is built and provided by the Exchange Organisation hosting the mailbox. The client downloads OAB changes when Outlook starts and checks for further OAB changes in intervals. 

OAB provides address resolver capabilities when there is no network connection to Exchange Server or a domain controller available. In addition to resolver capabilities, the OAB contains other important information, e.g., send-as permissions and information regarding public folders.

For security reasons it might be necessary to disallow the download of the Offline Address Book by an Outlook Client. In this case, you control the download functionality with the Windows System Registry. You can disable the OAB download using the following registry key:

Path: HKEY_CURRENT_USER\Software\Microsoft\Office\<version>\Outlook\Cached Mode
Value type: REG_DWORD
Value name: DownloadOAB
Value: 0 to not download the OAB

 

Replace <version> with the appropriate Office version number.

Version   Version number
Outlook 2007   12.0
Outlook 2010   14.0
Outlook 2013   15.0
Outlook 2016   16.0
Outlook 2019   16.0
Office 365   16.0

 

With a deactivated OAB download name resolution in Outlook Cached Mode requires network access to an Exchange Server

 

The information was available with Knowledge Base article 921927. This article is not available anymore.

 

Links 

 

Enjoy Exchange Server.

 

 

Weiterlesen »
On September 17, 2018
460 Views

Auf dem aOS Aachen September 2018 Event hat Luise Freese die Vorträge in ihren bekannten Sketchnotes festgehalten. 

Hier sind ihr Sktechnotes zu meinen beiden Sessions.

Migrating Legacy Public Folders to Modern Public Folders

Sketchnotes - Migrating Legacy Public Folders to Modern Public Folders

 

Modern Attachments with OneDrive

Sketchnotes - Modern Attachments with OneDrive

 

Wer die Ignite 2018 besucht, kann Luise Freese dort treffen. Sie ist Chief Community Sketcher der Konferenz in Orlando.

Links

 

Stay Connected

 

Weiterlesen »
Den deutschsprachigen Post finden Sie hier: Löschung einer benutzerdefinierten Domäne in Office 365

 

A custom domain can only be registered once across all available Office 365 instances (Global, Germany, and China). In order for a registered domain to be used in a new tenant, the registered domain must be removed from the old tenant.

Note

The following text assumes that you have already migrated or backed up all user data. Otherwise, the steps described will result in the immediate deletion of data or a release for deletion within Office 365. If the domain to be deleted is the tenant's default domain, accounts for guest users (user_remotedomain#EXT#mydomain.com) stored in Azure AD also use that domain name. using that domain. These accounts must be removed as well.

 

Steps to delete a custom domain

Azure AD Connect

If the old tenant synchronizes with Azure AD Connect this configuration must be removed first. The domain to be deleted must not be used by any user or group object in Azure AD. Your options are:

  • The tenant should be deleted completely

    Move the synchronized objects (user accounts, groups) in the local Active Directory to organizational units that are not synchronized by Azure AD Connect. The removal of users in the Azure AD automatically deletes the data in the services formerly licensed to the user.
     
  • Only the domain should be removed

    If the domain is used as an UPN logon domain you must modify the UPN domain in the local Active Direcory for all affected users first. Update the UPN domain to a different domain already registered as custom domain in Office 365 and synchronize the changes to Azure AD. The CAN IT PRO-Team has published an excellent blog post on this topic. 

    If the domain is used for email services all proxy addresses using that domain name must be removed. The proxy addresses must be removed from objects in the on-premises Active Directory. Changes are synchronized to Azure AD by Azure AD Connect.

 

Office 365 

Use PowerShell to verify if there are still objects using the domain name to be deleted..

# Install the Office 365 PowerShell module
Install-Module MSOnline

# Import the module, if it's installed already
Import-Module MSOnline

# Connect to Office 365 using a global admin account w/o MFA
Connect-Msolservice

# domain name
$Domain = 'granikoslabs.de'
$Filter = "*@$Domain"

# List all Office 365 users with a UPN using the domain name
Get-MsolUser -DomainName $Domain | FL UserPrincipalName

# List all Office 365 users with a proxy address using the domain name
Get-MsolUser | Where-Object {$_.ProxyAddresses -like $Filter}

# List all Office 365 groups with a proxy address using the domain name
Get-MsolGroup | Where-Object {$_.ProxyAddresses -like $Filter}

# List all Office 365 groups with an email address using the domain name 
Get-MsolGroup | Where-Object {$_.EmailAddress -like $Filter} 

If you get any results from the list queries you must clean up the objects first. Without modifying the objects you cannot remove the custom domain from Office 365.

If the queries did not return any result you are safe to remove the custom domain from the old tenant.

# Domain removal
Remove-MsolDomain -DomainName $Domain -Force

After the final removal of the custom domain

After deleting the custom domain from the old tenant, the domain can be added to a new tenant relatively quickly in other Office 365 instances.

 

Link

 

Enjoy Office 365!

Weiterlesen »

The Program:

  • Implementation/migration of round about 25 instances with a Specific Laboratory Software, supporting ~30 laboratories world-wide
  • Reduce support cost per instance by standardization (for existing and added instances)
  • Development of a template ("foundation") containing common functionality which can be influenced by configuration. Integration of the foundation into all instances. Provide all instances in operation with the current version of the foundation on a regular basis.

 

The challenges:

  • 2-3 implementation projects parallel
    • Full scope not clear in the beginning
  • Increasing number of instances in operation
    • Regular update of foundation version necessary to keep them streamlined in order to reduce support cost
    • Requirements and bugfixes from systems in operation have to be included into foundation development process
  • Many and changing team members, part-time availability
    • Round about 12 team members (incl. development and support)
    • Changes due to boundary conditions triggered by external influences
    • 80% of people only part-time available for the program
  • High interdependency between ongoing projects and Systems which are already in in operation due to foundation development and shared resources.
  • Organization of communication process between projects and operation
  • Balancing individual business needs on one hand versus streamlined standard software on the other hand

 

Why agile:

  • Manage individual projects (introduction of new Software)
    • Decision for projects taken during run-time of the program
    • Sequence of projects changing
  • Manage user stories across projects (details not available at start of the program)
    • Each new project delivers a slightly differentiating list of user stories
    • Each instance in operation delivers additional stories
  • Manage process
    • Change process quite complex, adaptions to the process must be quickly implementable
       

 

The agile setup - how did we handle the challenges:

  • In fact the program has been setup before we got in touch with the standard Scrum process (See our blog: What is Scrum?). So we used other role names, but some of them have exactly - amongst others - the tasks defined for the standard Scrum roles.

 

Bild

 

Orange = Business, Green = IT

 

 

  • Scrum Master ~ Development Coordinator / Program QA
  • Product Owner
    • Program Manager
      • Overall Product Owner
    • Project Manager and Application Managers
      • Product Owner for particular instances -> Prioritization and review / testing of stories
      • Write User Stories
      • "Imitate" the end user for sprint releases
  • Global Change Manager
    • Scope definition for the foundation
    • Release management of the foundation
    • Organization of SME-Board
    • Prioritization
    • Product Owner for foundation
  • Architect
    • Knowledge of implementation framework
    • Sets up development guidelines and general implementation approach
    • Gives first estimation of requirements with a technical view
    • Better management of the large product backlog, due to technical understanding, prioritization estimation
  • Program QA
    • Set up of change management process for the program
    • Regular overall review of change management process
       
  • Additional meetings
    • Subject Matter Experts Board (SME) (bi-weekly)
      • Participants: Whole team
      • Reviews the requirements from a technical and functional point of view
      • Gives implementation recommendations as decision memo for the CAB (Change Advisory Board)
      • Discusses additional technical issues
    • Process Review Meeting (quarterly in the beginning, currently twice a year)
      • Participants: Whole team 

 

The experiences:

  • User stories: Definition of user stories dependent on target group, developing a template of user story definition fitting for all team member in different roles, with different views and different backgrounds is a time consuming task
  • Testing: Developing awareness for testing right after delivering of implemented user story took also lot of time and patience 
  • Definition of project related sprint releases is useful to get quick feedback and reduces the effort for project managers (not every project manager has to test each increment)
  • A clear definition of product ownership incl. responsibility for successful product delivery is important for a successful project

 

This was the last part of our small Series about Agile Project Management

The whole Series contains 4 pieces:

Agile Project Management – Basics (Part1)
Agile Project Management – What is SCRUM (Part2)
Agile Project Management – Agile Project Management in real Life (Part3)
Agile Project Management – Agile on the next Level – Program Management (Part4)

If you have any comments on our Articles, your Feedback is highly welcome.

 

 

Weiterlesen »