GRANIKOS

The PowerShell script Set-UserPictures now supports uploading resized user pictures to Exchange On-Premises and Exchange Online. Read more about the new functionality here: https://www.granikos.eu/en/justcantgetenough/PostId/307/add-resized-user-photos-automatically Download the updated script here: Github: https://github.com/Apoc70/Set-UserPictures TechNet: https://gallery.technet.microsoft.com/Bulk-resize-and-adding-of-1e74d85e Enjoy!    

Problem: When you try to connect to SharePoint Online using PowerShell you receive an Access Denied error as follows: PS C:\> Connect-SPOService -Url https://tenant-admin.sharepoint.com -credential $credential Connect-SPOService : Cannot contact web site 'https://tenant-admin.sharepoint.com/' or the web site does not support SharePoint Online credentials. The response status code is 'Unauthorized'. The response headers are 'X-SharePointHealthScore=0, SPRequestGuid=310ce59d-002b-3000-ef1a-70e5fe7eaf72, request-id=310ce59d-002b-3000-ef1a-70e5fe7eaf72, X-MSDAVEXT_Error=917656; Acces s+denied.+Before+opening+files+in+this+location%2c+you+must+first+browse+to+the +web+site+and+select+the+option+to+login+automatically., Solution Connecto to the SPO Service without the previously entered credentials ($credential) and enable the LegacyAuthProtocolsEnabled attribute. Set-SPOTenant -LegacyAuthProtocolsEnabled $True   Enjoy SharePoint Online.    

Problem After configuring Access Services you cannot deploy Access custom web apps from Access 2013 - an error with a Correlation ID occurs.   Reason As if it´s not inconvenient enough to configure the SharePoint Access Services Requirements (e.g. AppStore with DNS), the SQL Server Configuration can be the cause, too. In the SharePoint Site Content overview you can see the faulty deployed App and in it`s details the following error: The database server is temporarily unavailable. Details: The sp_configure value 'contained database authentication' must be set to 1 in order to alter a contained database. You may need to use RECONFIGURE to set the value_in_use. ALTER DATABASE statement failed.   Solution You need to enable the SQL Server 2012 Feature Contained Database Authentication if you receive this error. You can do this in the Management Studio via this T-SQL statement: SP_CONFIGURE 'contained database authentication', 1; GO RECONFIGURE; GO   Enjoy SharePoint!  

Last updated: 2017-02-08 NoSpamProxy Azure Edition is the cloud based email security gateway of the successful NoSpamProxy family of products by Net at Work. The Azure edition of NoSpamProxy can easiliy be deployed using the Microsoft Azure Marketplace. NoSpamProxy Azure easily connects an Office 365 tenant and offers an easy way to provide centralized email encryption and decryption with PGP and/or S/MIME for mailboxes hosted in Exchange Online. Additionally, NoSpamProxy Azure provides compliant anti-spam handling, an anti-malware component, and a large file portal. The edition currently available in Microsoft Azure installs a NoSpamProxy single-server deployment. A single-server deployment combines the NoSpamProxy intranet role and the gateway role on a single server. The NoSpamProxy Azure Edition is provided as BYOL (Bring Your Own License) deployment. In addition to the recurring fees for the Microsoft Azure VM you are required to buy a NoSpamProxy license. If you already own a NoSpamProxy Version 11 license, the license can be used for the NoSpamProxy Azure Edition as well. Content DeploymentOptions Notes Deployment Links   Deployment Options Due to the nature of a cloud service NoSpamProxy Azure can be operated in different scenarios in ...

This is a translated blog post of the original post in German, which can be read here. Different technologies are used to verify the validity of email senders. Each technolgy by itself represents only one component of an holistic solution. It is currently recommended to implemtent all three technologies. The technologies are: SPF - Sender Policy Framework The SPF resource record of a DNS zone defines which servers (host names or IP addresses) are allowed to send emails on behalf of the domain. Each sender domain must have it's own SPF resource record.   DKIM - Domain Keys Identified Mail DKIM pursues the same objective as SPF. With DKIM parts of an email message are enrypted using a provivate key. The public key is published as a DNS resource record. In the most cases the key pair ist generated by the mail servers, as these encrpyt the message anyway.   DMARC - Domain-based Message Authentication, Reporting & Conformance DMARC is placed on top of SPF and DKIM. DMARC executes a so called alignment for SPF and DKIM. An alignment defines a ...

When you run the following cmdlet to prepare Active Directory for the installation of an Exchange Server Cumulative Update (in this case CU17) you might encounter a System.UnauthorizedAccessException.  D:\tmp\Cu17>setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms Microsoft Exchange Server 2013 Cumulative Update 17 Unattended Setup Unhandled Exception: System.UnauthorizedAccessException: Access to the path 'C:\ Windows\Temp\ExchangeSetup\ExSetup.exe' is denied. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.SetAttributes(String path, FileAttributes fileAttributes) at Microsoft.Exchange.Setup.CommonBase.SetupHelper.DeleteDirectory(String pat h) at Microsoft.Exchange.Bootstrapper.Setup.BootstrapperBase.CopySetupBootstrapp erFiles() at Microsoft.Exchange.Bootstrapper.Setup.Setup.Run() at Microsoft.Exchange.Bootstrapper.Setup.BootstrapperBase.MainCore[T](String[ ] args) at Microsoft.Exchange.Bootstrapper.Setup.Setup.Main(String[] args)   There is a simple reason for the the System.UnauthorizedAccessException: .NET Framework Optimization Service  The required .NET Framework 4.6.2 had been installed just minutes before executing setup.exe. Preparation of the Active Directory schema ran without any issues. But when the /PrepareSchema call finished, the temporary folder in C:\Windows\Temp\ExchangeSetup could not be fully cleaned up, as mscorsvw.exe had an open file handle on ExSetup.exe. Additionally, when you run Setup.exe and the folder C:\Windows\Temp\ExchangeSetup exists, the setup will not try to copy required installation files. Regardless if the folder files exists in the folder or not. Solution End both mscorsw.exe processes or wait until both process ...

At Microsoft Ignite, the major IT conference regarding Microsoft technologies, you will have a chance to award yourself with a scheduled maintenance sponsored by ENow. Have you ever been to one of the legendary Scheduled Maintenance parties in the past? No? Then get your pass now.  Where: 180 Skytop Lounge - Orlando, FL https://www.180downtown.com/   When: Wednesday September 27, 2017 from 9pm to 12am Vist the Scheduled Maintenance web site to request your pass now.                

Description This script deletes user from the NoSpamProxy NoSpamProxyAddressSynchronization database table [Usermanagement].[User] table that have not been removed by the NoSpamProxy Active Directory synchronization job. The script was developed due to a process flaw in how Active Directory accounts are handled as part of a leaver process. So this script does not fix a software bug, but a process glitch. Due to the Active Directory account process the accounts still exist in Active Directory and are synchronized to the NoSpamProxyAddressSynchronization database. When executed without the -Delete parameter all identified users are wirtten the log file only. Requirements Windows Server 2012 R2 or Windows Server 2016 Utilites GlobalFunction library found here http://scripts.granikos.eu or https://www.powershellgallery.com/packages/GlobalFunctions NopamProxy PowerShell module, script requires to run on a server having NoSpamProxy installed ActiveDirectory PowerShell Module (Install-WindowsFeature RSAT-AD-PowerShell) Examples # EXAMPLE 1 # Check for Active Directory existance of all users stored in NoSpamProxy database. Do NOT delete any users from the database. .\Remove-NspUsers.ps1 # EXAMPLE 2 # Delete users from NoSpamProxy database hosted on SQL instance MYNSPSERVER\SQLEXPRESS that do NOT exist in Active Directory. .\Remove-NspUsers.ps1 -Delete -SqlServerInstance MYNSPSERVER\SQLEXPRESS   Version History 1.0, Initial community release Links Download and follow at Github: https://github.com/Apoc70/Remove-NspUsers Download ...

My guest post about Modern Attachments with OneDrive for Business was published in the ENow Exchange & Office 365 Solutions Engine Blog (ESE) yesterday. Enjoy reading here: http://blog.enowsoftware.com/solutions-engine/modern-attachments-with-onedrive-for-business        

This is a quick post on how to obtain the license key for your on-premises Exchange Hybrid Server. Even though that there is no such role like a Hybrid Server, you cann get a dedicated license key to license your Exchange server used for Office 365 hybrid connectivity. While using your Office 365 Global Administrator login, you can access your hybrid product key using the follow link: http://aka.ms/hybridkey The web site will check if your Office 365 tenant is eligible for an hybrid key first. Then you have to select the approriate Exchange Server version.   Links Exchange Server Hybrid Deployments, https://technet.microsoft.com/en-us/library/jj200581(v=exchg.150).aspx Exchange Hybrid Key, http://aka.ms/hybridkey Enjoy your Exchange hybrid setup wth Office 365.          

This blog post is about creating an Twitter Bot to tweet messages using Azure Automation. The steps and the script itself are based on Trevor Sullivan's TechNet Gallery post. His post assumes that you are familiar with some Azure Automation steps. So I am going to describe the required steps in more detail. Requirements You'll need the following components to setup your personal Twitter Bot. Local install of the PoshTwit PowerShell module A Twitter account An Azure subscription Trevor Sullivan's PowerShell Twitter Bot script or an updated version which is available here. Step 1: Create a Twitter Application First you'll need to create a Twitter application to reference your Azure Automation bot. The authentication information of your Twitter application will be needed in step 2. The information required are ConsumerKey ConsumerSecret AccessToken AccessSecret (AccessTokenSecret) You need to create a new Twitter application by accesssing the following link: https://apps.twitter.com/  Ensure that you've added your mobile phone number to your Twitter account before creating a new Twitter application. This is a requirement for creating Twitter applications. Log on to Twitter using the Twitter account you want your Twitter Bot to post ...

Description This scripts creates a new room mailbox and security two groups for full mailbox access and and for send-as delegation. The security groups are created using a configurable naming convention. If required by your Active Directory team, you can add group prefixes or department abbreviations as well. The script uses a Xml configuration file to simplify changes for variables unique for your environment. High level steps executes by the script: Create a new room mailbox Create a new mail enabled security group for full access delegation Assign full access security group for full access to the room mailbox Create a new mail enabled security group for send-as delegation Assign send-as permissions to send-as security group Set calendar processing to AutoAccept, if required Set resource capacity, if rewuired   Examples Xml settings file <?xml version="1.0"?> <Settings> <GroupSettings> <Prefix>pre_</Prefix> <SendAsSuffix>_SA</SendAsSuffix> <FullAccessSuffix>_FA</FullAccessSuffix> <CalendarBookingSuffix>_CB</CalendarBookingSuffix> <TargetOU>mcsmemail.de/IT/Groups/Mail/Rooms</TargetOU> <Domain>mcsmemail.de</Domain> <Seperator>-</Seperator> </GroupSettings> <AccountSettings> <TargetOU>mcsmemail.de/IT/Mail/RoomMailboxes</TargetOU> </AccountSettings> <GeneralSettings> <Sleep>10</Sleep> </GeneralSettings> </Settings> Note The calendar booking security group feature is currently not available. But will be available in an upcoming release. The following example creates a room mailbox for an Conference Room with empty security groups. .\New-RoomMailbox.ps1 -RoomMailboxName "MB - Conference Room" -RoomMailboxDisplayName "Board Conference Room" -RoomMailboxAlias "MB-ConferenceRoom" -RoomMailboxSmtpAddress ...

There are quite a lot of good step-by-step manuals available describing how to enable Kerberos authentication for Exchange Server 2013/2016. The following issue has been seen in an Exchange 2013 infrastructure (8 server DAG) where Outlook clients use OutlookAnyhwere to connect to Exchange Server. MAPI over Http is disabled on an organizational level due to a compatibility issue with another client software. Problem Even if you follow the detailed descriptions you might end up in a situation where your Outlook clients still won't connect to Exchange Server using Kerberos. The Outlook connection status overview (Ctrl + Right Click on the Outlook icon in System Tray) still shows Ntlm as the used authentication provider: Reason You are supposed to use the following PowerShell cmdlets to configure OutlookAnywhere to use Kerberos: Get-OutlookAnywhere -Server CASSERVER | Set-OutlookAnywhere -InternalClientAuthenticationMethod Negotiate All eight Exchange 2013 servers where still not offering Nego as an authentication provider even after some period of time. Verifying the OutlookAnywhere configurations using PowerShell showed the correct configuration values. So what to do? A quick check at the IIS authentication settings of the \Rpc virtual directory of the Front End web site (Default ...

This blog post focusses on an issue where your Exchange Online users are not able to send emails to other Exchange Online recipients outside of your organization when using a 3rd Party Centralized Email Flow Setup. The term 3rd Party Centralized Email Flow Setup describes a solution where you not follow the preferred hybrid architecture proposed by the Exchange product group, but use a 3rd party software as a centralized email gateway. Problem You have followed the recommendation to secure the Exchange Online inbound connector for your on-premises email servers by using a certificate name or the remote IP address of your on-premises email gateway. Assumption The on-premises email security gateway utilizes a self-signed certificate to secure TLS connections. The gateway is configured to use two different send connector setups: Internet Connector Use receipients domain MX records Use self-signed certificate Target address space: *   Office 365 Connector Use tenant.mail.protection.outlook.com to route internal email messages Use self-signed certificate Target address space: tenant.mail.onmicrosoft.com In this case Exchange Online Protection (EOP) will not be able to differentiate between tenant internal inbound mail flow and mail flow targeted to other ...

Problem Out-of-Office (OOF) messages have to follow the compliance rules as regular email communication. This is not necessarily a known fact to end users. If a company does have a strict compliance policy regarding external OOF messages you can use the following solution to establish a strict and simple to use OOF configuration.  Only specific employees are supposed to send OOF messages to external recipients. All other employees are supposed to send internal OOF messages only. Solution The solution consists of two PowerShell scripts. The first script is used to remove any exisiting OOF rules created by a user using the Outlook OOF Rule Wizard. This is required to avoid any strange behaviours in regards to OOF messages being sent even if OOF is deactivated. The most common reasons for such a behaviour are migrated OOF rules created by previous Exchange Server versions. Remove-OOFRule.ps1 This script finds and removes all OOF rules for all users using Exchange Web Services (EWS). This script is supposed to be executed in preparation for the next script.     Set-ExternalOOF.ps1 This script sets the ExternalOofOptions attribute of a user ...