Granikos Technology Blog

Migration and consolidation projects in the IT field face technical challenges individual to each infrastructure. Internal IT projects can be executed following well established organizational processes and requirements.

Projects related to M&A programs face additonal and very unique requirements and constraints. These contraints tend to be agile and require to work outside of the well established processes valid for internal projects. Especially the constraints provided by the M&A process itself might require immediate adjustments or major changes.

Our real-world experiences from global M&A IT consolidations can help you to lead your M&A program to success. Whether it is an internal infrastructure consolidation handling get-well activities in preparation for a takeover or merging of global IT landscapes in the context of a corporate takeover, our professional program team will assist you from establishing the technical design to project planning, execution and monitoring.

Some of our experiences have been summarized in a PowerPoint slidedeck. The scenario shows

• Internal consolidation of a global IT infrastructure
  • Active Directory landscape which included more than 20 Active Directory domains and more than 7,000 accounts
  • Exchange landscape which included more five different Exchange organizations (partially hosted at an external provider) in preparation of an Office 365 Migration

• Merging of two global IT infrastructures as part of a global M&A program
  • Migration of all user accounts to a new single Active Directory domain
  • Migration of more than 13,000 Exchange mailboxes to Office 365
  • Launch of a new single email Domain across seven Exchange organizations
  • Migration of regional file server data to central data centers
  • Rollout of a network infrastructure to each acquired regional Office, including new VPN Solutions
  • Rollout of new client hardware for all employees in the aquired enterprise
  • Rollout of a global data backup solution, including cloud storage
  • Consolidation of regional service desks into a single global service desk team

The following pictures demonstrate the situation pre merger:

We are keen to share our experiences to help you to bring your migration activites to a success. Ask for a workshop today: info@granikos.eu

IT Migrationen und Konsolidierungen haben ihre ganz eigenen technischen Herausforderungen. Bei internen Projekten gibt es betriebliche Anforderungen, die den Rahmen solcher Projekte durch etablierte Prozesse abstecken.

Im Rahmen einer Unternehmensübernahme kommen zusätzliche Anforderungen und Zwänge hinzu, die die Planung und Ausführung, im direkten Vergleich mit rein internen Projekten, verschärfen.

Unsere Erfahrungen aus globalen IT Konsolidierungen in M&A Situationen, können Ihnen helfen ein solches Programm erfolgreich auszuführen. Ob es sich um eine interne Konsolidierung zur Vorbereitung einer Übernahme oder um das Zusammenführen im Rahmen der Unternehmensübernahme selber handelt, unser kompetentes Programm-Team unterstützt Sie von der technischen Planung bis zur Ausführung und Projektüberwachung.

Wir haben unsere Erfahrungen in einer Präsentation zusammengefasst, die folgendes Szenario beschreibt:

• Interne globale Konsolidierung von
  
  • mehr als 20 Active Directory Domänen mit insgesamt 7.000 Benutzerkonten
  • fünf Exchange Organisationen und Vorbereitung zur Office 365 Migration
• Globale IT Konsolidierung im Rahmen eines M&A mit
  • Migration aller Benutzerkonten in ein neues Active Directory
  • Migration von mehr als 13.000 Exchange Postfächern nach Office 365
  • Einführung einer einheitlichen E-Mail Domäne über sieben Exchange Organisationen
  • Migration aller Dateiserver Daten in zentrale Rechenzentren
  • Implementierung neuer Netzwerk-Infrastruktur in allen übernommenen Standorten
  • Implementierung einer zentralisierten globalen Lösung zur Datensicherung

Die nachfolgenden Bilder demonstrieren die Situationen vor der Migration:

Haben wir Ihr Interesse geweckt? Gerne teilen wir unsere Erfahrungen im Rahmen eines Workshops, um Ihrer Migration zum Erfolg zu verhelfen. Kontaktieren Sie uns unter info@granikos.eu.

Problem

While trying to synchronize a new device with an Exchange mailbox, you receive an error with your new mobile phone partnership.

The Exchange Server 2010 Default Throttling Policy is configured to accept 10 ActiveSync devices per mailbox only.

You can validate this setting by using EMS

Get-ThrottlingPolicy def* | Select Name,EASMaxDevices

Solution

Use a scheduled PowerShell script to delete old ActiveSync Device partnerships that have not been used for a defined period of time.

Script

Find the most recent version on TechNet Gallery and Github, following the links provided in the Links section.

Modifiy the script path variables to fit your requirements. The variables are configured in the ### BEGIN Variables section.

Steps being executed:

1. Fetch all user mailboxes
2. Iterate through each user mailbox and determines the number of ActiveSync devices and the number of devices which have not synchronized since 150 days
3. Delete ActiveSync device registration, if a user has more than 4 devices in total and a minimum of 1 device that have not synced within 150 days

<#
    .SYNOPSIS
    Remove Exchange Server 2010 ActiveSync Device Partnerships 
   
   	Sebastian Rubertus / Thomas Stensitzki
	
	THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE 
	RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE USER.

    Send comments and remars to: support@granikos.eu
	
	Version 1.0, 2015-04-09
 
    .LINK  
    More information can be found at http://www.rubertus.net/Blog/tabid/85/EntryId/41/Scripted-removing-of-ActiveSync-Device-Partnerships.aspx 
	
    .DESCRIPTION

    THis script removes ActiveSync device association from user mailboxes
    that have been inactive for more than 150 days.

    .NOTES 
    Requirements 
    - Exchange Server 2010
    - Windows Server 2008 R2 SP1, Windows Server 2012 or Windows Server 2012 R2  

    Revision History 
    -------------------------------------------------------------------------------- 
    1.0     Initial community release 
    
    .EXAMPLE
    Remove-ActiveSyncDevicePartnership
    	
    #>

### BEGIN SnapIns -------------------------------------------------------------

# Add Exchange SnapIn if not already loaded
if ( (Get-PSSnapin -Name Microsoft.Exchange.Management.PowerShell.E2010 -ErrorAction SilentlyContinue) -eq $null )
{
    Add-PsSnapin Microsoft.Exchange.Management.PowerShell.E2010 -ErrorAction SilentlyContinue
   
    if ( (Get-PSSnapin -Name Microsoft.Exchange.Management.PowerShell.E2010 -ErrorAction SilentlyContinue) -eq $null )
    {
        Write-Host "Microsoft.Exchange.Management.PowerShell.Admin could NOT be loaded!" -ForegroundColor Red
        Write-Host "Verify that the Exchange 2010 Management is installed on this computer!" -ForegroundColor Red
    }
}

### END SnapIns ---------------------------------------------------------------

### BEGIN Variables | EDIT ACCORDING TO YOUR NEEDS ----------------------------

# ScriptPath
$scriptPath = "C:\Scripts\Remove-ActiveSync-Devices\"

# Logfile
$logfile = "C:\Scripts\Remove-ActiveSync-Devices\Logs\$(get-date -format yyyy-MM-dd___HH-mm-ss)___Logname.log"

### END Variables -------------------------------------------------------------


### BEGIN Functions -----------------------------------------------------------

Function Log
{
   Param ([string]$logstring)
   Add-content $logfile -value "$(get-date -format yyyy-MM-dd___HH-mm-ss) $logstring "
}

### END Functions -------------------------------------------------------------

### BEGIN Main ----------------------------------------------------------------

# Create a new log file
Write-Host
Write-Host "Script started, creating Log File."
Log "Script started."
Write-Host

# Query User Mailboxes and Device Statistics
Write-Host "Querying User Mailboxes, please wait a few seconds..." -ForeGroundColor green
Log "Querying User Mailboxes."
Write-Host
$Mailboxes = Get-Mailbox -RecipientTypeDetails UserMailbox -ResultSize Unlimited -WarningAction SilentlyContinue
$NumberOfMailboxes = $Mailboxes.count
Write-Host "Number of Mailboxes: $NumberOfMailboxes "
Log "Number of Mailboxes: $NumberOfMailboxes "
Write-Host

# Iterate each User Mailbox
ForEach ($Mailbox in $Mailboxes)
{
    $MailboxAlias = $Mailbox.Alias
    Write-Host
    Write-Host "================================================================================="
    Write-Host
    Write-Host "Getting ActiveSync Devices from user $MailboxAlias..."
    Log "Getting ActiveSync Devices from user $MailboxAlias. "
    $AllDevicesFromSpecificUser = Get-ActiveSyncDevice -Mailbox $MailboxAlias -Result Unlimited  -WarningAction SilentlyContinue | Get-ActiveSyncDeviceStatistics -WarningAction SilentlyContinue
    $AllDevicesFromSpecificUserNotSynchronizedSince150Days = Get-ActiveSyncDevice -Mailbox $MailboxAlias -Result Unlimited  -WarningAction SilentlyContinue | Get-ActiveSyncDeviceStatistics  -WarningAction SilentlyContinue | Where {$_.LastSuccessSync -le (Get-Date).AddDays("-150")}
    Write-Host
    $CountAllDevicesFromSpecificUser = $AllDevicesFromSpecificUser.Count
    $CountAllDevicesFromSpecificUserNotSynchronizedSince150Days = $AllDevicesFromSpecificUserNotSynchronizedSince150Days.Count
   
    If ($CountAllDevicesFromSpecificUser -lt 5)
    {
        Write-Host "User $MailboxAlias has only $CountAllDevicesFromSpecificUser ActiveSync Devices. Nothing to delete!" -ForegroundColor Green
        Log "User $MailboxAlias has only $CountAllDevicesFromSpecificUser ActiveSync Devices. Nothing to delete!"
    }
   
    If (($CountAllDevicesFromSpecificUser -gt 4) -and ($CountAllDevicesFromSpecificUserNotSynchronizedSince150Days -gt 1))
    {
        Write-Host "User $MailboxAlias has $CountAllDevicesFromSpecificUser devices. $CountAllDevicesFromSpecificUserNotSynchronizedSince150Days have not synced for more than 150 days." -ForegroundColor Red
        Log "User $MailboxAlias has $CountAllDevicesFromSpecificUser devices. $CountAllDevicesFromSpecificUserNotSynchronizedSince150Days have not synced for more than 150 days."
       
        ForEach ($Device in $AllDevicesFromSpecificUserNotSynchronizedSince150Days)
        {
            $DeviceType = $Device.DeviceType
            $DeviceFriendly = $Device.FriendlyName
            $DeviceID = $Device.DeviceID
            $DeviceFirstSyncTime = $Device.FirstSyncTime
            $DeviceLastSuccessSync = $Device.LastSuccessSync
            Write-Host
            Write-Host "ActiveSync Device 2 delete Properties: "
            Write-Host "-------------------------------------- "
            Write-Host "Type         : $DeviceType "           
            Write-Host "Friendly Name: $DeviceFriendly "
            Write-Host "ID           : $DeviceID "
            Write-Host "Last Sync    : $DeviceLastSuccessSync " -ForegroundColor Red
            Log "Removing Device $DeviceType with ID $DeviceID ..."
            Write-Host
            Write-Host "Removing Device $DeviceID ..." -ForegroundColor Red
            $Device | Remove-ActiveSyncDevice -WarningAction SilentlyContinue
        }
    }
}

# Script finished
Write-Host
Write-Host "Script finished!"
Write-Host
Log "Script finished!"

### END Main ------------------------------------------------------------------

Links

• Remove-ActiveSyncDevicePartnership Script at TechNet Gallery
• Remove-ActiveSyncDevicePartnership Script at GitHub

You need assistance with your Exchange Server setup? You have questions about your Exchange Server infrastructure and going hybrid with Office 365? Contact us at office365@granikos.eu or visit our website http://www.granikos.eu.

In einem Video (EN) zeigen wir Ihnen, wie die Auswertungen und Berichte von COMPASS dazu betragen, die Sicherheit in Ihrer Active Directory Umgebung zu erhöhen.

Kostenloser 21-Tage Test und weitere Informationen: http://www.granikos.eu/de/Compass

Office 365 arbeitet mit drei unterschiedlichen Identitätsmodellen zur Authentifizierung von Benutzerkonten. Diese sind:

• Cloudidentität (Cloud Identity)
  Hierbei erfolgt die Verwaltung der Benutzerkonten vollständig in Office 365 und es sind keine lokalen Server erforderlich.
   
• Synchronisierte Identität (Synchronized Identity)
  Bei dieser Form erfolgt eine Synchronisierung der lokalen Benutzerkonten mit Office 365. Die Verwaltung der Benutzerkonten erfolgt lokal. Kennworte können ebenfallls synchronisiert werden, damit Benutzer sowohl lokal als auch in der Cloud über das gleiche Kennwort verfügen. Für die Nutzung von Office 365 Diensten ist allerdings eine erneute Anmeldung erforderlich
   
• Verbundidentität (Federated Identity)
  Bei dieser Form erfolgt ebenfalls eine Synchronisierung der lokalen Benutzerkonten mit Office 365 und die Verwaltung erfolgt ebenfalls lokal. Es erfolgt keine Synchronisierung von Kennworten. Lokal angemeldete Anwender können Office 365 Dienste ohne weitere Anmeldungen transparent nutzen. Für diese Form müssen zusätzlich Verbundserver bereitgestellt werden.

Bei der Auswahl eines Identitätsmodells müssen die technische Komplexität und die Kosten für Einführung und Betrieb detailliert abgewogen werden. Die Anforderungen an eine Office 365 Integration sind für jedes Unternehmen unterschiedlich. 

Das nachfolgende Video (EN) verdeutlicht die drei Identitätsmodelle sehr anschaulich.

Links

• Grundlegendes zu Office 365-Identitäten und Azure Active Directory

Die nachfolgenden Links dienen als Link-Liste für das Troubleshooting und Planung von On-Premises Exchange Installationen und Exchange Hybrid Umgebungen. Ebenso finden sich Links für die Installationsvoraussetzungen von Exchange und anderer Tools in der Übersicht.

Exchange Server

PowerShell Referenz

• Exchange PowerShell auf Microsoft Docs

Troubleshooting

• SSL Server Test 
• SSL/TLS Server Test 
• ROCA Vulnerability Test Suite
• MX Toolbox
• Remote Connectivity Analyzer
• Exchange Server 2013, 2016, and 2019 Build Numbers (with Cumulative Updates)
• Log Parser Studio Report Collection - Troubleshooting Exchange 2013 Performance
• How can you download a hotfix without contacting Microsoft?

Planung

• Exchange Server-Unterstützbarkeitsmatrix
• Exchange Server build numbers and release dates
• Exchange-Processor Query Tool: PowerShell Edition
• Processor Query Tool v1.1
• Outlook license requirements for Exchange features
• Modern public folder deployment best practices
• UN/LOCODE
• UN/LOCODE (DE)

Installation

• Exchange Server 2016 Installationsvoraussetzungen
  • Microsoft .NET Framework 4.5.2 (Offline-Installer)
  • Microsoft .NET Framework 4.6.1 (Offline Installer) (CU2 - CU7)
    • Hotfix-Rollup 3146715 für.NET Framework 4.6 und 4.6.1 in Windows (Windows Server 2012R2)
  • How to temporarily block installation of the .NET Framework 4.7 
  • Microsoft .NET Framework 4.7.1 (Offline Installer) (Exchange Server 2016 CU8 oder neuer)
  • Microsoft .NET Framework 4.7.2 (Offline-Installer) 
  • Microsoft .NET Framework 4.8 (Offline-Installer) 
  • Microsoft Unified Communications Managed API 4.0, Core Runtime 64-bit
    • Exchange Server 2019 ISO beinhaltet einen angepassten UCMA-Installer
• Exchange Server 2019 Installationsvoraussetzungen
  • Visual C++ Redistributable Packages for Visual Studio 2013
  • Microsoft .NET Framework 4.7.2 (Offline-Installer) 
  • Microsoft .NET Framework 4.8 (Offline-Installer) 
  • Microsoft Unified Communications Managed API 
    • Bestandteil des Exchange Server 2019 Installationsmediums

Migration

• Exchange Resource Forest and Office 365 – Part I 

Windows Server

• Windows Admin Center - Übersicht
• Windows Admin Center - Download 

Securing Active Directory

• Best Practices for Securing Active Directory
  • Events to Monitor

Office 365

Allgemein

• Service Trust Portal
• URLs und IP-Adressbereiche von Office 365
• Exchange Online Protection IP Addresses
• Table of Language Culture Names, Codes, and ISO Values
• Azure AD Connect: Version Release History
• Azure AD Connect prerequisites and hardware requirements
• Download Microsoft Azure Active Directory Connect
• Microsoft Online Services Sign-In Assistant for IT Professionals RTW
• Office 365 Datacenter Map
• ADFS Open Source Tools 
• Microsoft Teams IT Architecture and Telephony Solutions Posters (PDF/Visio)
• Microsoft Cloud IT Architecture Resources (PDF/Visio)

Planung

• Office 365 Network Performance Tool
• Network planning and performance tuning for Office 365
• Office 365 Network Connectivity Principles
• Network Assessment Tool Plus
• Office 365 ROI Calculator
• Verfügbarkeit Tenant-Name

Troubleshooting

• Remote Connectivity Analyzer
• Support- und Wiederherstellungs-Assistenten für Office 365
• Create DNS records at Strato for Office 365 

Administration

• Manage who can create Office 365 Groups
• Azure AD Connect Network and Name Resolution Prerequisites Test

Microsoft Teams

Links zu Microsoft Teams finden Sie immer aktuell unter dem Tag Microsoft Teams: https://www.granikos.eu/de/Blog/Tag/microsoft-teams

OneDrive for Business

• OneDrive for Business – Fixing credential issues

Azure

• Azure Portal
• Azure 101
• Azure Account Portal
• Azure Rights Management Administration Tool
• Azure Architecture Center
• Azure Active Directory Module
• Interactive Azure Platform Overview
• Operations Management Suite (OMS) SDK

Skype for Business

• bounSky

SQL Server

• Download des aktuellsten SQL Server 2014 CU - Service Pack 2 Branch
• Download des aktuellsten SQL Server 2014 CU - Service Pack 3 Branch
• Download des aktuellsten SQL Server 2016 CU - Service Pack 2 Branch
• Download der aktuellen Version des SQL Server Management Studios (SSMS)

Allgemein

• Microsoft .NET Framework Repair Tool