Thomas Stensitzki is a principal technology consultant focusing on the Microsoft messaging and collaboration technologies and the owner of Granikos GmbH & Co. KG.
He was awarded as MVP for Office Apps & Services in 2018.
He holds Master certifications as Microsoft Certified Solutions Master Messaging and as Microsoft Certified Master for Exchange Server 2010. This makes him a subject matter expert for any messaging topic related to Microsoft Exchange, Exchange Online, Microsoft 365, and Hybrid configurations.
Follow Thomas on: Google+, LinkedIn, Twitter
My sessions: https://sessionize.com/thomas-stensitzki
Personal blog: http://justcantgetenough.granikos.eu Personal blog (legacy): http://www.sf-tools.net Personal website: http://www.stensitzki.de Contact Thomas at thomas@mcsmemail.de
Sometimes you might be interested in gathering a list of all computer from an Active Directory domain in preparation for migration.
You can gather a list of all computer objects using the following command.
# Fetch a sorted list of all computer objects Get-ADComputer -Filter * -Property * | Sort-Object Name
The wildcard used with the Property parameter fetches all available attributes for a computer object. Check the available attributes in the result set to identify the attributes you are interested in.
# Example output for the first computer object gathered from Active Directory (Get-ADComputer -Filter * -Property * | Sort-Object Name)[0] AccountExpirationDate : accountExpires : 9223372036854775807 AccountLockoutTime : AccountNotDelegated : False AllowReversiblePasswordEncryption : False BadLogonCount : 0 badPasswordTime : 0 badPwdCount : 0 CannotChangePassword : False CanonicalName : DOMAIN.local/Computers/COMPUTER01 Certificates : {} CN : COMPUTER01 codePage : 0 CompoundIdentitySupported : {False} countryCode : 0 Created : 9/2/2013 3:01:13 PM createTimeStamp : 9/2/2013 3:01:13 PM Deleted : Description : DisplayName : DistinguishedName : CN=COMPUTER01,CN=Computers,DC=DOMAIN,DC=local DNSHostName : COMPUTER01.DOMAIN.local DoesNotRequirePreAuth : False dSCorePropagationData : {12/31/1600 7:00:00 PM} Enabled : True HomedirRequired : False HomePage : instanceType : 4 IPv4Address : IPv6Address : isCriticalSystemObject : False isDeleted : KerberosEncryptionType : {RC4, AES128, AES256} LastBadPasswordAttempt : LastKnownParent : lastLogoff : 0 lastLogon : 130942520427754509 LastLogonDate : 12/10/2015 3:02:53 PM lastLogonTimestamp : 130942513734007331 localPolicyFlags : 0 Location : LockedOut : False logonCount : 194 ManagedBy : MemberOf : {} MNSLogonAccount : False Modified : 12/10/2015 3:02:53 PM modifyTimeStamp : 12/10/2015 3:02:53 PM msDS-SupportedEncryptionTypes : 28 msDS-User-Account-Control-Computed : 0 Name : COMPUTER01 nTSecurityDescriptor : System.DirectoryServices.ActiveDirectorySecurity ObjectCategory : CN=Computer,CN=Schema,CN=Configuration,DC=DOMAIN,DC=local ObjectClass : computer ObjectGUID : da59afcc-e00a-430b-9cbc-01adeed568f3 objectSid : S-1-5-21-3143343262-845931634-422089675-1179 OperatingSystem : Windows 7 Professional OperatingSystemHotfix : OperatingSystemServicePack : Service Pack 1 OperatingSystemVersion : 6.1 (7601) PasswordExpired : False PasswordLastSet : 12/2/2014 7:21:09 AM PasswordNeverExpires : False PasswordNotRequired : False PrimaryGroup : CN=Domain Computers,CN=Users,DC=DOMAIN,DC=local primaryGroupID : 515 PrincipalsAllowedToDelegateToAccount : {} ProtectedFromAccidentalDeletion : False pwdLastSet : 130619964697110685 SamAccountName : COMPUTER01$ sAMAccountType : 805306369 sDRightsEffective : 15 ServiceAccount : {} servicePrincipalName : {RestrictedKrbHost/COMPUTER01, HOST/COMPUTER01, RestrictedKrbHost/COMPUTER01.DOMAIN.local, HOST/COMPUTER01.DOMAIN.local} ServicePrincipalNames : {RestrictedKrbHost/COMPUTER01, HOST/COMPUTER01, RestrictedKrbHost/COMPUTER01.DOMAIN.local, HOST/COMPUTER01.DOMAIN.local} SID : S-1-5-21-3143343262-845931634-422089675-1179 SIDHistory : {} TrustedForDelegation : False TrustedToAuthForDelegation : False UseDESKeyOnly : False userAccountControl : 4096 userCertificate : {} UserPrincipalName : uSNChanged : 1721509 uSNCreated : 45981 whenChanged : 12/10/2015 3:02:53 PM whenCreated : 9/2/2013 3:01:13 PM
As a next step, you gather the selected information and
# Fetch data for an operating system overview, sorted by property Name only Get-ADComputer -Filter * -Property * | Sort-Object Name | Select Name,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion # Fetch data for an operating system overview, sorted by property OperatingSystem first, then Name Get-ADComputer -Filter * -Property * | Sort-Object OperatingSystem,Name | Select Name,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion
You can export the gathered information to a comma separated file easily using the Export-Csv cmdlet.
# Export the gathered and sorted information to a CSV file using a semicolon as the delimiter # Adjust the file path for the CSV file to fit your environment Get-ADComputer -Filter * -Property * | Sort-Object OperatingSystem,Name | Select Name,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion | Export-Csv -Path C:\SCRIPTS\ComputerOverview.csv -NoClobber -NoTypeInformation -Delimiter ';'
Enjoy!
A new Exchange Server Conference is coming to Europe.
The REAL Exchange Experience
In recent years, the main topics of the major Microsoft conferences have changed more and more towards cloud topics. The simplicity of migrating from on-premises Exchange Server mailboxes to Exchange Online is emphasized at each event. Also, new options have been made available to establish a full hybrid setup with Exchange Online more easily.
Topics covering the stable and secure operation of on-premises Exchange Server organizations have no room at these events. The REAL Exchange Experience wants to address the demand for topics related to the operation of Exchange Server in an on-premises IT infrastructure.
The conference will be held as a 1-day conference in different cities in Europe.
Read more about the conference and register for the conference newsletter here: https://www.granikos.eu/en/Events/TheREALExchangeExperience
Enjoy Exchange Server 2019!
Office 365 supports the upload of PST files to Azure storage for a direct import to mailboxes hosted in Exchange Online. The steps are described in detail in the online documentation at Microsoft Docs.
Import CSV using an email address
Workload,FilePath,Name,Mailbox,IsArchive,TargetRootFolder,SPFileContainer,SPManifestContainer,SPSiteUrl Exchange,,SALES.pst,TeamMailbox-Sales@varunagroup.de,FALSE,IMPORT,,,
But you might encounter the following error after starting the import job using the Security & Compliance dashboard.
X-Psws-ErrorCode: 840001 X-Psws-Exception: Microsoft.Exchange.Configuration.Tasks.ManagementObjectAmbiguousException,The operation couldn't be performed because 'TeamMailbox-Sales@varunagroup.de' matches multiple entries. X-Psws-Warning: When an item can't be read from the source database or it can't be written to the destination database, it will be considered corrupted. By specifying a non-zero BadItemLimit, you are requesting Exchange not copy such items to the destination mailbox. At move completion, these corrupted items will not be available at the destination mailbox. X-Content-Type-Options: nosniff
Before you were able to start the import job the job configuration, the CSV file, and the content of the PST file were analyzed successfully. There was no hint of multiple entries for the target mailbox.
The detailed error message can be retrieved using the View log link. A clear text message is stated in the Status detail column, but you need to expand the width of the column.
The hint provided in the status detail column states that there are multiple identities for the primary email. At this point in time, I do not know, how this possible when the target account is synchronized with AAD Connect.
Use the target mailbox GUID instead of the target email address as the target address in the CSV configuration file.
Connect to Exchange Online Remote PowerShell session and query the mailbox GUID for the target mailbox(es).
# Query target mailbox GUID for a single mailbox Get-Mailbox TeamMailbox-Sales@varunagroup.de] | FL Guid
Create a new import job referencing the same PST file already copied to the Azure storage.
Import CSV example using the mailbox GUID
Workload,FilePath,Name,Mailbox,IsArchive,TargetRootFolder,SPFileContainer,SPManifestContainer,SPSiteUrl Exchange,,SALES.pst,e7b7c35f-929d-420e-99a5-3c9afc419281,FALSE,IMPORT,,,
The import job will now be executed as expected.
Do you need assistance with your Exchange Server platform? You have questions about your Exchange Server organization and implementing a hybrid configuration with Office 365? You are interested in what Exchange Server 2019 has to offer for your company?
Contact me at thomas@mcsmemail.de Follow at https://twitter.com/stensitzki
In Legacy Public Folder World with Exchange Server 2010 it was pretty easy to find the parent path of email enabled public folder:
(Get-MailPublicFolder MAILADRESS | Get-PublicFolder).ParentPath
When you try the same approach with modern public folders using Exchange Server 2013+ EMS, you receive an error.
Get-MailPublicFolder MSTeamsPF@varunagroup.de | Get-PublicFolder Cannot process argument transformation on parameter 'Identity'. Cannot convert the "varunagroup.de/Microsoft Exchange System Objects/MSTeamsPF" value of type "Microsoft.Exchange.Data.Directory.ADObjectId" to type "Microsoft.Exchange.Configuration.Tasks.PublicFolderIdParameter". + CategoryInfo : InvalidData: (MSTEamsPF:PSObject) [Get-PublicFolder], ParameterBindinmationException + FullyQualifiedErrorId : ParameterArgumentTransformationError,Get-PublicFolder + PSComputerName : P01.varunagroup.de
You need to use the EntryId paramater of the Get-MailPublicFolder result.
$pf = Get-MailPublicFolder MSTeamsPF@varunagroup.de Get-PublicFolder -Identity $pf.EntryId Name Parent Path ---- --------- MSTeamsPF \Modern Collaboration
Get-PublicFolder does not take pipeline inputs.
Enjoy modern public folders :-)
When you install a Cumulative Update for Exchange Server 2016 you might receive the following informational message:
MAPI over HTTP, the preferred Outlook desktop client connectivity with Exchange server, is currently not enabled. Consider enabling it using: Set-OrganizationConfig -MapiHttpEnabled $true For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.WarnMapiHttpNotEnabl ed.aspx
This modern protocol for Outlook has been introduced to Exchange Server with Exchange Server 2013 SP1. The protocol removes the dependency to the Windows Server RPC over HTTP component. The reduced complexity enhances the reliability of the client access protocoll. It's available for quite some time now.
You can enable MAPI over HTTP on the organization level using the following Exchange cmdlet:
Set-OrganizationConfig -MapiHttpEnabled $true
You can still controll the protocol setting at the user level by deactiviting MAPI of HTTP for certain users, if required:
Set-CASMailbox -Identity [USER] -MapiHttpEnabled:$false
If your IT infrastructue is still not ready for MAPI of HTTP, your IT components pretty outdated. It's time to move forward and to modernize the infrastructure.
What are you reasons to not enable MAPI over HTTP? Let me know.
Enjoy Exchange Server 2016!