MVP - Most Valuable Professional
rss

Just can't get enough of IT

This blog is about mostly anything in IT. But the primary focuses are Microsoft Technologies like Exchange Server, Microsoft 365, Azure, and Cloud Security.
Last updated: 2017-11-11

A new PowerShell script to export all mailbox folder permissions has been published to TechNet Gallery and GitHub.

This script exports all mailbox folder permissions for mailboxes of type "UserMailbox". The permissions are exported to a local CSV file.

CSV Eample

"Mailbox";"FolderName";"User";"AccessRights"
"Mustermann, Max (mmustermann)";"Tasks";"Doe, John";"Editor"
"Mustermann, Max (mmustermann)";"Calendar";"Doe, John";"Editor"
"Mustermann, Max (mmustermann)";"Inbox";"Doe, John";"Reviewer"
"Mustermann, Max (mmustermann)";"Custom Folder";"Doe, John";"Reviewer"

This script is based on Mr Tony Redmonds blog post http://thoughtsofanidlemind.com/2014/09/05/reporting-delegate-access-to-exchange-mailboxes/

Example

.\Get-MailboxPermissionsReport.ps1 -CsvFileName export.csv

Links

Enjoy.

Read More »

You might encounter a situation when the MSExchangeSA service is stopped and you are not able to start the service.

When you try to start the service the follow event log error is logged:

MSExchangeSA-Error-1005

Log Name:      Application
Source:        MSExchangeSA
Date:          08.01.2016 09:40:33
Event ID:      1005
Task Category: General
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SERVER01.MCSMEMAIL.DE
Description:
Unexpected error Access is denied. Facility: Win32 ID no: c0070005 Microsoft Exchange System Attendant  occurred.

This issue happens most likely due to an endpoint protection solution (aka AV Scanner) blocking access to the MSExchangeSA executable.

The simple apporach to get the service running is to restart the server.

If you need to run local endpoint protection on your Exchange servers, keep in mind to configure the appropriate scan exclusions:

Read More »

Office 365 for Exchange Professionals CoverBook Review

During DEV/IT Connection the new release of Office 365 for Exchange Professionals has been published.

Personally I recommend this book to every Exchange professional who wants to implement Exchange Hybrid setups or needs to migrate to Office 365. If you want to be successful, read this book and use it as a reference.

The information provided reflects the experience of the authors who contribute to the Exchange community regularly. This has been written without any Office 365 marketing stuff in mind. (As one of the authrors is Tony Redmond).

The chapters provide an overview of the various technologies as well as detailed informations for the day to day work of an Exchange administrator. Notes from the field help to understand the complex (or not so complex at all) requirements of Exchange hybrid configurations.

Due to the nature of "The Service", an Exchange administrators needs to keep up with the changes deployed constantly. This book covers the most recent changes and evolvement to "The Service" like Groups or Delve.

I will kep it short:

Buy It. Read It. Enjoy It.

Not joking...

Buy the Book

Read More »

The community script Copy-ReceiveConnector has been updated. Receive Connectors that do exist on a specified target server can now be updated.

Besides the receive connector communication the assigned permissions of the source connector can be copied as well.
 

Links

 


Are you unsure, if you should migrate to Office 365? You want to know more about security of cloud applications and services? Your Exchange Server infrastructure requires an upgrade? Contact me via email: thomas@mcsmemail.de

Read More »

Problem

When you use Symantec NetBackup 7.x you might encounter Error 5, when you try to restore an Exchange Server 2013 DAG mailbox database backup to a Recovery database or to the original datrabase.

The error message in Backup, Archive, and Restore Tool looks similar to this

Screenshot NetBackup Error 5

Enabling NetBackup debug logging by using the mklogdir.bat file located in C:\Program Files\Veritas\NetBackup\logs does not necessarily provide additional input. The restore job fails before entering the job section for local restore activities. So no TAR log is being created.

 

Solution

When following the NetBackup Admin Guide and several Symantec HowTo’s you have already configured the following two services to run using a dedicated Service Account

  • NetBackup Client Service
  • NetBackup Legacy Client Service

Screenshot NetBackup Legacy Network Service running with LocalSystem

There are some circumstances (not clearly defined by Symantec) when an additional NetBackup Service performs Exchange PowerShell commands as part of a restore process. Therefore the following NetBackup service must be configured to run using the same Service Account as the other two NetBackup services.

  • NetBackup Legacy Network Service

Screenshot NetBackup Legacy Network Service running with Service Account

In addition be aware that the Service Account required Debug permission on the Exchange Server. It might be helpful to propagate the permissions for the Service Account using a GPO.

  • Computer Configuration\Windows Settings\Security Settings\LocalPolicies
    • User Rights Assignment
      • Debug programs
      • Log on as a service
    • Restricted Groups
      • Administrators

Links

Read More »