Office 365 – Why Your UPN Should Match Your Primary SMTP Address
Link: https://azure.microsoft.com/en-us/documentation/articles/active-directory-accessmanagement-simplerulegroup/
To enable dynamic membership for a particular group, perform the following steps:
- In the Azure portal, under the Groups tab, select the group you want to edit, and then in this group’s Configure tab, set the Enable Dynamic Memberships switch to Yes.
- You can now set up a simple single rule for the group that will control how dynamic membership for this group functions. Make sure the Add users where option is selected, and then select a user property from the list (for example, department, jobTitle, etc.),
- Next, select a condition (Not Equals, Equals, Not Starts With, Starts With, Not Contains, Contains, Not Match, Match), and finally specify a value for the selected user property. For example, if a group is assigned to a SaaS application and you enable dynamic memberships for this group by setting a rule whereby Add users where is set to the jobTitle that Equals(-eq)Sales Rep, all users within your Azure AD directory whose job titles are set to Sales Rep will have access to this SaaS application.
- Note that you can set up a rule for dynamic membership on security groups or Office groups. Dynamic Memberships for Groups require an Azure AD Premium license to be assigned to the administrator who manages the rule on a group and to all users who are selected by the rule to be a member of the group.
Here you can learn more about complex rules for dynamic group membership:
These articles provide additional information on Azure Active Directory.
Link: https://community.office365.com/en-us/f/158/t/286208
Several factors may lead to the issue when the Office 365 users don’t receive any confirmation after you successfully schedule a meeting or an appointment for an on-premises room mailbox in either Outlook client or Outlook Web App in Office 365. To solve it, please check the following settings:
- If your on-premises room mailboxes are not hosted on Exchange 2010 or 2013, please move the room mailboxes to Exchange server 2010/2013 mailbox server first.
- Check if the room mailboxes are set to automatically accept the booking requests.
- Also, once the room mailboxes are hosted on Exchange server 2010/2013 mailbox server, please set the ProcessExternalMeetingMessages parameter to True by running the following cmdlet on the on-premises Exchange server:
Set-CalendarProcessing ”<Room Name>” –ProcessExternalMeetingMessages $True
——————————————————————
1. All on premise mailboxes are on Exchange 2010
2. All room mailboxes are set to automatically accept the booking requests
3. I checked the ProcessExternalMeetingMessages on all of the rooms and it was set to $false. I set them to true and then tried booking a room twice. I did not receive a response back either time. It was still set as Tentative. I’ll try again later to see if the problem takes some time to propagate through the system.
Example:
Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox')} | Add-MailboxPermission -User tenant_admins@yourdomain.onmicrosoft.com -AccessRights FullAccess -InheritanceType all
Links:
https://support.office.com/en-us/article/Deploying-the-OneDrive-Next-Generation-Sync-Client-on-OS-X-and-configuring-work-or-school-accounts-eadddc4e-edc0-4982-9f50-2aef5038c307?ui=en-US&rs=en-US&ad=US
https://support.office.com/en-us/article/Get-started-with-the-OneDrive-for-Business-Next-Generation-Sync-Client-on-Mac-OS-X-d11b9f29-00bb-4172-be39-997da46f913f?ui=en-US&rs=en-US&ad=US
Useful commands:
Start the Welcome to OneDrive wizard for the user
defaults write com.microsoft.OneDrive-mac DefaultToBusinessFRE -bool True
Enabling users to add additional work or school accounts
defaults write com.microsoft.OneDrive-mac EnableAddAccounts -bool True
Block configuring and syncing of personal/consumer OneDrive accounts
defaults write com.microsoft.OneDrive-mac DisablePersonalSync -bool True
Origin link: http://www.ehloworld.com/2314
This one liner will list all users who have both SMTP email addresses (which appear in the Windows Email Address filed on their AD account), and a SIP address, but they don’t match. This is helpful in identifying users who may be contractors with their own email address at their respective company, but have SIP addresses on your system. It’s also helpful in locating users who have typos in one of the two, or who are inadvertently assigned an incorrect SIP domain.
Get -CsAdUser | Where-Object {($_.WindowsEmailAddress -and $_.SipAddress) -and ($_.WindowsEmailAddress -ne ($_.SipAddress -replace "sip:" , "" ))} | Select-Object DisplayName,WindowsEmailAddress,SIPAddress |
This yields results such as
DisplayName WindowsEmailAddress SIPAddress |
----------- ------------------- ---------- |
Laurie Lederhouse llederhouse@fourthcoffee.com sip:llederhouse@contoso.com |
Eileen Alfini eileena@fabrikam.com sip:ealfini@contoso.com |
Mike McGrath mmcgrath@wingtiptoys.com sip:mmcgrath@contoso.com |
Gavin Parmar gparmar@contoso.com sip:goarmar@contoso.com |
In this example, we see that the first three have different SMTP domains than SIP domains. In the last user, we see that the username part of the addresses is different, but the domains are the same. If you want to strip out the “sip:” from the SIPaddress column, we can add a little formatting and come up with
Get -CsAdUser | Where-Object {($_.WindowsEmailAddress -and $_.SipAddress) -and ($_.WindowsEmailAddress -ne ($_.SipAddress -replace "sip:" , "" ))} | Select-Object displayname,windowsemailaddress,@{Expression={$_.sipaddress -replace "sip:" };label= "SipAddress" } |
Adding full access permissions
Syntax Add-MailboxPermission -Identity UserBeingGrantedPermission -User UserWhoseMailboxIsBeingConfigured -AccessRights 'FullAccess' Usage Add-MailboxPermission -Identity 'CN=Jerry Orman,OU=Engineering,DC=cpandl,DC=com' -User 'CPANDL\boba' -AccessRights 'FullAccess'
Syntax Remove-MailboxPermission -Identity 'UserBeingGrantedPermission' -User 'UserWhoseMailboxIsBeingConfigured' -AccessRights 'FullAccess' -InheritanceType 'All' Usage Remove-MailboxPermission -Identity 'CN=Jerry Orman, OU=Engineering,DC=cpandl,DC=com' -User 'CPANDL\boba' -AccessRights 'FullAccess' -InheritanceType 'All'
Adding Send As permissions
Syntax Add-ADPermission -Identity UserBeingGrantedPermission -User UserWhoseMailboxIsBeingConfigured -ExtendedRights 'Send-As' Usage Add-ADPermission -Identity 'CN=Jerry Orman,OU=Engineering,DC=cpandl,DC=com' -User 'CPANDL\boba' -ExtendedRights 'Send-As'
Syntax Remove-ADPermission -Identity UserBeingRevokedPermission -User UserWhoseMailboxIsBeingConfigured -ExtendedRights 'Send-As' -InheritanceType 'All' -ChildObjectTypes $null -InheritedObjectType $null -Properties $null Usage Remove-ADPermission -Identity 'CN=Jerry Orman,OU=Engineering, DC=cpandl,DC=com' -User 'CPANDL\boba' -ExtendedRights 'Send-As' -InheritanceType 'All' -ChildObjectTypes $null -InheritedObjectTypes $null -Properties $null
The new Office Garage Series
Microsoft provides tools to import and synchronize user objects from an existing Active Directory environment, perform bulk CSV list imports or use custom PowerShell scripts to populate the identity store with User Principle Names and required directory attributes.
The final frontier from an automation perspective is really to set up ADFS and single sign-on as a way to ensure that your policies for password updates and the service authentication itself integrates with your existing tools and policies. The best place to go for all of this is the Office 365 deployment center on TechNet. It walks you through the right solution depending on your organization size and needs.
More Resources:
Manage Windows Azure Active Directory by using Windows PowerShell
Directory synchronization roadmap
Garage Series for IT Pros Archive of previous episodes
From Peter Peedu blog : Link
Since message tracking in Exchange 2007/2010 does not have the same intuitive interface as we have in Exchange 2003, performing message tracking can be tricky.
Most people do not need to use message tracking in their everyday work and therefore it’s hard to really get hands-on practice.
I have collected a few samples that might help you in your Message tracking adventure.
Get-Exchangeserver | where {$_.isHubTransportServer -eq $true -or $_.isMailboxServer -eq $true} | Get-Messagetrackinglog -sender user@domain.com -MessageSubject ”Subject of message” -Start ”8/27/2010 7:00 AM” -End ”8/27/2010 11:00 AM” | Select-Object Timestamp,Clienthostname,eventid,source,sender,@{Name=”Recipients”;Expression={$_.recipients}},Recipientcount,serverhostname,SourceContext | Export-Csv c:\temp\Messageinfo.csv
Then we could use Excel to work with the data we just exported.
How to Search Message Tracking Logs
http://technet.microsoft.com/en-us/library/bb124926(EXCHG.80).aspx
Managing Message Tracking
http://technet.microsoft.com/en-us/library/bb124375(EXCHG.80).aspx
Working with Command Output
http://technet.microsoft.com/en-us/library/bb123533(EXCHG.80).aspx
More information:
Process Tracking Log tool for Exchange Server 2007
http://msexchangeteam.com/archive/2008/02/07/448082.aspx
MEC
Microsoft Exchange Conference 2012 (MEC). The lost conference is back, taking place September 24-26 in Orlando, Florida.
At MEC 2012, you will:
- Get exclusive Exchange 15 content directly from the engineering team
- Get hands-on experience with Exchange 15
- Enjoy unparalleled access to Exchange team members, Masters and MVPs
- Preview amazing new products from select vendors
- Build personal relationships throughout the Exchange community
Visit MECisback.com
The Experts Conference
TEC 2010 April 29 – May 2, 2012 at Marriott Marquis and Marina, 333 West Harbor Drive, San Diego
TEC 2012 will deliver expert-led, 400-level training on vital Microsoft technologies. In addition to its highly-acclaimed training on Microsoft Directory & Identity technologies,TEC 2012 offers TEC for Exchange, TEC for SharePoint and TEC for Virtualization & Workspace Management.And this year, we are pleased to bring back the popular PowerShell Deep Dive training conference.
- TEC for Directory & Identity
- TEC for Exchange
- TEC for SharePoint
- TEC for Virtualization
- PowerShell Deep Dive
Visit http://www.theexpertsconference.com/us/2012/
and for Europe last year