To enable dynamic membership for a particular group, perform the following steps:

  1. In the Azure portal, under the Groups tab, select the group you want to edit, and then in this group’s Configure tab, set the Enable Dynamic Memberships switch to Yes.
  2. You can now set up a simple single rule for the group that will control how dynamic membership for this group functions. Make sure the Add users where option is selected, and then select a user property from the list (for example, department, jobTitle, etc.),
  3. Next, select a condition (Not Equals, Equals, Not Starts With, Starts With, Not Contains, Contains, Not Match, Match), and finally specify a value for the selected user property. For example, if a group is assigned to a SaaS application and you enable dynamic memberships for this group by setting a rule whereby Add users where is set to the jobTitle that Equals(-eq)Sales Rep, all users within your Azure AD directory whose job titles are set to Sales Rep will have access to this SaaS application.
  4. Note that you can set up a rule for dynamic membership on security groups or Office groups. Dynamic Memberships for Groups require an Azure AD Premium license to be assigned to the administrator who manages the rule on a group and to all users who are selected by the rule to be a member of the group.

Here you can learn more about complex rules for dynamic group membership:

These articles provide additional information on Azure Active Directory.

Tagged with:


Several factors may lead to the issue when the Office 365 users don’t receive any confirmation after you successfully schedule a meeting or an appointment for an on-premises room mailbox in either Outlook client or Outlook Web App in Office 365. To solve it, please check the following settings:

  1. If your on-premises room mailboxes are not hosted on Exchange 2010 or 2013, please move the room mailboxes to Exchange server 2010/2013 mailbox server first.
  2. Check if the room mailboxes are set to automatically accept the booking requests.
  3. Also, once the room mailboxes are hosted on Exchange server 2010/2013 mailbox server, please set the ProcessExternalMeetingMessages parameter to True by running the following cmdlet on the on-premises Exchange server:

Set-CalendarProcessing ”<Room Name>”  –ProcessExternalMeetingMessages $True


1. All on premise mailboxes are on Exchange 2010

2. All room mailboxes are set to automatically accept the booking requests

3. I checked the ProcessExternalMeetingMessages on all of the rooms and it was set to $false. I set them to true and then tried booking a room twice. I did not receive a response back either time. It was still set as Tentative. I’ll try again later to see if the problem takes some time to propagate through the system.

Tagged with:

Grant Full Access to all mailboxes in Office 365

On 2016-02-26, in Office 365, by Mattias Jönsson

Grant Full Access to all mailboxes in Office 365


Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox')} | Add-MailboxPermission -User -AccessRights FullAccess -InheritanceType all
Tagged with:


Useful commands:

Start the Welcome to OneDrive wizard for the user

defaults write DefaultToBusinessFRE -bool True

Enabling users to add additional work or school accounts

defaults write EnableAddAccounts -bool True

Block configuring and syncing of personal/consumer OneDrive accounts

defaults write DisablePersonalSync -bool True
Tagged with:

Origin link:

This one liner will list all users who have both SMTP email addresses (which appear in the Windows Email Address filed on their AD account), and a SIP address, but they don’t match. This is helpful in identifying users who may be contractors with their  own email address at their respective company, but have SIP addresses on your system. It’s also helpful in locating users who have typos in one of the two, or who are inadvertently assigned an incorrect SIP domain.

Get-CsAdUser | Where-Object {($_.WindowsEmailAddress -and $_.SipAddress) -and ($_.WindowsEmailAddress -ne ($_.SipAddress -replace "sip:",""))} | Select-Object DisplayName,WindowsEmailAddress,SIPAddress

This yields results such as

DisplayName       WindowsEmailAddress                    SIPAddress                
-----------       -------------------                    ----------                
Laurie Lederhouse 
Eileen Alfini            
Mike McGrath       
Gavin Parmar          

In this example, we see that the first three have different SMTP domains than SIP domains. In the last user, we see that the username part of the addresses is different, but the domains are the same. If you want to strip out the “sip:” from the SIPaddress column, we can add a little formatting and come up with

Get-CsAdUser | Where-Object {($_.WindowsEmailAddress -and $_.SipAddress) -and ($_.WindowsEmailAddress -ne ($_.SipAddress -replace "sip:",""))} | Select-Object displayname,windowsemailaddress,@{Expression={$_.sipaddress -replace "sip:"};label="SipAddress"}
Tagged with:

Adding full access permissions

Add-MailboxPermission -Identity UserBeingGrantedPermission -User UserWhoseMailboxIsBeingConfigured -AccessRights 'FullAccess' 

Add-MailboxPermission -Identity 'CN=Jerry Orman,OU=Engineering,DC=cpandl,DC=com' -User 'CPANDL\boba' -AccessRights 'FullAccess' 
Removing full access permissions
Remove-MailboxPermission -Identity 'UserBeingGrantedPermission' -User 'UserWhoseMailboxIsBeingConfigured' -AccessRights 'FullAccess' 
-InheritanceType 'All' 

Remove-MailboxPermission -Identity 'CN=Jerry Orman, OU=Engineering,DC=cpandl,DC=com' -User 'CPANDL\boba' -AccessRights 'FullAccess' 
-InheritanceType 'All'


Adding Send As permissions

Add-ADPermission -Identity UserBeingGrantedPermission -User UserWhoseMailboxIsBeingConfigured -ExtendedRights 'Send-As' 

Add-ADPermission -Identity 'CN=Jerry Orman,OU=Engineering,DC=cpandl,DC=com' -User 'CPANDL\boba' -ExtendedRights 'Send-As' 
Removing Send As permissions
Remove-ADPermission -Identity UserBeingRevokedPermission -User UserWhoseMailboxIsBeingConfigured -ExtendedRights 'Send-As' 
-InheritanceType 'All' -ChildObjectTypes $null -InheritedObjectType $null -Properties $null 

Remove-ADPermission -Identity 'CN=Jerry Orman,OU=Engineering, DC=cpandl,DC=com' -User 'CPANDL\boba' -ExtendedRights 'Send-As' 
-InheritanceType 'All' -ChildObjectTypes $null -InheritedObjectTypes $null -Properties $null


Automating User Provisioning in Office 365

On 2013-05-16, in Exchange 2013, O365, by Mattias Jönsson

The new Office Garage Series


Microsoft provides tools to import and synchronize user objects from an existing Active Directory environment, perform bulk CSV list imports or use custom PowerShell scripts to populate the identity store with User Principle Names and required directory attributes.

The final frontier from an automation perspective is really to set up ADFS and single sign-on as a way to ensure that your policies for password updates and the service authentication itself integrates with your existing tools and policies. The best place to go for all of this is the Office 365 deployment center on TechNet. It walks you through the right solution depending on your organization size and needs.

More Resources:

Office 365 deployment center

Manage Windows Azure Active Directory by using Windows PowerShell

Directory synchronization roadmap

Garage Series for IT Pros Archive of previous episodes

Office 365 ProPlus Trial

Office TechCenter on TechNet

Office 365 TechCenter on TechNet

Tagged with:

From Peter Peedu blog : Link

Since message tracking in Exchange 2007/2010 does not have the same intuitive interface as we have in Exchange 2003, performing message tracking can be tricky.

Most people do not need to use message tracking in their everyday work and therefore it’s hard to really get hands-on practice.

I have collected a few samples that might help you in your Message tracking adventure.

Get-Exchangeserver | where {$_.isHubTransportServer -eq $true -or $_.isMailboxServer -eq $true} | Get-Messagetrackinglog -sender -MessageSubject ”Subject of message” -Start ”8/27/2010 7:00 AM” -End ”8/27/2010 11:00 AM” | Select-Object Timestamp,Clienthostname,eventid,source,sender,@{Name=”Recipients”;Expression={$_.recipients}},Recipientcount,serverhostname,SourceContext | Export-Csv c:\temp\Messageinfo.csv

Then we could use Excel to work with the data we just exported.


How to Search Message Tracking Logs

Managing Message Tracking

Working with Command Output


More information:

Process Tracking Log tool for Exchange Server 2007

Tagged with:

Upcoming conference

On 2012-04-12, in Exchange 2007, Exchange 2010, Mailserver, by Mattias Jönsson


Microsoft Exchange Conference 2012 (MEC). The lost conference is back, taking place September 24-26 in Orlando, Florida.

At MEC 2012, you will:

  • Get exclusive Exchange 15 content directly from the engineering team
  • Get hands-on experience with Exchange 15
  • Enjoy unparalleled access to Exchange team members, Masters and MVPs
  • Preview amazing new products from select vendors
  • Build personal relationships throughout the Exchange community



The Experts Conference

TEC 2010 April 29 – May 2, 2012 at Marriott Marquis and Marina, 333 West Harbor Drive, San Diego

TEC 2012 will deliver expert-led, 400-level training on vital Microsoft technologies. In addition to its highly-acclaimed training on Microsoft Directory & Identity technologies,TEC 2012 offers TEC for Exchange, TEC for SharePoint and TEC for Virtualization & Workspace Management.And this year, we are pleased to bring back the popular PowerShell Deep Dive training conference.

  • TEC for Directory & Identity
  • TEC for Exchange
  • TEC for SharePoint
  • TEC for Virtualization
  • PowerShell Deep Dive


and for Europe last year

Tagged with: