What to do with public folders when moving to Exchange Online

Moving to Exchange online

Sometimes a migration to office 365 can be difficult when it comes to Public folders. When the plan is to migrate from for instance Exchange 2010 to office 365 Exchange Online a discussion must be made. What to do with the public folders? In my opinion there are 3 scenario’s that can be discussed. In this blog post i will write down these 3 scenario’s .

A little bit of history

For youngsters in IT like myself it is pretty hard to understand what public folders are and what they do. This comes because we never worked with them or have used them. Luckily there are lots of experienced Microsoft Professionals like my colleague Michel de Rooij.  Who can explain this perfectly.

So what is a public folder: According to TechTarget a public folder In Microsoft Outlook, a public folder is a folder created to share information with others. The owner of a public folder can set privileges so that only a select group of users have access to the folder, or the folder can be made available to everyone on the network who uses the same mail client. Public folders in Outlook can contain contacts, calendar items, messages, journal entries, or Outlook Forms.

What to do with Public Folder Scenario’s

In the scenario’s bellow i will write down 3 scenario’s what to do with public folders. In these options i will also keep notice that most companies want to get rid of their public folders.

Scenario 1: Migrate public folder to modern public folders

Microsoft has published a article on Technet on how to migrate legacy public folders to modern public folders on Office 365. In this case Microsoft just continues the support on public folders when they are migrated to Office 365.

The migration itself has some limitations which i will summarize bellow.

  • Exchange 2010 Sp3 or higher is needed
  • Legacy public folder cannot be larger the 2 GB
  • Public folder cannot contain \ or other strange symbols
  • Modern public folders are not accessible for legacy (on-premise) users
  • All users need to be migrated first
  • Max 1000 public folders allowed
  • Big bang migration with downtime

As you can see there are some limitations and difficulties. These difficulties are most of all in managing expectation at the business side cause public folders need to be cleaned or renamed.

Scenario 2: Migrate public folder to Office 365 groups

The second scenario is to migrate the legacy public folders to Office 365 groups. Microsoft has described this in the following Technet article. When moving public folders to Office 365 groups there are some difficulties that need to be managed first before you can start the migration.
One of these difficulties is that it is only possible to migrate the email and calendar items to an Office 365 group.

Bellow you find the summary of limitations.

  • All users must be migrated to Office 365 before you begin
  • Work process for end user will change ( they will use a office group instead of public folder)
  • Office 365 groups are not accessible for legacy users
  • Only mail and calendar items are supported
  • Maximum size of Public folder can be 25 GB to migrate
  • Phased migration is possible when using a > Exchange 2013 server
  • Downtime

Scenario 3: Do not migrate public folder to Office 365

When you have Exchange 2010 in a hybrid setup it is possible to configure the public folders co-existing. This means that the public folder stay where they are, but are accessible from on-premise and from online. There are some limitations, one of these limitations is that it is not possible to open this public folder from Outlook.office365.com/owa.

Remember i told you in the beginning that there is probably a scenario on how to get rid of the Public Folders? Well this is in my opinion the best and most business friendly way to do it.

Therefor just make sure the co-existing is in place. So next up you put the public folders in read only. and give the users a Shared mailbox, Office 365 group or even a team as their new place to collaborate from.

One last thing keep in mind that when you go for this option you have to keep your on-premise environment for a little bit longer before you decommission it.

Please follow and like us:
error

Export all mailboxes with their sizes to TXT or CSV with Powershell

Export mailboxes

Most of the time when you are into a Mailbox migration project you have this phase that you need to inventory the amount of user mailboxes. With their size. Do you want to perform such action you need to use Exchange Powershell to be able to get these kind of data out of Exchange.

Powershell

To export this mailbox data out of exchange you can use the command Get-MailboxStatistics -identity “sAMACCOUNTNAME” | fl. This will give you a complete list of the output matched with the j3rmeyer account/ mailbox in exchange.

If you look further you notice that there is actually only one useful unique attribute (so you can match this later on with Active Directory). That one attribute is the ‘MailboxGuid’.

To get this data i a useful way out of exchange the best thing to do is combine this data together with the DisplayName.

The script

In this script i will combine the Display name with the MailboxGuid and the total size of the mailbox in MB. This is not all i want i want to export all the mailboxes on that specified Exchange server. To do that you need to give in the Server name instead of the identity of the user.

Below you will find the script i use to export such data:

Get-MailboxStatistics -server “DATABASESERVERNAME” | Sort-Object TotalItemSize -Descending | ft DisplayName,

mailboxguid, @{label=”TotalItemSize(KB)”;expression={$_.TotalItemSize.Value.ToKB()}},ItemCount > c:\temp\mailbox_sizes_

emailboxserver.txt

So when you want to change the output file into an Excel CSV file instead of TXT. It is possible use the Powershell script below to perform such action:

Get-MailboxStatistics -server “DATABASESERVERNAME” | Sort-Object TotalItemSize -Descending | ft DisplayName,

mailboxguid, @{label=”TotalItemSize(KB)”;expression={$_.TotalItemSize.Value.ToKB()}},ItemCount | Out-File C:\temp\mailbox_sizes_emailserver.csv

 

Please follow and like us:
error

Cheat sheet with all Ports and rules needed for a Exchange Hybrid Infrastructure

Exchange Hybrid Ports Cheat Sheet

When working with Exchange I sometimes come to clients who already have a hybrid exchange configured environment. In many cases this is when the hybrid configuration does not work. To make things easier for myself, I created an overview that eliminates the pain of firewalls and networks.

To help you guys out in these situations i share my ports overview document with you, The document is mentions as a cheat sheet this means that you can adjust it and present it to the customers network team.

Overview

There are always some requirements for a Exchange hybrid environment

  • External IP for a seperate Hybrid flow that resolves to hybrid.domain.nl
  • You need to be sure that the hybrid server is part of the mail environment
  • Make sure autodiscover is set the right way
  • The Exchange server which is used for the Hybrid configuration needs to be in the LAN
  • Do NOT forget the Exchange online and Exchange online protection URL’s
  • If you do not have an external IP use the external IP of the autodiscover.
hybrid exchange ports cheat sheet
hybrid exchange ports cheat sheet

 

Click here to read other posts for more Exchange related posts.

 

Please follow and like us:
error

Revoke Access from compromised office 365 account

Revoke access

When you have aaccount in your organization that has been hacked or compromised you need to take immediate action to prevent a security dilemma inside of your organization.

For instance when the credentials of a account are compromised. This account can be used for sending out bad emails with malware  and even worse skimming. This will result in a bad Image for your company.

Actions against compromised account

When a account is compromised you need to revoke access to this account. You can perform this with a password reset. What most admin do not know is that this change does not kick in straight away. To speed this process up, the best thing to do is run a “Revoke-AzureADUserAllRefreshToken” on the user’s account. (make sure you are using the connect-azuread module)

Now you are sure that this account has a new password and logging in is impossible.

There is a scenario that the account can still send emails to others. In this case the best thing to do is to create a transport rule. The Transport rule can prevent the user to send out malicious emails.

There is also a way to prevent most of these dangers with the implementation of Azure AD identity protection.

 

 

Please follow and like us:
error

Setting up Shared mailboxes in Exchange online with Powershell

Often when you migrate users to Office365 you need to configure permissions for Shared Mailboxes. Bellow you find a small instruction on how to do this.

Connect to Exchange Online with Remote PowerShell

  1. Click Start
  2. Click Administrative Tools
  3. Right Click Windows PowerShell Modules and Run as administrator
  4. Set the Excution Policy on the local coputer
  5. Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
  6. Press “Y” for yes when/if prompted
  7. Specify remote credentials through a variable
  8. $cred=Get-Credential
  9. Enter your tenant admin account
  10. Enter password
  11. Set a session variable and connect to Exchange Online, enter command
  12. $s =New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $cred -Authentication Basic –AllowRedirection
  13. Import the session with the variable set in previous step.
  14. $importresults =Import-PSSession $s
mailboxes
mailboxes

Now you are connected to Exchange online with powershell.

Setup Shared Mailbox

The following section is copied from Microsoft. See this site for complete details. http://help.outlook.com/140/ee441202.aspx

After you create a shared mailboxes, you have to assign permissions to all users who require access to the shared mailbox. Users can’t sign in to the shared mailboxes. They have to sign in to their own mailbox and then open the shared mailbox to which they’ve been assigned permissions.

Here’s how to use PowerShell to create and configure a shared mailbox for the Corporate Printing Services department at Contoso Corporation.

Create a shared mailboxes To create the shared mailbox for Corporate Printing Services, run one of the following commands:

Office 365

New-Mailbox -Name “info” -Alias corpprint -PrimarySmtp info@yourdomain.com -Shared

Set-Mailbox info -ProhibitSendReceiveQuota 5GB -ProhibitSendQuota 4.75GB -IssueWarningQuota 4.5GB

 

Create a security group for the users who need access to the shared mailbox In the Exchange Control Panel, create a security group for the staff who need access to the shared mailbox for Corporate Printing Services.

  1. Select My Organization Exchange> Users & Groups > Distribution Groups > New.
  2. Specify a display name, alias, and e-mail address. In this example, we’ll use Info, Companygroup, and Info@yourdomain.com.
  3. Select the Make this group a security group check box.
  4. In the Ownership section, click Add to add an owner, if necessary.
  5. In the Membership section, click Add.
  6. In the Select Members page, select the users you want to add. When you are finished, click OK.
  7. On the New Group page, click Save.

Note After you create a security group, the membership is closed. When membership is closed, only group owners can add members to the security group, or owners have to approve requests to join the group. Additionally, only group owners can remove members from the security group.

 

Assign the security group the FullAccess permission to access the shared mailbox

To enable members of the Printing Services Staff security group to open the mailbox, read e-mail, and use the calendar, run the following command:

Add-MailboxPermission “info” -User Companygroup -AccessRights FullAccess

 

Assign the security group the SendAs permission to the shared mailbox

To enable members of the Printing Services Staff security group to send e-mail from the mailbox, run the following command:

Add-RecipientPermission “Info” -Trustee Companygroup -AccessRights SendAs

Note It may take up to 60 minutes until users can access a new shared mailbox or until a new security group member can access a shared mailbox

Please follow and like us:
error

Create an Office 365 Mailbox

Creating a mailbox in Office 365 involves signing into your Office 365 account. The following steps assume your organization has already signed up for Office 365 through the MicrosoftOffice 365 Fast Track enrollment website.

1) Sign in to your Office 365 portal at http://portal.microsoftonline.com.

Office 365 log in

Office 365 log in

2) Click Go to Users and Groups.

Office 365 - Users and Groups

Office 365 – Users and Groups

3) Click the + sign to add a new user.

Add New Users

Add New Users

4) Fill in the appropriate details for the user being added. See the following example then click on Additional Details.

Adding details for users

Adding details for users

5) Fill in the appropriate details for the user being added. See the following example and click Next.

Continuing to add details for users

Continuing to add details for users

6) Determine if the user will be an administrator. If yes, choose the administrator type. Here are some detail to assist with the correct selection.

Setting admin level access

Setting admin level access

  • Billing Administrator – Helps make purchases, manage Office 365 subscriptions, oversee support tickets and monitor service heath. This role will not be available if Office 365 was not purchased directly through Microsoft.
  • Global Administrator – Will give access to all administrative features. Note the individual that enrolls Office 365 for your organization will also be a global administrator.
  • Password Administrator – Applies to those individuals that will need to reset a password, manage service requests, and monitor service health. This is great for a Helpdesk or an organization’s Security Administrators.
  • Service Administrator – This role is great for managing service requests and monitoring service health. Also note, before this role can be assigned to a user, they much first have admin access to a service such as Exchange Online.
  • User Management Administrator – Another great option for help desk or security administrator access this role allows them to reset passwords, monitor service health, manage accounts, groups and requests. This role is unable manipulate other administrator accounts or create admins’ roles.

7) For this example we are creating a Global Administrator in the United States. An alternate email address must be specified, then click Next.

Creating a Global Administrator

Creating a Global Administrator

8) Choose the appropriate licenses the account will need. This link provides better insight into the many licensing options. For this example we will choose all the products available within the Enterprise plan. Click Next after making the selections.

Assigning appropriate licenses

Assigning appropriate licenses

9) Provide an email address to email up to five users the temporary password for this account. The password will also appear on the screen after clicking Create if sending the email is an option that will not be pursued.

Send Results in Email screen

Send Results in Email screen

10) Click Create another user if there are more to be created or click Finish if there are not.

Email Results and Create another user screen

Email Results and Create another user screen

Connect an Office 365 Mailbox to Microsoft Outlook (Outlook 2007 or 2010)

This next step assumes that your workstation already has the full Outlook 2007 or 2010 client installed on the PC.

1) Open your web browser.

2) Go to the following website https://login.microsoftonline.com.

3) Enter your credentials and click Sign In.

Office 365 Sign-in Screen

Office 365 Sign-in Screen

4) If this is the first time the user is signing into the account then the password must be changed. Fill in the appropriate information and click Save.

Update Password Screen

Update Password Screen

5) Once signed in choose Settings from the upper right-hand corner.

Settings

Settings

6) Next, choose Office 365 Settings.

Choose Office 365 settings

Choose Office 365 settings

7) If this is the first time that account is being signed into, all of the information about the account should be reviewed. This will be the information that was entered by the account administrator in Step 6 in the “Create a Mailbox” section. Once the information is verified, scroll down and click Save.

8) On the left-hand side of your screen click Software.

Install and manage software

Install and manage software

9) On the left-hand side of your screen click Desktop Setup. Please note, this document assumes that the full Outlook Client is already installed.

Select desktop setup

Select desktop setup

10) Click Setup.

Click set up

Click set up

11) After you click setup the automatic configuration will start however, when prompted, fill in the password for the account being configured.

12) A setup wizard will startup.

13) In this case we will only choose Microsoft Outlook and uncheck the rest. Click Continue.

Configure desktop applications and install updates

14) Next, Click Finish.

Click Finish to complete process

In this case the Wizard has determined that Manual Configuration will be required. In order to complete these processes, go to the section below which covers how to connect to the full Outlook 2013 Client. Also, if this wizard fails, please see the following troubleshooting document for additional information about the issue being seen.

Connect an Office 365 Mailbox to Microsoft Outlook 2013

This manual configuration can be used if the automatic configuration wizard determines your client requires a manual configuration for Outlook 2010 clients as well.

1) Open the Control Panel on the PC.

2) Double-click on the Mail applet in the Control Panel.

Mail appletMail applet

3) Choose Show Profiles.

Select Show Profiles

Select Show Profiles

4) Click the Add button.

Click the Add button

Click the Add button

5) Enter a profile name and Click OK.

Enter a profile name

Enter a profile name

6) Fill in the information for your Office 365 account. Please note, Internet access is required for this to work.

Add new account

Add new account

7) Once the account and password have been verified the screen will appear as shown below. Click Finish.

Click Finish

Click Finish

8) Open Outlook to start using your Office 365 account.

That’s all there is to it! You are now embarking on a journey to email in the cloud with Microsoft Office 365.

Please follow and like us:
error