Cheat sheet with all Ports and rules needed for a Exchange Hybrid Infrastructure

Exchange Hybrid Ports

Sometimes I come to clients who already have a hybrid exchange configured environment. In many cases this is when the hybrid configuration does not work. To make things easier for myself, I created an overview that eliminates the pain of firewalls and networks.

To help you guys out in these situations i share my ports overview document with you, The document is mentions as a cheat sheet this means that you can adjust it and present it to the customers network team.

Overview

There are always some requirements.

  • External IP for a seperate Hybrid flow that resolves to hybrid.domain.nl
  • You need to be sure that the hybrid server is part of the mail environment
  • The Exchange server which is used for the Hybrid configuration needs to be in the LAN
  • Do NOT forget the Exchange online and Exchange online protection URL’s
  • If you do not have an external IP use the external IP of the autodiscover.

 

 

Please follow and like us:

Monitor Windows AD and Azure AD Health with Microsoft OMS

What is Microsoft Operation Management Suite (OMS)

Oms (Microsoft Operations Management Suite) is Microsoft’s cloud-based IT management solution that helps you manage and protect your on-premises and cloud infrastructure. In this case we will use OMS to monitor and sort of “manage” Azure AD connect and Azure AD identities.

Before we start with OMS

Bore we start there are some requirements.

  1.  We need a Valid OMS Subscription – OMS has different level of subscriptions. It is depending on the OMS services you use and amount of data you uploaded. Ther is a free version which provides 500mb daily upload and 7-days of data retention.
  2. Direct Connection to Azure AD
  3. Domain Administrator Account in order to install the agent in the domain controllers we need to have Domain Administrator privileges.
  4. Global admin account to perform some actions in Azure AD

How to enable OMS as an AD Solutions 

Log in to OMS https://login.mms.microsoft.com/signin.aspx?ref=ms_mms as OMS administrator

Click on Solution Gallery

By default, AD Assessment solution is enabled. In order to enable AD Replication Status  click on the tile from the solution list and then click on Add.

Install OMS Agents 
Next step of the configuration is to install monitoring agent in domain controllers and get them connected with OMS.
1. Log in to the domain controller as domain administrator
2. Log in to OMS portal
3. Go to Settings > Connected Sources > Windows Servers > click on Download Windows Agent (64bit). it will download the monitoring agent to the system.
4. Once it is download, double click on the setup and start the installation process.
5. In first windows of the wizard click Next to begin the installation.
6. In next window read and accept the licenses terms.
7. In next window, we can select where it should install. If there is on changes click Next to Continue.
8. In next window, it asks where it will connect to. In our scenario, it will connect to OMS directly.
9. In next window, it asks about OMS Workspace ID and Key. it can be found in OMS portal in Settings > Connected Sources > Windows Servers. if this server is behind proxy server, we also can specify the proxy setting in this window. Once relevant info provided click on Next to continue.
 10. In next window, it asks how I need to check agent updates. It is recommended to use windows updates option. Once selection has made, Click Next.
11. In confirmation page, click Install to begin the installation.
12. Follow same steps for other domain controllers.
13. After few minutes, we can see the newly added servers are connected as data source under Settings > Connected Sources > Windows Servers

How to view analyzed Data

After a few minutes, OMS will start to collect data and virtualize the findings. To view this data, log in to OMS portal and click on relevant solution gallery tile in home page. You will find your analysed/ assessed servers there. You also get a quick overview and some recommendations for these servers.
Once click on the tile it brings you to a page where it displays more details about its findings. You will get a nice overview with all the collected data and it even provides you some fixes

 How to collect Windows logs for Analysis

Using OMS, we also can collect windows logs and use OMS analyzing capabilities to analyze those. When this enabled, OMS space usage and bandwidth usage on organization end will be higher. In order to collect logs,
1. Log in to OMS portal
2. Go to Settings > Data > Windows Event Logs
3. In the box, you can search for the relevant log file name and add it to the list. We also can select which type of events to extract. Once selection is made click Save.
After few minutes, you can start to see the events under log search option. In their using queries we can filter out the data. Also, we can setup email alerts based on the specific events.
*source http://www.rebeladmin.com/
Please follow and like us:

Setting up Shared mailboxes in Exchange online with Powershell

Often when you migrate users to Office365 you need to configure permissions for Shared Mailboxes. Bellow you find a small instruction on how to do this.

Connect to Exchange Online with Remote PowerShell

  1. Click Start
  2. Click Administrative Tools
  3. Right Click Windows PowerShell Modules and Run as administrator
  4. Set the Excution Policy on the local coputer
  5. Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
  6. Press “Y” for yes when/if prompted
  7. Specify remote credentials through a variable
  8. $cred=Get-Credential
  9. Enter your tenant admin account
  10. Enter password
  11. Set a session variable and connect to Exchange Online, enter command
  12. $s =New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $cred -Authentication Basic –AllowRedirection
  13. Import the session with the variable set in previous step.
  14. $importresults =Import-PSSession $s

Now you are connected to Exchange online with powershell.

Setup Shared Mailbox

The following section is copied from Microsoft. See this site for complete details. http://help.outlook.com/140/ee441202.aspx

After you create a shared mailbox, you have to assign permissions to all users who require access to the shared mailbox. Users can’t sign in to the shared mailbox. They have to sign in to their own mailbox and then open the shared mailbox to which they’ve been assigned permissions.

Here’s how to use PowerShell to create and configure a shared mailbox for the Corporate Printing Services department at Contoso Corporation.

Create a shared mailbox To create the shared mailbox for Corporate Printing Services, run one of the following commands:

Office 365

New-Mailbox -Name “info” -Alias corpprint -PrimarySmtp info@yourdomain.com -Shared

Set-Mailbox info -ProhibitSendReceiveQuota 5GB -ProhibitSendQuota 4.75GB -IssueWarningQuota 4.5GB

 

Create a security group for the users who need access to the shared mailbox In the Exchange Control Panel, create a security group for the staff who need access to the shared mailbox for Corporate Printing Services.

  1. Select My Organization Exchange> Users & Groups > Distribution Groups > New.
  2. Specify a display name, alias, and e-mail address. In this example, we’ll use Info, Companygroup, and Info@yourdomain.com.
  3. Select the Make this group a security group check box.
  4. In the Ownership section, click Add to add an owner, if necessary.
  5. In the Membership section, click Add.
  6. In the Select Members page, select the users you want to add. When you are finished, click OK.
  7. On the New Group page, click Save.

Note After you create a security group, the membership is closed. When membership is closed, only group owners can add members to the security group, or owners have to approve requests to join the group. Additionally, only group owners can remove members from the security group.

 

Assign the security group the FullAccess permission to access the shared mailbox

To enable members of the Printing Services Staff security group to open the mailbox, read e-mail, and use the calendar, run the following command:

Add-MailboxPermission “info” -User Companygroup -AccessRights FullAccess

 

Assign the security group the SendAs permission to the shared mailbox

To enable members of the Printing Services Staff security group to send e-mail from the mailbox, run the following command:

Add-RecipientPermission “Info” -Trustee Companygroup -AccessRights SendAs

Note It may take up to 60 minutes until users can access a new shared mailbox or until a new security group member can access a shared mailbox

Please follow and like us:

How to Create Multiple Subsites with Powershell From a CSV file

Sometimes it happens that you need to create Bulk subsites in a Sitecollection. And there is one thing what it-ers don’t like and that is manual work.

With this PowerShell script you can use a EXCEL.CSV to import as many sites as you want.

Step1

First of all you need to install the SharePoint2013 Client Components SDK.

http://www.microsoft.com/en-au/download/details.aspx?id=35585

Step2

The next step is to start up powershell ISE as a Administrator.

Now we need to make a connection to you Office365 admin Tenant with the following command

connect-SPOservice https://tenantname.admin.sharepoint.com

subsite1

Fill in your Office365 administrator credentials and press OK.

Now you are connected to you SharePoint tenant.

Step 3

And we can start editing the script to import the CSV.

Copy the following script in your Powershell script pane.

$csvLocation = “C:\Installt\sites.csv
$template = “template
$siteUrl = “https://tenant.sharepoint.com/sites/sitecollection
$username = “youraccount@tenant.nl”#yourpassword
Add-Type -Path “c:\Microsoft.SharePoint.Client.dll”
Add-Type -Path “c:\Microsoft.SharePoint.Client.Runtime.dll”

$password = Read-Host -Prompt “Enter password” -AsSecureString
$ctx = New-Object Microsoft.SharePoint.Client.ClientContext ($siteUrl)
$credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($username, $password)
$ctx.Credentials = $credentials
$csv = Import-Csv $csvLocation

ForEach ($site in $csv) {
$site = $($site.collumname of CSV)
$webCreationInformation = New-Object Microsoft.SharePoint.Client.WebCreationInformation
$webCreationInformation.Url = $site
$webCreationInformation.Title = $site
$webCreationInformation.WebTemplate = $template
$newWeb = $ctx.Web.Webs.Add($webCreationInformation)
$newWeb.ResetRoleInheritance()
$ctx.Load($newWeb)
$ctx.ExecuteQuery()

Write-Host “Site created:” $newWeb.Title ” at: ” $siteUrl “/” $newWeb.Url
}

Now you probably wonder what you need top fill in at Template. You can choos a custom template or you can choose one of the template  from the site bellow.

SharePoint online Template codes overview

In the next couple of days i will create another blog about this subject where i show you how to create a Custom template and how you can get the template code of your custom template.

Good luck and don’t hesitate to ask me question about this subject.

Please follow and like us:

How to delete a SharePoint online site with SharePoint Online Management Shell

Connect to your SharePoint Online tenant with the SharePoint Online Management Shell.

Start -> All Programs -> SharePoint Online Management Shell then type:

Import-Module Microsoft.Online.SharePoint.PowerShell

When the Sharepoint online management shell is open and the module is imported we want to connect to our Tenant.

Connect-SPOService
-Url
https://tenant-admin.sharepoint.com
-Credential
username@yourtenant.onmicrosoft.com

When you are connected the first thing to do is run a Get-SPOSite | select URL

This will get u a list of all SharePoint Online Site Collections

022114_0357_removingash1

Now we have all the site collections choose your site collection, to remove the site collection type:

Remove-SPOSite https://tenant.sharepoint.com/sites/siteyouwanttoremove

Once that’s completed the Site Collection will be removed and be put in the Site Collection Recycle Bin for 90 days

Please follow and like us:

Use the latest Features of Office 365 and SharePoint online

Office 365 band SharePoint Online continues to develop and grow this means there are updates coming out everyday, week or month.

Microsoft offers the ability to turn on ‘Preview Features’, Preview Features are the latest changes that haven’t been released yet.

So How do I enable the preview features?

Easy, navigate to your admin tenant (https://yourtenant-admin.sharepoint.com)

preview1

Click Settings, scroll most of the page down and you will see a section called ‘Preview Features’ .

Enable the feature and click OK

preview2

Once done the latest Preview features should be available to you.

Learn more about Preview Features here

Preview Features Office365

You can also enable the preview features of Office365. This will enable lots of preview feutures like (Sway, Delve, and office 2016).

To enable these go to your admin tentant (https://yourtenant-admin.sharepoint.com).

update2

Next klik on service settings and select updates.update3

Now you have the option First Release. You can set this on entire company or you can set up a couple of super users to test with the preview features.

Enjoy your new features.

Please follow and like us:

Building your first Office 365 Video portal

Microsoft has recently added the Video portal to Office 365.

To turn on the Preview option please follow this blog post:

video5

Your video page will start to load for the first time so this may take a while (about 10minutes)

video4

video3

Once Completed you will receive this nice Welcome Message , click Let’s go

One of the first things to note is the URL of the Video Portal

https://yourtenant.sharepoint.com/portals/hub/xxxx

video2

So let’s create our first Channel

Click the Create Channel Button , Give your channel a name and color:

Click Create

video1

Once created you can now upload videos and share with your Security Groups, SharePoint Groups or even unauthenticated users(everyone).

If you have some movies you can also use Sharegate to migrate you movie files to the Microsoft Video portal.

For more information you can check this blog From Jasper Oosterveld about Next gen Portals.

You can also check this Blog of Benjamin Niaulin.

Please follow and like us:

How to check and set rights to your recently migrated content With Sharegate

In our last blog i showed you how you can migrate content between site collection. For my test  migrated some content from a users OneDrive to a Site collection of the department the user was in.

When i provided him with the information of the location of his content he notified me that he wasn’t able to see any of his content or documents.

So the first thing i thought ok probably the rights. But the thing was that the user created a subsite in his department where i had put his content. This means that the user is Site owner of that site. Then i realized we migrated his data from his OneDrive where only he had access to so i probably had to set the rights on the folders and content i had migrated.

Check permissions with the Sharegate Security and Management feature.

Go to Sharegate and select security. You will see the following options.

sec mngt1

Then select Check permissions.

sec mngt2

Select the group you want to check

*example
Owner
Publisher
Reader
Etc

Select your target Site, list or directory

sec mngt3

Press View to view the Permissions of that moment.

Set rights to a list or library within a Subsites

To set rights with the Sharegate security an management tool go to security and select add permissions.

sec mngt1

Again select the user or group which you would like to give permissions.

sec mngt5

Select the Role you want to give the user or Group

sec mngt4

Select the target where you want to give permissions

sec mngt3

In my case i selected both options

  • Cascade to children
  • Cascade to Content

I did this because i have one user who doesn’t have rights on his own migrated folder.

sec mngt6

Then press apply to set the permissions that’s it.

This feature i really dummy proof when you want to give easy permissions. Now you don’t have to got to the site, list or library to give permissions.

Source: Sharegate website

Please follow and like us:

Set up a Projectmanagent site in SharePoint online

There are several ways to run projects. The way i explain this is a proof of concept what i recommend for my customers.

First of al you select the site collection where you will manage your projects. I recommend the that you create a new (private) site collection (https://yourtentant.sharepoint.com/sites/Projects). As site collection you choose Publishing Portal.

2

After you created the site collection you wil be guided back to the site collection overview. It kan take some time untill the site collection is provisioned.

Setting up the project page

When you start setting up your project page. i recommend you give every project a subsite. When you do this every project wil get the following apps.

– Onenote
– Email mailbox (you need to add this app separately)
– Tasks
– Timeline
– Documents

*example
The engineer or technician can synchronize that one project where he is working on. When he uses this feature he will have all the information he needs to work on this project.

To build a subsite go to the site collection you just made and select the little kamrad and select Content from site.

In this site collection you start with a creating a subsite. This subsite needs to be a project site.

4

When you start to create project subsites remember you always create the subsites under the Project site collection.

*Example
visio

The fun part is that you can really start to collaborate with your team on projects. For example you can create tasks and sync them with you project team. When you do this the tasks of that project site will also be shown in you Outlook. another nice feature is that you can open the Timeline on the SharePoint project site with Microsoft Projects. When you use this you can easily add resources en tasks to the Projects SharePoint site.

If you have any questions please leave a comment bellow!

Please follow and like us:

Create an Office 365 Mailbox

Creating a mailbox in Office 365 involves signing into your Office 365 account. The following steps assume your organization has already signed up for Office 365 through the MicrosoftOffice 365 Fast Track enrollment website.

1) Sign in to your Office 365 portal at http://portal.microsoftonline.com.

Office 365 log in

Office 365 log in

2) Click Go to Users and Groups.

Office 365 - Users and Groups

Office 365 – Users and Groups

3) Click the + sign to add a new user.

Add New Users

Add New Users

4) Fill in the appropriate details for the user being added. See the following example then click on Additional Details.

Adding details for users

Adding details for users

5) Fill in the appropriate details for the user being added. See the following example and click Next.

Continuing to add details for users

Continuing to add details for users

6) Determine if the user will be an administrator. If yes, choose the administrator type. Here are some detail to assist with the correct selection.

Setting admin level access

Setting admin level access

  • Billing Administrator – Helps make purchases, manage Office 365 subscriptions, oversee support tickets and monitor service heath. This role will not be available if Office 365 was not purchased directly through Microsoft.
  • Global Administrator – Will give access to all administrative features. Note the individual that enrolls Office 365 for your organization will also be a global administrator.
  • Password Administrator – Applies to those individuals that will need to reset a password, manage service requests, and monitor service health. This is great for a Helpdesk or an organization’s Security Administrators.
  • Service Administrator – This role is great for managing service requests and monitoring service health. Also note, before this role can be assigned to a user, they much first have admin access to a service such as Exchange Online.
  • User Management Administrator – Another great option for help desk or security administrator access this role allows them to reset passwords, monitor service health, manage accounts, groups and requests. This role is unable manipulate other administrator accounts or create admins’ roles.

7) For this example we are creating a Global Administrator in the United States. An alternate email address must be specified, then click Next.

Creating a Global Administrator

Creating a Global Administrator

8) Choose the appropriate licenses the account will need. This link provides better insight into the many licensing options. For this example we will choose all the products available within the Enterprise plan. Click Next after making the selections.

Assigning appropriate licenses

Assigning appropriate licenses

9) Provide an email address to email up to five users the temporary password for this account. The password will also appear on the screen after clicking Create if sending the email is an option that will not be pursued.

Send Results in Email screen

Send Results in Email screen

10) Click Create another user if there are more to be created or click Finish if there are not.

Email Results and Create another user screen

Email Results and Create another user screen

Connect an Office 365 Mailbox to Microsoft Outlook (Outlook 2007 or 2010)

This next step assumes that your workstation already has the full Outlook 2007 or 2010 client installed on the PC.

1) Open your web browser.

2) Go to the following website https://login.microsoftonline.com.

3) Enter your credentials and click Sign In.

Office 365 Sign-in Screen

Office 365 Sign-in Screen

4) If this is the first time the user is signing into the account then the password must be changed. Fill in the appropriate information and click Save.

Update Password Screen

Update Password Screen

5) Once signed in choose Settings from the upper right-hand corner.

Settings

Settings

6) Next, choose Office 365 Settings.

Choose Office 365 settings

Choose Office 365 settings

7) If this is the first time that account is being signed into, all of the information about the account should be reviewed. This will be the information that was entered by the account administrator in Step 6 in the “Create a Mailbox” section. Once the information is verified, scroll down and click Save.

8) On the left-hand side of your screen click Software.

Install and manage software

Install and manage software

9) On the left-hand side of your screen click Desktop Setup. Please note, this document assumes that the full Outlook Client is already installed.

Select desktop setup

Select desktop setup

10) Click Setup.

Click set up

Click set up

11) After you click setup the automatic configuration will start however, when prompted, fill in the password for the account being configured.

12) A setup wizard will startup.

13) In this case we will only choose Microsoft Outlook and uncheck the rest. Click Continue.

Configure desktop applications and install updates

14) Next, Click Finish.

Click Finish to complete process

In this case the Wizard has determined that Manual Configuration will be required. In order to complete these processes, go to the section below which covers how to connect to the full Outlook 2013 Client. Also, if this wizard fails, please see the following troubleshooting document for additional information about the issue being seen.

Connect an Office 365 Mailbox to Microsoft Outlook 2013

This manual configuration can be used if the automatic configuration wizard determines your client requires a manual configuration for Outlook 2010 clients as well.

1) Open the Control Panel on the PC.

2) Double-click on the Mail applet in the Control Panel.

Mail appletMail applet

3) Choose Show Profiles.

Select Show Profiles

Select Show Profiles

4) Click the Add button.

Click the Add button

Click the Add button

5) Enter a profile name and Click OK.

Enter a profile name

Enter a profile name

6) Fill in the information for your Office 365 account. Please note, Internet access is required for this to work.

Add new account

Add new account

7) Once the account and password have been verified the screen will appear as shown below. Click Finish.

Click Finish

Click Finish

8) Open Outlook to start using your Office 365 account.

That’s all there is to it! You are now embarking on a journey to email in the cloud with Microsoft Office 365.

Please follow and like us: