Exchange Hybrid, Exchange Online & Outlook: How to get more email storage space?

Well currently, most enterprise users are using local storage to save their emails. For those whom are on SSD storage would be a problem and also goes for normal HDD storage uses.

What is online archive? Online archive is basically like your local/normal archive feature that you usually sees on your outlook but instead it is online/cloud and it provides 1TB of space. If the organization did enable this and they probably would also enable retention policy, this is just set a policy to automate moving primary emails to the online archive based on a range of period. Anyway, this is up to the organization settings and decision.

*Note: Retention Policy has many functionality and it is also part of security related

To have online archive your organization must have license like Office365 ProPlus, E3, Office365 Business or Office365 Business Premium.

How to enable online archive?

1. If the organization is in a hybrid environment, using Exchange 2016 and Exchange Online, as the IT Admin could enable the online archive from exchange 2016.
2. If the organization is in a hybrid environment, using Exchange 2013 (as a bridge for migration to exchange online) and had older version of exchange too than as IT admin you could only enable online archive via Exchange Online. This is because there could be possible is the unique id causes. (not much of issue if you have plans to upgrade exchange 2013 to exchange 2016)
3. If the organization is fully utilize Exchange online only, than as IT Admin you could enable online archive from exchange online > recipient > select specific recipient > mailbox feature.

*Note:

1. If you would wish to bulk enable, than perform using powershell, but there are other categories in Office 365 you could enable the online archive, such as from security and compliance.
2. If you would wish to disable it and wants to use back only the primary mailbox than below is a reference on how to perform it.

Reference:

1. https://technet.microsoft.com/en-us/library/archive-features-in-exchange-online-archiving.aspx
2. https://docs.microsoft.com/en-us/office365/securitycompliance/enable-archive-mailboxes
3. https://docs.microsoft.com/en-us/office365/securitycompliance/unlimited-archiving

Exchange Hybrid & PowerShell: How to customize a permission of a role?

Again not brain surgery. Just need you to calm your mind and enjoy understanding it.

Yes, I know that there would be defaults settings or features that doesn’t mean the customer’s requirement, so they always requested for customization.

So basically I expect that you know what are the default roles in exchange hybrid and its permissions inside. Anyway, you have to be the administrator only you could able to view where are the roles. You can find it at your exchange hybrid console > Permission > Admin roles.

*Note:

• I prefer to use Power Shell to create this customize permission role because it provides more details of what are the functions runs in each role type.
• And you can dig deeper by removing/adding certain role’s type function that you would not wish to be in your customization.
• Try not to configure the default roles given
• Always create a new role

Using Interface to create Admin Roles Group

However, interface doesn’t actually allows you to create customize roles.

To create a new customize permission role you go to this directory Exchange Hybrid console > Permission > Admin roles > “+”

Example below;

Select what roles you want for your customize permission;

Using Power Shell to create customization

What I would do is I will copy a default role and its permission into my new role, which is closer to my client’s request and than I will eliminate the permission based on a comparing function such as “Query if the role’s permission doesn’t has this permission than remove the those permission”. This will definitely save much more time.

If you aren’t sure about  what default role should you copy than try to extract the detail list of each roles permission. Simply just type the following code below;

Get-ManagementRole * | Get-MangementRoleEntry

1. Go to your Exchange Hybrid Server > Open the Exchange Power Shell console (Run as Administrator)
2. Run these commands below

   #To get a list of role type
   Get-ManagementRole
   
   #Get function details of each role type
   Get-ManagementRole "RoleTypeName" | Get-ManagementRoleEntry
   
   #Create a new Customize Role copying a default role type
   New-ManagementRole -Parent "RoleTypeName" -Name "NewCustomizePermissionRoleName"

   *RoleTypeName would be these at the picture below, circle in red

   

   Role type name

   Get-ManagementRoleEntry is basically get the list of permissions that is inside the role.

   *Each roles has its own list of permissions

3. If you wish to limit or remove a role type’s function/permission, than you can run this command

#Find your customization that you had created
#Query where if the function is not the name "Get-RemoteDomain" & "New-RemoteDomain" remove the other's functions
Get-ManagementRoleEntry "NewCustomizePermissionRoleName\*" | Where { $_.Name -NotLike "Get-RemoteDomain" -and $_.Name -NotLike "New-RemoteDomain" } | Remove-ManagementRoleEntry

#Query your modified customization, to check whether are the modification correct
Get-ManagementRoleEntry "NewCustomizePermissionRoleName\*"  | select name,role | ft

#If you wish to undo than just run this command
#It will get the function "Get-Mailbox" from Role Type and add into your customization
Get-ManagementRoleEntry "RoleTypeName\Get-Mailbox" | Add-ManagementRoleEntry -Role "CustomizePermissionRoleName"

 

References:

• https://docs.microsoft.com/en-us/powershell/module/exchange/role-based-access-control/add-managementroleentry?view=exchange-ps
• https://docs.microsoft.com/en-us/powershell/module/exchange/role-based-access-control/get-managementrole?view=exchange-ps
• https://docs.microsoft.com/en-us/powershell/module/exchange/role-based-access-control/get-managementroleentry?view=exchange-ps
• https://docs.microsoft.com/en-us/exchange/understanding-management-roles-exchange-2013-help

Office 365 & AD & Exchange Hybrid: How to create remote mailbox in Exchange Hybrid for existing user, in Active Directory and Office 365?

When you have existing user active directory record and you’ve accidentally had provision the mailbox at Office 365. Thus, result you unable to add the user into any distribution group and etc. because it doesn’t have record in Exchange Hybrid. Besides, user’s primary email address wasn’t correct, such as “xxxx@domain.onmicrosoft.com” instead of “xxxx@domain.com”.

Here are the steps to resolve your problems;

Implication: None (for me)

*Note: You have to be familiar with PowerShell. Best to try it on a test user account first.

1. Go to Exchange Hybrid server
2. Open Exchange Powershell Management
3. Type the following commands;
   

   Enable-remotemailbox “userDisplayName” -RemoteRoutingAddress “xxxx@domain.mail.onmicrosoft.com”

4. Go to Azure AD Server
5. Open Windows Powershell
   

   Start-ADSyncSyncCycle -PolicyType Delta

6. You will than review that particular user’s the mailbox in Office 365, has more email addresses shown in the email address category itself. And also the Primary email address has change to the right one.

 

*Note: This may take half an hour for the overall settings to be propagated at the user side. Because at the user side they will still view their primary smtp as the incorrect one, even though the modification has done.

Office365, Exchange, Azure, AD: Why you should always check your Office365 Recycle Bin?

Every human mistake is they never check what is inside their recycle bin before proceeding.

The very first thing you should do when you want to create a user is to check your Office 365 recycle bin! Why? Because is best to avoid another problem for yourself unless you are the problem. To also avoid duplication occur in Office 365.

Imagine yourself hitting the brick wall by creating and deleting repetition of a particular user account, setting yourself in panic moment and continue getting errors such as,

1. Unable to get the user account to sync up to Office 365
2. Incorrect user principal name
3. Worst -> Incorrect Immutable ID

So ALWAYS CHECK OFFICE 365 RECYCLE BIN BEFORE PROCEEDING TO CREATE!

Office 365: Synchronized/Migrated user showing wrong UPN in Office 365

Oh no! I forgot to change/set the user’s UPN correctly before migration! Even a simple job we could get it wrongly. Thus, this will lead you to panic. Well, if you are panic, just take a deep breath.

Usually, such problem we resolve it by breaking/disable the DirSync so that the user’s status change from “Sync from on prem” to “cloud”. So that if we could make the changes at the Office 365, without interrupting the on-prem. However, this kind of solution is troublesome because it takes hours for the DirSync to complete disable and waiting for the user’s status to change. When I mean by hours, depends of the amount of users you have at Office 365. The larger the amount the longer it takes for the time taken for the DirSync to complete disable and for the user’s status to change.

Here are the problems we faced:

1. Forgot to set the email policy
2. Forgot how to set email policy
3. Set the wrong email policy
4. Highly confident and doesn’t double check
5. Doesn’t do enough research about preparation of migration

Lucky for me that I have found a way to solve this kind of clumsiness, please refer to the reference given below.

Note: This solution is only for clumsy situation. Don’t put it into your planing of migration, because this will make you feel like a total blockhead in front of your customers. Please do not take it in as a habit.

Reference:

1. http://www.codenutz.com/office365-changing-the-main-login-name-for-upn-for-a-user-via-powershell/