Looking forward to 2016…

…also means looking back at 2015. ūüôā

First of all, let me start by wishing all of you a happy (belated) New Year. I hope that 2016 is off to a good start!

As you might have noticed, it’s been a little quiet around here these past few months. There’s a few good reasons for that:

  • I’ve been writing a lot for my employer, ENow. As a matter of fact, you could consider ENow’s solution Engine, also known as “ESE blog” (pun intended) as my new “primary” blog location. However, I realize I could do a better of “cross-posting” articles here, which I will vigorously keep an eye on in 2016. In the meantime, you can go to http://blog.enowsoftware.com to see what others and I have been writing about lately.
  • It’s been super busy at work (in a good way)!¬†We are in the process of creating something entirely new and that has been keeping me busy –along with some really interesting consulting engagements! In due time, I’ll share more details on what exactly it is that we are doing. Needless to say, 2016 will be an interesting year @ ENow.
  • The Office 365 book for Exchange Professionals has been taking up quite¬†a bit of time (rightfully so!). As Tony reported earlier, there have been a massive amount of changes in 2015 –all of which need to go into the book in one way or another. Throw in the release of Exchange 2016 and there’s plenty of things to keep you busy for a while. The upside of all this is that the latest version of the book is really, really¬†good and very up-to-date –something that would not be possible when publishing in a traditional way. If you haven’t picked up your copy so far, you can do so here.

Anyway.¬†A new year wouldn’t be one without proper resolutions, would it? The good news is that after some necessary downtime in December, my batteries are fully charged again and ready to hit to road running!

  • The Belgian “Pro-Exchange”¬†user group¬†is shortly moving to a new website (and platform). The team is seizing this opportunity to revitalize the community as well. Expect some big announcements in the days and weeks to come. I can share that we will be introducing a new name and we plan on having (more) regular in-person events. Because of everyone’s busy schedules we only had a few but successful events last year.
  • I look forward to the next release of the Office 365 book for Exchange Professionals. Although the book is updated incrementally (there’s a new release every few weeks), we find ourselves with a major update once or twice a year (there were two major releases, last year). I am in full writing mode as we speak, and you can expect a lot of new content from me evolving around authentication (Passport, Windows Hello, Multi-factor authentication), mail flow, hybrid deployments (and caveats) and hybrid recipient management. Keep in mind that I’m not the only one working on the book. Both Tony and Paul are also continuously adding new content to their chapters, so there’s much more to discover with every update/release!
  • The fall will be quite a busy time. First, there’s Ignite in Atlanta in September, followed by IT/DEV Connections in Vegas (in October) and the UK/UC Day as well. Although I am a little skeptical about Ignite as a conference, it is a must-attend event if you want to know what is happening in the Microsoft ecosphere. It’s as simple as that.
    For the past few years, I have been lucky enough to be allowed to speak at IT/DEV Connections. Compared to Ignite this is a very small conference, but very technical with lots of deep insights from the real world. Whereas Microsoft-hosted events sometimes tend to be a big heavy on the marketing-side of things, IT/DEV Connections is the independent voice which tells you what the world really looks like. I like the conference for a variety of things. First of all, it’s in Vegas (doesn’t need more explaining).¬†I like speaking there and I thoroughly enjoy attending a lot of the sessions. But foremost, because the conference runs at a much smaller scale, it is the perfect opportunity to¬†socialize with¬†the attendees and have lots of great conversations.¬†A fellow-MVP once described it to me as almost¬†having a user group feeling is pretty close to what it is.¬†If you don’t believe me: just take a look at last year’s sessions or perhaps purchase access to the session recordings. You’ll have to agree.
    Last but not least there’s the UK UC Day. It was organized for the first time, last year, and I was impressed by how well it was organized and by the amount of sessions and the quality of them. Given the reactions from the attendees, I’m confident that this year’s edition will be equally if not more successful.
  • Although I’m not making any commitments yet, I think 2016 would be a good year to write a successor to the Exchange 2013 High Availability e-book that Paul Cunningham, Steve Goodman and myself created. However, I wouldn’t expect it until later this year because none will really start deploying Exchange 2016 until after the first CU (or two)…
  • On a more personal level, I have taken it upon myself to read more books –other than tech e-books and¬†(finally?) pursue my Instructor degree in Krav Maga.

Either way, I better get going to make all this happen! I don’t like waiting¬†for¬†the sun, the stars and the moon to align properly.

Until next time,

-Michael

Blog News

Paul Robichaux joins ENow as CTO!

Hi all,

Today is a great day!

I know it’s been a while since I last posted here, but that’s just because I’ve been super busy with lots of things. Besides speaking at IT/Dev Connections and writing the Office 365 for IT Professionals ebook with Tony Redmond and Paul Cunningham, I have been working on some really exciting things at ENow! Amongst other cool new features, we recently developed new remote probes for our Exchange and Office 365 solutions. These probes allow you to monitor specific functionality such as the Autodiscover process or the ability to logon through AD FS from various locations other than your HQ or datacenter. I’m sure that this is something that larger organizations with multiple sites will appreciated!

This being said, I have other good news too! I am excited to share with you that Paul Robichaux, a long-time Exchange Server MVP will be joining the ranks at ENow as Vice President and CTO!

I’ve known Paul personally for a few years now, and I look forward to working with him at ENow. Paul is one of the people who inspired me to work in technology and more specifically in the area of Exchange. Even before I knew Paul personally, I was a big fan of him and his work. The many books and articles he authored have helped me through many of the endeavors in my early career ‚Äďand they continue to do so today. Needless to say, his track record speaks for itself. And let’s not forget that he used to teach classes for the Microsoft Certified Solutions Master (MCM/MCSM) program as well!

Office 365 is very important to us. Back in 2012, ENow was the first to develop Mailscape 365, our best-in-class Office 365 monitoring and analytics solution. Since then, a lot of things have changed. We work hard to continuously improve our solution. Not only to meet the changing needs of our customers but also to evolve along with Office 365 –which changes faster than ever before. In order to align with the pace of change in Office 365, ENow moved to the Agile development process which allows us to respond more quickly to those changes and push out updates to our customers as quickly as possible. That Paul is joining our team reinforces ENow’s commitment to the future and is a herald of what more is to come!

Behind the curtains we are working on some really interesting things. Unfortunately, I cannot share too much about what that entails just yet. But trust me when I tell you it is BIG! Paul’s background in software development and his expertise in the area of Office 365 will play an important role in solidifying our position as a leading ISV in the Office 365 space as well as in the development of our future products and platforms.

Make sure to keep an eye out on the official ENow blog for future announcements. On my end, I’ll promise to update content on this website a little more often…!

Cheers,

Michael

Blog News

Exchange User Permission Enumeration Script

A few years ago, I wrote a PowerShell script which would enumerate the permissions a user had been given in an Exchange environment. Because of some connectivity issues over on pro-exchange.be, earlier, I decided to post the script to the TechNet gallery and do a little write-up here.

The code for the script might be a little old (or clunky FWIW), but it does the trick. Unlike some other scripts out there, the intention of this script is to find where a user has access to (instead of generating a report that shows you who has access to a specific report). Because of that, the script needs to enumerate all permissions in the environment and go through them one by one. As such, the performance of the script¬†might suffer a little in larger environments; but that’s just a small price to pay.

As some of my other scripts, this script was designed to be dot-sourced. In the future, I’ll update the script to add a little more error handling and remove the requirement to dot-source it.

You can download the script from here.

If you have any thoughts or comments, feel free to post them below!

Cheers,

Michael

Blog Exchange PowerShell

Speaking at IT/DEV Connections & UK UC Day

It’s been a while since I last wrote an article… Although there’s no excuses, I have been pretty busy lately…

First of all, I’ve¬†been ‘heads down’ preparing version 2 of the “Office 365 for Exchange Professionals” ebook.
As Microsoft recently announced, there have been a LOT of updates and those need to be reflected in the book too!
New items include information on the new hybrid configuration wizard, modern authentication, Azure AD Connect and¬†so much more… As Tony mentioned on his blog,¬†we plan on releasing “v2” at IT/DEV Connections in September. If you are attending IT/DEV Connection, ¬†Tony, Paul and I will be there too. Make sure to come and talk to us. We’d love to hear your feedback on the book.

This brings me to the conference itself. This year, I am lucky enough to be speaking there again. IT/DEV Connections is without a doubt one of my favorite tech conferences. It runs at a smaller scale than e.g. Ignite, but there’s a TON of great sessions, all led by even greater speakers! The fact that you aren’t overrun by ten thousands of other attendees allows you to¬†interact with all the speakers. If not during the sessions, there are plenty of opportunities at the evening events or in hallway! You still have time to register, so if you are looking to attend a conference this ‘season’, IT/DEV Connections is what I would recommend. As usual, the conference is held in Las Vegas from September 14 – 17, in the beautiful Aria hotel.

I have two sessions this year. One about Identity Management and Authentication in the online Microsoft world. Although I still have a lot of work to do for my sessions (making sure I provide you with the latest information!), I can share with you that I will also be talking about Windows Hello and Microsoft Passport. This session is on Thursday at 8:30 AM.

The second session is somewhat different from what you’ve usually see me present about.¬†On Wednesday at 11AM, I will be speaking about automation.¬†The idea is not to be giving a theoretical session about how e.g. PowerShell DSC is supposed to work or what PowerShell is; other people are probably better suited for that! It¬†won’t be a level 400 coding session either. I’m no developer and I’m also not a PowerShell guru!¬†It’s rather a hands-on, real-world approach about how you can use all sorts of tools (mainly PowerShell though, but also e.g. Orchestrator) to automate simple and more complex tasks. The idea for this session grew from visiting customers all over the world and seeing how they automated service tasks, onboarding etc… By the end of the session you should have picked up some ideas about what can be useful to you and how to best approach and build it!

Later in September, I will be joining another fantastic line-up of speakers at the UK UC Day in Birmingham. This is the first time this one-day conference is held, but the organisation did not spare any efforts. A lot of speakers from IT/DEV Connections will be there and it’s good to see some speakers join us from the US too! This time, I will be speaking about hybrid deployments in all its glory. Single-forest, Multi-Forest, AAD Connect and many other things will be discussed.¬†A high-paced session, but definitely for you if you are in a hybrid deployment, you are looking to configure¬†a hybrid connection or you’re a consultant that deals a lot with hybrid!

ENow will be represented at both conferences as well! In the UK we are joined by the team of Essentials. Make sure to stop at our booth and have a conversation! We look forward to another great conference and an even greater Scheduled Maintenance party!

Looking forward to seeing you there!

-Michael

 

 

Blog Events

[updated: July 20, 2015] Script: putting Exchange Server 2013 into Maintenance Mode

Latest Update:

v1.8 (07/20/2015): fixed a copy/paste error in the script and cleaned up the code to be a little more efficient (removed redundant IF-statement. Published the script to the TechNet Script Gallery for easier download access.

Introduction

In Exchange 2010 one had the option to put a Mailbox server which was part of a DAG into ‚Äúmaintenance mode‚ÄĚ by running the ‚ÄúStartDagServerMaintenance.ps1‚ÄĚ script that was included with the product. Likewise StopDagServerMaintenance.ps1 was used to pull a server out of this so-called maintenance state. In fact, this script would move any active mailbox databases to another node in the DAG and mark this server as temporarily unavailable to the other servers. That way, if a failover would occur during the server was in ‚Äėmaintenance mode‚Äô you wouldn‚Äôt risk that it ended up as a valid failover target.

Exchange 2013 now has the ability to go beyond what was possible before and extend this functionality. You now have the possibility to put an entire server into maintenance mode, meaning that also components like e.g. Transport Service or the Unified Messaging Call Router are temporarily put on hold why you do some work on your server.

There might be various reasons to put a server into maintenance mode. For instance when you need to install software or you want to do some troubleshooting without affecting users that might have a mailbox in an active mailbox database on that server. To facilitate the process, I created two scripts which will automatically put an Exchange 2013 Server in or take it back out of Maintenance Mode.

The manual process

The process for putting an Exchange 2013 server into maintenance mode is relatively straightforward. To enable the Maintenance Mode, you must run the commands below.

If the server is a Mailbox server and before you can disable the transport service, all active queues need to be drained first. To help clearing out the queues, existing messages on the server will be moved to another server. Please note that the TargetServer value has to be a FQDN:

[sourcecode language=”PowerShell”]Set-ServerComponentState -Component HubTransport -State Draining -Requester Maintenance
Redirect-Message -Server -Target <server_fqdn>
[/sourcecode]

If the server is part of a DAG, you must also run these commands:

[sourcecode language=”PowerShell”]Suspend-ClusterNode
Set-MailboxServer -DatabaseCopyActivationDisabledAndMoveNow $true
Set-MailboxServer -DatabaseCopyAutoActivationPolicy Blocked[/sourcecode]

Once all queues are empty, you can disable all components:

[sourcecode language=”PowerShell”]Set-ServerComponentState -Component ServerWideOffline -State Inactive -Requester Maintenance[/sourcecode]

Taking the server out of Maintenance Mode is a matter of simply reversing the actions we took to put it into Maintenance Mode.

First, we reactive all components:

[sourcecode language=”PowerShell”]Set-ServerComponentState -Component ServerWideOffline -State Active -Requester Maintenance[/sourcecode]

If the server is part of a DAG, you need to reactive it in the cluster (by resuming the cluster node):

[sourcecode language=”PowerShell”]Resume-ClusterNode
Set-MailboxServer -DatabaseCopyActivationDisabledAndMoveNow $false
Set-MailboxServer -DatabaseCopyAutoActivationPolicy Unrestricted[/sourcecode]

If the server is a Mailbox Server, the transport queues need to be resumed as well:

[sourcecode language=”PowerShell”]Set-ServerComponentState ‚ÄďIdentity -Component HubTransport -State Active -Requester Maintenance[/sourcecode]

Although not explicitly required, it’s best to restart the transport services after changing their component states. This ensures they ‘pick up’ the changed component states immediately rather than having to wait for Managed Availability (Health Service) to take action.

Using the scripts

Sometimes it can take a while before active queues are drained. Because I do not always want to wait in front of the screen and periodically check the queues myself, I created two little script that fully automate the process explained above. Besides the required steps, the scripts also perform additional safety-checks and inform you about other server component states which might prevent a server from working correctly.

The first script, Start-ExchangeServerMaintenanceMode.ps1 will put a server into Maintenance Mode, whereas Stop-ExchangeServerMaintenanceMode.ps1 can be used to take a server out of the maintenance state.

Please note that the scripts rely on built-in Exchange functions and therefore need to be run from the Exchange Management Shell.

Version history

v1.8 (07/20/2015): fixed copy/paste bug; removed duplicate code and made some overall improvements to script efficiency.

v1.7 (07/08/2015): removed the requirement to dot-source the script. Published the script to the TechNet Script Gallery for easier download access.

v1.6 (29/11/2013): some minor bug fixes in the Start-ExchangeMaintenanceMode script.

v1.5 (28/11/2013):¬†Based on feedback from several readers, I’ve improved the scripts by rewriting parts of the code and, as such, making it more lenient and more usable in scenarios where you want to run the script from a remote Exchange server. The script now also restarts the Transport service(s) after changing their component states. This ensures that the new component states are picked up immediately, rather than after Managed Availability kicks in. Without the change it could take anywhere from a few minutes to a few hours before the transport services were really inactive/active again. The download links at the bottom of the page are updated to point to the new versions of the scripts. Last, but not least, when ending a maintenance mode, the script will query the server for any components that might still be inactive and display a warning if any are found. A special thanks to Dave Stork for some of the ideas!

v1.4: update the script to include some additional error checks. First it will check whether the person who is executing the script has local admin rights. If not, the script will throw a warning and exit. Secondly it will also check whether the TargetServer name can be resolved. If it’s not an FQDN, it will resolve it to an FQDN. If it cannot be resolved, an error will be thrown.

v1.3: after some feedback from Brian Reid (thanks Brian!), I’ve finally¬†updated the script to include the “Redirect-Message” cmdlet. This will ensure that the queues will drain more quickly on the server by moving messages from one server to another. Have a look at Brian’s blog if you need more info: http://blog.c7solutions.com/2012/10/placing-exchange-2013-into-maintenance.html

v1.2: Maarten Piederiet emailed me pointing out that he had encountered some issues while using the script. Apparently, while draining the message queues, the script ran forever because it waits for every queue to become empty; including Poison- & Shadow Redundancy queues. To avoid this from happening, he made a minor change to the script to now excluded both queues. Thanks for the tip!

The scripts

Below you find links to my SkyDrive from where you can download the scripts. Enjoy!

Start-ExchangeServerMaintenanceMode (v1.8)

Stop-ExchangeServerMaintenanceMode (v1.5)

Disclaimer: these scripts are provided ‚Äúas-is‚ÄĚ and are to be used on your own responsibility. I do not and cannot take any reliability for the use of these scripts in your environment. Please use with caution and always test them before use.

If you have suggestions, comments or think things can be better: please let me know! Your feedback is greatly appreciated!

Blog Exchange PowerShell

Azure AD Connect is now GA

Yesterday, Microsoft announced they released Azure AD Connect and Azure AD Connect Health to the public.
Azure AD Connect can be seen as the successor to DirSync/AADSync, with an added edge. It does not only allow you to configure directory synchronization, but the wizard also allows you to automatically setup and configure Active Directory Federation Services instead of having to go through the motions manually.

The GA of the tool has been long awaited and¬†it’s great to finally see it become available for everyone. Make sure to check back in the weeks to come as I will more than likely be posting some articles on what’s new and how to deal with the tool.

You can read the original announcement here. If you want to skip the ‘boring’ stuff and get going straight away, you can get the tool from here.

-Michael

ADFS Blog Hybrid Exchange News Office 365

Selective authentication for (sub-)domains in Office 365

Office 365 provides various authentication options, such as cloud-IDs, Password Hash Synchronization or federated identities. Leaving out the specifics on how each of these options work, all of them are configured per domain. Whenever trying to access services in Office 365, the user is required to authenticate using its User Principal Name. For sake of simplicity, the general advise it to configure the UPN to match the email address which makes it less confusing for them.

Blog Identity & Security Office 365

Latest security bulletin addresses vulnerability in AD FS

The April 2015 Security Bulletin, Microsoft released an update for Active Directory Federation Service 3.0 which comes with Windows Server 2012 R2.

According to the documentation, the vulnerability would allow an attacker to gain access to an application Рsuch as Office 365. Apparently the flaw is in the logoff process. As I understand it from the limited information available, although the user appears to have logged off, the logoff actually failed allowing an attacker to re-use the existing token to access the application as the user.

Although the bulletin mentions¬†that Microsoft has no knowledge of any cases where this vulnerability was exploited, I personally wouldn’t wait for it to happen to me… ūüôā

More information can be found here: https://technet.microsoft.com/library/security/MS15-040

ADFS Blog News Office 365

Announcing “Office 365 for Exchange Professionals” (ebook)!

Hey all,

It’s been a while since I have last posted an article on my blog, and there’s a good reason for that. For the past few months, Paul Cunningham, Tony Redmond and I have been¬†working fiercely on a new ebook, called “Office 365 for Exchange Professionals“. Together with Exchange MVP Jeff Guillet who is leading the efforts as our technical editor, we are confident that this book will deliver high quality, up-to-date and relevant information!

office-365-for-exchange-pros-cover-350

As the name might already give away, this book is targeted to Exchange administrators, enthusiasts and experts to help them transition their skills to the cloud. One of the biggest challenges writing about Office 365 is the fast rate at which things change. That is also the reason why we have chosen to publish the book as an ebook rather than a traditional, printed, book. We plan to have the book available in early May with contents being up-to-date as close as possible to the release date! We’re continuously editing the text to ensure that even the latest changes in Office 365 are included.

We are also looking at keeping the book up-to-date in the future to stay relevant as Office 365 (and Exchange Online) evolve. Right now, we are still figuring out what the best way would be to do that. Once we’ve come up with something suitable, we will definitely share that with you.

In the meantime, if you have any questions or there are topics which you would like to see covered in the book, feel free to leave a comment. The book already contains a lot (really, a LOT) of information, but getting your feedback has proven to be invaluable!

Looking forward to hearing from you!

-Michael

 

Blog Exchange News Office 365

Microsoft increases onboarding message size limit to 150MB

In yesterday’s rollup article for December 2014, Microsoft mentioned that they have upped the 25MB message size limit to 150MB when onboarding a mailbox to Office 365. The new limit applies, for instance, to mailboxes moved through a hybrid configuration to Office 365:

Office 365 Exchange Online message size onboarding limit increase¬†‚ÄĒ We are making a change to allow customers to migrate larger mail messages to Exchange Online. We now allow messages up to 150MB to be migrated to the service. The change is available immediately to all customers and is published as a new limit in the Exchange Online limits page in the Office 365 service description. We are not changing other limits such as mailbox size or maximum send/receive limit for messages. This change enables customers with large messages to easily migrate their existing content to the message.

Before, any message greater than 25MB were skipped. The hard limit might have been a little over 25MB,¬†because the system accounted for¬†overhead as well.¬†As a result of that, the administrator either had to manually export those message from the mailbox (to keep them) or just ‘leave them behind’.

According to Paul Cunningham (ExchangeServerPro.com) this change also applies to offboarding scenarios.

This new limit is without any doubt good news for many organizations that are moving (or looking to move) to Office 365.¬†The change also adds something extra to consider¬†when onboarding mailboxes –mainly with regards to the velocity of a migration. Before, mailboxes could potentially be a lot smaller if it contained many items that exceeded the limit. With the new limit, administrators will have to take into account the additional payload (size) of those messages; potentially increasing the amount of data that has to be moved to ‘the cloud’.

All in all, this is yet another obstacle that Microsoft got rid of in favor of moving to Office 365 easier, but there are still some ‘limitations’ left; I can’t wait for Microsoft to¬†address those too! For instance, the message size limit for sending and receiving messages hasn’t changed and Free/Busy lookups between two hybrid organizations is still a pain as well. However, I have no doubt that Microsoft will tackle these issues in due time as well.

Blog Exchange News Office 365