This blog post will explain a solution to prevent the need to use a massive SAN (Subject Alternate Name) SSL certificate for all your tenant domain names. Exchange 2010 can be setup for Multi-Tennant easily by using only a much smaller and cheaper SSL certificate for both the Exchange RPC proxy endpoint and autodiscover DNS names. The RPC proxy endpoint normally stays the same no matter how many domains/tenants you are hosting for and is generally mail.domain.com. Bit of background, in Exchange 2010, all Outlook clients will normally use MAPI/RPC or Outlook Anywhere (RPC over HTTPS) to connect to a…

This post continues on from my other blog post Fully automate the removal of any Office version in preparation for Office 365. Once all Office software versions have been removed from the computer, you’ll then need to automate the installation of Office 365 on the back end of the un-installation of all legacy Office versions. This guide will demonstrate how to automatically install Office 365 using Group Policy. First, you’ll need to download and install the Office Deployment Tool for Click-to-Run. Install this on a dedicated (file) server which will host the share and will hold a local copy of…

Exchange Online Protection (EOP) is a service which you can buy from Microsoft. They also offer a 1 month trial. You can use EOP with your on-premise Exchange as a mail gateway solution in and out. However, if you have Office 365 with Exchange Online, this uses EOP already. So you can make use of its features and relay mail through it using an IIS SMTP server. Why would you want to relay mail through EOP and not send directly? Because EOP ensures that everything is okay with outbound mail, ensuring mail is squeaky clean, keeping things top notch in…

Companies moving to Office 365 will come across a hurdle. Historically Office installations have been different where as they install fully inside of Windows. With Office 365, it’s more like a stream rather than an install. As a result, when Office 365 is streamed to the computer, previous versions of Office are left installed, so you would effectively have two Office installations. Having two Office installations would be be confusing to the user and be very messy. How has Office changed with Office 365? Not too long ago Steve Ballmer the CEO announced that Microsoft would now be known as…

The following will show you how to grant SendAs permission to all recipients in Office 365 Exchange Online. This is for two recipient types, mail users and user mailboxes in the situation where you have directory synchronization turned on and an Exchange hybrid setup. First things first, connect to the Office 365 Exchange Online remote PowerShell: Import-module msonline $LiveCred=Get-Credential Connect-MsolService –Credential $LiveCred Run the following 3 commands to connect Windows PowerShell to the Office 365 exchange service: $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ –Credential $LiveCred -Authentication Basic –AllowRedirection Import-PSSession $Session (If you get an error with this cmdlet, run…

We have an Exchange 2010 SP3 Hybrid setup with Office 365 and have directory synchronization turned on. We tried to enable email archiving for a migrated user in the cloud using the Exchange Control Panel. However received the following error: The following error occurred during validation in agent ‘Windows LiveId Agent’: ‘Unable to perform the save operation. ‘User_fecbfd8514′ is not within a valid server write scope.’ Click here for help… The proper way to enable archiving for a user, you need to do this from the on-premise side as shown in the screen shot below. Once you have enabled the…

I have a two Office 365 tenant accounts, with one on-premise Exchange organization. Currently two companies share the same on-premise Exchange organization. As part of moving mailboxes to the cloud, we are separating the companies by moving them to their own Office 365 tenant account. This brings us numerous problems and different functionality, with one major limitation is a split GAL. PowerShell can assist us. I need to get a list of all possible properties for the Get-Mailbox cmdlet. Get-Mailbox -identity user@domain.com.au | fl This will display all the possible fields that we can use to do a custom search….

The following guide will show you how to setup a secure VPN connection using encryption. You will need only Windows Server 2008 R2, with the Network Policy and Access role, including Routing and Remote Access and Network Policy Server. You will also need to allow the VPN port 1723 through your firewall as a NAT rule, pointing this to the Routing and Remote Access server. Routing and Remote Access server configuration: Click on the Security tab. Click Configure, add in the RADIUS server IP address. On the RADIUS server, add in a RADIUS client which points to the Routing and…

There are some fundamental changes after installation of Exchange 2010 SP2 Update Rollup 3 (RU3) or later. Description of Update Rollup 3 for Exchange Server 2010 Service Pack 2. Terms: RPC Client Access – The RPC Client Access service provides data access to any mailbox server through a single, common path of the Client Access server RPC endpoint – This relates to the Outlook profile RPC endpoint, the client access server in which Outlook connects to, see screenshot below. This hostname is internally resolvable only. History: In earlier versions of Exchange Server 2010, client connection requests were not redirected to…

Taken from here, this script is fantastic! You can run this from any domain member computer while logged in as a domain administrator. This script will clean up all metadata left over from a forced removal of a domain controller, e.g. DNS and Sites & Services information. I had a domain controller (DC) which needed to be rebuilt due to serious issues, as it was virtual, I disconnected the network, then simply formatted the OS drive and reinstalled Windows Server from scratch before connecting it back to the network. Meanwhile from another server, I ran the script below – worked…