|
I think am just going to make another connector specifically for the spam appliance. Not sure who set this up.
|
# ? Dec 7, 2020 22:57 |
|
|
# ? Apr 24, 2024 21:00 |
|
I have a really, really weird one going on. We have a communications@contoso.com shared mailbox that is used for employee communications. Sometimes, a calendar invite for an event is created out of this mailbox and it is then either attached to the email or thrown on to sharepoint for someone to import into outlook. Here is where things get wierd. If someone then forwards the event from their calendar, randomly the meeting forward notification gets sent to a DL for the office executive assistants as well as two people that haven’t even been with the company for over five years if you look at message tracing. Those two people don’t even exist in AD/azure ad/365 anymore. One of our ops people worked with Microsoft a couple of years ago and got nowhere, but the complaints have risen up again. Any ideas?
|
# ? Dec 7, 2020 23:31 |
|
Q!=E
|
# ? Dec 7, 2020 23:32 |
|
Is the shared mailbox so important that you can't rename it and just make a new one?
|
# ? Dec 8, 2020 00:04 |
|
Alright, bit of a hail mary as I am out of my depth here. Troubleshooting an issue that I don't have much info on. We're hybrid Exchange and apparently 3 old users are coming back and when they got re-provisioned, something went wrong to the point where on-prem Exchange thinks it's an O365 mailbox and there's no mailbox in O365. Confirmed the account was synced to O365 and is properly licensed. It's not a matter of it having been provisioned in O365 first, as when I try to get the ExchangeGUID there it doesn't see a mailbox. I noticed that there are some extra X500/x500 addresses, but I don't think that would cause a mailbox not to create in O365. I can't attempt to migrate the mailbox either direction because of the confusion. I don't need to save anything in anyone's mailboxes. I have a feeling they were migrated from O365 to on-prem when they were retired back in the day, then that database was offlined at some point. Is there any good way to just tell on-prem Exchange "this is an on-prem mailbox now" and then migrate it to O365 again? Or somehow force O365 to try creating the mailbox again?
|
# ? Dec 22, 2020 20:27 |
|
At last No more creating a DL and then granting send-as for one person to send out as their alias
|
# ? Jan 14, 2021 12:35 |
|
Internet Explorer posted:Alright, bit of a hail mary as I am out of my depth here. Delete the Exchange GUID stuff in AD if its there and rerun whatever script you have that provisions a mailbox and makes it a remote mailbox. https://jaapwesselius.com/2018/06/14/cannot-find-a-recipient-that-has-mailbox-guid-when-moving-from-exchange-online-to-exchange-2016/ This seems similar though?
|
# ? Jan 15, 2021 03:09 |
|
George H.W. oval office posted:Delete the Exchange GUID stuff in AD if its there and rerun whatever script you have that provisions a mailbox and makes it a remote mailbox. The link you shared has an Exchange GUID in O365, which is something we were missing. As to your comment, is deleting the Exchange GUID in AD enough to have Exchange no longer think the user has a mailbox? We ended up deleting these accounts and recreating them. That fixed the problem, but at the time I was trying to figure out exactly what caused it. Oh well, next time!
|
# ? Jan 15, 2021 21:40 |
|
I'm doing my first ever Exchange 2016 to 2019 migration. I've never done an Exchange migration before, but have done plenty of Office 365 hybrid migrations. I've done my initial configuration and database move testing. So far so good. The cutover appears to be that you update records/external rules to point to the new server, uninstall Exchange 2016, and be good to go With an O365 hybrid migration the Outlook auto reconfigures itself. Does something similar have to happen with this Exchange migration, or is the change invisible to the user (when done correctly)?
|
# ? Feb 2, 2021 16:30 |
|
2016 and 2019 are new enough that this is just a member server joining an Exchange cluster, picking up roles, running alongside the old server for a bit and then the old server having roles removed before being shut down. As long as your autodiscover points to a server running the mailbox role then you should be golden.
|
# ? Feb 2, 2021 19:52 |
|
it should be a smooth transition if you do it the way Thanks Ants suggested so long as your autodiscover records are pointing towards that cluster and not any individual servers. In a domain environment, this might not be a problem because clients can autodiscover through AD with an SCP, but it's something to keep in mind. You can check which server the client uses with the outlook built in diagnostics, they might already be using your new one. Same for external records, but it depends on your company firewall and policies whether your clients get through. It can be a bit of pain to figure out but you can use the remote connectivity analyzer tool to check that scenario.
|
# ? Feb 3, 2021 13:06 |
|
Weird question, but I'm not sure where else to look for this. Google's been unhelpful. One of our C-levels is sharing his calendar with editor rights with an assistant, who helps him book meetings. He also has a bunch of "private"-flagged out of office meetings on his calendar. However, when the assistant tries to use the scheduling assistant to see when he's available, the private stuff on his calendar doesn't show up at all. Not just the details, it's empty space. The guy gave me the same permissions to test it out and I'm able to see everything just fine so I'm kind of stumped. How the calendar looks (even for the assistant): How scheduling assistant looks for the assistant:
|
# ? Feb 10, 2021 20:21 |
|
Doesn't the dotted outline represent a tentative event, e.g. your C-level hasn't accepted it yet?
|
# ? Feb 10, 2021 21:31 |
|
If I'm running a hybrid environment, can a cloud exchange account have a on-premise archive box? Can a cloud exchange account still 'open other user's folder' when the other user is on-premise? Maybe a better question, is there any feature or access a user will lose if they are transitioned to off-premise?
|
# ? Feb 25, 2021 01:56 |
|
you can have an on-prem mailbox with a cloud-based archive but not the other way around. Cross premises calendar sharing works. Individual mailbox folder access lists are not supported cross prem afaik, but full access permissions are and so are mailbox delegations set by the user. off the top of my head you lose support on the Send As permission. This does not mean Send As permissions don't work, they do usually and you can get them to work in most cases if not. But it's not a service MS will guarantee to work or support Full Access permissions and delegations set manually will not be applied on the cloud mailbox after migration in most cases. There's more but these are the big ones. here's the details
|
# ? Feb 25, 2021 22:38 |
|
This seems like something that should be easy to google, but I am failing miserably. Got two Exchange servers setup with a DAG, and the goal is to make things highly available. The concern now is with things like scan to email. Currently they're pointing to a single exchange server's IP address. If that server goes down and the other server takes over, I imagine that means these scans and such won't go through anymore. Is there a way to have some kind of virtual IP address that both servers respond to? Is that going to be the DAG IP? Sorry if this is a stupid question. I mostly work in Office 365 so this sort of thing doesn't come up much.
|
# ? Feb 28, 2021 17:25 |
|
Here are your options https://docs.microsoft.com/en-us/exchange/architecture/client-access/load-balancing?view=exchserver-2019 Just setting the DNS record with the CNAMEs of all the mailbox servers should get you 99% of the way there, it's probably not worth deploying (redundant) load balancers to add a small amount more availability.
|
# ? Feb 28, 2021 17:33 |
|
Thanks Ants posted:Here are your options DNS is what I was thinking originally, but my concern was that if you happened to resolve to the server that was currently down you'd be out of luck. Unless that's not how it works? Edit: after reading that article I see that I have underestimated DNS and I won't have this issue snackcakes fucked around with this message at 18:14 on Feb 28, 2021 |
# ? Feb 28, 2021 18:09 |
|
Outlook is getting a new feature if you use Exchange Online, where you can tag external messages in the application rather than having to use a transport rule to banner the messages I can't see a blog post so you can have these screenshots from the admin portal The cmdlet is https://docs.microsoft.com/en-gb/powershell/module/exchange/set-externalinoutlook?view=exchange-ps
|
# ? Mar 5, 2021 13:01 |
|
That's a way better solution than embedding it into the message. We don't use such a banner currently, but I would be way more accepting of this than the current way it's done. Thanks for sharing. [Edit: Just noticed it's not available in Outlook for Windows yet. Kind of odd. I am sure that is coming soon, will hold off until then.] Internet Explorer fucked around with this message at 16:55 on Mar 5, 2021 |
# ? Mar 5, 2021 16:34 |
|
haaaaaaaaay https://us-cert.cisa.gov/ncas/alerts/aa21-062a Did everyone talk about this already
|
# ? Mar 5, 2021 17:21 |
|
Been too busy patching exchange from 15.6 to .19
|
# ? Mar 6, 2021 19:31 |
|
https://www.theverge.com/2021/3/5/22316189/microsoft-exchange-server-security-exploit-china-attack-30000-organizationsquote:“if you’re running Exchange and you haven’t patched this yet, there’s a very high chance that your organization is already compromised.”
|
# ? Mar 6, 2021 20:34 |
|
Bumped to 2019 CU8 yesterday, then dropped the mitigation patch when I woke up early this morning. I am protected E: I also wasn’t really at risk since our poo poo isn’t exposed externally devmd01 fucked around with this message at 22:01 on Mar 6, 2021 |
# ? Mar 6, 2021 20:46 |
|
Someone on Reddit posted that as Microsoft Security Response Center says, at the bottom of the post, the Microsoft Safety Scanner can now scan Exchange for vulnerabilities. Might be worth a try?
|
# ? Mar 7, 2021 13:21 |
|
This probably has to be the nastiest Exchange exploit in quite a while.
|
# ? Mar 8, 2021 21:00 |
|
incoherent posted:This probably has to be the nastiest Exchange exploit in quite a while. Yeah and this is just the beginning.
|
# ? Mar 8, 2021 23:36 |
|
Hopefully this is the push required to get rid of the on-Prem server requirement for hybrid.
|
# ? Mar 9, 2021 08:08 |
|
quote:xxx xxxx (Cygilant) "Proactively eliminate threats" "Comprehensive, up-to-the-minute threat intelligence, visibility into security events, real-time incident notification and guidance to quickly address security issues."
|
# ? Mar 9, 2021 13:48 |
|
Maneki Neko posted:Hopefully this is the push required to get rid of the on-Prem server requirement for hybrid. إن شاء الله
|
# ? Mar 9, 2021 14:55 |
|
They're dropping patches for specific 2016 and 2019 CU builds so yeah, I guess the "keep exchange active for 0365 object management" and forget about those deployments it really bit them in the rear end this time. Then again, how many CU required schema updates was a bit tiring and difficult to wrangle if your exchange admin wasn't also your domain admin.
|
# ? Mar 10, 2021 22:54 |
|
The whole thing has put me into "HTTP/S and SMTP gets blocked inbound for our Exchange server now. All it does is management and internal mail relay."
|
# ? Mar 10, 2021 23:03 |
|
Internet Explorer posted:The whole thing has put me into "HTTP/S and SMTP gets blocked inbound for our Exchange server now. All it does is management and internal mail relay." We’ve been in that state for 3 years, it’s great. On prem relays to proofpoint, which then sends it to our tenant or out to the internet as appropriate.
|
# ? Mar 11, 2021 00:27 |
Has anyone done a 365 migration from an environment that has 2010 and 2016 servers? This breach has resulted in more work at my feet. The former are the front end with the latter DBs and I'm not sure if Hybrid will play nice or if I'll have to throw in an upgrade to all 2016 first.
|
|
# ? Mar 16, 2021 14:10 |
|
Submarine Sandpaper posted:Has anyone done a 365 migration from an environment that has 2010 and 2016 servers? This breach has resulted in more work at my feet. The former are the front end with the latter DBs and I'm not sure if Hybrid will play nice or if I'll have to throw in an upgrade to all 2016 first. I did this for a client using a fresh 2016 server as the migration endpoint. The 2010 servers were decommissioned shortly after, but we managed to make the hybrid period work. However, at the time 2010 was still supported. Right now according to the docs the recommended path is to upgrade your 2010 servers first (link). My gut feeling is you'll be able to migrate as is using a 2016 server as migration endpoint, but idk
|
# ? Mar 16, 2021 15:47 |
Thanks. I'll try that. New wrench with this client is the mail domain will not be the directory authority domain so I'll have to install exchange on that domain to sync back anyway. Doubt I'll get the hours to do a 2016 proper upgrade first.
|
|
# ? Mar 16, 2021 21:31 |
|
Internet Explorer posted:The whole thing has put me into "HTTP/S and SMTP gets blocked inbound for our Exchange server now. All it does is management and internal mail relay." This is the way to go.
|
# ? Mar 17, 2021 22:45 |
|
I’m absolutely paranoid about having things exposed to the internet even if they are designed to be exposed and their network is segmented properly. Always looking for ways to get things working behind reverse proxies or whatever.
|
# ? Mar 17, 2021 23:14 |
|
Submarine Sandpaper posted:Thanks. I'll try that. New wrench with this client is the mail domain will not be the directory authority domain so I'll have to install exchange on that domain to sync back anyway. Doubt I'll get the hours to do a 2016 proper upgrade first. I've taken to using BitTitan or Skykick. No goofing with hybrid, no connectors to clean up. Sure it costs, but being able to do on the fly mailbox type remaps (person to shared, shared to resource, person to resource, etc...) plus having a deployable client that does auto Outlook profile switching was worth it.
|
# ? Mar 18, 2021 04:16 |
|
|
# ? Apr 24, 2024 21:00 |
Submarine Sandpaper posted:Has anyone done a 365 migration from an environment that has 2010 and 2016 servers? This breach has resulted in more work at my feet. The former are the front end with the latter DBs and I'm not sure if Hybrid will play nice or if I'll have to throw in an upgrade to all 2016 first. Its more of a pain but is it feasible to upgrade your 2010 and then migrate?
|
|
# ? Mar 18, 2021 05:34 |