Office 365 – Exchange 2010 hybrid environment mailbox FAQS

Migrating a mailbox and resetting the SMTP proxy afterwards to its correct settings

  1. Migrate the mailbox from the EMC or from the Exchange Online admin centre or using Windows Powershell (see below)
  2. Shared mailboxes need to be migrated at the same time as a user’s main mailfile. Then new “send as” and “full access” permissions need to be granted.
  3. Assign a E1 Plan license if it is a resource room or intern or shared mailbox and a E3 Plan if it is a permanent staff member
  4. Verify through the EMC and the Exchange Online admin centre that the right SMTP is stipulated
  5. When complete, open Active Directory Users and Computers and verify that the right SMTP is stipulated in the e-mail field of the General tab. Proceed with the steps below if not.
  • Open the Properties of the user and go to the Attribute Editor tab
  • Scroll down to the “ProxyAddresses” attribute and Edit
  • Set the <first name.last name>@instituteforgovernment.org.uk (e.g. mike.brass@…) as the primary SMTP by clicking the entry (<the login username>@instiuteforgovernment.org.uk) with SMTP in capitals, click Remove, change its SMTP to smtp (lowercase), click Add to place it back in the list and then click the smtp: <first name.last name>@instituteforgovernment.org.uk, click Remove, change it to SMTP: <first name.last name>@instituteforgovernment.org.uk and click Add. Click OK to save and exit.
  • Also, go to the Properties’ General tab and check that the e-mail address listed is in the correct format of <first surname@instituteforgovernment.org.uk>
  1. The Active Directory <-> Office 365 sync occurs twice an hour and these changes will be synced up to Exchange Online. It will then take up to a couple of hours for the change to completely replicate through all the Office 365 servers and the default FROM and REPLY TO addresses will once again be <surname +initial>@instituteforgovernment.org.uk
  2. Verify that graphic hardware acceleration has been turned off in Outlook, which is set through Group Policy. For Outlook 2010: Open Outlook, and click on FileOptions > Mail. In the right pane under the Compose Messages section, click Editor Options. A new window will open. Select the Advanced In the right pane labelled Display, check Disable hardware graphics acceleration. Click Apply to save your settings. For Outlook 2016: Open Outlook, Click File (top left), Then Options. Now click on advanced and scroll down to where you see “Disable hardware graphic acceleration” – Simply place a tick in the box, restart Outlook and it should be a lot faster.
  3. UKBackup will automatically detect and start backing up the mailbox

Mobile devices after the mailbox is migrated

There is one option.

  1. Remove the IfG account on the mobile device and re-add by choosing the Exchange (or Office 365) option and entering the following details:
  • Existing e-mail address <first name.last name>@instituteforgovernment.org.uk (e.g. mike.brass@…)
  • Username: <surname +initial>@instituteforgovernment.org.uk (e.g. brassm@instituteforgovernment.org.uk). If you are using Android, the username is \<surname +initial>@instituteforgovernment.org.uk
  • Password: same password as for your computer
  • If asked for it, ensure that server address is: outlook.office365.com

Login details for Microsoft Outlook

For staff logged into existing Outlook on their existing computers, Outlook will auto-reconfigure. However, for new staff or existing staff logging into a new Outlook:

  • Go through the Outlook start wizard
  • When prompted for the username and password, enter <the login username>@instiuteforgovernment.org.uk (e.g. brassm@instituteforgovernment.org.uk) for the username and the computer password.

To delete a mailbox on Exchange Online

Unassign a license through the Office 365 Admin Centre.

Delete the on-premise Active Directory account.

To add a mailbox on Exchange Online

Add the user account in the on-premise Active Directory, including setting the SMTP proxy

Wait until the AD sync has occurred or force it

Assign a license to the user account in the Office 365 Admin Center

Verify the default SMTP address through the Exchange Online recipients’ properties and change the proxy attributes in the on-premise Active Directory if required

Assign a E2 Plan license if it is a resource room or intern or shared mailbox and a E3 Plan if it is a permanent staff member

UKBackup will automatically detect and start backing up the mailbox

Accessing webmail

How a user downloads and installs Office 365 on her/his computer

  • Log into https://login.microsoftonline.com using <the login username>@instiuteforgovernment.org.uk for the usename and your normal password
  • Click Install software from the top right

Using Windows Powershell to migrate mailboxes from on-premise to Exchange Online

$UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

Import-PSSession $Session

New-MoveRequest -Identity “INSERT_USER_ALIAS_HERE” [e.g. hallsworthm@instituteforgovernment.org.uk] -RemoteCredential (Get-Credential) -Remote -RemoteHostName exch2010.instituteforgovernment.org.uk -BatchName <whatever name> -TargetDeliveryDomain instituteforgovernment.mail.onmicrosoft.com -BadItemLimit 0

Remove-PSSession $Session

IF there is this error message:

Error: MigrationPermanentException: You must specify the PrimaryOnly parameter. Target user ‎’Michael Hallsworth‎’ already has an archive mailbox. –> You must specify the PrimaryOnly parameter. Target user ‎’Michael Hallsworth‎’ already has an archive mailbox.

Then run the above Powershell move command with the additional parameter of “-PrimaryOnly

To check the status of the move:

$UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

Import-PSSession $Session

Get-MoveRequest | Get-MoveRequestStatistics

Changing the default from Reply All to Reply in the Office 365 webmail

https://kb.wisc.edu/office365/page.php?id=43190

Azure AD Connect synchronisation

There is a default sync time of 30 minutes. This can be changed if needed, use the link below, to run Set-ADSyncScheduler command.

https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnectsync-feature-scheduler/

 

Delta Sync

Delta import on all Connectors

Delta sync on all Connectors

Export on all Connectors

Login to the AD Connect Server

Open PowerShell

Type Start-ADSyncSyncCycle -PolicyType Delta, and then press ENTER.

 

Full Sync

Added more objects or attributes to be imported the source directory

Changes to the Sync rules

Changes to filtering

Login to the AD Connect Server

Open PowerShell

Type Start-ADSyncSyncCycle -PolicyType Initial, and then press ENTER.

 

List all mailboxes to which a user has access

  • List all mailboxes to which a particular user has Full Access permissions:

PS C:\> Get-Mailbox | Get-MailboxPermission -User <username>

  • List all shared/user/room/whatever mailboxes to which particular user has Full Access permissions:

PS C:\> Get-Mailbox -RecipientTypeDetails UserMailbox,SharedMailbox -ResultSize Unlimited | Get-MailboxPermission -User <username>

 

  • List all mailboxes to which members of a particular security group have access:

PS C:\> Get-Mailbox | Get-MailboxPermission -User <username>

 

  • List all mailboxes to which a user has Send As permissions:

PS C:\> Get-Mailbox | Get-RecipientPermission -Trustee <username>

 

  • List all user mailboxes to which members of a particular security group have access:

PS C:\> Get-Mailbox -RecipientTypeDetails UserMailbox -ResultSize Unlimited | Get-RecipientPermission -Trustee secgrp

 

  •  List all mailboxes to which a particular security principal has Send on behalf of permissions:

PS C:\> Get-Mailbox | ? {$_.GrantSendOnBehalfTo -match “<username>”}

 

If there is an issue where a staff member gets repeated prompts to log into a mailbox that (s)he has permission to access, or where the mailbox name shows in the left panel but no folders appear underneath it (or denied permission to access the folders beneath the name)

  1. First convert the mailfile into a shared mailbox through Exchange Online. Continue if there is still an issue.
  2. Log into Powershell

$LiveCred = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection

Import-PSSession $Session

  1. Remove FullAccess permissions for the affected user from the shared mailbox

Remove-MailboxPermission (SharedMailbox username) -User (UserAccount – username) -AccessRights FullAccess

  1. Add Full Access permissions back on, but make sure you set AutoMapping to TRUE

Add-MailboxPermission (SharedMailbox username) -User (UserAccount – username) -AccessRights FullAccess -AutoMapping $true [can try false if it does not work]

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s