Archivo

Archivo para la categoría ‘English Articles’

Soportabilidad en Exchange 2013 y 2016

martes, 9 de febrero de 2016 Sin comentarios
Categories: Exchange Server Tags:

Reparar el servicio «Microsoft Exchange Search Host Controller» en Exchange 2013

martes, 2 de diciembre de 2014 Sin comentarios

exchange2013

 

Buenas a todos, nuevo post sobre «Microsoft Exchange Search Controller» publicado :-) aquí tenéis el enlace al original:

http://blogs.technet.com/b/esexblog/archive/2014/12/02/reparar-el-servicio-quot-microsoft-exchange-search-host-controller-quot-en-exchange-2013.aspx

 

Espero que os guste :-)

European Office365 Connect Sessions

jueves, 10 de abril de 2014 Sin comentarios

Cambiar-idioma-esp

 events

Hi all, I’ve recently had the chance (as many of you know) of giving two sessions at the first edition of the European Office365 Connect event (Haarlem, Netherlands) which I really enjoyed a lot, not just for the great speakers that it had (Seb Mathews, Dan Holme, Marc Reguera, Jasper Oosterveld, Albert-Jan Schot, Bram de Jager, Danny Burlage, Dejan Foro, Patrick Lamber, Rolly Perreaux, etc…) but also for the great attention received by the organizers and how everything was mounted (a 5 star event).

Below you can find a brief description of the sessions I gave and the slides/resources used on each one of them. Enjoy them:

Managing Office 365 with PowerShell

Office 365, like many Microsoft products, can be managed via PowerShell and in this session we will take a look at some of the common commands you can use to become a well-rounded Office 365 Administrator. If you are new to PowerShell this session will cover some of the basics as well as covering the more “advanced” commands you can use.

Slides:

slides_ps

Resources:

Folder Icon

Building a hybrid configuration with Exchange 2013

Everybody talks about Office 365, not every organization is ready to go «full in». Enter the cloud at your own term by going hybrid, is a quote often used. But is it really that easy or are you getting in for a rollercoaster without knowing it. In this session we’ll cover how to prepare for a Exchange Online hybrid, we’ll lead you through all the requirements and actions for a working Hybrid scenario. After this session you’ll be able to make a well founded decision about hybrid and how to make it a success story.

Slides:

slides_exhybrid

The GuruXP repository – March 2014

sábado, 5 de abril de 2014 Sin comentarios

Mensajes atascados en borradores con Exchange Server 2013

viernes, 14 de marzo de 2014 Sin comentarios

Cambiar-idioma-en

exchange2013

Buenas!, hoy tuve la oportunidad de resolver una incidencia muy común de un Exchange Server 2013 de un cliente con un entorno de DNS algo restrictivo. El problema radica en que los mensajes que se envían a través de OWA (o en la bandeja de salida de Outlook) se quedan atascados en la carpeta de borradores y no terminan de enviarse.

1

Bueno, por supuesto que es de Exchange Server 2013 de lo que estamos hablando, pero… sabes que version de Exchange correo en Exchange Online??? Exacto!, Exchange Server 2013 :), aso que puede ocurrir de igual forma si estas en Exchange Online con la diferencia que la solucion esta en lo que no puedes ver y el equipo de soporte de Microsoft seran los unicos capaces de resolver este fallo.

Pero la historia cambia cuando tenemos un entorno On-Premises o Hibrido :)

La principal razon de porque los mensajes se quedan atascados en la bandeja de salida es porque los enlaces de DNS estan configurados de maña manera y Exchange tiene que saber donde entregar el mensaje.

Así que, quizás te gustaría echar un vistazo en la EAC – Servidores – Doble Click en el servidor CAS que tiene el problema – Búsquedas de DNS, y establecer las direcciones de DNS tanto para correos internos como externos.

2

3

Después de eso, los usuarios deberían ser capaces de enviar mensajes normalmente.

Stuck messages on Draft with Exchange Server 2013

viernes, 14 de marzo de 2014 Sin comentarios

Cambiar-idioma-esp

exchange2013

Hi all, today I had the opportunity to solve one of my customers Exchange Server 2013 issues that is very common in restrictive DNS environments. The issue was about sent messages being stuck at the drafts folder and Exchange Server wasn´t able to send them out when using OWA (or Outbox with Outlook).

1

Well, of course it´s Exchange Server 2013 we´re talking about, but… do you know what Exchange Online is running on??? Yep!, Exchange Server 2013 :), so it can happen also if you´re on Exchange Online with the difference that the solution resides on what you can´t see and Microsoft Support Team will be the only ones able to solve it on this case.

But the story is different when you have an On-Prem or Hybrid environment :)

The main reason of why the outgoing messages are being stuck at the drafts folder is because of DNS bindings that may be incorrectly configured, and Exchange has to know where the message has to be given.

So, you would like to take a look at the EAC – Servers – Double Click to the CAS server that has the issue – DNS Lookups, and configure the DNS servers for both, Internal and external mails.

2

3

After that your users should be able to send messages normally.

Multi-Factor Auth inside Office365

viernes, 21 de febrero de 2014 Sin comentarios

Cambiar-idioma-esp

o365

Hi, todays article is about Multi-Factor Auth for Office365.

First of all, lets explain what is it, what are the benefits and then proceed to explain how to enable, configure and manage it via GUI and PowerShell…

WHAT IS IT AND WHAT ARE THE BENEFITS?

Multi-Factor Auth is a multiple validation system that allows us to fortify the security when accessing out system, but not just that, it also allows us to know when someone is trying to access our data and be able to notify as fraud the undesired access. All this with the smple use of an SMS code, telephone call, mobile phone call or via APP.

So, does that means that I will have to input a code each time a access my mailbox?, not exactly, unless you select the send message or call options, our installed APP will be the one in charge to notify us of the access petition and be able to answer if we authorize or decline it.

And what happens with each program on which a make use of my account, will I have to authorize them each time they try to access my data? no, we have the option to configure a unique «APP Password» for every program with a unique activation.

Does that means I can create as many APP Passwords I want? No, we have a 40 APP Passwords limit.

What programs can I use with my APP Password? We can make use of known programs like Microsoft Outlook, Microsoft Lync, Office 2013 suite, and some others like Lync mobile client, Windows 8 and 8.1 Mail APP or the Office365 Activation assitant.

What is the name of the APP that I can use to authenticate the access? The APP is called «Multi-Factor Auth» and it’s available for IOS, Android and Windows Phone of course, just search for it on the store.

Is this feature available for all of the Office365 plans? No, just for MidSize, Enterprise (E1, E3 and E4) and Standalone (Exchange Online and Sharepoint Online) plans, so no Small Business plans are supported.

HOW TO ENABLE THIS USING GUI

To enjoy this feature we just have to enter our Office365 portal as an admin and enable it for the users we want:

  • Enter our Office365 portal (http://portal.microsoftonline.com) as an admin and click on «Users and Groups» and then on «Set up» dentro de «Set Multi-factor Authentication requirements»:

0auth1

  •  On «View» select the view to be applied of the users we want to be shown, in my case I selected «Sign in allowed users«:

0auth2

  • Select the users we want to enable and click on «Enable» and «Enable multi-factor auth» on the popup window:

0auth3 0auth4

Once the admin part is done, we can now proceed to do the user part. This is what the user is supposed to do once he enters the first time to the portal. It’s very important that the user logs in onto the portal before doing anything else with his account.

Auth0

  • This will take us to the aditional security verification page, select the option we want and continue, on this case we will select «Notify me through app» and then click on  «Configure«:

Auth2Auth3

  • Follow the steps and click on «Done«:

Auth4

  • Once this is done, t will ask us if we make use of programs like Microsoft Outlook or Lync to create APP Passwords, in this case we will assume the user makes use of Microsoft Outlook, so we’ll create one clicking on «Create«:

Auth5Auth6

  • Assign a name for the program, copy and paste the generated code inside the credentials request of our Microsoft Outlook. This password will not be shown again so it’s important to copy and paste it directly :

Auth7Auth8

  • If we have the need to create more APP Passwords or modify the contacting method, we just have to enter our portal, click on the little hog on the upper right side and then on  «Office365 Settings», select the option «additional security verification» and click on «Update my pnone numbers used….», this will give us access to the settings and APP Passwords configuration area:

Auth1

auth10 auth11

Auth9 Auth8.19

HOW TO ENABLE THE FEATURE WITH POWERSHELL

In order to work with Multi-Factor Auth, we must follow the next steps:

Connect-MsolService $MultiFactorAuth= New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement $MultiFactorAuth.RelyingParty = «*» $MultiFactorAuth = @($MultiFactorAuth)

Once the object has been created, you can start running the different options:

  • To enable just one specific user:

Set-MsolUser -UserPrincipalName user@domain.com -StrongAuthenticationRequirements $MultiFactorAuth

  • Enable on all users:

Get-MsolUser -All | Set-MsolUser -StrongAuthenticationRequirements $MultiFactorAuth

  • List all users with the enabled feature:

Get-MsolUser | Where-Object {$_.StrongAuthenticationRequirements -like «*»}  | select DisplayName,UserPrincipalName,StrongAuthenticationMethods,StrongAuthenticationRequirements

  • Disable the feature on a specific user:

$MultiFADisable = @() Set-MsolUser -UserPrincipalName j.doe@techdaylab.onmicrosoft.com -StrongAuthenticationRequirements $MultiFADisable

 

Just one thing, If we enable this feature on an admin account, keep in mind it wont be able to manage the subscription via PowerShell because its not supported, to do so, Microsoft recommends to create another account without any license applied and strong password to be used for powershell.

TESTING THE APP:

Once we try to log in via the portal, it will show us a notification on the app where it asks us to verify or cancel:

wp_ss_20140217_0001 wp_ss_20140217_0002 wp_ss_20140217_0003

 

 

The GuruXP repository – December 2013, January and February 2014

sábado, 8 de febrero de 2014 Sin comentarios

Dissallow sending mails outside the org

sábado, 8 de febrero de 2014 Sin comentarios

Cambiar-idioma-esp

ExchangeOnline

Hi, today I´ll explain a very quick and simple process to avoid users from sending messages outside the org using Exchange Online.

First of all, we need to enter our Office365 subscription portal (http://portal.microsoftonline.com) and then access our Exchange Admin Center (EAC) from the upper right side where it says «Admin» and then clicking on «Exchange» (check this out if you have a small business subscription).

shared_1

Once we´re inside, click on the «Mail flow» section and then on the «rules» tab  to create a new transport rule, click on the «+» sign and then on «create a new rule…«.

  • Type a name to identify the rule and be able to associate with like «outgoing messages restrictions».
  • Click on the bottom part where it says «More options«
  • On «Apply this rule if…» select «The sender is this person» and select all users that will apply the restriction.
  • Click on «Add condition«
  • Select «The recipient is, external/internal«, and «Outside the organization«
  • On «Do the following…» select the «Block the message» and «Reject the message and include an explanation» option.
  • Specify a message to be delivered as a reason for the blocked users that try to send messages outside the org like «Sending messages outside the org is not permitted» and accept..
  • Click on «Save» and we´re done.

 

Best of all is that we don´t need to create another rule for each user that we want to apply the same behaviour, we just simply have to edit the rule and add the users we want or create a group and add it as a recipient.

 

GAL Segregation

sábado, 8 de febrero de 2014 Sin comentarios

Cambiar-idioma-esp

 

ExchangeOnline

Hi!, todays post will be covering something that the education and enterprises normaly ask for, it´s the GAL segregation on a Exchange Online environment.

So, what is the GAL segregation for? well, a very good example would be a university with 300.000 users and the teachers don’t want to be visible from the student side or viceversa.

Another example would be a recently adquired company and the source wants to integrate the email system but don’t want the recently bought to be able to see each other on the Global Address List. (here you can see an explanation on how Address Book Policies work: http://technet.microsoft.com/en-us/library/hh529948(v=exchg.150).aspx#How)

Well, this was posible before on an on-premises environment but what about Exchange Online?, now is is!. One of the things we need to keep in mind is that in order for this to work fine, we will have to base on the details fields of eah user. On this guide I will be using the «Company» field so I can use the second example I proposed before.

First of all we will have to assign the «Address Lists» role to the «Organization Management» Administrator role and be able to work with the CmdLets we need:

  •  Access our Office365 portal.
  • Click on «Admin» and then on «Exchange» to enter the EAC
  • Click on «Permissions» and then on «admin Roles«
  • Double-click «Organization Management» and add «Address Lists» using the «+» button from the list.
  • SAVE

Then we’ll need to prepare our powershell environement in order to connect to Exchange Online.

Once we’re connected, we will search for users that have the @contoso.com UPN suffix inside their UserPrincipalName and assign the «Contoso Ltd.» value on the Company field of the user detailes with the following CmdLet:

  Get-User -Filter {userprincipalname -like «*@contoso.com«} | Set-User -company «Contoso Ltd.»

Now we have to create the four address lists that the ABP uses.

Creating the GAL:

New-GlobalAddressList -name ContosoGAL -RecipientFilter {(recipienttype -eq «usermailbox») -and (Company -eq «Contoso Ltd.»)}

Creating the Address List:

New-AddressList -name ContosoAddressList -RecipientFilter {(recipienttype -eq «usermailbox») -and (Company -eq «Contoso Ltd.»)}

Creating the OAB:

New-OfflineAddressBook -name ContosoOAB -AddressList ContosoAddressList

Creating the Resource List:

New-AddressList -name ContosoResourceAddressList -RecipientFilter {(recipientdisplaytype -eq «conferenceroommailbox») -and (Company -eq «Contoso Ltd.»)}

Once we have created the four required lists, we will proceed to create the ABP:

New-AddressBookPolicy -Name ContosoABP -AddressLists ContosoAddressList -GlobalAddressList ContosoGAL -OfflineAddressBook ContosoOAB -RoomList ContosoResourceAddressList

And last of all, assign the recently created ABP to the desired users:

Get-User -Filter {userprincipalname -like *@contoso.com} | Set-Mailbox -AddressBookPolicy ContosoABP

If what we want is to assign the ABP to a specific user, simply run this CmdLet:

Set-Mailbox usuario@contoso.com -AddressBookPolicy ContosoABP

Sources:

Microsoft Spain Exchange support team blog (Thanks to Pablo García Merlo): http://blogs.technet.com/b/esexblog/

Microsoft TechNet: http://technet.microsoft.com/en-us/library/hh529948(v=exchg.150).aspx#How