Archivo

Entradas Etiquetadas ‘powershell’

Purgar usuarios eliminados en Office365

miércoles, 6 de noviembre de 2013 Sin comentarios

Cambiar-idioma-en

branding

Cuando eliminamos un usuario en Office365 este no se elimina del todo sino que va a parar a una papelera de reciclaje durante 30 días (Soft-Delete). Esto puede ser bueno a la hora de querer recuperarlo con absolutamente todos los permisos, contenido y detalles de este, pero que ocurre cuando el usuario John Smith deja la empresa y entra mas adelante un usuario llamado Judy Smith? Si queremos asignar el usuario nuevo siguiendo la política de la organización inicial.apellido (J.Smith) por ejemplo nos encontraremos que Office365 dira que no puede crear el usuario porque ya existe uno con el mismo nombre de usuario.

Para forzar la eliminación de este usuario de la papelera de reciclaje deberemos hacerlo mediante PowerShell.

Para ello lo primero será tener preparado nuestro entorno de PowerShell para conectar con Office365.

A continuación iniciamos sesión en nuestra suscripción de Office365 ejecutando los siguientes CmdLets:

$LiveCred = Get-Credential 

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection

Import-PSSession $Session

Importamos el modulo de Online Services:

Import-Module MSOnline

 

Ejecutamos el siguiente CmdLet para obtener el ObjectId del usuario que queremos eliminar:

Get-MsolUser -All -ReturnDeletedUsers|select userprincipalname,objectid

Finalmente ejecutamos el purgado del usuario deseado con el ObjectId obtenido antes:

Remove-MsolUser -ObjectId «objectid» -RemoveFromRecycleBin -Force

 

Espero que sea de ayuda.

 

 

Repositorio de GuruXP – Octubre 2013

lunes, 4 de noviembre de 2013 Sin comentarios

Force Outlook to connect to Office365 instead of Exchange On-Premise

martes, 29 de octubre de 2013 Sin comentarios

Cambiar-idioma-esp

o365

When we do a cutover migration, we encounter just after migrating all the content and configure the new profile in Microsoft Outlook, it autoconfigures itself directly with the On-Premise Exchange server.

Besides, if we make a ping to autodiscover.dominio.com, it will always resolve the local exchange server ip instead of the Office365 autodiscover, no matter if we add it to the hosts file, configure external DNS or even add the entry to the local DNS.

This is because Exchange 2010 presents the built-in functionality of autodiscover, and in order to the new profiles take effect of the new configuration needed, is necessary to do one of the two following steps:

1- Delete the Autodiscover virtual dir in IIS (at the local Exchange server):

  • Run the Exchange Management Shell
  • Execute the following commands

Remove-AutodiscoverVirtualDirectory -Identity «MyServer\autodiscover(autodiscover.contoso.com)»

Set-ClientAccessServer name -AutoDiscoverServiceInternalUri $null

  • Restart IIS running «IISRESET» command inside a Command Line Console

2- Add the following registry entries on the client machine:

  • Navigate to the path, if it´s Outlook 2007: HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Autodiscover
  •  Navigate to the path, if it´s Outlook 2010: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Autodiscover
  • Add the following values:

«PreferLocalXML»
«ExcludeHttpRedirect»
«ExcludeHttpsAutodiscoverDomain»
«ExcludeHttpsRootDomain”
«ExcludeScpLookup»
«ExcludeSrvLookup»
«ExcludeSrvRecord»
«PreferLocalXML»=dword:0
«ExcludeHttpRedirect»=dword:0
«ExcludeHttpsAutodiscoverDomain»=dword:0
«ExcludeHttpsRootDomain»=dword:1
«ExcludeScpLookup»=dword:1 (forces Outlook to exclude SCP object check)
«ExcludeSrvLookup»=dword:1
«ExcludeSrvRecord»=dword:1

  • Restart the machine and créate the new profile.

Hacer que Outlook conecte con Office365 y no con Exchange on-Premise

martes, 29 de octubre de 2013 Sin comentarios

Cambiar-idioma-en

o365

Cuando hacemos alguna migración de tipo cut-over, nos encontramos que después de migrar todo el contenido y configuramos un nuevo perfil en Microsoft Outlook, este se autoconfigura directamente contra el servidor de Exchange que tenemos en local.

Aparte de esto, si hacemos un ping a autodiscover.dominio.com, nos resolverá siempre la ip del servidor local en lugar del autodiscover de Office365, independientemente de si lo añadimos al fichero hosts, configuramos DNS externas o agregamos el registro en el servidor DNS local.

Eso es debido a que Exchange 2010 presenta la funcionalidad incrustada de autodiscover y para que los perfiles nuevos adquieran la nueva configuración es necesaria hacer uno de los siguientes 2 pasos:

1- Eliminar el directorio virtual de IIS Autodiscover (en el servidor de Exchange):

  • Lanzamos la Exchange Management Shell
  • Ejecutamos los siguientes comandos

Remove-AutodiscoverVirtualDirectory -Identity «MyServer\autodiscover(autodiscover.contoso.com)»

Set-ClientAccessServer name -AutoDiscoverServiceInternalUri $null

  • Reiniciamos el IIS mediante una consola de comandos en el servidor ejecutando el comando «IISRESET»

2- Añadir entradas en el registro de la maquina cliente:

  • Navegar hasta la rama si es Outlook 2007: HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Autodiscover
  • Navegar hasta la rama si es Outlook 2010: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Autodiscover
  • Agregar las siguientes entradas:

«PreferLocalXML»
«ExcludeHttpRedirect»
«ExcludeHttpsAutodiscoverDomain»
«ExcludeHttpsRootDomain”
«ExcludeScpLookup»
«ExcludeSrvLookup»
«ExcludeSrvRecord»
«PreferLocalXML»=dword:0
«ExcludeHttpRedirect»=dword:0
«ExcludeHttpsAutodiscoverDomain»=dword:0
«ExcludeHttpsRootDomain»=dword:1
«ExcludeScpLookup»=dword:1 (forces Outlook to exclude SCP object check)
«ExcludeSrvLookup»=dword:1
«ExcludeSrvRecord»=dword:1

  • Reiniciamos la maquina y creamos el perfil.

Search and Delete messages in Exchange Online between dates

domingo, 20 de octubre de 2013 Sin comentarios

 Cambiar-idioma-esp

 o365

 

A few days ago I recieved a question out of the usual: How to delete messages from a mailbox between two dates without the need of applying retention policies.

Of course, this can´t be done from any admin console, but it can be done from PowerShell keeping in mind the following requisites:

Once we met the requisites, connect to the office365 subscription with the following CmdLets:

$LIveCred = Get-Credential $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LIveCred -Authentication Basic -AllowRedirection Import-PSSession $Session

Finally, once inside run the following CmdLet:

Search-Mailbox usuario@dominio.com -SearchQuery «Received: $(‘mm/dd/yyyy’) and Received:< $(‘mm/dd/yyyy’)» -DeleteContent

This will Soft-Delete the content between these dates.

Hope you find this useful.

 

Buscar y eliminar mensajes en Exchange Online

martes, 8 de octubre de 2013 Sin comentarios

Cambiar-idioma-en

 

 

o365

 

Hace poco recibí una consulta que se salia un poco de lo habitual y era el como eliminar mensajes comprendidos entre dos fechas dentro de un buzón de Exchange Online independientemente de cual fuese la carpeta sin necesidad de asignar ninguna politica de retención.

Por supuesto esto no puede hacerse desde ninguna consola de administrador pero si desde PowerShell pero para ello debemos tener en cuenta los siguientes requisitos:

Una vez hecho esto procederemos a conectarnos a nuestra suscripción mediante los siguientes comandos:

$LIveCred = Get-Credential $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LIveCred -Authentication Basic -AllowRedirection Import-PSSession $Session

Ya dentro de nuestra suscripción ejecutamos el siguiente comando:

Search-Mailbox usuario@dominio.com -SearchQuery «Received: $(‘mm/dd/yyyy’) and Received:< $(‘mm/dd/yyyy’)» -DeleteContent

Esto hará que el contenido comprendido entre esas dos fechas se elimine a la papelera de reciclaje.

Espero que les sirva de utilidad.

 

Removing a domain name from Office365

domingo, 1 de septiembre de 2013 Sin comentarios

Cambiar-idioma-esp

o365

On todays post I’ll explain how to remove a domain name from an office365 subscription, either because you’re migrating to anoyher family plan, your trial subscription is about to end, or just because we’re not using the domain name anymore.

The first thing we must do is set the users that are using the domain name to use another domain name (the .onmicrosoft.com domain for example). This implies two things to check out: the login UPN suffix (whats on after the @ symbol), and the proxy addresses (also called aliases) assigned on each users email addresses tab inside their properties.

So how do we do it via GUI (Graphical User Interface)?:

  • Access our Office365 portal with Admin credentials.
  • Go to Users and Groups.
  • Select all the users we’re about to change and click on edit.
  • Go to Details, and on Domain select another one.

For proxy addresses, we’ll have to do it one by one editing the details and clicking on the more tab and then on edit exchange properties, go to the email addresses section and delete the ones with domain name that we’re willing to remove.

So how to do it via PowerShell?:

$LIveCred = Get-Credential $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LIveCred -Authentication Basic -AllowRedirection Import-PSSession $Session

  • Run the following to get the users that have the domain name we want to remove assigned:

Get-MsolUser -DomainName [Domain] | fl UserPrincipalName

  • Change the desired users with the following:

Set-MsolUserPrincipalName -UserPrincipalName [CurrentUPN] -NewUserPrincipalName [NewUPN]

Once we’ve deleted the domain name from the users, we must do the same with distribution/security groups. To do so, we must access the Exchange Online Control Panel (if you have a small business plan, you must follow this article to access the ECP), clicking on the upper right side where it says «Admin» and then on «Exchange«, go to «groups» and edit each one of them under the «email addresses» section and delete the one containing the domain name we want to remove.

The same thing happens with shared mailboxes, site mailboxes and Lync Online users.

When we get done and checked out every single user containing the domain name to be deleted, we must click on the company name on the main screen of the Office365 portal and change the associated domain.

So, we’ve checked out users, distribution/security groups, shared mailboxes, site mailboxes, Lync Online users and the associated domain, now it’s the time when we can proceed to its deletion accessing the domains section inside the office365 portal, you just need to select the domain and delete it.

If we want to do this via PowerShell, this is what we need to run:

Remove-MsolDomain -Domain dominio.com

Eliminar un dominio de Office365

lunes, 26 de agosto de 2013 Sin comentarios

Cambiar-idioma-en

o365

En el post de hoy, explicaremos como eliminar un dominio de una suscripción de Office365, bien porque se nos acabe una evaluación, porque queramos migrar a otra familia de planes o porque ya no vayamos a utilizar el dominio.

Lo primero que tenemos que hacer es configurar los usuarios que estén utilizando el dominio en cuestión con el dominio alternativo, ya sea el que suministra Microsoft (dominio.onmicrosoft.com) u otro que tengamos. Esto implica dos cosas a revisar: el sufijo UPN de inicio de sesión (lo que esta después del @), y las direcciones proxy (también llamados alias) asignados en la ficha de direcciones de correo de cada usuario.

Para hacerlo via GUI (interfaz grafica):

  • Accedemos a nuestro portal de Office365 con credenciales de Administrador.
  • Vamos a la ficha Usuarios y Grupos.
  • Seleccionamos todos los usuarios afectados y le damos a editar.
  • Nos vamos al apartado «Detalles«, y en «Dominio» seleccionamos uno diferente.

Para las direcciones proxy, tendremos que hacerlo uno por uno editando los detalles, pinchando en la sección «mas» y luego en «editar propiedades de exchange«, vamos a la sección de «direcciones de correo electrónico» y eliminamos las que tengan el dominio a quitar.

Para hacerlo via PowerShell:

$LIveCred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LIveCred -Authentication Basic -AllowRedirection
Import-PSSession $Session

  • Ejecutamos lo siguiente para averiguar que usuarios tienen el dominio en cuestión asignado:

Get-MsolUser -DomainName [Domain] | fl UserPrincipalName

  • Cambiamos los usuarios que requieran el cambio con lo siguiente:

Set-MsolUserPrincipalName -UserPrincipalName [CurrentUPN] -NewUserPrincipalName [NewUPN]

 

Una vez que hemos eliminado los rastros de los usuarios, tenemos que hacer lo mismo con los grupos de distribución y/o seguridad. Para ello tendremos que acceder al panel de control de Exchange Online (si disponemos de un plan de pequeña empresa hay que seguir este articulo para acceder al ECP) haciendo click en la parte superior derecha donde pone «Admin» y luego en «Exchange«, accedemos a «grupos» y editamos cada uno de ellos, pinchamos en la sección de «direcciones de correo electrónico» y eliminamos la del dominio en cuestión.

De igual forma pasa con los buzones compartidos, buzones de sitio y usuarios dados de alta en Lync Online.

Cuando ya hemos hecho y comprobado todo esto, deberemos hacer click en el nombre de la empresa dentro de la pantalla principal de nuestro portal de office365  y cambiar el dominio asociado.

Bien, ya hemos repasado que no quedan rastros en usuarios, grupos de distribución/seguridad, buzones compartidos, buzones de sitio, lync online, y a nivel de suscripción, por lo que podemos proceder a su eliminación totalmente accediendo al apartado «dominios» dentro del portal de office365, seleccionamos el dominio a quitar y lo eliminamos.

Si por el contrario queremos hacerlo con PowerShell, este es el comando a ejecutar:

Remove-MsolDomain -Domain dominio.com

Dynamic Distribution Groups in Exchange Online

viernes, 16 de agosto de 2013 Sin comentarios

ExchangeOnline

If just a few days ago i explained how to create and manage Distribution Groups under Exchange Online, now i come to do the same about Dynamic Distribution Groups under Exchange Online.

Definition and Functionality

Dynamic Distribution Groups are a functionality that allows to receive E-Mails under a virtual address and distribute them between their members, defining members to be the ones that meet one or more of the conditions we specify under the properties of the group according to values of the user properties.

An example of this would be a department like Office365 IT Support located at NY with one or more employees that have the need of forwarding all the E-mails sent to an address like o365.support.NY@contoso.com. Due that this department has fluent employees that come and go out of the company, it’s management could be more loaded than expected. To avoid this, Microsoft thought of a new functionality that could automatically add members located at the NY office and the Office365 IT support department.

With this functionality we will not only avoid configuring a POP account PC by PC, but also be able to assign permissions to users who want to send E-mails as the department address or on behalf of in difference to the Distribution Groups of other platforms, and also avoid high workload on the management area as it’s automatic.

Configuration through the Office365 Portal

– The first thing we have to do is access our Office365 portal (http://portal.microsoftonline.com). – Then we need to access the Exchange Control Panel or ECP clicking on the upper side of the screen where it says «Admin» and then on «Exchange». (Click here to access the ECP if you have a Small Business Plan).

dg1

– Once inside, click on «Groups».

dg2

– Click on the «+» Symbol and then where it says «Dynamic Distribution Group» – Set the properties of the group we want to create:

dyndg1

Display Name: this is the name it will appear on the Global Address List and also on the recipients as the Department.

Alias: this field is the identifier that the system will use to localize and identify this group.

Description: we can assign a short description of the use we’ll use the group for.

Owners: indicates who will have the permissions to make modifications over this group.

Members: here we will define who will form part of this group, allowing to receive all the messages sent to the virtual address, only if they meet the conditions we set below.

– Once you’ve created the group, we can define additional properties doing a double click on it.

The screens we will find are:

General, where we can define or edit options like Display Name, the SMTP address it will use, Description and something very important, the ability to hide the group from the Global Address List (GAL).

dyndg2

Ownership, where we can set the owners that can make modifications to the group, including the new member approvals.

esdg5

Membership, here we can set the members or recipients of the mails sent to the virtual address and the conditions they have to meet to be one of it.

dyndg4

Membership Approval, to set the permissions config to join or leave the group.

esdg7

Delivery Management, where we can set the senders that can send messages to this group. By default the selected option is set to «Only senders inside the organization», so if we want to receive messages from outside the organization we must select the other option where it says «Senders inside and outside of my organization». Also we can set specific members that can send to this group.

dyndg5

Message Approval, here we can set the message flow to moderate the messages in case we want to approve the received messages before distributing it to its members. We can also define the moderators we want and if we want to exclude from this rule certain senders in who we trust. Also have the possibility to notify the sender in case his message has been rejected.

 dyndg6

E-mail Options, from this section we can define one or various SMTP addresses to be used to receive using this group.

 dyndg7

Mailtip, we can also define the message that will appear to users inside our organization using Microsoft Outlook when selecting the group as recipient. For example a message indicating it can be a delay of two days for answering the message.

 dyndg8

Group Delegation, here we can assign permissions to «Send As» or «Send on Behalf Of» to users so they can send messages using the group as the sender.

 dyndg9

Configuration through PowerShell

– First of all we need to prepare our environment to connect with our Office365 subscription via PowerShell.

– Then we only need to run the following:

New-DynamicDistributionGroup -Name «Dynamic DG Name» -RecipientFilter {(RecipientType -eq ‘UserMailbox’) -and (Department –like <DeptName’>)}

– Set the group to allow messages to be received from outside and inside the org:

Set-DynamicDistributionGroup «Group Name» -RequireSenderAuthenticationEnabled $False

– Assign other owners of the group:

Set-DynamicDistributionGroup -Identity «Group Name» –ManagedBy user@company.com -BypassSecurityGroupManagerCheck

– Add additional SMTP addresses to the group:

Set-DynamicDistributionGroup «Group Name» -EmailAddresses SMTP: dept@company.com, alias@company.com

– Hide the group from the Global Address List (GAL):

Set-DynamicDistributionGroup «Group Name» -HiddenFromAddressListsEnabled $True

– Show members of a Dynamic Distribution Group:

$DDG = Get-DynamicDistributionGroup «Dynamic DG Name» Get-Recipient -RecipientPreviewFilter $DDG.RecipientFilter |ft alias

I hope you find this useful.

Exchange Online Distribution Groups

domingo, 4 de agosto de 2013 Sin comentarios

Definition and Functionality

Distribution Groups are a functionality that allows to receive E-Mails under a virtual address and distribute them between their members.

An example of this would be a department like sales with one or more employees that have the need of forwarding all the E-mails sent to an address like sales@contoso.com.

With this functionality we will not only avoid configuring a POP account PC by PC, but also be able to assign permissions to users who want to send E-mails as the department address or on behalf of in difference to the Distribution Groups of other platforms.

dgscheme

Configuration through the Office365 Portal

– The first thing we have to do is access our Office365 portal (http://portal.microsoftonline.com).
– Then we need to access the Exchange Control Panel or ECP clicking on the upper side of the screen where it says «Admin» and then on «Exchange». (Click here to access the ECP if you have a Small Business Plan).

dg1

– Once inside, click on «Groups».

dg2

– Click on the «+» Symbol and then where it says «Distribution Group» – Set the properties of the group we want to create:

esdg3Display Name: this is the name it will appear on the Global Address List and also on the recipients as the Department.

Alias: this field is the identifier that the system will use to localize and identify this group.

Description: we can assign a short description of the use we’ll use the group for.

Owners: indicates who will have the permissions to make modifications over this group.

Members: here we will define who will form part of this group, allowing to receive all the messages sent to the virtual address.

Joining approval permissions: we can define if the employees can join this group without any approval (open), they can be manually added by any owner without having the option to send a request (closed), or if the employees can send requests to join the group in order to be accepted or rejected by any owner of the group (Owner Approval).

Leave permissions: we can define if the members can leave the group without any permission or approval (open), or if it needs to be approved by any owner (closed).

– Once you’ve created the group, we can define additional properties doing a double click on it.

The screens we will find are:

General, where we can define or edit options like Display Name, the SMTP address it will use, Description and something very important, the ability to hide the group from the Global Address List (GAL).

esdg4

Ownership, where we can set the owners that can make modifications to the group, including the new member approvals.

esdg5

Membership, here we can set the members or recipients of the mails sent to the virtual address.

esdg6

Membership Approval, to set the permissions config to join or leave the group.

esdg7

Delivery Management, where we can set the senders that can send messages to this group. By default the selected option is set to «Only senders inside the organization», so if we want to receive messages from outside the organization we must select the other option where it says «Senders inside and outside of my organization». Also we can set specific members that can send to this group.

esdg8

Message Approval, here we can set the message flow to moderate the messages in case we want to approve the received messages before distributing it to its members. We can also define the moderators we want and if we want to exclude from this rule certain senders in who we trust. Also have the possibility to notify the sender in case his message has been rejected.

 esdg9

E-mail Options, from this section we can define one or various SMTP addresses to be used to receive using this group.

 esdg10

Mailtip, we can also define the message that will appear to users inside our organization using Microsoft Outlook when selecting the group as recipient. For example a message indicating it can be a delay of two days for answering the message.

 esdg11

Group Delegation, here we can assign permissions to «Send As» or «Send on Behalf Of» to users so they can send messages using the group as the sender.

 esdg12

Configuration through PowerShell

– First of all we need to prepare our environment to connect with our Office365 subscription via PowerShell.

– Then we only need to run the following:

New-DistributionGroup -Name «Group Name» -DisplayName «Display Name» -Alias «Group Alias» -PrimarySmtpAddress dept@company.com

– Add the members:

Add-DistributionGroupMember  «Group Name» -Member user@company.com -BypassSecurityGroupManagerCheck

– Set the group to allow messages to be received from outside and inside the org:

Set-DistributionGroup «Group Name» -RequireSenderAuthenticationEnabled $False

– Assign other owners of the group:

Set-DistributionGroup -Identity «Group Name» –ManagedBy user@company.com -BypassSecurityGroupManagerCheck

– Add additional SMTP addresses to the group:

Set-DistributionGroup «Group Name» -EmailAddresses SMTP: dept@company.com, alias@company.com

– Hide the group from the Global Address List (GAL):

Set-DistributionGroup «Group Name» -HiddenFromAddressListsEnabled $True

I hope you find this useful.