Microsoft Exchange: Unable to export Exchange attributes (MxExchArchiveGUID) from Active Directory after shut down

Hi everyone, has been awhile, due to Chinese New Year. Anyway, is good to be back!

Situation for this issue, is that you have shut down the Microsoft Exchange server and you are in the process of rebranding (Example, changing UPN, email address or Logon), but you encounter that some users having the issue to open their online archiving. Hence, you would like to export their MsExchArchiveGUID from Active Directory and perform a comparison with the Cloud’s Archive GUID instead of turning on the Exchange Server (You do not want to make your effort redundant). However, no matter how you try with this command on your Active Directory, Get-ADUser -Filter * -Properties * | Export-csv filename.csv and you still can’t get them to show up on your csv file.

This article would require review of the reference links.

Don’t panic! All you got to do is:

  1. Prepare a test PC (OS version of Windows 10 at least) or a server (Non-critical ones, OS version of Windows Server 2012 R2) that is a domain joined
    • I would recommend using a test PC, to avoid the hassle of checking whether the Windows Server is critical or notor the hassle of stuck at Exchange Server Wizard (Role Selections)
  2. Prepare an account that has a domain admin rights.
  3. Make sure you know what your Exchange Server’s version (Example, CU 2013, CU 2010, CU 2016, or CU 2019).
    • If you don’t remember you can always relocate the Exchange Server’s object from your AD. Else, you have to guess.
  4. Logon the PC with the account that has domain admin rights > Install the RSAT tool onto the PC
    • Recommended RSAT tools are: Active Directory Domain Services and Lightweight Directory Services Tools, and Server Manager
  5. Install IIS 6 Metabase Compatibility and IIS 6 Management Console
  6. Reboot the PC
  7. Relogin to the PC with the account that you had logon too, go to browser and search for your Exchange Server CU version and then download the package
  8. Export/eject the .iso file, run the Setup.exe
  9. Choose the option of not to allow windows update > Next
  10. Agree the license agreement > Next
  11. On Recommended setting page > Choose recommended or not.
  12. On the Server role Selection > Choose only Management tools > Next
  13. Location of the installation you can remain with the default
  14. On Checking the prerequisites page, if you faced any of these errors just follow the instructions on how to resolve them or Google Search how to do it based on your PC’s OS version.
  15. Once you have successfully downloaded the exchange management tool you can start to export your msExchArchiveGUID
  16. Once finish remember to revert you configuration to the PC



Exchange Online Protection: Configuration Analyzer (Your Mail Security Advisor)

Hi guys and ladies, today I’m going to write about the hidden guru in your Exchange Online Protection, a.k.a Office 365 Mail Security or Microsoft Defender for Office 365.

Why improving your mail security configuration is important? Well, malicious attacks gets improve from time to time, so does security too. In the past, scammers used to send fake letters to houses claiming to be from the bank or police officer, to lure you into turning yourself in with money. Now 2022, scammers are sending blast mails to any IP address or available legit domain in the world, claiming to be an authorized organization and to seek their victims.

There are times you would like to compare what your vendors recommendation and the global recommendation of mail security configuration, now you have it in your Microsoft Exchange Online portal. Basically configuration analyzer scans your existing policies and provide either Standard or strict recommendation to improve your mail policies.


Do not make changes to default policies by Microsoft. Recommended to create new ones.

How to get that?

  1. First you login to your portal
  2. At the left taskbar, you can see the “Email and collaboration” category
  3. Select the “Policies & rules”
  4. Select “Threat policy”
  5. Select “Configuration Analyzer”

As you can see they do scan your default policies by you can ignore them. The most important thing inside this table, is the structured and convenient information that provide you understanding on how you can improve your existing policies.

You may refer to the references below to know whether is your license has this feature available.



Exchange Migration: Outlook kept prompting for password after migration

Hi guys and girls, hope you are doing well, as the pandemic is still on-going, hope that you guys are keeping cleanliness and safety first.

Today’s topic is about exchange migration of mailboxes from on-premises to Office 365. This issue is where the legacy windows client or legacy office apps has issue with their outlook applications keeps prompting for credentials and showing disconnection. The issue also do happen to Windows 10 machines but not as aggressive as the Windows 7 machines.

This environment has the following items,

  1. Exchange server: 1 unit, version 2013, CU23 (latest)
  2. Windows client: Combination of Windows 7 and Windows 10
  3. Office applications: Combination of 2013, 2016, 2019 and Microsoft 365 apps for business in both windows 7 and windows 10 categories
  4. Migration method: Remote move migration
  5. Hybrid establishment: Yes
  6. Microsoft 365 license: Business standard/basic

As we all know that the major pre-requisites must met before starting the hybrid and perform migration.

We notice intermittent connections while running the Wireshark on Windows 7 with M365 business apps, while trying to login using the migrated account credential on an Outlook app. We ran a re-creation of the outlook profile and the prompt for credential has stops. This is definitely not the right solution. Solutions is dependent with what caused the issue.

At first we suspected something got to do whitelisting on the network layer but we had confirmed that the whitelisting are correctly configured. Next, we suspected something go to do with compatibility on windows with/or office apps version. This is not a very good idea. After quick research, I came about modern authentication could be the caused, and there where I had an idea on suggesting to turn off the security default in Azure portal and then turn off the modern authentication in Office 3655 tenant. After 10 to 15 mins, the intermittent connections no longer shows up on the Wireshark.

Modern authentication is enabled by default for every new Office 365 tenants, so please be aware if your environment has legacy windows client running or legacy office applications, do consider to turn them off first before proceeding to deploy Microsoft 365 apps.

Azure portal > Azure AD > Properties > Manage security defaults
Office 365 admin center > Settings > Org Settings > modern authentication

Modern authentication was the one the interfered with the machines and it kept challenging the users to key in credentials due to the compatibility was not met. Once the modern authentication is turn off, the environment now is running basic authentication.


Exchange Online and Hybrid: How to capture/export last usage of Distribution List?

Distribution Groups

Hey everyone, how are you doing? So today’s topic is about how to capture last usage of distribution list. We encounter when we need to do clean up on the groups but imagine if you have thousand of groups that you have to check with the owners whether that the group is in use/active, sounds ridiculous right?

So I came across with this request and manage to found a very good reference on achieving this request.

Make sure you have PowerShell on your workstation to get the following result.

If you do not have appropriate permission to run the following command, below reference on how to get it work. If you have the appropriate permission or this is not your first time using PowerShell, then you can just launch your PowerShell as usual.

#Import the module
Import-Module ExchangeOnlineManagement

#Connect to Exchange Online
Connect-ExchangeOnline -Credential $usercredential

#Retrieve list of distribution list
$DistributionList = Get-DistributionGroup -ResultSize unlimited

#Get the message trace function to capture the last usage, a delay is needed to not stress of the throttling
$DistributionList | %{Get-MessageTrace -RecipientAddress $_.primarysmtpaddress ; write-host (“Processed Group: ” + $_.primarySMTPAddress) ; Start-Sleep -Milliseconds 500} | export-csv -Path C:\<filename>.csv –Append 


  3. Set-ExecutionPolicy (Microsoft.PowerShell.Security) – PowerShell | Microsoft Docs

Exchange Online and PowerShell: How to extend Max Sent Size for your users in bulk?

Hey Guys and girls hope you all are taking care of your health and staying safe during this Covid-19 situation.

So here is just a simple blog post that I’m going to write about, if you are going to do some big changes towards your user’s mailbox features, of course PowerShell is the right method to perform.

As you may know that Microsoft have extend the max size of send message to 150MB, this is not default size but is a allow size for your necessary.

Here is the code;

#First you got to connect to the Exchange Online PowerShell to get the commands

Connect-ExchangeOnline -UserPrincipalName <Global admin UPN> -ShowProgress $true

#You would want to get the primary ID which is the recipient type details because you are going to make changes on the user mailboxes, this code will gather all mailboxes that are UserMailbox type and the change will take in.

Get-Mailbox -RecipientTypeDetails UserMailbox | Set-Mailbox -MaxSendSize 50MB -Verbose

#Next to get confirmation that all users has apply the change, write out the result or you could export it to csv, using the Export-Csv command

Get-Mailbox -RecipientTypeDetails UserMailbox | Select Name,MaxSendSize

That is about it! Simple as that!



PowerShell: PowerShell with MFA

It seems that more users are heading to enabling MFA but when it comes to managing via PowerShell, it can’t seem to login with their credential on normal PowerShell module.

When you have MFA enabled, you got to install the module  that’s support MFA. Pretty extra right? haha yea I know. Administrators tends to prefer GUI to manage but on other occasion we still need PowerShell to manage our cloud services.

To search for the PowerShell module tends to be a little tricky but hey I’m here to help you.

So enough of chit chat….let’s get it on!

First of all you got to open up your Exchange Online Portal > hybrid > Select the second option; Not the first option!



*Make sure your laptop or computer has the latest .Net Framework to support this module and supported Windows Operating System.

Once you got it install it will create a shortcut for you;


Anyway, do expect the Connect command will be the same as the usual PowerShell module.

Connect-EXOPSSession – Exchange Online


Connect-IPPSSession – Security and Compliance




PowerShell Script: Schedule Litigation Hold Enabled Exchange Online

To share how to perform enabled litigation hold for User Mailbox using task scheduler. However, this may trigger your security application/detection in your environment (a.k.a “Unexpected script ran….”). This blog requires you to know how to use Task Scheduler.


  • If you don’t specify license type in your script, is alright, the script will skip that user and move on with another one.
  • Some license doesn’t provide the litigation hold feature, such as E1 license.
  • This script is not a limited capability.

There are pretty much lots of ways you could perform this.

  1. You could perform based by checking on the user’s creation date and litigation hold status.
  2.  You could perform based by checking on the user’s department and litigation hold status
  3. You could perform based by checking only the litigation hold status
  4. You could perform based by checking the license type and litigation hold status
  5. You could perform based all 4 above

Well, it all depends on the requirements and necessary in the environment.

When I was scripting it, I notice if to perform manually running the script is best to make use “function” type, to avoid duplication. Anyways,

If you are planning to have this in task scheduler, you could have this PowerShell script save in any windows platform that has Windows PowerShell with the required module installed.

Before moving on, 

You would need to manually run a retrieve of office 365 global admin credential, save and encrypted into a file. If you are terrified of the file being accessed by others, just make some security adjustments towards the file. 


#Name: Sabrina Kay
#Purpose: This powershell is to enabled litigation hold

function Run-LitigationHoldEnabled{
#Parameter to get the path

#retrieve the path
$File = Get-ChildItem -Path $FilePath -Filter *.cred

#Identify the file path iss found
if($File -eq $true){

#Have to convert to string, or get only the name, because the type is File System type
$UserName = $File.BaseName
$PwdSecureString = Get-Content "$($FilePath)\$($UserName).cred" | ConvertTo-SecureString

#Create a storable attribute object for username and password, (passsword won't be shown in plain text)
$UserCredential = New-Object System.Management.Automation.PSCredential -ArgumentList $UserName, $PwdSecureString

#Connect to Exchange Online
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session -DisableNameChecking
#Get user mailbox with litigation hold not enabled, set them to enabled
Get-Mailbox -RecipientTypeDetails UserMailbox | where-object {$_.litigationholdenabled -eq $false} | Set-Mailbox -LitigationHoldEnabled $true

#Finish and end session
Remove-PSSession $Session

#End Session if file path not found
    Remove-PSSession $Session

#Main Program
#attribute for the office 365 credential file path
$KeyPath = "C:\xxx\"

#Task to run
Run-LitigationHoldEnabled -FilePath $KeyPath

Exchange Hybrid, Exchange Online & Outlook: How to get more email storage space?

Well currently, most enterprise users are using local storage to save their emails. For those whom are on SSD storage would be a problem and also goes for normal HDD storage uses.

What is online archive? Online archive is basically like your local/normal archive feature that you usually sees on your outlook but instead it is online/cloud and it provides 1TB of space. If the organization did enable this and they probably would also enable retention policy, this is just set a policy to automate moving primary emails to the online archive based on a range of period. Anyway, this is up to the organization settings and decision.

*Note: Retention Policy has many functionality and it is also part of security related

To have online archive your organization must have license like Office365 ProPlus, E3, Office365 Business or Office365 Business Premium.

How to enable online archive?

  1. If the organization is in a hybrid environment, using Exchange 2016 and Exchange Online, as the IT Admin could enable the online archive from exchange 2016.
  2. If the organization is in a hybrid environment, using Exchange 2013 (as a bridge for migration to exchange online) and had older version of exchange too than as IT admin you could only enable online archive via Exchange Online. This is because there could be possible is the unique id causes. (not much of issue if you have plans to upgrade exchange 2013 to exchange 2016)
  3. If the organization is fully utilize Exchange online only, than as IT Admin you could enable online archive from exchange online > recipient > select specific recipient > mailbox feature.


  1. If you would wish to bulk enable, than perform using powershell, but there are other categories in Office 365 you could enable the online archive, such as from security and compliance.
  2. If you would wish to disable it and wants to use back only the primary mailbox than below is a reference on how to perform it.



Office 365: How to handle resign user mailbox with litigation hold enabled?

Litigation hold is a feature that allows you to keep your mailbox with specific period or unlimited period. However, this is only the high level definition of litigation hold. Through out my deep and many research of Microsoft articles, especially technet it only state high level of definition of litigation hold but nothing about notices.

Few weeks ago I’ve encounter one of my user reported to me, saying that they have a user account that is disable (in Active Directory)blocked sign in and unlicensed but the mailbox still in active state and able to send (etc inbox forwarding rules) and receive mails and also able to login if with full access. After few research, I found a Microsoft article (support article ““) , about how to handle inactive mailboxes. However, it still didn’t state why it happens or how this mechanism works.

We call this as deprecated account but active mailbox. I really hope that Microsoft could do something about this as it seems to me it is pretty troublesome to go extra further step to handle this, and also hope that they could elaborate more about litigation hold pro and cons or how this mechanism works.


Please take note if you have mailboxes with unlimited litigation hold enabled, and user account in Active Directory is disable but in a sync Organization Unit, please move them to a unsync organization unit IMMEDIATELY or else it will full up the mailbox storage. 

To check whether which Organization unit is unsync;

  1. Just go to your Azure Active Directory Server
  2. Windows Start button
  3. open MIISCLIENT or Synchronize Services
  4. On top select “Connection”
  5. double on your local domain
  6. select Configure Directory Partition
  7. at the bottom right button
  8. select “Containers”
  9. enter Azure Active Directory credential
  10. you will able to view unchecked boxes means they are the unsync organization unit.





Office 365 & Exchange Online: Why have to be careful with Mail Flow Rules?

Many thought that even they are from programmer background or any Technical background could achieve to implement 101% accurately correct mail flow rules, based on a programmer mindset. However, by having such thoughts will bring risks to yourself and the company itself.

*Note: If you’re not familiar of the product, then please try not to play around with it in production environment. Always, start off with research and lab testing.

Mail flow rules brings huge impact to your organization’s mail flow with slight incorrect configuration of a rule. Example, mails send to only Department B, aren’t suppose for Department A to be view but then Department A somehow able to view mails that is for Department B. However, this causes data leak within organization.


Is best to spend time to understand the product than rather getting yourself in trouble.