Exchange Hybrid, Exchange Online & Outlook: How to get more email storage space?

Well currently, most enterprise users are using local storage to save their emails. For those whom are on SSD storage would be a problem and also goes for normal HDD storage uses.

What is online archive? Online archive is basically like your local/normal archive feature that you usually sees on your outlook but instead it is online/cloud and it provides 1TB of space. If the organization did enable this and they probably would also enable retention policy, this is just set a policy to automate moving primary emails to the online archive based on a range of period. Anyway, this is up to the organization settings and decision.

*Note: Retention Policy has many functionality and it is also part of security related

To have online archive your organization must have license like Office365 ProPlus, E3, Office365 Business or Office365 Business Premium.

How to enable online archive?

  1. If the organization is in a hybrid environment, using Exchange 2016 and Exchange Online, as the IT Admin could enable the online archive from exchange 2016.
  2. If the organization is in a hybrid environment, using Exchange 2013 (as a bridge for migration to exchange online) and had older version of exchange too than as IT admin you could only enable online archive via Exchange Online. This is because there could be possible is the unique id causes. (not much of issue if you have plans to upgrade exchange 2013 to exchange 2016)
  3. If the organization is fully utilize Exchange online only, than as IT Admin you could enable online archive from exchange online > recipient > select specific recipient > mailbox feature.

*Note:

  1. If you would wish to bulk enable, than perform using powershell, but there are other categories in Office 365 you could enable the online archive, such as from security and compliance.
  2. If you would wish to disable it and wants to use back only the primary mailbox than below is a reference on how to perform it.

Reference:

  1. https://technet.microsoft.com/en-us/library/archive-features-in-exchange-online-archiving.aspx
  2. https://docs.microsoft.com/en-us/office365/securitycompliance/enable-archive-mailboxes
  3. https://docs.microsoft.com/en-us/office365/securitycompliance/unlimited-archiving

Exchange 2013 Decommission: Unable to uninstall exchange 2013 because still holding older exchange records.

If you already migrate all exchange 2013 arbitration mailboxes to exchange 2016 but you found there are still the older exchange arbitration mailboxes in exchange 2013 which is useless, and these mailboxes shows as disable object in the Active Directory (Windows Server 2016). However, these has prevent you from disable or remove the mailboxes from the exchange 2013 via exchange powershell and prevent you to proceed to perform the uninstall of exchange 2013, because its status is still show as “Active”.

Here are the steps on how to resolve it;

  1. Make sure anti-virus is disable
  2. Remove these old arbitration mailboxes/Discovery mailboxes/Monitoring Mailboxes (please refer the reference for the sample  list) object from Active directory
  3. Before removing the object, take note to check the object’s “homeMDB” attribute with the value of the Exchange 2013 Mailbox Database name(You can get it by typing this powershell command in the exchange powershell “Get-MailboxDatabase” ). (If you remove the wrong one will be troublesome to recover)
  4. Go to exchange 2013 > Open control panel > Programs and features > Select the Microsoft Exchange cumulative update > Right click it and select uninstall > refresh control panel page make sure it is uninstall
  5. After completion uninstall, restart the server > disjoin the server from domain > remove the server object from Active Directory

 

*Note:

If you complete above step but still unable to uninstall via GUI because an error pop-up saying “incomplete installation…” than please run the cmd as administrator and use the cmd command to uninstall. (Please refer to reference)

 

Reference

  1. http://techgenix.com/removing-exchange-server-mailbox-your-environment/
  2. https://social.technet.microsoft.com/Forums/exchange/en-US/4726db53-b5ac-488a-a801-a4774ffcdc34/cannot-uninstall-exchange-2013?forum=exchangesvrgeneral
  3. https://www.kerneldatarecovery.com/blog/step-by-step-guide-for-migrating-exchange-server-2013-to-2016-part-6/

Exchange Hybrid & PowerShell: How to customize a permission of a role?

Again not brain surgery. Just need you to calm your mind and enjoy understanding it.

Yes, I know that there would be defaults settings or features that doesn’t mean the customer’s requirement, so they always requested for customization.

So basically I expect that you know what are the default roles in exchange hybrid and its permissions inside. Anyway, you have to be the administrator only you could able to view where are the roles. You can find it at your exchange hybrid console > Permission > Admin roles.

*Note:

  • I prefer to use Power Shell to create this customize permission role because it provides more details of what are the functions runs in each role type.
  • And you can dig deeper by removing/adding certain role’s type function that you would not wish to be in your customization.
  • Try not to configure the default roles given
  • Always create a new role

Using Interface to create Admin Roles Group

However, interface doesn’t actually allows you to create customize roles.

To create a new customize permission role you go to this directory Exchange Hybrid console > Permission > Admin roles > “+”

Example below;

Capture01

Select what roles you want for your customize permission;

Capture02.PNG

Using Power Shell to create customization

What I would do is I will copy a default role and its permission into my new role, which is closer to my client’s request and than I will eliminate the permission based on a comparing function such as “Query if the role’s permission doesn’t has this permission than remove the those permission”. This will definitely save much more time.

If you aren’t sure about  what default role should you copy than try to extract the detail list of each roles permission. Simply just type the following code below;

Get-ManagementRole * | Get-MangementRoleEntry
  1. Go to your Exchange Hybrid Server > Open the Exchange Power Shell console (Run as Administrator)
  2. Run these commands below
    #To get a list of role type
    Get-ManagementRole
    
    #Get function details of each role type
    Get-ManagementRole "RoleTypeName" | Get-ManagementRoleEntry
    
    #Create a new Customize Role copying a default role type
    New-ManagementRole -Parent "RoleTypeName" -Name "NewCustomizePermissionRoleName"

    *RoleTypeName would be these at the picture below, circle in red

    Capture01
    Role type name

    Get-ManagementRoleEntry is basically get the list of permissions that is inside the role.

    *Each roles has its own list of permissions

  3. If you wish to limit or remove a role type’s function/permission, than you can run this command
#Find your customization that you had created
#Query where if the function is not the name "Get-RemoteDomain" & "New-RemoteDomain" remove the other's functions
Get-ManagementRoleEntry "NewCustomizePermissionRoleName\*" | Where { $_.Name -NotLike "Get-RemoteDomain" -and $_.Name -NotLike "New-RemoteDomain" } | Remove-ManagementRoleEntry

#Query your modified customization, to check whether are the modification correct
Get-ManagementRoleEntry "NewCustomizePermissionRoleName\*"  | select name,role | ft

#If you wish to undo than just run this command
#It will get the function "Get-Mailbox" from Role Type and add into your customization
Get-ManagementRoleEntry "RoleTypeName\Get-Mailbox" | Add-ManagementRoleEntry -Role "CustomizePermissionRoleName"

 

References:

Exchange 2016: “Database is mandatory on UserMailbox”

When you are setting up a new exchange server to upgrade the current exchange server, with all the prerequisite has been applied and the next step is the run the setup.exe file of the exchange CU. However, you notice that the interface of the setup has stop at Step 7 which is “Mailbox role setup” because of an error encounter.

Usually the interface doesn’t really provide you the detail reason of error occur.

“Mailbox role: Transport service : Error”

Example:

Untitled picture

To know get more understanding of the error, Go to > Windows Explorer > open C:\ Drive > Select Exchange Setup Log Folder > Open Exchange Setup txt file > Scroll to the bottom to get the details.

Example:

Capture

*Error: Database is mandatory on UserMailbox;

Below is the sample logs and error that causes the setup to stop, and it seems that there is a system mailbox “SystemAttendantDependent_xxx” found corrupted. Usually if is corrupted means that this account’s the value of HomeMDB attribute is empty. The solution to this is to add the correct value for HomeMDB attribute of the corrupted account.

capture1-e1525890833997.png

Here how it is done;

  1. To find whether are there any other corrupted mailboxes;
    • Open your current exchange server’s powershell
    • Run this command
      • Get-Mailbox -Arbitration | Select Name, Database
      • Then it will show you number of corrupted mailboxes with WARNING stated
  2. Go to ADSI Edit > Connect to Default naming context  > Users container > search for a valid user account with mailbox > Open properties
  3. Find the attribute HomeMDB > Copy the value (*Optional: You can paste the value into a notepad for temporary)
  4. Go to ADSI Edit > Connect to Default naming context  > Users container > search for a corrupted account > Open properties
  5. Find the attribute HomeMDB > Replace the empty box with the copied value
  6. * Do this for corrupted mailboxes that you found, which is blocking your success to complete setup of your new exchange.
  7. Rerun the setup.exe
  8. If successful setup than continue with the post-installation.

*Note:

There could be other related corrupted account (Can’t be find from the exchange powershell) that has blocking your success to complete setup of your exchange. Please look into details of the logs to find out what are the other corrupted accounts and replace their empty value attribute with the correct ones.

Office 365 & AD & Exchange Hybrid: How to create remote mailbox in Exchange Hybrid for existing user, in Active Directory and Office 365?

When you have existing user active directory record and you’ve accidentally had provision the mailbox at Office 365. Thus, result you unable to add the user into any distribution group and etc. because it doesn’t have record in Exchange Hybrid. Besides, user’s primary email address wasn’t correct, such as “xxxx@domain.onmicrosoft.com” instead of “xxxx@domain.com”.

Here are the steps to resolve your problems;

Implication: None (for me)

*Note: You have to be familiar with PowerShell. Best to try it on a test user account first.

  1. Go to Exchange Hybrid server
  2. Open Exchange Powershell Management
  3. Type the following commands;

    Enable-remotemailbox “userDisplayName” -RemoteRoutingAddress “xxxx@domain.mail.onmicrosoft.com”

  4. Go to Azure AD Server
  5. Open Windows Powershell

    Start-ADSyncSyncCycle -PolicyType Delta

  6. You will than review that particular user’s the mailbox in Office 365, has more email addresses shown in the email address category itself. And also the Primary email address has change to the right one.

 

*Note: This may take half an hour for the overall settings to be propagated at the user side. Because at the user side they will still view their primary smtp as the incorrect one, even though the modification has done.