Exchange Online and Hybrid: How to capture/export last usage of Distribution List?

Distribution Groups

Hey everyone, how are you doing? So today’s topic is about how to capture last usage of distribution list. We encounter when we need to do clean up on the groups but imagine if you have thousand of groups that you have to check with the owners whether that the group is in use/active, sounds ridiculous right?

So I came across with this request and manage to found a very good reference on achieving this request.

Make sure you have PowerShell on your workstation to get the following result.

If you do not have appropriate permission to run the following command, below reference on how to get it work. If you have the appropriate permission or this is not your first time using PowerShell, then you can just launch your PowerShell as usual.

#Import the module
Import-Module ExchangeOnlineManagement

#Connect to Exchange Online
Connect-ExchangeOnline -Credential $usercredential

#Retrieve list of distribution list
$DistributionList = Get-DistributionGroup -ResultSize unlimited

#Get the message trace function to capture the last usage, a delay is needed to not stress of the throttling
$DistributionList | %{Get-MessageTrace -RecipientAddress $_.primarysmtpaddress ; write-host (“Processed Group: ” + $_.primarySMTPAddress) ; Start-Sleep -Milliseconds 500} | export-csv -Path C:\<filename>.csv –Append 


  3. Set-ExecutionPolicy (Microsoft.PowerShell.Security) – PowerShell | Microsoft Docs

Exchange Online and PowerShell: How to extend Max Sent Size for your users in bulk?

Hey Guys and girls hope you all are taking care of your health and staying safe during this Covid-19 situation.

So here is just a simple blog post that I’m going to write about, if you are going to do some big changes towards your user’s mailbox features, of course PowerShell is the right method to perform.

As you may know that Microsoft have extend the max size of send message to 150MB, this is not default size but is a allow size for your necessary.

Here is the code;

#First you got to connect to the Exchange Online PowerShell to get the commands

Connect-ExchangeOnline -UserPrincipalName <Global admin UPN> -ShowProgress $true

#You would want to get the primary ID which is the recipient type details because you are going to make changes on the user mailboxes, this code will gather all mailboxes that are UserMailbox type and the change will take in.

Get-Mailbox -RecipientTypeDetails UserMailbox | Set-Mailbox -MaxSendSize 50MB -Verbose

#Next to get confirmation that all users has apply the change, write out the result or you could export it to csv, using the Export-Csv command

Get-Mailbox -RecipientTypeDetails UserMailbox | Select Name,MaxSendSize

That is about it! Simple as that!



PowerShell: Unable to delete Stuck Data Leak Policy using “-ForceDeletion”

Hi Guys and girls, hope you all are doing well, and remember to stay safe. Just got the PowerShell check on the command “Remove-DlpCompliancePolicy“, it seems that Microsoft had made some changes to it and had removed the “-ForceDeletion” parameter from the “Remove-DlpCompliancePolicy” command.

Appreciated and thanks to the commenter that ping me on this at one of my older blog post .

Just to announce that if you would like to remove or delete the stuck DLP policy in Security and Compliance, you would have to raise a ticket to Microsoft and inform them to perform the force deletion at their backend. There are users experience this and it is resolved through Microsoft Support.




How to change Forest Functional Level and Domain Level?


Make sure you have Enterprise Admin account/permission to run this command and run the PowerShell as Admin. 

If you run into error that you can’t bring up a new Domain Controller due to Operating System is not in the suitable forest functional level, this solution could help you out. RODC is not accepted to run these commands.

I am not sure whether does this require FSMO roles to make the changes towards these functional levels. Hence, I run these commands on the Primary domain controller.

  1. Login to your existing domain controller using an enterprise admin account
  2. Run the Windows PowerShell as Admin
  3. Type in the following command to change the forest functional level
    • #Get Forest level Info
      #To Set the forest level
      Set-ADForestMode -ForestMode <Operating System Name>
      #Example: Set-ADForestMode -ForestMode Windows2012R2Forest
  4. Type the following command to change the domain level
    • #Get Domain level Info
      #To Set the forest level
      Set-ADDomainMode -DomainMode <Operating System Name>
      #Example: Set-ADDomainMode -DomainMode Windows2012R2Forest


Would recommend that you study on the difference between Forest Functional Level and Domain level. I would write a blog post about it soon!


Troubleshoot Hard Matching Immutable ID, Failed with Error “Uniqueness Violation”

When you perform a hard matching via PowerShell and you notice that once you run the Set-MsolUser command on the correct account, it return an error “Uniqueness violation. Source anchor”. Hmm what could be the cause for this error???

Well the reason for the cause of this error is obvious that there is still existing duplicated account is still not fully removed from Active Users list and Recycle Bin.


This post requires you to know the basic commands like Connect-MsolService, Set-MsolUser, Remove-MsolUser and Get-MsolUser.

So what you got to do is to run the remove command to remove the duplicated account. Once fully remove from the Active Users list and Recycle Bin, you could continue to set the immutable ID on the correct account.

Oh yea….if the account that you wish to set the new or correct immutable ID make sure it is empty or cleared before you set the new or correct ones.

Happy PowerShell!


PowerShell: WinForm GIF Player for Fun


I just notice I forgotten to blog about this experience. It may seem useless, but I had a fun Sunday spending on it.

Anyway, here is the code for it, you could improve it.

*Note: Highlighted in YELLOW needs you to change it!

#Create a form

Add-Type -AssemblyName System.Windows.Forms

$Form = New-Object System.Windows.Forms.Form

$Form.AutoSize = $true

$Form.StartPosition = "CenterScreen"

Write-Host "Running GIF Player ..."

#Adding some text

$Form.Text = "GIF Player"

$Label = New-Object System.Windows.Forms.Label

$Label.Location = New-Object System.Drawing.Size(0,0)

$Label.AutoSize = $true

$Label.Font = New-Object System.Drawing.Font ("Comic Sans MS",20, [System.Drawing.Fontstyle]::Bold)

$Label.Text = "Hello Sunday ~"


#Get the local saved GIF

$gifBox = New-Object Windows.Forms.picturebox

$gifLink= (Get-Item -Path '<filepath>\cathello.gif')

$img = [System.Drawing.Image]::fromfile($gifLink)

$gifBox.AutoSize = $true

$gifBox.Image = $img


#Execute the form





PowerShell: PowerShell with MFA

It seems that more users are heading to enabling MFA but when it comes to managing via PowerShell, it can’t seem to login with their credential on normal PowerShell module.

When you have MFA enabled, you got to install the module  that’s support MFA. Pretty extra right? haha yea I know. Administrators tends to prefer GUI to manage but on other occasion we still need PowerShell to manage our cloud services.

To search for the PowerShell module tends to be a little tricky but hey I’m here to help you.

So enough of chit chat….let’s get it on!

First of all you got to open up your Exchange Online Portal > hybrid > Select the second option; Not the first option!



*Make sure your laptop or computer has the latest .Net Framework to support this module and supported Windows Operating System.

Once you got it install it will create a shortcut for you;


Anyway, do expect the Connect command will be the same as the usual PowerShell module.

Connect-EXOPSSession – Exchange Online


Connect-IPPSSession – Security and Compliance




PowerShell: Goodbye old Azure Rights Management module

Today I decided to say goodbye to a PowerShell command module, its name is Azure Rights Management, for short AADRM. Why? If you remember or read my old blog post about Rights Management in Azure then you know why I am saying Goodbye to it. Remember the old Azure Portal?

Before saying Goodbye, I was glad to experience this generation of Azure Rights Management, in 2017 and seeing the improvement and growth of it makes me happy. Now I am moving forward to the AIP Service module, where the new Rights Management named “Azure Information Protection”. AADRM End-of-life is on July 2020. During my first experience with AADRM, it was quite complicated to understand and manage it, because of its commands different from what I usually do.

Alright to install AIP Service module, what you should do first? When you already have AADRM installed, you have to uninstall it via PowerShell Run as Administrator. If you try to install the AIP Service module before uninstalling AADRM, it will give you an error saying “You already have the following commands ‘Get-AADRM and etc…’“.

This new AIP Service Module contains the new commands which are the AIP Service commands, don’t worry this new module still has the AADRM commands.

aip01.PNG If you happen to have MFA enabled, AADRM module and the new AIP service module does support.



PowerShell: Understading the use of Format-Table and Select

Just past a few days one of my colleagues was having trouble exporting the result that he wants. So I help him out to clarify what he must do and what must not do.

His PowerShell command was;

Get-Team | Format-Table DisplayName, MailNickName
  • Format-Table or ft command is used for formatting the selected properties into table form.
  • Gives you a nice view of the table form of the properties in the PowerShell console only.
  • If you were to export the Format-Table into a CSV, it will look like one whole chunk together in a column.


To export the result into CSV you got to use the “Select” command and then pipe with the Export-Csv command.

  •  “Select” or “Select-Object” command it serves the purpose of selects specified properties of an object or set of objects.
Get-Team | Select DisplayName, MailNickName | Export-Csv "<filename.csv>"


Get-Team | Select DisplayName, MailNickName > "<filename.csv>"


PowerShell to detect Packet Loss

A friend of mine has been asking assistance from me to clarify with him on his PowerShell coding, he said he only knows one person does PowerShell and that is why he came to me. Anyway, thanks and I am feeling a little shy, HAHAHA! Glad to help out a good friend.

He has been trying to code out packet loss detection via PowerShell, and yes I do agree that sometimes it is tricky when comes to understanding the variables, example how is this reading and the outputting is a different thing?

So back and forth of clarification, he finally did it! Congratulations! You could check it out his program he has written and posted up on GitHub;

Cheah Eng Soon – Packet Loss Detection