Friday, 16 October 2015

ReFS and Exchange AutoReseed, what you need to know

There are a lot of articles out there at the moment talking about ReFS and using this file system with Exchange, highlighting where appropriate, the supportability of doing so. I love the fact people are blogging and getting this information out there.

I think it's a great technology and have been using it for some time for Exchange 2013 and also Exchange 2016. But rather than concentrate on what others have already posted. I thought I'd highlight another important area.

In this post I want to highlight what most people haven't – ReFS when using Exchange AutoReseed.

Let's take a look at two DAGs, using Get-DatabaseAvailabilityGroup. One is Exchange 2013 and the other Exchange 2016:

Fantastic. That doesn't tell us too much though.

Let's see what Autoreseed settings are present :

Fantastic. That still doesn't tell us much though about anything to do with the file system you are using for your Exchange databases.

Let's take a look at all Auto* settings:

Again we get more information, including FIPS and BitLocker information but this still doesn't show us that AutoReseed is clear about what file system is in use.

So let's sit back and think about AutoReseed. It will take a spare disk (RAID/JBOD) and format it and basically auto reseed the database that has just disappeared due to a failed disk in your Exchange Mailbox server.

It's a fantastic concept, although admittedly something that's used in larger Enterprise Organisations (and was no doubt conceived in Office 365).

So... You're using AutoReseed. You've made a decision to go with ReFS. So how does AutoReseed know what file system to format the disk in? Well that's down to DiskReclaimer. We can look at the following Technet Article for a breakdown of AutoReseed and DiskReclaimer:


DiskReclaimer is the part of the process that will allocate and format a disk ready for the reseed operation to take place. Let's take a look at all of those Auto* parameters again on our DAGs:

We can see we have DiskReclaimer enabled; -AutoDagDiskReclaimerEnabled is set to True, the default setting.

So whilst we can manually format our disks, we know that the AutoReseed process can do this for us.

So how does it know to format the disk in either NTFS or ReFS?

That's the job of the –FileSystem Parameter of Set-DatabaseAvailabilityGroup, which is sadly lacking in the Parameters section of:

(I have reached out to Microsoft to get them to update this page).

Let's take a look:

We can see both DAGs are using NTFS, this is what DiskReclaimer will look to when formatting a disk for AutoReseed.

Let's look at the file system in use for the Exchange 2016 DAG databases on one of the Mailbox Servers:

We can see we are using ReFS.

Therefore we need to ensure the –FileSystem parameter for our Exchange 2016 DAG is set to use ReFS.

Let's update it.

Set-DatabaseAvailabilityGroup "your Exchange 2013 or 2016 DAG here" –FileSystem ReFS

We can now see that the Exchange 2016 DAG in question, which is using ReFS for its Exchange Database and Log disks, is set correctly. This will ensure AutoReseed formats any spares correctly in the event of failed disks.

What happens if this isn't set correctly? Of course it will still work, having some disks as NTFS and some as ReFS – but that's not exactly a great consistent platform to have, and this should be set as part of your Administrative ownership where AutoReseed is used.

You can of course deviate from the default setting and disable DiskReclaimer and format your drives manually – but where's the fun in that?

Oliver Moazzezi – MVP Exchange Server
Twitter: @Olivermoazzezi

Friday, 9 October 2015

Apply Activesync Policies to Exchange Online Mailboxes synchronisation script

A few months back I published details of my On-Premise Activesync Mailbox Policy to Exchange Online synchronisation script (it's also available to download in the Technet Gallery).

This allowed you to simply and easily copy your existing Activesync policies to your Exchange Online tenant in Office 365 rather than having to setup them up again. This was always very useful in a perpetual Hybrid environment where co-existence may be ultimately permanent, or indeed if you're just simply migrating all users and removing your Exchange on premise presence.

I am pleased to announce the next release today, ApplyEASMailboxPolicy2EXO.ps1.

This script will take your on premise users Activesync Mailbox Policy that is assigned to them, and then apply the policy once the user has been moved in a Cutover, Staged, Hybrid or third party migration to Exchange Online.

It will also check to see if the user actually has Activesync enabled, if the user is disabled, it will disable it for their Exchange Online mailbox also.

This simplifies mobile device access in a Mobile First, Cloud First Office 365 engagement.

If you are performing a 'Cutover' migration, either natively or using third party tools (you are moving all mailboxes to Exchange Online at once) simply run the script. If this is more than 1000 users you can specify a higher setting with the –ResultSize switch parameter.

If you are performing a 'Staged' migration, or moving select mailboxes in a Hybrid state or indeed select mailboxes with a third party, then you can pipe a csv file with the users that have moved using the –Staged switch parameter.

I'll run you through both scenarios.


So first of all let's look at the Activesync Mailbox Policy applied to the users on premise. We can see that each user has a specific policy and that infact 'New User 3' has Activesync disabled.

Let's look in Exchange Online as we have just performed a Cutover Migration – all users should have the Default policy applied and be enabled for Activesync.

Ok so let's start running the script. We have already created the Activesync Mailbox Policies using my previous script here Open a PS window and run the PS1 script.

The accompanying text will explain the switches to you. As this is a Cutover (you have moved all users at once) we simply press Y to proceed.

It will now do two things. The first thing it will do is gather which Activesync Policy is applied to your on premise users. It will collate the information into a locally saved CSV file that will be created in the same location the PS1 file is run from.
Once this has been collected it will then ask for your Office 365 tenants admin credentials. Enter an account that has the necessary Exchange permissions.

It will then import the configuration file, inform you of the total number of mailboxes to configure, and start configuring your Exchange Online mailboxes.
Once it has completed, it will inform you and then disconnect your Exchange Online PS session.

It will then inform you that you can then close the PS window.

So let's look at them in Exchange Online. Has the change been implemented? You bet!


So what happens if you aren't moving all mailboxes at once? For example a staged migration? Well you can input a CSV of the mailboxes you have moved into the script. Let's take a look.
Run the script with the –Staged parameter and specify your CSV.

Specify Yes to continue.

You will this time be asked for your Staged migration CSV file.

Enter your CSV path, note that you can enter multiples if you so wish, to finish simply press Enter without adding another CSV.

Once it has informed you it has ingested the CSV file it will then make a connection to Exchange Online. Enter your tenant admin credentials with relevant Exchange Online permissions.

It will now make the connection to Exchange Online and perform the necessary changes on those specific mailboxes. Note that this time it says there's only 2 mailboxes to change. That is because only 2 mailboxes were in my staged CSV file.

And that's it! All done!

You can download the script from Technet Gallery.

It has been tested with Exchange 2007, 2010, 2013 and 2016.

Enjoy and take care,

Oliver Moazzezi – MVP Exchange Server
Twitter: @Olivermoazzezi

Tuesday, 22 September 2015

Office 2016 heralds a new way of working

The launch of Office 2016 marks a new chapter in the working life for those of us who use Microsoft's flagship office suite and this time things are very different to previous incarnations.

Indeed, with its latest offering – version number 16 – Redmond has reinvented Office from the ground up for today's mobile first, cloud first world. It looks different, plays different and has some really neat new features that should excite business users everywhere.

The first thing you'll notice, apart from the clever upscaling in functionality for today's App driven environment (full functionality on the mobile for Office 365 users), is how Office 2016 becomes a hub for real-time collaboration, further breaking down the working boundaries that many of us face.

Built with productivity in mind, users of Word are now able to instantly edit documents, wherever they may be – solving the old problem of sending changes back and forth between colleagues until everyone is happy. With Office 2016, the game changer is real-time co-authoring, meaning multiple writers can be working together simultaneously regardless of location. Think of the time that could save you on your next big project.

Excel is another element to have been reimagined and delivered with a real focus on business intelligence tools within this version. Power Query is now built-in as standard and snap functions and smart scrolling have also become the norm. Oh, and if you're wanting to access large spreadsheets you can now quickly do this from SharePoint or OneDrive for Business as read only files.

Users of Office 2016 will also be able to get their hands on the new Skype for Business client which includes all the features you'd recognise from Lync and improves upon these by delivering features such as presence, IM, video calls and online meetings in a Skype-like format. This means you'll be able to seamlessly work on other documents while taking calls and connecting with those outside of the workplace in a secure manner (good news for IT departments everywhere).

When it comes to Outlook, business users will see immediate productivity gains too, as unimportant or spam emails are intelligently sorted for you by Clutter, a tool that clever analyses email patterns to deliver priority emails first. Other changes of note include the ease with which files can now be attached to documents – Outlook suggests those recently worked on whether locally or on OneDrive – and new security measures for Word, Excel and Powerpoint, where users are warned when trying to save confidential information outside the corporate firewall.

And with personal mailboxes continuing to grow many businesses will also seek to take safe haven in larger mailbox support packages and consequently faster working for Office 2016 through hosted exchange platforms, such as Cobweb's, that offer 25gb or unlimited mailbox space for users. As well as providing another level of security, these help to rectify complaints seen in previous versions of Outlook where users often suffered from sluggish performance and a lack of space.

Yet, despite the obvious benefits mentioned I suspect there may be some of you running on Office 2003 or Office 2007 thinking you can plod on using those. I would urge caution here, taking the time to think about this as an opportunity to take your business forward using the safety and flexibility of the cloud for things like file sharing and collaboration, whilst taking advantage of the safety it provides in protecting documents too. These, in addition to those already mentioned, and a low-cost subscription model means that Office 2016 as part of Office 365 can genuinely transform your business and deliver ROI where it matters most. And when you consider that a subscription to Office 365 buys you a license across five devices and the peace of mind that comes from being 'evergreen' – it'll always be up-to-date – it's a no brainer.

Oliver Moazzezi – MVP Exchange Server
Twitter: @Olivermoazzezi

Monday, 1 June 2015

ActiveSync Mailbox Policy to Exchange Online synchronisation script

When moving to Office 365 you haven't just got the mailbox data to worry about, but also a variety of other issues like ensuring your on premise configuration and policies are understood and carried over to Exchange Online.
In a Cutover, Staged, Hybrid or third party migration you may want to prep many policies prior to moving the first mailbox to Office 365.
One of the policies you may want to configure prior to moving the first mailbox is Activesync Mailbox Policies. If you have many policies, auditing them and then creating them in Office 365 can be a time consuming task. Luckily I have written a script to help with this.
The script will do the following actions:
Check to see if any of your policies has a null field for the password device length. This should be between 1 and 16. If any are indeed null the script will inform you the policies that are at fault and halt
Export all of your Activesync Mailbox policies (including your default policy if you include –ModifyDefaultPolicy) – it will create local files from where the ps1 file is run from
Connect to Exchange Online in the powershell session (it will prompt for username and password)
Create all Activesync Mailbox policies with the on premises names and configuration settings
Clean up any local files it created when performing the export process
Disconnect any powershell sessions it has open
Inform you the process has completed successfully.
The script works well, but it is designed to be used prior to moving the first mailboxes, not that it will cause an issue if it is ran later than that of course, but because an Administrator may have already started to make changes or even set up policies using the same names as the on premise ones.
If you do run into this condition it will simply fail on creating that policy, similarly if you run the script again it will complete successfully but will fail on creating new policies as they are already created.
If you have decided to include the –ModifyDefaultPolicy switch it will also gather your default policy settings and then export them and configure the existing Office 365 default policy with the settings it has exported.
Let's take a look at it in action. Logging onto my new Office 365 tenant I can see I just have the default policy with default out of the box settings:
If I look at my on premise configuration you can see I have multiple Activesync Mailbox policies in use:
Each policy has different configuration settings. You can see in the Office 365 EAC my default policy is set with default settings and doesn't require a password. However my on premise default policy does with a minimum password length of 6 characters:
I have opened a Powershell session and I will run .\ImportEASPolicies2EXO.ps1 –ModifyDefaultPolicy
It will first check to see if there are any policies with an incorrect, or null, password length and advise you of them:
Providing that is fine, it will continue and export the on premise policies before making a connection to Exchange Online. It will prompt for your tenant credentials:
Once connected it will start creating the policies, and modify the default policy if you selected to do this (like I am in my example):

Once completed you can close the window. It will disconnect any PS Sessions it has created and also clean up any files created during the process.
So let's take a look back in the Office 365 tenant EAC
You can see the policies have been created and the Default policy has been modified successfully.
Once the *-ActivesyncMailboxPolicy cmdlets no longer work I will update the script to a version 2 making use of *-MobileDeviceMailboxPolicy. But this won't be for some time.
Until that time using the older cmdlet makes things easier.
You can grab the script HERE.
Have fun!

Oliver Moazzezi – MVP Exchange Server
Twitter: @Olivermoazzezi

Thursday, 21 May 2015

Automating the creation of mail enabled Security Groups for a Cutover Migration

One of the benefits of performing a native Cutover migration is that distribution groups are created and memberships nested during the migration batch. Unfortunately Security Groups are not created automatically during a Cutover migration, however if they exist during the Cutover migration they will be populated and assigned their correct address, so we must pre-stage them prior to the mailbox moves.

To pre-stage them we need to have a matching Name, DisplayName and Alias. We should also assign an email address as they will be mail enabled. During the Cutover migration the correct addresses will be assigned, so we can simply provide an address during the pre-stage process.

So can we automate this? Creating them manually isn't much of an issue for relatively few, but when there are a lot some automation is appreciated and makes your job far easier.

So let's take a look.

First of all let's take a look at the Security Groups.

Get-DistributionGroup |where{$_.recipienttype –like "*security*"}

Once happy, we can export them to CSV, taking the attributes we need for an import into Office 365.

Get-DistributionGroup |where{$_.recipienttype –like "*security*"} |Select Name,DisplayName,Alias,WindowsEmailAddress

We don't actually need the Windows email address, but we can use the outputted CSV to check the default address after we have automated their import into Office365 and the Cutover migration has assigned the correct addresses.

So let's take a look at the CSV data – check it and ensure it is correct and the Name, DisplayName and Alias fields are populated:

When we are ready to import the Security Groups into Exchange Online, open a remote Powershell session to your tenant.

Once in, we need to import the CSV file and map the New-DistributionGroup creation to map the Name,DisplayName and Alias fields and also assign an address.

So how do we do this?

Import-Csv "csv location" |ForEach { $alias = $_.Alias; $primary = "$"; New-DistributionGroup -Name $_.Name -DisplayName $_.DisplayName -Alias $_.Alias -Type Security -primarysmtpaddress $primary}

We take the CSV and import it.
We create a For Each statement to loop through the CSV
We add some Variables to assign the alias name (it will have no spaces so is ideal) to the tenant email address.
We then utilize the New-DistributionGroup cmdlet and use variables to populate the Name, DisplayName and Alias' from the CSV and assign the aforementioned address.

Depending on how many mail enabled Security Groups you are importing this may take some time. But once completed you will see they have been created:

That's all for now.

Take care,

Oliver Moazzezi – MVP Exchange Server
Twitter: @OliverMoazzezi

Friday, 15 May 2015

Auditing and converting Shared Mailboxes after a Cutover, Staged or Third Party migration

Moving mailboxes to Office 365 is a painless experience, providing of course it has been planned carefully. Unless you move mailboxes using Exchange Hybrid you will need to convert your shared mailboxes back to a shared mailbox once they have been moved however. This is the case for Cutover, Staged or using some third party tools like MigrationWiz.
So let's look how we would normally convert one mailbox manually.
1. Once the mailboxes have moved, logon to the tenant and in the Exchange Admin Center, select the mailbox. On the right hand side you will have 'convert to shared mailbox'

2. Selecting this brings up the following warning, select Yes

3. And that's it - the mailbox is now a shared mailbox:

So that's great if you only have one, or a select few shared mailboxes that makes the task of doing this for each one manually a very short, if somewhat mundane affair.
So what happens if you have a lot?
Well you can do it manually like in the scenario above, or we can automate it.
In this case we can audit them in preparation for any move to Office 365.
1. Get a list of all shared mailboxes from on premise Exchange Management Shell session

Get-Mailbox –resultsize unlimited –recipienttypedetails sharedmailbox |Select userprinciplename |Export-CSV

2. This will provide an output like the following. Check the CSV is formatted correctly and clean it up if necessary

Finally, after you have moved the mailboxes, with your Exchange Online PS Session, run the following command:

Import-Csv "csv file" |ForEach { Set-Mailbox –Identity $_.UserPrincipalName –Type shared }

Running Get-Mailbox –Type Shared should then show all required mailboxes have been converted to shared mailboxes.
We can continue to run this command with the full CSV even if not all the shared mailboxes have been moved over, you will simply get an error for the ones that haven't been moved yet, and a yellow informational alert for the ones that already have and thus are already of the type: shared.
In this scenario the mailboxes should not have been licensed, so there's no need to remove any licensing from them as you will still be in the grace period – as Shared Mailboxes do not require a license in Office 365. If for some reason you are facing a scenario where they are, I will post up next week how to clean this up with a remote powershell session to Azure AD for a more automated removal of any assigned license.
Take care,
Oliver Moazzezi – MVP Exchange Server
Twitter: @OliverMoazzezi

Tuesday, 5 May 2015

Microsoft Ignite - announcing "Office 365 for Exchange Professionals"

I have had the great pleasure these past few months of reviewing a new eBook that is launching this week, called "Office 365 for Exchange Professionals".

The book has been written by Tony Redmond, Paul Cunningham and Micheal Van Horenbeeck which provides fantastic deep technical knowledge and real world scenarios for Exchange Admins looking to move, or indeed, already managing Exchange Online in Office 365.

The book covers a myriad of scenarios including:

When and how to use Cutover, Staged and Hybrid migrations – and talks about potential pitfalls and benefits of third party migration tools

How the Office 365 architecture and infrastructure has evolved from Live@Edu and BPOS into the Azure aligned cloud platform it is today

How to synchronise your on premise users to the Cloud using Directory Synchronisation and achieve single sign on with Active Directory Federation Services

Managing objects in the Cloud like mailboxes, distribution groups and activating Exchange Online features for your business and users

How to utilise eDiscovery, retention and Information Rights management policies and manage auditing in your Office 365 deployment

And many more.

The eBook provides real world insight to your Office 365 deployment or migration and will impress upon you the best approach and practices for any Office 365 transition – something many current books simply lack with their black and white approaches to 365 management; designed to give you just enough knowledge to pass an MCP exam.

The book is being launched at Microsoft Ignite, please grab your copy there or add this link to your favourites to await more information on its release:

Take care,

Oliver Moazzezi - MVP Exchange Server

Cloud Solution Provider Program Multi Channel capability is coming!

Microsoft will be releasing multi channel capability on (or close to) Wednesday May 6th!

Here's a snippet from non NDA release notes from Microsoft released on Friday to all CSP partners and Microsoft Partners.

"I’m excited to share that Multi-Channel capability is coming to the Cloud Solution Provider (CSP) program, on track for release on or close to Wednesday, May 6th.   Multi-Channel provides CSP partners like you the ability to provision CSP subscriptions for customers that already have an existing tenant with existing subscriptions purchased through other Microsoft Channels (e.g., Direct, Open, Advisor, etc). In short, CSP subscriptions can co-exist with other subscriptions on the same tenant.

Multi-Channel capability has been one of the most requested features that our CSP partner community has asked for to help enable new Office 365 sales opportunities through CSP. Prior to enabling Multi-Channel, it was only possible for you, as a CSP partner, to order subscriptions for customers that you provisioned as a CSP Partner on a separate tenant. However, it’s common to work with customers who have an existing tenant and in these cases you need the ability to provision CSP subscriptions for these customers on their existing tenant. Multi-channel capability makes this possible.

A comprehensive overview of Multi-Channel capabilities is provided in the attached walk-through deck and FAQ document.  I encourage you to review both files and contact me if you have any questions. Briefly, Multi-Channel:

·         Enables CSP partners to provision CSP subscriptions for a customer that has an existing tenant
·         Enables CSP subscriptions to co-exist with other subscriptions on the same tenant (e.g. purchased directly from Microsoft, via Open, EA)
·         Allows your customer to retain full control over their existing subscriptions

It’s important to note that Multi-Channel does NOT provide the capability to transition existing subscriptions over to CSP subscriptions. All of the customer’s previously provisioned subscriptions remain, the customer maintains control over those subscriptions and the terms of those existing subscriptions are not changed in any way. Additionally, Multi-Channel does NOT enable multiple CSP partners to sell to the same customer. There can only be one CSP Partner associated with a single customer. “Multiple-CSP Partners”  is a separate capability which is included in the CSP roadmap for release in CY15/Q3".

Being able to now split purchasing between different vendors provides an exciting opportunity to Office 365 customers as long as Microsoft removes any confusion of having different pieces of 365 from different suppliers.

Have a great week!

Take care,

Oliver Moazzezi - MVP Exchange Server