Office 365 PowerShell–The Two-Headed Monster

One of the best features in Office 365 is the ability to manage it via PowerShell.  However, currently there are two separate PowerShell interfaces into Office 365 depending on what you’re trying to do.  If you want to manage settings under the main Portal (think AD stuff) you connect via a PowerShell 1.0 interface requiring you to load tools on your local workstation.  If you want to manage things under Exchange Online you utilize PowerShell remoting which requires you to have nothing installed on your local system other than PowerShell 2.0.  Here’s the specifics for each method…

 

Portal PowerShell Administration

Prerequisites

  • Windows 7 or Windows Server 2008 R2
  • Windows PowerShell and the .NET Framework 3.5.1 enabled

Software to Install

  • Microsoft Online Services Sign-In Assistant – 32bit  64bit
  • Microsoft Online Services Module for PowerShell – 32bit  64bit

Connecting to the Microsoft Online Services Portal

  1. Click on Start > All Programs > Microsoft Online Services > Microsoft Online Services Module for PowerShell
  2. Run “Connect-MsolService”
  3. When prompted enter the credentials of an administrator account
  4. To get a list of all available commands run “Get-Command –Module MSOnline”

For a complete list of all commands and usage click on the following link…

http://onlinehelp.microsoft.com/en-us/office365-enterprises/hh125002.aspx

 

Exchange Online PowerShell Administration

Prerequisites

  • Windows 7 or Windows Server 2008 R2 – No Additional Software Necessary
  • Windows XP SP3, Vista SP1, Server 2003 SP2, Server 2008 SP1 – See Below

Software to Install

Connecting to Exchange Online

  1. Click on Start > All Programs > Accessories > Windows PowerShell > Windows PowerShell
  2. The first time run “Set-ExecutionPolicy RemoteSigned”
  3. Run “$LiveCred = Get-Credential”
  4. When prompted enter the credentials of an administrator account
  5. Run “$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic –AllowRedirection”
  6. Run “Import-PSSession $Session”
  7. To get a list of all commands run “Get-Command –Module tmp*”

For a complete list of all commands and usage click on the following link…

http://help.outlook.com/en-us/140/dd575549.aspx

Advertisements

Create Whitelists and Blacklists in FOPE

 

Creating a Whitelist

1. Click on the Administration tab

clip_image002

2. Click on the Policy Rules tab

clip_image004

3. Click New Policy Rule in the Tasks box on the right-hand side

clip_image006

4. Choose the appropriate Domain Scope. Set the Action to Allow. Enter the appropriate IP Addresses, Domains and/or Email Addresses you wish to whitelist. Items should be separated with a comma.

clip_image008

 

Creating a Blacklist

1. Click on the Administration tab

clip_image009

2. Click on the Policy Rules tab

clip_image010

3. Click New Policy Rule in the Tasks box on the right-hand side

clip_image006[1]

4. Choose the appropriate Domain Scope. Set the Action to Reject. Enter the appropriate IP Addresses, Domains and/or Email Addresses you wish to whitelist. Items should be separated with a comma.

clip_image012

Enabling Per-User Quarantines in Office 365

 

Enable Quarantining on Each Domain

 

1. Click on the Administration tab

clip_image002

2. Click on the Domains tab

clip_image004

3. Click on the Domain you wish to configure.

clip_image006

4. In the right-hand column click on Edit in the Quarantine box

clip_image008

5. Configure the settings as shown in the picture below and choose Save

clip_image010

6. Repeat the process for each Domain that you wish to setup

 

Create Quarantine for Each User

 

1. Click on the Administration tab

clip_image002[1]

2. Click on the Users tab

clip_image012

3. In the right-hand column click on Add User under Tasks

clip_image014

4. Type in the name of the user you wish to setup and click Save

clip_image015

5. Repeat this process for each User that you wish to setup

6. Note if you receive an error message stating that “The e-mail address already exists” when attempting to add a User and the User has administrator permissions in Office 365 follow the instructions at the link below.

http://support.microsoft.com/kb/2587698

 

Accessing User Quarantine

 

1. Log into Forefront Online Protection at https://quarantine.messaging.microsoft.com

a. Note: If you have trouble logging in, click on the Change Password link

clip_image017

b. Follow the link on the email you receive to reset your password

2. Once logged in you’ll see a window similar to this

clip_image019

3. Any message quarantined by the spam or virus filter will show up under “Junk E-mail”. Items quarantined by a Policy Rule

How to Login to Forefront Online Protection

 

Method 1

 

1. Browse to https://portal.microsoftonline.com and login with administrator credentials

2. Click on Manage under Exchange Online.

clip_image002[4]

3. This will open the Exchange Control Pane. Click on the Mail Control link on the left.

clip_image004[4]

4. Click on the “Configure IP safelisting…” link on the right.

clip_image006[4]

5. This will launch the Forefront Online Protection

 

Method 2

 

1. Browse to https://admin.messaging.microsoft.com and login with administrator credentials.

2. Note that while the administrator accounts are synchronized to FOPE the passwords are not the same. So, if you can’t login, click on the Change Password link.

clip_image008[4]

3. Follow the link on the email you receive to reset your password

Exchange 2010 and the Case of the Empty Server Container

I have seen several issues pop up with Exchange 2010 in regard to Public Folders.  They include:

  • Public Folder replication fails with Event 1020
  • Mail-enabled Public Folders do not receive email

These issues all link back to the same problem; an empty “Servers” container under an Exchange Administrative Group.  This typically occurs in an environment were you have migrated from Exchange 2003 and have decommissioned the last of the legacy Exchange servers.  To fix this issue do the following:

  1. Launch ADSI Edit and connect to the Configuration container
  2. Browse to CN=Services –> CN=Microsoft Exchange –> CN=OrganizationName –> CN=AdministrativeGroupName –> CN=Servers
  3. Verify the CN=Servers container is empty.  If it is right-click on CN=Servers and choose Delete from the context menu

More information on this error can be found in the following KB article.

http://support.microsoft.com/kb/2487271

Configure Conference Rooms in Exchange 2007

In Exchange 2007 you can use the following command to setup a Resource Mailbox to automatically book calendar appointments:

Set-MailboxCalendarSettings -Identity "RoomName" -AutomateProcessing AutoAccept

What about if you don’t want it to automatically book.  Instead you want the meeting request to go to a delegate (or delegates) who then can approve or deny the request.  You can use the following command:

Set-MailboxCalendarSettings -Identity "RoomName" -AutomateProcessing AutoAccept -ResourceDelegates "DelegateName" -AllBookInPolicy:$false -AllRequestInPolicy:$true

The theory is bascially the same in Exchange 2010 however all of these properties can be set in the Exchange Management Console under the mailbox properties.

The following article in the Microsoft Exchange Team Blog has more details on resource mailboxes:

http://msexchangeteam.com/archive/2009/02/26/450776.aspx

How to Upgrade an Exchange 2007 CCR Cluster to SP1/SP2/SP3

I just had to upgrade an Exchange 2007 RTM CCR cluster this weekend to Exchange 2007 SP3.  This article is still the best reference.

http://technet.microsoft.com/en-us/library/bb676320%28EXCHG.80%29.aspx

We ran into a problem at Step 5 and Step 14 where the setup program failed reporting that there were still active cluster resources on the node.  When we investigated in the Cluster Administrator MMC we found that there was a resource named PBX-ClusterGroup-Servername.  After some investigation we found that this resource is related Symantec NetBackup.  NetBackup 6.0 contains features that are dependent on a new Common Services Framework (CSF) called, VERITAS Private Branch Exchange (PBX), thus the name.

In any event, if you just take this resource offline on each node prior to the upgrade, you will be able to run it without issue.