Friday, July 10, 2015

Parse-TransportLogs - Which IPs on my network are sending SMTP through that connector?

I get asked this at some point in almost every Hybrid migration. The answer is always to turn up your SMTP logging to get those details. The problem is that parsing that data is difficult. Unlike an HTTP log where each hit was a transaction, SMTP logs contain the entire SMTP conversation, so one transaction can be 10-30 lines in an SMTP log file.

Additionally, SMTP logs store the remote-endpoint as a single field of IP and Port.

This script takes *.log from the directory you specify, and will search for lines containing "Queued" - meaning an email was accepted by the connector and write those to a temporary file.  Then it will parse the data, the Top client IP addresses along with a count!

Depending on the size of your log file data, this can take some time to run!

Download today from the TechNet Gallery!

Wednesday, July 08, 2015

SIP DHCP Option 120 DeMystified

On the surface, Option 120 seems simple - it's the Pool FQDN, encrypted.

Everyone knows to run the DHCPUtil.exe -sipserver and it spits out a long hex value for you.  Option 43 is a little fancier, and gets more press.  Option 120 seems straightforward in comparison.  What if I asked you to create the hex code without DHCPutil?  Sure sounds easy, you take that FQDN, run off to your local hex to asc convertor and punch in your FQDN, you get a non-human readable string, and you set your DHCP options.  Done and done -  What do you mean it's not working?

So, reading through RFC3361 (as I am known to do in front of the fireplace, pouring over dot-matrix printed copies, burning the parts I have already committed to memory) we learn that Option 120 has a VERY particular format.

That format can be seen below - where "##" is the hex code for the length of the ASCII section following it.


That's confusing, but for a machine with limited CPU/RAM, that's a pretty sweet input.

So, let's un-Lync this for a minute and pretend our SIP server was Keep in mind, the 00-FF range is 0-255 characters in each section of the FQDN.  I don't know a TLD above 10 characters, but I guess they really wrote this code openly!

Section Characters Hex Code
www 3 03
bing 404

I'll avoid the haiku here but the encoding for this would look like:

00 03 HEXCODE(www) 04 HEXCODE(bing) 03 HEXCODE(com) 00

Or this (bolded the Hex count codes)
Armed with information, I began working in Excel to make it so I could build these codes without having RDP to a Lync or S4B server available to me, or from a place where I might not have DHCPUtil.exe access.

Taking an input in Excel using the FQDN, you need to do some fair complicated text manipulation to break down the sections, perform the ASC to Hex conversions and concatenate the text.  I am pleased to report that in my search for this code already existing, I was able to find this Design Document Generator written by Alessio Giombini.

I have taken the tab and modified it some to release it separately to you here.
Download from the TechNet Gallery!

Here's a quick Office Mix I made on this.

Tuesday, June 30, 2015

Seven Office 365 Video success tips - you won't believe number five!

I have recently begun using Office 365 video more for internal and customer shared videos.  It's been fairly successful and I wanted to give out a few lessons learned for those also working on Office 365 video adoption.
  1. You can not choose your title image - because of this, you NEED to make sure that frame 1 of any video has the title screen you want.  If that's a video of you, or an title page of a PPT so be it. Depending on how you record your video (Office Mix versus a Lync/Skype for Business Recording) you may not be able to set frame 1 without video editing tools.  If you use Lync/S4B - I recommend sharing a title screen/image prior to hitting record to ensure frame 1 has content shared.
  2. Office mix audio levels - I have already submitted this feedback to the Office Mix team.  (if you are not familiar)  When you record from a slide recording, you are able to select your audio recording device of choice.  When you record a screen recording, you are not able to, and default device is used.  If you have multiple headsets/devices for audio this might be an issue.
  3. Upload and processing times - they are not the quickest in terms of other video hosting services for upload nor processing time.  Expect time there.
  4. Sharing - Recently, sharing embed code for Office 365 videos was announced, and this works quite well in SharePoint - but the user watching the video needs to be signed into YOUR Office 365 tenant for the video to load currently. Choosing Insert->Video and Audio->Embed and paste the embed code proved by Office 365 video there. There is no "anonymous" sharing at this time.  If you are playing with Mix, there is an anonymous or private link sharing for the Mix upload service, I think that is where this traffic should be driven at this time.  Also, the other sharing options are Yammer, which works as expected, and Email, which at this time is a "mailto:" hyperlink which is a pretty weak implementation at this point.
  5. SharePoint Taxonomy - At this point there is no taxonomy integration.  You are not able to tag videos for easy search.
  6. Descriptions - Within the description section, there is no real formatting control.  It doesn't seem to take HTML, RTF or properly formatted text for a CR/LF no matter what.  Nor links or other relevant data.
  7. Versioning - If you want to overwrite/update a video, be SURE to name it the same filename as the current video's title and upload.  Office 365 video should see this and ask if you want to replace or create new.  If you choose replace, the video links and/or embed code you have previously utilized should continue to work (similar to uploading a new Office document to a SharePoint library)

I will add/update additional information as I learn more or as the service changes.  Thanks for reading!

Monday, June 29, 2015

Using GAM to extract tenant data for a Google Apps to Office 365 migration

Google to Office 365 migrations are fairly complex for several reasons:
  1. While coexistence is possible, it is difficult to configure and more difficult to communicate to your users effectively.
  2. The end user experience is vastly unique, so communication plans need to be robust
  3. Because a cutover migration tends to be more effective, it requires a lot of forethought to discover and recognize the gaps in process or behavior and determine which you can fix with a technical resolution and which need to be addressed in end user communication as a change.

One of the biggest uphill battles is extracting data from Google.  Granted Administrative rights in a Google tenant, there are not any export or save as options really presented to you.

Enter GAM (Google Account Manager)  Wiki here - GAM is a command line tool that allows administrators to manage many aspects of their Google Apps account

GAM can be used to report/export/document a google apps tenants:
  • Users
  • Groups
  • Aliases
  • Resource Calendars

The install and permissions model is well documented in the links above, be sure to use the latest version of GAM, they seem to consistently update it to include new functionality.

Once you have it installed and connected to the tenant there are several command you can use to extract data to a CSV file which can be users to script and create AD objects, cloud mailboxes, groups, resource mailboxes, etc.

Export users:
gam print users allfields > users.csv

Export groups:
Gam print groups > groups.csv

Export aliases:
gam print aliases > aliases.csv

Export Resource calendars:
Gam print resources > resources.csv

Of course, this is not a read only tool - you can also use the tool to edit/modify users in bulk.  For example, using a migration tool like BitTitan's MIgrationWiz, you are not able to extract data from a user who is disabled, so we can disable and enable users in the Google apps tenant using

gam update user chrislehr suspended off

gam update user chrislehr suspended on

Hope this helps, if there is more interest, I can show how I develop these CSV's into PowerShell to create everything in the Office 365 tenant!

Wednesday, June 17, 2015

Manipulating LogParser Data in Excel to prepare for Office 365

In a post I made back about a year ago, I posted about how to collect RPC logs to determine Outlook versions your organization is using.

It's been a pretty popular article, but I kind of didn't document the Excel part so I am circling back today to strengthen this aspect of the How-to.

So, starting with the CSV in that article:

  1. Open the CSV in Excel
  2. Hit Ctrl-A and select "format as a table" - you can choose to design if you want  :)
  3. Then, on the table design tab, select "Summarize with Pivot Table"
  4. Then, design your pivot table.  In this example, I will drag "Version" to both the rows and the values fields as shown to the right
  5.  Once you have the pivot table, you can color code based on O365 compatibility (Office 2010 support ends in October 2015!)
  6.  Now, you can review versions and choose if you want to drill into them by user and IP address!


Tuesday, June 09, 2015

O365 - Unknown Error adding a vanity domain


Adding a domain in Office 365 Web UI, you add a domain name, get the verification DNS record created, click on verify and you get an "Unknown error"  You receive the same if you use Confirm-MSOLdomain.   If you use the Web UI, you will have the added pain factor that every time you attempt a verification, the DNS entry will change on you.  Especially frustrating if you are not the person in control of DNS and you repeat this process a few times before realizing the issue.


Obviously, something as generic as "Unknown Error" we cannot possibly state the root cause is going to be the same every single time.  Your mileage may vary here, but this is what we found, and if you can ask the right questions, you may be able to resolve this without contacting support.

For us, the root cause was that the vanity domain was already verified in another tenant.   That tenant had since been abandoned and none of the Global Admins were known.  I was able to call PSS, and they confirmed that this was indeed the case.  The next time I run into this, I will challenge the domain owner more to see if they know if they had a previous tenant they attempted and abandoned.

My Request:

This seems like something simple enough to make a friendly error like "this domain is in use, see here for instructions on gaining access to the domain"

If you want, you can even link here if getting a new KB together is difficult.  :)


Follow the below steps for removing the domain from other tenant and adding it to your tenant.

In order to remove your domain from another Office 365 account, and to add your domain under your new tenant, follow these instructions:
  1. Go to this link: and enter a valid e-mail address associated with the domain suffix "".
  2. You will receive an e-mail and Follow the link in the email.
  3. Generate a new password so that you can login into Tenant, where your domain is currently added and verified.
  4. Go to: and log in with the newly created credentials.
  5. Go to Office 365 settings-> Select "Become Admin" on the left. Follow the steps to verify that this user owns domain ""
  6. Add the DNS verification record as provided
  7. Once DNS is verified, you will become the admin of that Unknown Tenant.
  8. Now you can remove the domain from Tenant.

Once the domain is removed, please log out and logon to your new Office 365 tenant account, where you want to add the vanity domain.

Please follow the instructions to add the domain in Office 365