Thursday, August 21, 2014

How to view your "Cloud Only" users in Azure AD Powershell

I ran into an issue recently with a customer who had populated their cloud with users manually, and then ran DirSync to synchronize 1000s of user accounts.   We then had a need to audit the cloud only accounts and come up with a plan to remove them.   I found this to be a very effective way to address this.

Get-MsolUser -All | where { $_.ImmutableId -eq $null }

The ImmutableId field is created when users are synchronized from an external directory, so users without a ImmutableId are not from Active Directory.

Wednesday, August 20, 2014

Microsoft Lync TRIPP reports have been replaced

I use the Lync TRIPP reports often.  Despite many people clamoring that it uses Java or works incorrectly, I have found them to be pretty handy to ensure a customer's network is sufficient to support audio/video calling for both Lync Online as well as On premise.




None of the links in that article work anymore, however (thanks to Henrik Walther) there are new links available here:

http://www.msexchange.org/blogs/walther/news/office-365-network-analysis-tool-cloudapp-version.html

Most excellent.  Wish they'd make the old URL's redirect or something, since there are so many blogs that point to them now.


Monday, June 30, 2014

Lync 2013 – installing databases failing with Access is denied


Had this unusual issue recently while deploying a Lync 2013 Enterprise infrastructure. All the Lync 2013 databases installed correctly, except for the rtcxds database, which is arguably the most important one. The generic error was system error 5: Access is denied.
"An internal error has occurred while trying to create or update the database."


Weird. I have all the correct permissions. I am a domain and enterprise Administrator and a member of CSAdministrator and RTCUniversalServerAdmins (This was a Lync 2010 to Lync 2013 migration)

 

So I started looking around at permissions. Here's the file I cannot access via the C drive:



 

And here it is via the C$ share – it's not even showing!



 

I didn't screen capture the permissions, but I didn't have rights to view permissions on the file either. The same was true for the rtcxds log files as well.

 

The resolution:
Rename the rtcxds.mdf and rtcxds.ldf files to _old, and then reattempt installing the databases. This recreated the files within the CsData folder, set the correct permissions, and then the database install succeeded. Never did find a root cause for why this one occurred.

Exchange 2010/2013 Delegates Report


One of the most important guidelines when moving mailboxes to the cloud is to make sure that you move mailboxes along with their delegates in the same batches to avoid issues. Rajkumar-MCITP has made this script a while back that worked very well.
However, I recently found that it didn't work as well as it once had for me in Exchange 2007. Here's the issues I had getting this to work.
  • For Exchange 2010/2013, you need to change get-MailboxCalendarSettings to get-mailboxCalendarConfiguration
  • The output file path is c:\MailboxReport.csv and the $attachment value is c:\temp\DelegatesReport.csv in the send-mailmessage cmdlet.  They'd need to match for the attachment to come through. 
  • In order for mail to work, you'll need to modify the $ToAddress and $fromAddress fields as well as the SMTP server in the send-mailmessage command
  • Additionally, if you don't have your localhost configured to accept the email, you likely won't get the file emailed to you.  Easier to just grab the CSV file to be honest.
  • Then, I noticed that the CSV had no delegates in the delegate column.

 

So I spent some time to find a better way to gather this data.

 

Here's the powershell one-liner:


 

Get-Mailbox -ResultSize unlimited | Get-CalendarProcessing | where { $_.ResourceDelegates -ne "" } | Select-Object identity,@{Name='ResourceDelegates';Expression={[string]::join(",", ($_.ResourceDelegates))}} | Export-csv -Path c:\temp\ResourceDelegates.csv
It doesn't email you, but if you want a second line to Send-MailMessage, you can easily add that.

Exchange 2010 Hybrid Configuration Wizard failing with “Execution of the Get-FederationInformation cmdlet had thrown an exception”



 

The Problem:
Exchange 2010, single server environment being used as the HCW.  No ISA/TMG, direct NAT/ACL through a Palo Alto Firewall.
The HCW fails with:
[6/25/2014 15:48:59] ERROR:Updating hybrid configuration failed with error 'Subtask Configure execution failed: Creating Organization Relationships.

Execution of the Get-FederationInformation cmdlet had thrown an exception. This may indicate invalid parameters in your Hybrid Configuration settings.

Federation information could not be received from the external organization.

ExRCA passes for web services and for autodiscover
The Federation TXT DNS entry is in place and confirmed.
The SSL certificate was from Digicert, their utility showed it was properly chaining as well.
Testing the Get-federationinformation shows a 405 Method not allowed error:
[PS] C:\>Get-FederationInformation -DomainName orgname.net -Verbose
VERBOSE: [16:44:20.030 GMT] Get-FederationInformation : Resolved current organization: .
VERBOSE: [16:44:20.030 GMT] Get-FederationInformation : Using the following trusted host names: *.outlook.com.
VERBOSE: [16:44:28.142 GMT] Get-FederationInformation : The discovery process returned the following results:
Type=Failure;Url=https://autodiscover.orgname.net/autodiscover/autodiscover.svc;Exception=Discovery for domain orgname.net
failed.;Details=(Type=Failure;Url=https://autodiscover.orgname.net/autodiscover/autodiscover.svc;Exception=The request
failed with HTTP status 405: Method Not Allowed.;);
Type=Failure;Url=https://orgname.net/autodiscover/autodiscover.svc;Exception=Discovery for domain orgname.net
failed.;Details=(Type=Failure;Url=https://orgname.net/autodiscover/autodiscover.svc;Exception=Unable to connect to the
remote server;);
Federation information could not be received from the external organization.
    + CategoryInfo          : NotSpecified: (:) [Get-FederationInformation], GetFederationInformationFailedException
    + FullyQualifiedErrorId : A864F05C,Microsoft.Exchange.Management.SystemConfigurationTasks.GetFederationInformation

 

The resolution:
  1. Reset the Autodiscover Virtual Directory using the EMC:  http://technet.microsoft.com/en-us/library/ff629372.aspx
  2. Reset the WSSecurityAuthentication to $true
  3. IIS reset, then the get-federatedinformation worked!
Here's a side by side of the autodiscover virtual directory configurations…   you might notice other than GUID and date fields, there is nothing different.
Before:
http://chrislehr.com/blogpics/063014_1428_Exchange2011.png


 

After:
http://chrislehr.com/blogpics/063014_1428_Exchange2012.png


 

Monday, June 23, 2014

Lync 2010 and Lync 2013 Documentation script

Went out to Pleasanton, CA last week for ExtraTeam's MIcrosoft Camp, where one of my collegaues, Sean Kirkpatrick released this powershell script that pulls data from your Lync environment and formats it all in an awesome Excel spreadsheet.  Never again will I sit manually entering a normalization rule into Excel.

I frankly am surprised we are making this public domain..  it's that good.

Enjoy!

http://blog.lyncfreak.com/2014/06/12/lync-documentation-script/

And thanks, Sean!!