Retrieve Mailbox Migration errors for Office365

When you have a lot of mailboxes to migrate, Microsoft’s provided method of viewing the errors involves a tedious amount of clicking by logging into the portal, selecting Exchange, Migration, View details, scroll down to find a failure, select the user, click view details.

Viewing Migration status in Office365

 

Rather than use the tedious method of going into the details, selecting a user and then viewing details, run the following powershell script (once connected using the previous office365 connection script)

get-migrationuser -status failed  | get-migrationuserstatistics | select identity,emailaddress,recipienttype, error,bytestransferred |export-csv c:\temp\migrationstatus.csv

I also have a simple loop that gets me the status once an hour. Obviously change the email address’s appropriately.

while (1)
{
$a=(get-migrationuser | out-string)
send-mailmessage -to myemailaddress@domain.com -subject “Company Migration Stats” -from administrator@company.com -smtpserver my.mailserver.com  -body $a
start-sleep -seconds 3600
}

Find mailboxes that have the Email Address Policy disabled

Took me a while to work this one out but the powershell line for this is

get-mailbox | where {$_.EmailAddressPolicyEnabled -eq $false}

Or you could switch it to the following but this is less easy to read for junior techs to understand as the ! is not necessarily obvious.

get-mailbox | where {!$_.EmailAddressPolicyEnabled}

Fixed – Office365 journalling does not work for one user

I’ve been working on a case with Microsoft’s Office365 support for several weeks trying to find out why email sent *to* a particular user was not being journalled. All the other mail seemed to be journalled to the external recipient, email from the user was working, just not email to that user.

The experience was quite frustrating as Microsoft’s support were terrible at calling back and could not grasp the concept of email tracking. Their solution after making a change was to wait a day to see if it was fixed although it was quite apparent that the Microsoft servers were not even trying to send the email (by looking at the Trace Logs you can see what email was being sent and received).

After checking the connectors were setup, mail properly scoped, the user had no rules on their mailbox, Microsoft’s solution was to delete the mailbox and reset it up again.  Not so easy when the mailbox/user is federated with Active Directory and the user happens to be the owner of the company. That was not a conversation I was going to have with them!

The only thing that was different with this user was that in troubleshooting this issue we had set the user up to receive the journalling non delivery reports. I figured that if the emails were not being delivered, maybe sending him the errors would help. However no reports were being received either.  However, according to KB 2829319 this behaviour can be seen. Although I had removed the journal receipient in the web gui, the emails were still not being journalled until I added another external email address to the configuration using the powershell command set-transportconfig -JournalingReportNdrTo myemailaddress@somethingorother.com

At this point, all the email started to be journalled.

Note that we only added the recipient into the mix when I was trying to work on the initial problem so it looks like this wasn’t the only fix.

The other thing we did was change the outboundconnector to be onpremises. Changing the setting in the GUI we then ran Set-OutboundConnector archivemymailconnector -routeAllmessagesviaonpremises $true.

 

These two combinations seemed to fix the issue.

One thing I also learnt was that it is really useful to send multiple emails between changes and keep the subject line starting the same. Use the date/time at the end of the email. That way you can sort the email logs by Subject and just pick out the ones you were working on. By having the subject start with zzz followed by Round X (ie zzz Round 1 – change connector – 1345pm and zzz Round 1 – change connector 1346pm ) then the results are likely to appear at the end of your mail logs if you sort by subject.  Sorting by Date was not always a good idea as mail flow could occur between mail coming into the server and mail leaving the server.

 

Retrieve user friendly list of users who have full access to a particular mailbox in Office365

We had a request to provide a list of users who have Full access to a mailbox in Office 365. The get-mailboxpermission is pretty straightforward, but the results show the Windows username as opposed to the descriptive name for the user. The following script should provide the information needed. Note that the first 3 lines connect to Microsoft Online (you will be prompted for username and password) – the last two are the magic ones. Replace “User name” with the users first and last name ie “Andy Helsby” in my case

$LiveCred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
Import-PSSession $Session

$userlist = Get-Mailbox "user name" | Get-MailboxPermission | Where-Object { ($_.AccessRights -eq "Fullaccess") -and ($_.IsInherited -eq $false) -and -not ($_.User -like "*nt authorityself*") }
$userlist | foreach {get-mailbox $_.user}

If I can work it out, I’ll update the script later to provide a report for all mailboxes – in the meantime this works for 1 mailbox at a time.

Funnily enough, this report didn’t actually help the reason we were asked for the report – that was because the user had issues connecting to someone else’s mailbox. It turns out that the Microsoft Online password had been changed and outlook was using the cached credentials. By removing the stored passwords in the control panel, Outlook prompted for the password and everything started working.

Fixed: Remove extra ip address from commandline.

Occasionally you may have a need to remove an additional ip address that has been assigned to a network card. For example you might have a card listening on two ip address’s – say 192.168.1.2 and 192.168.1.3
You can remove this from the gui but there may be reasons where the gui is not available but access to the server via psexec (or the Windows 2008R2 core mode) is the only access to the server that you have.
To remove the ip address just type in
netsh interface ipv4 delete address “Local Area Connection” addr=192.168.1.3

Simple as that but it took a while stepping through the netsh commands to get the correct syntax for this. I use netsh for switching my laptop to customer ip ranges for troubleshooting when on their lan or when configuring switches, but this is the first time I’ve had the requirement to remove an extra ip address.

Commenting out command in batch file gotcha.

I’ve been working on a batch file script (yes I know I am meant to be using powershell) and kept getting a “The syntax of the command is incorrect”.

My code is as follows:-

reg query “hklm\software\microsoft\windows\currentversion\windowsupdate\auto update\Rebootrequired”
if not errorlevel 1 (
::theKey exists therefore we need to do a reboot
echo reboot is required from previous windows updates.
)

The :: is a quick and tidy shortcut to rem out a statement in a batch file.

However – today I found out that you cannot use this trick within an if statement. Instead the :: needs to become rem

So the script becomes

if errorlevel 1 (
rem theKey exists therefore we need to do a reboot
echo reboot is required from previous windows updates.
)

For what it’s worth this is a snippet of code from a script that detects if windows updates are required, installs them, emails the log file and then reboots if required. The step above comes from a recent discovery that the patch detection returns no patches needed if the server is still in a pending reboot after patches were applied (typically because the shutdown failed to take place)

Geocaching.com to Flickr greasemonkey script updated.

I updated my Geocaching.com greasemonkey script to work with the new cache names. This script automatically links to the flickr photos tagged with the geocache name ie GC1NMKA
When I first wrote the script back in 2005 I knew very little about greasemonkey scripts and unfortunately not a lot has changed. However I realized that the script broke as it was looking for the characters GC followed by 4 uppercase alphanumeric characters. New caches now have 5 characters so I needed to fix this.

A quick change to the script now looks for GC followed by any number of uppercase alphanumeric characters and can be found by going to geocache2flickr with a greasemonkey enabled browser and installing the script. This will be the official location but will also be available on the userscripts.org website.
Screenshot of geocaching.com website showing link to flickr page