Exchange Online

Recipient missing from Exchange Online

When you configure ADConnect for Exchange Hybrid you expect that a UserMailbox from on-premise will be represented in Exchange Online as a MailUser. I had an issue where one mailbox on-premise didn’t have a recipient in Exchange Online. I checked the Admin Center and found the user was synced from on-premise Active Directory successfully. When I clicked on the user I saw the following error “Exchange: The execution of cmdlet Enable-MailUser failed.”

I moved the user in Active Directory to an OU that wasn’t in sync with ADConnect. Running a delta sync with ADConnect removed the user from Azure Active Directory. I then went to Deleted Users in Azure Active Directory, found the user and clicked on Delete Permanently.

Finally I moved the user in Active Directory back to the original OU and ran another delta sync with ADConnect. This time when the user was provisioned in Azure Active Directory they are correctly showing as a Mail User and I’m able to migrate the mailbox.

Exchange

Redirect messages in queue to another server

I was working with a customer who changed some TLS 1.0/1.1 setting on their Exchange server that broken mail flow to Exchange Online. They were in the process of migrating to Exchange Online from their four server Exchange DAG. I found that two servers were unable to send messages to the Edge server and then Exchange Online:

421 4.4.2 Connection dropped due to Socket Error Attempted failover to alternate host, but that did not succeed. Either there are alternate hosts, or delivery failed to all alternate hosts.

In this situation I was able to place the server component Hub Transport in maintenance mode by running:

Once the component was in maintenance I was able to redirect the message to a working server and have them delivered:

Exchange Online

Moderated Groups in Hybrid

Working with a customer who was in the middle of the hybrid migration to Exchange Online they had an issue where emails being sent to All Company were not being approved. The All Company distribution group is a moderated group and the approvers had their mailboxes On-Premise. I found the following error in the message trace:

Moderated groups leverage arbitration mailboxes to send the notification emails to the approvers. Unfortunately the approvers were not getting any notifications when the senders mailbox was in Exchange Online. In the message trace I did find a NDR for “550 5.6.0 APPROVAL.InvalidExpiry; Cannot read expiry policy.” It turns out that Exchange Online required a Retention Policy Tag for Moderation. I ran the following commands in Exchange Online:

After running these two commands messages sent to a moderated group from a cloud mailbox were able to have the notifications delivered to the approvers. This is documented in the Microsoft Docs https://docs.microsoft.com/en-us/exchange/troubleshoot/email-delivery/550-5-6-0-approval-invalidexpiry-cannot-read-expiry-poilcy-error

Hybrid Exchange

Outlook doesn’t connect to mailbox in Exchange Online after hybrid migration.

I have been working on a Hybrid Migration where several users weren’t able to have their Outlook client connect to the mailbox after it migrated to Exchange Online. The mailbox move completes successfully the Outlook client gives a popup that an Administrator has made a change and to close and re-open Outlook. Unfortunately when the user opens Outlook it is stuck trying to connect to the On-Premise Exchange server and doesn’t update. The Outlook version is the ProPlus (Click to Run) Microsoft 365 version that comes with their Office 365 E3 license.

If the user creates a new Outlook profile it is able to connect with the mailbox in Exchange Online. I then asked to switch back to the original Outlook profile and it was successful in connecting to the mailbox in Exchange Online.

Something in the Outlook client was getting updated when a new profile was created that then allows the old profile to work. After testing on a few different machines I found adding the following registry key meant the original Outlook profile would connect without creating a new profile.

  1. Open Registry Editor: Press Windows Key + R to open a Rundialog box. Type “regedit” and then press Enter.
  2. In Registry Editor, locate HKEY_CURRENT_USER\Software\Microsoft\Exchange
  3. Create a new DWORD Value “AlwaysUseMSOAuthForAutoDiscover”
  4. Set the value to 1
  5. Exit Registry Editor
  6. Start Outlook

Hybrid Exchange

Mailbox Moves without a Batch

I recently came across an issue when moving mailboxes to Exchange Online where the migration user had failed with the following error:

Error: MigrationTransientException: MAPI provider is not supported for mailbox with version ‘[version info]’ on server.

It turns out this is an issue with a recent update to Exchange Online and Microsoft is rolling out the fix. I was able to create the move request without creating a batch by running the following from Exchange Online PowerShell:

There is also a similar process if you needed to move a mailbox from Exchange Online back to On-Prem:

Hybrid Exchange

Unable to remove Public Folder Mailbox after migration

I was recently trying to remove the last Exchange 2013 Exchange server having already migrated to Exchange Online and setup the Exchange 2016 recipient management server. I was getting an error that the last database couldn’t be removed because it still had mailboxes on it. Indeed there was one Public Folder mailbox even though the Public Folder had successfully migrated to Exchange Online.

When trying to remove the Public Folder mailbox it gives the error “No active public folder mailboxes were found. This happens when no public folder mailboxes are provisioned or they are provisioned in ‘HoldForMigration’ mode. If you’re not currently performing a migration, create a public folder mailbox.”

I was able to resolve this by running this command:

With the mailbox removed, I could remove the mailbox database and uninstall the Exchange 2013 server.

Exchange Online

Office 365 ATP External email forwarding

I have been discussing with several customers on the upcoming change to block auto forwarding in Exchange Online. The announcement from Microsoft is for Roadmap ID 63831 and goes into effect September 1st 2020.

There is no impact on external forwarding in this update, however automatic forwarding will be disabled based on the policy in a future update currently planned for September 1, 2020 and we will communicate via Message center. Once the policy takes effect messages that are being automatically forwarded outside the organization will be blocked and non-delivery report (NDR) will be sent to the user.

If like many of my customers you have a legitimate reason to forward to external addresses you need to login to https://protection.office.com/antispam and change the “Outbound spam filter policy (always ON)”

The setting you are looking for is under Automatic forwarding and you should set this to “On – Forwarding is enabled”

Now if you want to be more secure you can create a new Outbound policy and scope this to just the mailboxes that need forwarding enabled.

Exchange

Expansion Server

I ran into the following error when uninstalling an Exchange 2010 server:

This computer is responsible for expanding the membership of 15 distribution groups. These must be reassigned to another server before setup can continue.

To find which distribution groups have an Expansion Server set you can run the following from the Exchange Management Shell:

Then run the following to null out the value for the distribution groups:

Exchange Online

Data Consistency Score

Microsoft recently announced improvements in mailbox move requests with something call Data Consistency Score. It is meant to prevent you from setting the bad items to a high number like 5000.

Improving Migrations Using Data Consistency Scoring – Microsoft Tech Community – 1105920

I started not to set any bad item limits and let the new feature go to work. After a few batches it all worked and I was impressed. Last night I hit a snag where the move request was stuck and wouldn’t complete. The move request statistics was stuck on Synced.

I was required to check the migration user to find the data consistency was set to Investigate:

I was required to set the migration user in Exchange Online to approve skipped items:

After setting this the mailbox completed the move request successfully.

ADConnect

ADConnect Filtering Settings

I was working with a customer that asked if there was a way to export from ADConnect the OU filtering settings. From PowerShell on the server where ADConnect is installed I was able to run the following:

You will need to change the name of the AD domain on the 4th line and the exported text files will be saved to the C:\Export folder.