Skype for Business

                                Lync will be merged as Skype for Business 

Next release of Lync is being released as  Skype for Business,

Here is the video from Skype Blog introducing Skype for Business.


Here is the update from Skype blog:

Skype Blog:

Also their are few good articles on this :
EWeek Article:
http://www.eweek.com/networking/slideshows/how-microsoft-is-transforming-skype-into-a-major-enterprise-app.html?utm_medium=email&utm_campaign=EWK_NL_SR_20141125_STR1L2&dni=195067966&rni=25887701
InsideLync Blog:
http://blog.insidelync.com/2014/11/lync-to-be-rebranded-as-skype-for-business/


                 Exchange Versions, Build Number, Roll UP's and Cumulative updates

When a exchange disaster happens or whenever you want to perform some proactive health check of Exchange servers you will look to find a way to check which version of Exchange server you are using and which update roll up \ Cumulative update it is running.

Now let us see what version of Exchange we are using :

Exchange 2003:

  1. Go Exchange System Manager (ESM).
  2. Then click on Administrative Groups, followed by Servers Folder.
  3. In right pane you can see list of all the servers and you will see the "Server Version".
Also check the below article for Build Numbers and their release dates.


Exchange 2007 and Exchange 2010:

Method 1:
  1. Go to Exchange Management Console and navigate to Server Configuration object.
  2. Select the Server object and on Right side you will see the Version Number.
Once you got the version number, follow the below article to check respective SP \ Roll up level for the respective Version Number.


Method 2:
  1. Open the Exchange Management Shell.
  2. Execute the follow command to determine the Version Number.
    Get-Exchangeserver
    Get-ExchangeServer | Select Name, AdminDisplayVersion
Once you got the version number, follow the below article to check respective SP \ Roll up level for the respective Version Number.


Exchange 2013:
  1. Open the Exchange Management Shell.
  2. Execute the follow command to determine the Version Number.
    Get-Exchangeserver
    Get-ExchangeServer | Select Name, AdminDisplayVersion
Once you got the version number, follow the below article to check respective SP \ Roll up level for the respective Version Number.




        Disable automatic delivery of Internet Explorer 10 - Automatic Updates

So you are seeing that most of the applications are not compatible with IE 10 now a days and you users will face many issues while they trying to access application via IE 10.

But you noticing that IE 10 is automatically getting installed via Windows Updates and as an administrator you want to control this auto installation.

You can follow the below steps to stop the auto installation of IE 10 via Windows Updates:


  • Login to your domain controller.
  • Now download the IE 10 blocker from the Microsoft website
    http://www.microsoft.com/en-in/download/details.aspx?id=36512
  • Once the file is downloaded, extract the .exe to any location on the server creating a folder named IE10 blocker.
  • You will file two files here “IE 10_Blocker.cmd” and “IE 10_Blocker.adm”.
  • So as you are using Group policy to do this and you need the second file, which is “IE 10_Blocker.adm”.
  • Now open Group Policy Management console, create a new policy named “Block IE10” and click EDIT the policy.
  • Go to “Computer Policies” and Right click on “Administrative Template”, click on Add/Remove Template option.
  • Now browse and select the ADM template which we have extracted previously.
  • Now you will see new folder under “Classic Administrative Templates (ADM)” under “Administrative Template” go through it and Windows Components > Windows Updates >Do not allow delivery of Internet Explorer 10 through Automatic updates.
  • Enable the Template “Do not allow delivery of Internet Explorer 10 through Automatic updates”.
  • You are policy is ready for use, Apply on domain if you would like to block across all computers.
Done, this will stop the automatic delivery of IE 10 via windows updates.


        Disable automatic delivery of Internet Explorer 11 - Automatic Updates

Administrator will always receives complaints form users when ever IE is upgraded to latest release, problem most of the legacy or third party application might be compatible with latest IE versions

But you noticing that IE 11 is automatically getting installed via Windows Updates and as an administrator you want to control this auto installation.

You can follow the below steps to stop the auto installation of IE 11 via Windows Updates:


  • Login to your domain controller.
  • Now download the IE 11 blocker from the Microsoft website
    http://www.microsoft.com/en-in/download/details.aspx?id=40722
  • Once the file is downloaded, extract the .exe to any location on the server creating a folder named IE11 blocker.
  • You will file two files here “IE 11_Blocker.cmd” and “IE 11_Blocker.adm”.
  • So as you are using Group policy to do this and you need the second file, which is “IE 11_Blocker.adm”.
  • Now open Group Policy Management console, create a new policy named “Block IE11” and click EDIT the policy.
  • Go to “Computer Policies” and Right click on “Administrative Template”, click on Add/Remove Template option.
  • Now browse and select the ADM template which we have extracted previously.
  • Now you will see new folder under “Classic Administrative Templates (ADM)” under “Administrative Template” go through it and Windows Components > Windows Updates >Do not allow delivery of Internet Explorer 11 through Automatic updates.
  • Enable the Template “Do not allow delivery of Internet Explorer 11 through Automatic updates”.
  • You are policy is ready for use, Apply on domain if you would like to block across all computers.
Done, this will stop the automatic delivery of IE 11 via windows updates.

     How to Export Message Tracking logs from Office 365


Moved your exchange organization to cloud ? it's good news :-) . You received most of your On-premise Maintenance & Staff cost for your Exchange server.

What about message tracking logs ? what if we need to trace a email or to submit a log report in any Audit. No worries in general Exchange online will store Message Tracking logs for 30 days, so if you want to keep your Message Tracking Logs for a long time , then you need to download regularly and keep them safely on any storage for future use:

The below steps will guide you to export the Message tracking logs from Exchange online to a CSV file.
  • Open Windows Azure PowerShell.

  • Now you need to connect to your Office 365 tenant to perform export, you can follow the below link to know how to connect to office 365 tenant.
  • .    Once the session got established please use the below command to export the Message tracking logs to a CSV file.

    Get-MessageTrace -StartDate "10/15/2014 00:00:00" -EndDate "10/31/2014 00:00:00" | Select MessageID,Received,*Address,*IP,Subject,Status,Size | Export-Csv 20130915.csv –NoTypeInformation

     Please Note: 
  1.      Logs will be saved in the directory from which you are executing the export command. 
  2.      Date's in above command should be selected based on your preferred days between which you want the logs.



    Office 365 Migration  - Internal Outlook clients are pointing to On-premise exchange server

The migration was completed successfully, all the MX and auto-discover records are set to office 365 in our DNS portal, We tested that the Outlook clients are connecting from outside the organization are able to auto-discover the mailbox settings and able to connect to their Office365 mailbox.

Now the problem started, when the on-premise users are trying configure their outlook client, it is routing to their On-premise exchange server.

What to do ? just two steps to go , to make sure your on-premise clients connect to their Office 365 mailbox.


  1. Create a CName record for Auto Discover in your internal DNS pointing to the office 365 auto discovery server created in your Public DNS portal.
                                                         Or
    From outside your on-premise network ping autodiscover.yourdomain.com ( Note: Yourdomain.com should be replaced with your organization namespace), note down the IP address it is pointing , then come back to your local DNS and create a A record pointing to the IP which you noted down. (autodiscover.yourdomain.com should point to the IP which was resolved during ping operation from outside network).
  2. Once one of the above record is created in your network, try to ping from your internal network and check if it is pointing to Outlook.com autodiscover server.
  3. Now you need to make your AutoDiscoverServiceInternalURI to null on your CAS server, use below command to make it null.

    Set-ClientAccessServer –Identity “your CAS servername” –AutoDiscoverServiceInternalUri $NULL
Noe go back and try creating the outlook profile again , now it should discover the Office365 mailbox server settings with out any issues.
                       Azure Active Directory Sync - Creation of new objects

Hey... Directory sync was implemented to Office 365 and you see everything is synced to your Office 365 tenant.

Now , you got a doubt whats next, how to manage and create the objects ? No worry its simple. :-)

Do it in your Active Directory and it will sync to your Office 365 tenant.


  • New User : If you want to create a new mailbox for your new employee, the first create a user account for the new employee in your active directory, it will get synced to your office 365 and once it is synced you can assign Mailbox license to this user and a new mailbox will get provisioned in Exchange Admin Center for this new user.


  • New Contact: Now you want to create a new contact in for mail contact purpose, no problem create a new SMTP contact in active Directory and it will sync to your contact list in Exchange Admin center.


  • New Group : Now be little careful in understanding this, their are 2 groups, Security group and Distribution group.
    Security Group: Security groups are for assigning permissions and these are not mail enabled. So you can create a security group in AD and it will be synced to your Office365.
    Distribution Group: If you don't have a exchange server in your On-premise and you want to create a distribution group in you AD and would like to sync it to office 365 their are few additional attributes you need to create for the Distribution group to make sure the group will sync to office 365.
    Please follow below article what to be consider to create a distribution group in AD and get that synced to Office365
    http://prakash-nimmala.blogspot.in/2014/10/distribution-groups-are-not-syncing.html

                                     Office 365 - Distribution groups are not Syncing

Recently we have a Office 365 migration, where we implemented directory synchronization where we noticed that Distribution Groups created with in Active Directory are not syncing to office 365.

Finally we got a solution, if we create a distribution group with in the Exchange all the required attributes like Proxy Address, Display name , Mail etc are getting populated in the Distribution group object, however we don't want to use exchange because we are going to decommission the exchange server in future. The distribution group  created in Active Directory with out the involvement of exchange Or organization which don't have exchange servers will not populate these attributes in newly created distribution group.

So what are the attributes we need to look for ? Let us see below :

Name, DisplayName, ProxyAddress, Mail.

Yes , make sure the distribution group have following attributes , then your Distribution group will sync to Office 365 with out any issues, Let us see about these attributes and how to modify the Distribution group.

ProxyAddress: This attribute need to have to be in the format SMTP:newgroup@testdomain.com
DisplayName: This attribute should contain the name what you want to be appear.
Name: This is like an alias, so please take the first of of your email address before @ sign. ex: newgroup
Mail: This is the email address that you want to assign to the new group newgroup@testdomain.com

You can use the ADSIedit or also you can use the Attribute editor within the property of Distribution group for this purpose.

Have a good day , hope this save your time of further research.
                                  Office 365 User Password - Never Expire


This applies to Office 365 Enterprise or Office 365 Midsize organization.

Let us see how can we set a office365 user account password to never expire, Firstly we need to connect to our office 365 Tenant account:
  1. Open Azure power shell, run as administrator.
  2. Type the below command to import the MSOnline module.
     Import-Module MSOnline
  3. Type the below command and it will prompt for your Office365 credentials. Enter the credentials once it is prompted and click Ok
    $O365Cred = Get-Credential
  4. Now type the below command to initiate a PSSesssion to your Office 365 tenant account
    $O365Session = New-PSSession –ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $O365Cred -Authentication Basic -AllowRedirection
  5. Now enter the below 2 command in the power shell.
Import-PSSession $O365Session -AllowClobber
Connect-MsolService –Credential $O365Cred

Now you can follow below commands based on your scenario,

To set the password of one user to never expire, run the following cmdlet by using the UPN or the user ID of the user:

Set-MsolUser -UserPrincipalName <user ID> -PasswordNeverExpires $true

To set the passwords to never expire for all the users in an organization, run the following cmdlet:

Get-MSOLUser | Set-MsolUser -PasswordNeverExpires $true

To see whether a single user’s password is set to never expire, run the following cmdlet by using the user principal name (UPN) (for example, april@contoso.onmicrosoft.com) or the user ID of the user you want to check:

Get-MSOLUser -UserPrincipalName <user ID> | Select PasswordNeverExpires

To see the "Password never expires" setting for all users, run the following cmdlet:

Get-MSOLUser | Select UserPrincipalName, PasswordNeverExpires



                  Click-to-Run installation of Office 2013 / Proplus


Click to run is a best approach of office installation, it is a mainly introduced to reduce the installation time as well as the the time taken to download of the software.

Let us see the step by step process on how to setup of New office with click to run.

  • Download the Office deployment tool from Microsoft website.
    http://www.microsoft.com/en-in/download/details.aspx?id=36778
  • Create a folder "Share" where you want to place the files and share this folder to every one.
  • Place the downloaded tool  into the above folder.
  • Double click on the tool and you will be asked to select a directory , now select the directory which you have created above.





  • Once you click on OK, you will see two files in the folder as below.

  • Now you need to edit the configuration.xml file, I will make this step more easier for you. You just open the configuration file in a note pad and remove every thing from it and place the below code.
<Configuration>

  <Add SourcePath="\\server\share\" OfficeClientEdition="32" >
    <Product ID="O365ProPlusRetail">
      <Language ID="en-us" />
    </Product>
    <Product ID="VisioProRetail">
      <Language ID="en-us" />
    </Product>
  </Add> 

   <Updates Enabled="TRUE" UpdatePath="\\server\share\" /> 

  <Display Level="Full" AcceptEULA="TRUE" />  

    <Logging Name="OfficeSetup.txt" Path="%temp%" />  

  <Property Name="AUTOACTIVATE" Value="1" />  

</Configuration>

  • In-place of source path , provide your share path and same in place of update path.
  • Now click save and close the file.
Now your configuration part is completed, now you need to download the Office software using the above configuration file and setup file.

For doing that follow the below process:



  • Once the download is completed, command will end. Now you have Office pro plus software ready for Network installation.
You can perform the installation of Office Proplus easily on a client machine, you need to execute below command to perform this:


Once you run the above command on the client machine, the installation will start as shown below


 Done, you have a click-to-run setup ready for starting your installation.

For Easy Administration purpose: As we know it is very tuff to go to each user machine and execute the above command to start the installation, for making the Admin life easy you can use put the command in a batch file and using group policy push the batch file as a start up script on all your domain computers this will install the office product easily on the domain computers without IT Admin intervention.

Hope you feel it easier now. :-) 

                                                             Metadata cleanup on windows 2008/2012



Let us take windows 2003 and windows 2008 DC’s as an example, you have migrated from 2003 to windows 2008 and moved all the FSMO roles to windows 2008 server. Now you have started demote the Windows 2003 domain controller and you ran into issues.

Now you have decided to go with Force removal of windows 2003 and removed the ADDS forcefully. (using dcpromo /forceremoval). Is this finishes your job ??

No! this is where actual job starts, you have removed Windows 2003 DC, but its references will not be removed from Active Directory database on your New domain controller (Windows 2008 DC).


You need to undergo metadata cleanup to remove all the instances of old DC from Active Directory.

Step-by-Step procedure for Metadata cleanup

Please Note:  Before starting please make sure your account is in Enterprise Admins group

  • Open a command prompt, type ntdsutil and press enter.
  • At the above ntdsutil prompt type metadata cleanup and press enter.
  • Now at metadata cleanup prompt type connections and press enter.
  • Now at the Server Connections prompt, type connect to server Test2.test.testdomain.com
  • At the Server Connections prompt, type quit and Enter.
  • At the Metadata Cleanup prompt, type select operation target and press Enter.
  • At the Selected  Operations Target prompt, type list domains and press Enter. This list all the domains in the forest are listed with a number associated to each.

  • At the Select Operations Target prompt, type select domain 0, where number “0” is the failed domain controller, and press Enter.

  • At the Select Operations Target prompt, type list sites and press Enter. This list all the sites in the forest are listed with a number assigned to each.

  • At the Select Operations Target prompt, type select site 0, where number “0” is the site containing the 2003 domain controller, and press Enter.

  • At the Select Operations Target prompt, type list servers in site and press Enter.

  • At the Select Operations Target prompt, type select server 0, where number “0” is the 2003 domain controller, and press Enter.
  • At the Select Operations Target prompt, type quit and press Enter.
  • At the Metadata Cleanup prompt, type remove selected server and press Enter.
  • You will get a warning message. Click Yes to confirm removal of the server

  • Once completed Type quit, Press enter and Type Quit and press enter, until you reach back to root drive.


Done, you have now completed the meta data cleanup and removed all the traces of your old domain controller.




Message Encryption On Office365

                           Office 365 - How to configure Message Encryption

Let us see how to enable the Message encryption on Office 365, you just need to subscribe for Microsoft Azure Rights Management.

1. Enable IRM Licensing:

  • Go to Office365 Admin portal and Service setting to enable Right Management service. Once you activated the right management the RMS should be activated for you.


  • When connected to Office 365 tenant, we need to set the RMS Online Key sharing location. Based on where your tenant is located run the appropriate command.

North America: Set-IRMConfiguration -RMSOnlineKeySharingLocation
https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc

European Union: Set-IRMConfiguration -RMSOnlineKeySharingLocation
https://sp-rms.eu.aadrm.com/TenantManagement/ServicePartner.svc

The Asia-Pacific Area: Set-IRMConfiguration -RMSOnlineKeySharingLocation
https://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc

  • Next step is to import the Trusted publishing domain , for that enter the below command:

    import-RMSTrustedPublishingDomain -RMSOnline -name “RMS Online”
  • You are almost completed, now just activate the internal IRM Licensing by running below command.

    Set-IRMConfiguration -InternalLicensingEnabled $True
  • Test the IRM configuration and see if it is working.

    Test-IRMConfiguration -RMSOnline
You Overall test result should say that it is Pass.

You are now 1 step away for configuring a rule for message encryption

 2. Create a Transport Rule for Message Encryption

Here i am going to explain you how to create a rule to encrypt the message if sent to outside the organization and subject line on the email contains Encrypted Message Key word.
  • Login to Office 365 Admin portal and go to Exchange Admin control panel. 
  • Go to Mail flow and create a new rule.
  • Type a name to the rule you are creating and click more options.
  • Now apply a condition for that drop down the "*Apply this rule of " now select The Subject and Body contains , then select The subject includes any of these words.
  • Now enter a key word Encrypted Message and hit + symbol and click ok.
  • Add new condition and select the recipient is located and is external\internal and then Outside the organisation.
  • Now come to the *Do the following  select Modify the Message security and Apply Office365 message encryption
  • Click save.
Testing :

Open a new email and put the key word "Encrypted Message" which have defined in the rule previously

Type what ever you want in the body and enter an external recipient and hit send. they should receive you message in an encrypted way. 

                                         Migration Error - Office365


Started the Cutover migration and every thing went well for a day, all of the sudden started receiving the below error when migrating the mailbox data to Office365.

Error: AutoDiscoverFailedConfigurationErrorException: AutoDiscover failed with a configuration error: The migration service failed to detect the migration endpoint using the Autodiscover service. Please enter the migration endpoint settings or go back to the first step and retry using the Autodiscover service. Consider using the Exchange Remote Connectivity Analyzer

We verified that Auto-Discovery is working fine. :-)
No Issues with RPC-Over-HTTP.
We tested with Microsoft remote connectivity analyzer tool and every thing is OK.

Auto Discovery test passed and RPC over HTTP test was passwed.

But where was the issue ? No clue !

How the objects are provisioned if the Auto Discovery is not working ? No answer ?

Solution: After going a call with Microsoft, creating the migration batch manually solved the issue. 

In this case auto-discovery test is getting success, but the not sure why it failing to connect the on-premise server for sometime.

So if you face this issue, you create the migration batch  manually rather than using Auto Discovery to get the settings.

Comment your experience



                            Create a Generic password for all the office365 users


If we go with a migration of 50 + or 100 + users, it would be difficult to distribute the password which were generated by office 365 directly during migration is a big head ace for the It departments.

So let us see a solution where we can set a unique password for all the office365 users and you can only achieve this using power shell

Before this you need to know how to connect to Office365 using PowerShell, my previous post speaks about this and below is the link for you.

http://prakash-nimmala.blogspot.in/2014/09/how-to-connect-to-office-365-using.html

Once you followed the steps mentioned in the above article, to connect to the Office365 using Powershell follow below instructions to set a generic\ Unique password for all the MSOnline users\O365 users.


  1. Once you connected your power shell to office 365, type the below command to see the list of MSonline users.
    Get-MSOLUser -All 
  2. Now type the below command to set the desired password for all the users
    Get-MsolUser -All | Set-MsolUserPassword -NewPassword E@syP@ss -ForceChangePassword $True >c:\Password.csv
The above command set the password as "E@syP@ss" for all the user account in your office365, and the attribute ForceChangePassword should be True, if you want to restrict users to change their password at next logon.

See how easy it is and provide your comment. 
                                         Connect to Office365 using PowerShell

You want to perform administrative tasks of office365 using power shell ? then you are at the right place now.

First you need to know, how you need to prepare your power shell environment to connect to O365 and let us see how.

The below are certain pre-requisites you need to follow to get your environment ready

Prerequisites:


  • Make sure you are running Windows 7 or above.
  • Make sure you have .Net framework 3.51 feature installed.
  • Install all the missing important windows updates.
  • Install the Microsoft online Services Sign-In Assistance.
  • Install Microsoft Windows Azure Active Directory module , you can get this from the below link . Choose appropriate version.
    http://technet.microsoft.com/en-in/library/jj151815.aspx
Once you meet all the above prerequisites follow the below steps to connect to office365.

  1. Open Azure power shell, run as administrator.
  2. Type the below command to import the MSOnline module.
     Import-Module MSOnline
  3. Type the below command and it will prompt for your Office365 credentials. Enter the credentials once it is prompted and click Ok
    $O365Cred = Get-Credential
  4. Now type the below command to initiate a PSSesssion to your Office 365 tenant account
    $O365Session = New-PSSession –ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $O365Cred -Authentication Basic -AllowRedirection
  5. Now enter the below 2 command in the power shell.
Import-PSSession $O365Session -AllowClobber
Connect-MsolService –Credential $O365Cred

You are now ready and your power shell has established the connection to your Office365 tenant successfully.

Comment on your experience.
               Reset Built-In Admin Password on Azure Virtual Machine


We got to a scenario , where we forgot our Administrator password for Azure virtual machine and their is no other account to login now.

No Idea on how to proceed ! :-o 

Are we stumped ? No after some research we got to find a solution which made us to reset Azure VM Built-In Admin Password.

First Step is you need to have a power shell, with Windows Azure Power Shell Module installed.

Below Link shows how to Install Azure Power Shell modules


So get ready , once the power shell is installed follow the below steps:

  1. Open the Azure power shell , by running it as Administrator.
  2. Now type Get-Module Azure
  3. Then you need to connect to Azure account, so open Windows PowerShell ISE and run the following commands
    Set-ExecutionPolicy RemoteSigned
    Import-Module Azure
    Add-AzureAccount
  4. Now type you username and password of Azure Administrator \ CO-administrator account.
  5. Type below command to get list of your Azure subscriptions if you have many.
    Get-AzureSubscription | Format-Table –Property SubscriptionName
  6. Run the following command by entering your subscription name.
    $subscription = “ENTER YOUR SUBSCRIPTION NAME HERE”
    Select-AzureSubscription –Default $subscription
  7. Now you need to enter below command , to get a prompt for credentials to which you would like to reset the built-in administrator account of a virtual machine.
    $adminCredentials = Get-Credential -Message "Enter new Admin credentials"
  8. Last but now least, run the following snippet to get the account reset.
    (Get-AzureVM) |
    Where-Object -Property Status -EQ "ReadyRole" |
    Select-Object -Property Name, ServiceName |
    Out-GridView -Title "Select a VM …" -PassThru |
    ForEach-Object {
        $VM = Get-AzureVM -Name $_.Name -ServiceName $_.ServiceName
        If ($VM.VM.ProvisionGuestAgent) {
            Set-AzureVMAccessExtension -VM $VM `
                -UserName $adminCredentials.UserName `
                -Password $adminCredentials.GetNetworkCredential().Password `
                -ReferenceName "VMAccessAgent" |
            Update-AzureVM
            Restart-AzureVM -ServiceName $VM.ServiceName -Name $VM.Name
        } else {
            Write-Output "$($VM.Name): VM Agent Not Installed"
        }
    }
Done, try login to your Azure Virtual Machine now. 

Success ? Great .

Comment on your experience.




 Find the list of Mail Enabled Public Folders on Exchange 2003


Did you any time got a situation where you need to get the list of all the mail enabled public folders? I got it and I followed below active directory query provided information for me in an easier way:

  •    Open Active Directory users and computer snap in.
  •      Right click the Saved Query and click New Query.
  •           A Query dialogue box will appear, and give a name to it ex: Querying the mail enabled public folderlist.
  •          Now click on “Define Query”
  •       In find list , select “Exchange Recipients” and click the check mark “Mail Enabled Public Folders”




  •   Click ok twice and done you will get the list of all mail enabled folders.