Use the Set-Mailbox cmdlet with the -WindowsEmailAddress parameter to set the primary SMTP address in Exchange Online ... [Read More]

A detailed guide on how to print or export the Global Address List using the Outlook client ... [Read More]

Find out which RBAC role you need to run a specific PowerShell cmdlet in Azure or on-prem ... [Read More]

The following method will help you set up a shared mailbox to automatically accept calendar requests without getting any annoying email notification messages ... [Read More]

This script is for cloning a Role Assignment Policy in Exchange. For example, if you want to allow certain users to add/remove members to the distribution groups they own, you need to enable the "MyDistributionGroups" option in the role assignment ... [Read More]

This script is for exporting all the mailboxes that have users auto-mapped with FullAccess rights. The script is for on-prem Exchange environments ... [Read More]

Set up Auto Reply messages that goes out everytime an email arrives. No admin intervention is needed! ... [Read More]

When new messages are not visible in Shared type mailboxes it is because items with "private" type are not accessible even for users with Full Access rights. Viewing of private messages can be set in the Delegates list of the ... [Read More]

Important messages are deleted from a mailbox and restore it from the retention store in not working!!! Here's how you restore messages from a backup, on a live system! ... [Read More]

On the web there are very few articles detailing how to rebuild an Exchange mailbox server. In this article I guide you through a real-life example of dial tone recovery, step by step ... [Read More]

Despite spam filters are set up for your email service, spam messages might slip through the cracks and land in your users' inboxes. These messages can cause real pain. Here are two methods how to mass remove spam emails from ... [Read More]

When sending from a shared mailbox, users will notice that their messages are saved in their own mailboxes by default, not in the Sent Items folder in the shared mailbox! One Exchange commandlet sorts the issue! ... [Read More]

The script returns the cumulative size of the requested folder with and without subfolders counted in ... [Read More]

Deploying DKIM on Zimbra Collaboration Edition Server is simple compared to the difficulty of doing so on an on-premises Exchange server. As it's built into the suit, we have an easy job creating the key pairs with a single command ... [Read More]

We already covered how to get LE certificates for CentOS boxes, this time we incorporate that knowledge into a script to get and automatically renew the SSL certificate for our Zimbra server running on CentOS 8 ... [Read More]

If you are on a budget and you need an email system that doesn't require licensing and run on a modest hardware, Zimbra is a good choice. Here's how to install it on CentOS 8 ... [Read More]

On-premises Exchange servers have no built-in DKIM modules, so a 3rd party software is needed to implement DKIM (detailed here), but luckily in Office 365 setting up the DKIM signing process is very simple ... [Read More]

It's a quick guide to install a postfix server on CentOS, that can receive incoming email from the internet. In our lab we use our protectigate.com domain, and a user mailbox john@protectigate.com, who will receive our test email ... [Read More]

Address lists are built-in features in the Exchange messaging system, there is always at least one global address list that users can use to look up other users in the organization. They can either use the Address Book button in ... [Read More]

Alice wants to set Abigail's out of office message in her absence. Also, she needs to send email messages out from Abigail's mailbox which she's able to do anyway, as she was given send-as permissions to Abigail's mailbox, but each ... [Read More]

If for some reason a passive copy of a mailbox database in a DAG gets corrupted (see screenshot below), the safest way to fix the issue is by reseeding the database ... [Read More]

In this lab we take a look at the special ImmutableID property of the Microsoft Online user accounts. This property is used when we synchronize on-prem AD accounts to the cloud. The ImmutableID shows the hybrid system which on-prem account ... [Read More]

Password hashes are synchronized separately from the user account to the Azure Active Directory by AADSync. If there are issues with hash sync for certain users or even whole domains, there is a great built-in tool to diagnose the issues ... [Read More]

An interesting test is how to migrate user mailboxes between two on-prem Exchange systems that have no connection whatsoever, other than a plain network connection through the internet. They belong to different forests, and there are no trust relationships set ... [Read More]

During onboarding or offboarding Office365 migration batches are created with collections of users to first sync the given users' mailboxes to or from the cloud, and keep it synced until they are completed. When whole batches are completed, all mailboxes ... [Read More]

Is Office365 still asking for 2FA for your global admin, even though MFA is disabled for all of your users?
This is because 'Security defaults' are enabled in your tenant. To disable it open the Azure portal: https://aad.portal.azure.com Under 'Azure Active ... [Read More]

ADFS Smart Lockout handles authentication requests, blocking users when getting suspicious activities from certain IP addresses, while allowing valid users continue to use their accounts. Doing this without locking the actual AD user account ... [Read More]

There might be scenarios when cutting ADFS and falling back to cloud authentication is urgently required. For example, when our on-premises ADFS authenticator servers go down - possibly due to a network outage - we want our users to be ... [Read More]

Pass-through Authentication is somewhat in between the other two options when it comes to configurability. While it is so much simpler to configure than ADFS (same steps are followed when setting up PHA), however the same seamless SSO is provided ... [Read More]

To convert users from on-prem synced to fully cloud managed type, we have two options. One is to cut DirSync altogether, which will put users to a soft-deleted state from which we restore them. The other way is to only ... [Read More]

If you want a user to be fully customizable, editable in the cloud you can convert it to cloud managed type. Note that if you do that, naturally no local AD changes will be synchronized to the cloud version of ... [Read More]

Migrating users from on-prem to Office365 (onboarding) and from the cloud to on-premises (offboarding) is easier done by using the Shell. The migration batches are created from a csv file. After the batch is ready, we start the batch, which ... [Read More]

In this article we follow the main direction of our earlier guide where we detailed a proper Exchange 2019 to Office 365 migration, but without PTA or ADFS (so without proper single sign-on) configured. This time we go through the ... [Read More]

Azure AD Connect synchronizes changes to user accounts every 30 minutes by default. This frequency applies only to item attributes, not user passwords. Password hashes are suppoed to be synchronized instantly. In certain cases, you might want to force a ... [Read More]

In this article we are migrating our alwayshotcafe.com email system to the Office365 cloud. For details on how the on-prem environment was built, please visit the corresponding article here: How to Install a new Microsoft Exchange 2019 Server – Step ... [Read More]

Scenario: we have a dedicate mailbox that receives a regular report attached to an email every morning. We want that attachment to be saved to a specific folder on a server, and move the message away from the Inbox to ... [Read More]

This article guides you through the steps of setting up a proper load balancer for Exchange 2019, 2016 or 2013 client connections on a pfSense firewall, using HAProxy ... [Read More]

Basic CAS connection path In this article we address the issue of client access during Exchange maintenance. By default, all client access services are configured with the owner server's name on Exchange servers after installation. Let's take a simple example ... [Read More]

1. CAS - stateless goodness! This article is solely dealing with the Exchange CAS array (client access services), more precisely with Outlook connectivity. A client has multiple ways to access his/her mailbox on an Exchange server. They can use the ... [Read More]

Before removing the last Exchange server in the organization we must make sure that all the Exchange databases are removed. We cannot have any mailboxes still active, as they are tied to Active Directory and deleting the server without gracefully ... [Read More]

Removing an Exchange Database is not as simple as clicking on a delete button. Exchange is tied together with Active Directory, a mailbox and other objects have footprints there and if a database is removed that still has any objects ... [Read More]

This article aims to get a view of all the scenarios how SMTP messages travel through an Exchange organization. We'll cover all the variations, from having one server in the company only, all the way to many sites, with multiple ... [Read More]

25/TCP or 2525/TCP? Have you ever wondered how incoming and outgoing SMTP messages flow through your Exchange environment on their way to the destination mailboxes? In this article we utilize Wireshark packet capturing tool to see what ports are used ... [Read More]

Knowing how to recover disconnected or straight up deleted mailboxes could come very handy, this article goes through the possible scenarios and gives a simple step-by-step guidance on the recovery process. 1. Retention period - while it's not too late ... [Read More]

Always Hot Café wants extra security on the perimeter of it's network. They asks us to deploy an Exchange Transport server in their organization. When installing and Exchange server we need to specify the type of the server which can ... [Read More]

In Exchange there is a single Global Address List that contains all the mail objects in the organization. Always Hot Café has three locations in the following cities: New York and Austin. The management wants the workers at those locations ... [Read More]

Always Hot Café has three coffee shops in three different cities: New York, Los Angeles and Austin. They asked IT to create a distribution list for all three, keeping in mind that staff move around and whenever one person is ... [Read More]

The SPF record a domain owns can have the maximum length of 255 characters. A longer record - or even nearly that long - is not advisable as recipient servers have a more difficult job to process all elements, especially ... [Read More]

When access to a mailbox in Exchange 2013-2019 is assigned, by default the mailbox is auto-mapped to the trustee's profile. That means if Alice gets access to Peter's mailbox, Alice will see her colleague's mailbox appearing automatically in her Outlook ... [Read More]

You are searching for the folder inside a mailbox that contains the oldest message. Mailbox folders can be scanned specifying certain criteria. This one-liner takes advantage of the OldestItemReceivedDate property of the MailboxDatabaseFolder query output. It crawls through all the ... [Read More]