Category Archives: Exchange Online

Exchange Forwarding Report

This powershell snippet will tell you which mailbox is actively forwarding email, in what method (dual delivery or pure forwarding), to which email address and if the corresponding contact still exists and is active.

#Module name: findForwarderDetails
#Author: Jos Lieben (OGD)
#Date: 01-04-2016
#Description: this snippet will discover all active forwarders in your organization, and will print the original mailbox, target contact and target address and forwarding method

$output = @()
$mailboxes = Get-Mailbox -ResultSize Unlimited | Where {$_.ForwardingAddress -ne $Null}

foreach ($mailbox in $mailboxes){

    $obj = New-Object PSObject
    $obj | Add-Member NoteProperty mailboxName($mailbox.DisplayName)
    if($mailbox.DeliverToMailboxAndForward){
        $obj | Add-Member NoteProperty forwardingMode("Dual delivery")
    }else{
        $obj | Add-Member NoteProperty forwardingMode("Forward Only")
    }
    try{
        $contact = Get-MailContact -Identity $mailbox.ForwardingAddress.DistinguishedName -ErrorAction Stop
        $obj | Add-Member NoteProperty forwardingToName($contact.DisplayName)
        $obj | Add-Member NoteProperty forwardingToEmail($contact.ExternalEmailAddress)
    }catch{
        $obj | Add-Member NoteProperty forwardingToName("CONTACT DOES NOT EXIST OR IS DISABLED")
        $obj | Add-Member NoteProperty forwardingToEmail("CONTACT DOES NOT EXIST OR IS DISABLED")
    }
    $output += $obj
}

Write-Output $output

Giving all users access to a mailbox in Office 365 – Exchange Online

So you noticed the ‘All Users’, ‘Everyone’ and ‘Domain Users’ groups are missing in Office 365! That’s a pity if you have a mailbox that your whole organisation should be able to access, because Dynamic Distribution lists can’t be used as a security group.

At first, I thought this would be as simple as enabling ‘Dedicated Groups‘ in AzureAD for the tenant. But no, apparently builtin groups already exist, but are simply invisible in the Office 365 / Exchange Online interface.

So, I looked up the SID of the group I wanted to add here, and used Powershell to add the group to the mailbox’s ACL. Here’s an example, where we’re giving Everyone access to a Office 365 shared mailbox called ‘Public Calendar’:


Add-MailboxPermission -Identity "Public Calendar" -User S-1-1-0 -AccessRights FullAccess

Note: these permissions will be invisible in the web interface of Exchange Online, user Get-MailboxPermission to verify / view them.

Warning: obviously, you should never give ‘everyone’ Full Access permissions to anything.

Automating remote mailbox creation in an Exchange 2010/2013 and Office 365 hybrid setup

In organisations that have moved to Office 365, or are moving to Office 365 while using a hybrid setup with an on-premises Exchange 2010, 2013 or 2016 server and/or Lync/Skype, your helpdesk tools and scripts need to be adjusted.

While previously, you would provision your account in Active Directory, the mailbox on the onpremises Exchange Server and voip functionality on the Lync/Skype server, after your migration, you no longer need to provision mailboxes or lync accounts on premises. After a user has been migrated to Office 365, his ‘user type’ in the Exchange on premises server is ‘Remote Mailbox’. But for new users, this is not set automatically.

If you’re using scripting or tools like ADManager, you can use some simple Powershell commands to set the correct properties on a newly created user.

Configure and run below script Continue reading Automating remote mailbox creation in an Exchange 2010/2013 and Office 365 hybrid setup

LicReport365

Slowly but surely, the Office 365 dev team is adding reporting functionality to their platform, to the delight of admins and managers alike. For admins it means a lot less scripts to write, for managers it means knowing….stuff.

One report I missed was a report that tells me when users last logged on. Because if I have thousands of users, and they all consume licenses….I’d very much like to strip licenses from users that haven’t logged in since x amount of time.

Especially for companies with geographically dispersed users and inefficient exit procedures, this can save a lot of licensing costs over time.

My report was built in Powershell, and will check the last time the mailbox was accessed to determine the last logon date, this is not perfect, as I can image some organisations use specific licenses just for skype or dynamics, they will not benefit as much from this script, but in 99% of the times it should suffice 🙂

The script will list the user UPN, Name, Last Logon, Creation Date, Usage Location, Mailbox Size and Used Licenses.

Download: LicReport365_v0.5

Source:

Continue reading LicReport365

Get last logon times for all Exchange Online users

If you want to figure out when your users last logged on, perhaps to clean up licenses in use by dormant accounts, the following Powershell code may help you.


########
#checkLastLogonTimes
#Copyright: Free to use, please leave this header intact
#Author: Jos Lieben (OGD)
#Company: OGD (http://www.ogd.nl)
#Purpose: Generate a CSV file with last logon times of all Office 365 users
########

$csv = "c:\temp\LastLogons_$(Get-Date -format dd_MM_yyyy).csv"
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session
$users = get-mailbox -ResultSize Unlimited | select UserPrincipalName
Foreach ($user in $users){
$mbx = get-mailboxstatistics -Identity $($user.UserPrincipalName) | Select LastLogonTime
$upn = $user.UserPrincipalName
if ($mbx.LastLogonTime -eq $null){
$res = "Never"
}else{
$res = $mbx.LastLogonTime
}
$outStr = "$upn,$res"
Out-File -FilePath $csv -InputObject $outStr -Encoding UTF8 -append
}