Migrate Mailbox Permissions to Office 365

Mailbox permission are typically translated to O365 during properly batched hybrid MRS moves, however there are still many scenarios where permissions must be audited on-premises and re-applied after migration. One example may be when using 3rd party migration tools. 2/10/2017 – Script has been updated to include new features based on feedback. Download package and…

5

Synchronize Mail-Enabled Public Folders to Distribution Groups in Office 365

In an Office 365 hybrid deployment, DirSync is typically used to ensure the on-premises and online directories remain synchronized.  DirSync does not however synchronize mail-enabled public folders, so PowerShell scripts must be run periodically to manually publish them to the O365 address book:http://technet.microsoft.com/en-us/library/dn249373(v=exchg.150).aspx What also doesn't synchronize is mail-enabled public folders that are members of distribution groups.  DirSync will synchronize the on-premises…

3

Bulk Migrate Office 365 Licenses

This is a follow-up post to Bulk Enable Office 365 License Options and reflects an unusually complex scenario where O365 licenses must be migrated to a different SKU.  Here is a real-world example… Customer initially purchases E1 licenses and begins to provision and migrate accounts using the included service options (i.e. Exchange, SharePoint, and/or Lync).  Customer…

0

Bulk Enable Office 365 License Options

There are a number of online PowerShell resources which describe how to bulk assign an O365 license while enabling only certain service options.  In general, you would define the –DisabledPlans parameter using New-MsolLicenseOptions and assign the license using New-MsolUserLicense.  However, how do you go back and bulk enable a specific service option after the license has been assigned?…

16

Automatically Provision New Office 365 Mailboxes

Transitioning from an on-premise messaging solution to Exchange Online is often only half the battle.  A long-term administration strategy is just as important as a sound migration plan.  Many organizations use identity management software to on-board new employees, and any reputable product can easily create AD accounts and assign the necessary attributes to mail-enable the…

4

Audit File Server Permissions Using PowerShell

A customer recently asked me to help refine a VBScript which they use to enumerate permissions on all their file servers.  The team periodically queries the entire file system and imports the results into a database for historical auditing.  Their existing VBScript did provide the required information using nested loops to walk the file system…

6

Customize Role-Based Access Control in Office 365

Office 365 includes several default RBAC roles which allow end-users to access ECP and manage their own account properties or advanced mailbox features.  A summary of the built-in roles can be found at http://help.outlook.com/en-us/140/Dd207272.aspx.  An O365 administrator can also enable and disable certain roles to control what properties and/or features a user can manage.  There…

1

Automatically Disable POP3 & IMAP in Office 365

?Office 365 automatically enables IMAP for Kiosk (Deskless) accounts, and both POP3 and IMAP for Enterprise accounts.  Mailbox protocols can be disabled using EMC connected to the O365 remote forest or through a remote PowerShell session.  However, this is a manual process that requires an administrator to configure each mailbox after it has been provisioned. …

7

Delegation of Active Directory Recycle Bin

While working on an AD 2008 R2 upgrade project, I was asked by my customer whether Active Directory Recycle Bin could be delegated. They already had a delegated OU administration model for managing accounts, and wanted it to also include the recovery of deleted objects. I did some research and found a vague reference that…

0