Monthly Archives: November 2020

List Users from BookInPolicy on a room mailbox.

We can use below command to get the list of users from BookInPolicy on a resource mailbox.

Get-CalendarProcessing User@domain.com | select -ExpandProperty BookInPolicy | Get-Recipient | select PrimarySmtpAddress, RecipientType

If you have multiple Room Mailboxes to check, you can use below script.

Save all room mailbox in RoomMailbox.txt [One mailbox per line] and run the below command.

$RoomList = Get-Content C:\Temp\RoomMailbox.txt
Foreach ($room in $RoomList)
{
#$BookInPolicy = 0
$BookInPolicy = Get-CalendarProcessing $room | select -ExpandProperty BookInPolicy | Get-Recipient | select PrimarySmtpAddress, RecipientType
Write-Host "Room $room has below users"
$BookInPolicy
Write-Host "        "
Write-Host "........"
}

[Get-MailboxFolderPermission], ManagementObjectNotFoundException

When you want to get the permissions list from a mailbox calendar or want to set permissions but you get below error.

Get-MailboxFolderPermission User@domain.com:\calendar

The operation couldn’t be performed because ‘User@domain.com:\calendar’ couldn’t be found.

    + CategoryInfo          : NotSpecified: (:) [Get-MailboxFolderPermission], ManagementObjectNotFoundException

    + FullyQualifiedErrorId : [FailureCategory=Cmdlet ManagementObjectNotFoundException],Microsoft.Exchange.Management.Store

   Tasks.GetMailboxFolderPermission

This is because the mailbox language is not English and the Calendar folder name has changed.

You can simply get the language of mailbox using below command.

Get-Mailbox User@domain.com | select Languages

Then based on the language, you can change the name of Calendar folder, in my case it should be “Kalender”.

Get-MailboxFolderPermission User@domain.com:\Kalender

View members of a dynamic distribution group

Dynamic distribution groups are distribution groups whose membership is based on specific recipient filters rather than a defined set of recipients.
You can’t use the Exchange admin center (EAC) to view the members of a dynamic distribution group. You can only use the Exchange Management Shell.

Using below command you can get list of members.

Get-Recipient -RecipientPreviewFilter (Get-DynamicDistributionGroup -Identity DDL@domain.com).RecipientFilter

Using below command you can get list of members and their DisplayName and PrimarySMTPAddresses, you can also specify any attribute to select.

Get-Recipient -RecipientPreviewFilter (Get-DynamicDistributionGroup -Identity DDL@domain.com).RecipientFilter | foreach {Get-Mailbox $_.PrimarySMTPAddress | select DisplayName, PrimarySMTPAddress}

How to create and apply retention policies and check Archive mailbox Size.

In the previous Article, we explained what is online Archive and how to enable it. In this article we will understand how to move data to Online Archive and how to check size of Online Archive.

Once you have Online Archive enabled, you can assign a retention policy to the mailbox to move data to Archive.

Retention Policies are made up of Retention Policy Tags, which defines how long to keep the email in your mailbox before moving it to Archive or Deleting the email.

There are some default “Retention Polices” available and you can also create one as per your need.
To see the default retention policies
Login – Exchange Admin Center -> Compliance Management – Retention Policies.

Default Retention Policies

You can also run below command on Exchange Online PowerShell to view Retention Policies and Tags.

Get-RetentionPolicy
Get-RetentionPolicyTag

If the default policy doesn’t suit your need, you can create a new one.

Create Retention Policy Tag –

New-RetentionPolicyTag "3 Year Move To Archive" -Type All -RetentionEnabled $true -AgeLimitForRetention 1095 -RetentionAction MoveToArchive

Create Retention Policy –

New-RetentionPolicy "3 Year Move To Archive - Policy" -RetentionPolicyTagLinks "3 Year Move To Archive"

Apply policy to a user –

Set-Mailbox -Identity User@domain.com -RetentionPolicy "3 Year Move To Archive - Policy"

Once the policy is applied to the user you can Start Managed Folder Assistant on the user’s mailbox to start Archive.

Once this is done, you can check the Archive size to see if the policy is working.

Get-MailboxStatistics User@domain.com -Archive

Exchange Online finds the archive mailbox using ArchiveGUID. Once Archive is enabled, you can see this GUID in mailbox properties.

The auto-expanding archive replaces the single GUID that connects the mailbox to the archive with a linked list of GUIDs. Each of the GUIDs points to a separate auxiliary archive of up to 50 GB.

We can see the GUID details using below command –

Get-ExoMailbox –Identity User@domain.com -Properties MailboxLocations | Select -ExpandProperty MailboxLocations

We can get GUID of the mailbox using below commands –

Get-MailboxLocation -User User@domain.com | Sort MailboxLocationType -Descending | FT MailboxGUID, MailboxLocationType

Once we have GUID we can find the mailbox size.

Get-ExoMailboxStatistics -Identity 2f2a0b11-1220-456e-bde6-8cbdca3fe17b | FT ItemCount, TotalItemSize

What is Office 365 Archive/ Microsoft 365 In-Place Archive

Enterprise plans (E3 – E5) grant 100 GB primary mailbox quotas to users, If primary mailbox reaches its quota limit (100GB), archiving in Office 365 (also called In-Place Archiving) provides users with additional mailbox storage space. An archive mailbox can be defined as an online-only extension of the primary mailbox.

How to Enable Archive  –

  • On the Exchange Admin Center -> Select the recipient -> Mailbox Features, you will see the option to enable Archive for mailbox.
  • On the “Security & Compliance Center” https://protection.office.com.
    • Under Information governance > Archive, select the recipient and you can enable/disable the Archive.

You can also enable Archive using PowerShell.

Enable-Mailbox -Identity User@domain.com -Archive -AutoExpandingArchive

The Archive mailbox Size is 50GB, and you should have AutoExpand enabled to increase the size of Archive automatically.
Once, Archive is enabled, we will see the Archive mailbox under your primary mailbox (Left bottom of your mailbox).

You can also disable Archive, on EAC or Compliance portal, by just clicking Disable [same as we enabled.]
Or using the below PowerShell command.

Disable-Mailbox -Identity User@domain.com -Archive

Although, disabling an archive prevents user access to the archive, it does not remove the content from the database where the archive data is stored. Instead, a 30-day retention period starts.

During this time, you can recover the archive and reconnect it to the primary mailbox by re-enabling the archive. Any content in the archive mailbox will be removed from the database once the 30-day deleted mailbox retention period expires.

Pros and Cons of Archive Mailbox –

  • Archive mailboxes can only be accessed online. Outlook does not synchronize any archive folder into the OST. So, your Archive mailbox will not be as fast as your Primary Mailbox.
  • Searches can find items stored in archives but only if the user specifies that Outlook should search “All Mailboxes”.
  • ActiveSync clients cannot access an archive mailbox because the protocol does not support this type of resource.

So, consider above points before you decide, which emails should go to Archive.

In the next Article, we will see how to create and apply retention policies and check Archive mailbox size.

Error – We are preparing a mailbox for the user..

After assigning a license to Microsoft 365 user, you don’t see mailbox of user and see below error on the portal, under email section.

“We are preparing a mailbox for the user”

To resolve the issue, you can follow below steps.

  • Just remove license from user and wait for some time, re-assign the license. If you still don’t see mailbox, move to next step.
  • Under the Health -> Service Health -> Check if there is any incident reported for you tenant.
  • If not, Please run the below command and see if there is any error for the user and any service incident related to that.
  • Get-MsolUser -UserPrincipalName UserWithError@domain.com | select -ExpandProperty Errors
  • If you see error with user, you can run the below command to get the exact error for the user.
Get-MsolUser -UserPrincipalName UserWithError@domain.com | ft UserPrincipalName,@{Name="Error";Expression={($_.errors[0].ErrorDetail.objecterrors.errorrecord.ErrorDescription)}} -AutoSize -wrap 
  • In the error report you will find out the user and see the error, for any conflicting attribute, for example UPN or Country Code, etc.
  • If you Sync the attributes from On-prem AD, you can correct the attribute there or match the attribute with any healthy account to see the difference.
  • Once done, run an AD Sync Cycle and see if that resolve the issue.
  • If the issue is still not solved, you will have to log a case with MS support.
Get-MsolUser -HasErrorsOnly -All | ft DisplayName,UserPrincipalName,@{Name="Error";Expression={($_.errors[0].ErrorDetail.objecterrors.errorrecord.ErrorDescription)}} -AutoSize -wrap
 
Get-MsolUser -HasErrorsOnly | select DisplayName,UserPrincipalName,@{Name="Error";Expression={($_.errors[0].ErrorDetail.objecterrors.errorrecord.ErrorDescription)}} | Export-csv c:tempvalidationerrors.csv