PROVISIONING ISSUES:
• Provisioning issues that are caused by wrong Exchange attributes can be identified with one of below symptoms.
• You have recently migrated the users from on-premises and you assigned them a license, but when a user is logging into Office365 portal he sees the Exchange apps with “Setting up” status.
• You have made some attributes changes in Active Directory for a user, for example you changed the user primary SMTP, and you noticed that these changes do not reflect to Exchange Online.
• Some users that have been provisioned as remote mailboxes are reporting they are seeing “Setting up” for OWA/People/Contact icons in Office365 portal, but if they browse to direct OWA they can access their emails. url https://outlook.office365.com/
Ref. Articles to troubleshoot these issues:
How to fix Office365 user provisioning issues that are generated by faulty Exchange attributes:
https://blogs.technet.microsoft.com/exovoice/2016/11/07/how-to-fix-office365-userprovisioning-issues-that-are-generated-byfaulty-exchange-attributes/
MAILBOX PERMISSIONS:
Full Access:
Allows the delegate to open the mailbox, and view, add and remove the contents of the mailbox. Doesn't allow the delegate to send messages from the mailbox Add-MailboxPermission - Identity - User - AccessRights FullAccess - InheritanceType All [- AutoMapping $false]
Send As:
Allows the delegate to send messages as if they came directly from the mailbox or group. There's no indication that the message was sent by the delegate. -Identity -User [- AccessRights ExtendedRight] - ExtendedRights "Send As"
Send on Behalf:
Allows the delegate to send messages from the mailbox or group. The From address of these messages clearly shows that the message was sent by the delegate (" on behalf of "). However, replies to these messages are sent to the mailbox or group, not to the delegate. Set-Mailbox -Identity - GrantSendOnBehalfTo
Ref. Articles to troubleshoot these issues:
Automapping a shared mailbox not working - Everyone in cloud - Full Permissions
https://social.technet.microsoft.com/Forums/msonline/en-US/cfaa151f-d11a-4f25-ba96-8b87316811c0/automapping-a-sharedmailbox-not-working-everyone-in-cloud-fullpermissions
Full Access Delegation not working - 'cannot expand the folder':
https://answers.microsoft.com/enus/msoffice/forum/msoffice_outlook/fullaccess-delegation-not-working-cannotexpand/d1b61e58-3bb8-4bdf-a04fe5d3c43835ab
Overview of delegation in an Office 365 hybrid environment:
https://docs.microsoft.com/enus/exchange/troubleshoot/delegates/overview-delegation-office-365-hybrid
Permissions in Exchange hybrid deployments:
https://docs.microsoft.com/enus/Exchange/permissions
OUTLOOK WEB APP POLICIES:
Outlook on the web mailbox policies control the availability of settings and features in Outlook on the web. A mailbox can only have one Outlook on the web mailbox policy applied to it. PowerShell command to get output of default Outlook Web App Policy:
Get-OwaMailboxPolicy | fl
Issue related to OWA mailbox Policy:
When running RemoveOWAMailboxPolicy, the user gets the following error: “couldn’t delete mailbox policy ‘’ because it is associated with users.” The user runs Get-CasMailbox cmdlet for all user mailboxes and can’t find any mailbox that has "ghost" policy assigned to it.
Cause:
This could happen if the user had the mailbox having "ghost" policy assigned to it before and then the mailbox was removed without deleting the user. The OWA Mailbox policy attribute is not cleared on the AD user object when mailbox is removed.
Resolution:
Check if there are users without mailbox. If there are just a few of them, complete the following steps for each of them: 1. Add a mailbox to the user 2. Remove the reference to the policy 3. Remove mailbox for the user.
Ref. Articles to troubleshoot these issues:
https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-on-the-web/outlook-web-app-mailbox-policies
https://docs.microsoft.com/en-us/powershell/module/exchange/set-owamailboxpolicy?view=exchange-ps
MAILBOX RECOVERY SCENARIOS:
Restore Scenarios
Exchange Online Only: Restore a user account that was removed from the portal or PowerShell using remove-msol command. Restore a mailbox where which was removed from EAC or PowerShell using remove-mailbox command.
Restore a user account that was removed from the portal or PowerShell using remove-msolcommand
>Deleting MSO object puts the attached active mailbox also in the soft deleted state.
>We can use the restoremsoluser command to recover the MSO object.
>As we recover the MSO object using the above command the related mailbox is automatically restored in active state.
Restore a deleted user’s mailbox data to a new or alternate mailbox:
>In Hybrid scenario, create a user and remote mailbox.Force AAD Sync
>Collect the GUID for the softdeleted/inactive mailbox. Get-Mailbox – SoftDeletedMailbox |FL *guid* >Run the below mailbox restore command to merge the accounts NewMailboxRestoreRequest - SourceMailbox - TargetMailbox - AllowLegacyDNMismatch
>The same needs to be run seperately again if an archive mailbox also needs recovery after adding the (- SourceIsArchive and/or - TargetIsArchive) switches.
Ref. Articles to troubleshoot these issues:
Some basic understandings:
1. Global Admin vs Delegated admin? Can a delegated administrator add a domain?
Global admin means you have unlimited control over the products in your subscriptions and you can access most data. Delegated
administration allows you to manage Microsoft 365 (including EOP settings) as if you were an admin within that organization. As a delegated administrator, you can perform tasks such as adding users, resetting passwords, and adding domains.
2. can we upgrade and downgrade user license without losing data? For example, change license
from E1 to E3 and vice versa.
Yes, we can change license assignment without losing data.
3. We also archive mailboxes by converting them to shared. Can you recover a deleted shared
mailbox if it has been deleted from EAC?
Yes, but you can't use the EAC to restore a deleted mailbox. You can use the Exchange Management Shell to restore a deleted mailbox to an existing mailbox using the NewMailboxRestoreRequest cmdlet. When you restore a deleted mailbox, its contents are copied to an existing mailbox, which is referred to as the target mailbox. After a deleted mailbox is restored, it's still retained in the mailbox database until it's permanently deleted by an administrator or purged after the deleted mailbox retention period expires.
4. how to soft match the users in hybrid scenario
A match on userPrincipalName and proxyAddresses is known as a soft match. Below article will give us clear understanding about the process (step by step)
https://support.microsoft.com/en-us/topic/how-to-use-smtp-matching-to-match-onpremises-user-accounts-to-office-365-user-accounts-for-directory-synchronization-75673b94-
e1b8-8a9e-c413-ee5a2a1a6a7
Comments
0 comments
Please sign in to leave a comment.