Description

This script connects either to Exchange Online or to a dedicated on-premises Exchange Server to export configured mailbox delegates and SMTP forwarding configurations.

The SMTP forwarding configurations are gathered from inbox rules and from mailbox forwarding settings.

Requirements

• Exchange Server 2016 or newer
• Cretenials to logon to Exchange Online and Office 365 when querying EXO mailboxes
• Utilizes GlobalFunctions PowerShell Module --> http://bit.ly/GlobalFunctions

Examples

# Example 1
# Connect to the on-premises Exchange Server mx01.varunagroup.de and export delegation and SMTP forwarding information
.\Get-DelegatesAndForwardingRules.ps1 -ExchangeHost mx01.varunagroup.de

# Example 2
# Connect to the on-premises Exchange Server mx01.varunagroup.de, export delegation and SMTP forwarding information and get verbose information on the objects worked on

 .\Get-DelegatesAndForwardingRules.ps1 -ExchangeHost mx01.varunagroup.de -Verbose 

# Example 3
# Connect to Exchange Online and export delegation and SMTP forwarding information

 .\Get-DelegatesAndForwardingRules.ps1 -ExchangeOnline

Version History

• 1.0, Initial community release

Links

• Download and follow at Github: https://github.com/Apoc70/Get-DelegatesAndForwardingRules
• Download and like at TechNet Gallery: https://gallery.technet.microsoft.com/Get-delegates-and-SMTP-9c42a270

Use GitHub Issues to leave comments, requests, end even bugs or issues.

Additional Credits

The script is based on the O365-InvestigationTooling script DumpDelegatesandForwardingRules.ps1 by Brandon Koeller
Find more Office 365 investigation tooling scripts at https://github.com/OfficeDev/O365-InvestigationTooling.

Follow

• Twitter @stensitzki
• LinkedIn
• Xing

On May 11th, the SharePoint Saturday Cologne took place at the new Microsoft Office in Cologne. 

My session covered the migration of legacy public folders from Exchange Server 2010 to modern public folders hosted on-premises or Exchange Online. Additionally, I've talked about the pros and cons of a migration to Office 365 Groups and Microsoft Teams.

The slide deck is available on SlideShare.

Enjoy Exchange Server and do not forget about the end of support for Exchange Server 2010 on January 14th, 2010.

Description

When using this PowerShell script you can update the guest user's thumbnail photo to a photo that aligns with your company's CI and you do not have to rely on the Azure AD default photo.

This script set the AzureADThumbnailPhoto for guest users to a photo provided as JPG or PNG file.

The photo file can be up to 100KB in size. This is currently not checked in the script.

You can either update a single guest user or all guest users.

When updating the user photo can choose to set the photo forcibly or only if there is no photo set.

The changes are written to a log file. The log file functions are part of the GlobalFunctions module.

Examples

# EXAMPLE
# Set the photo ExternalUser.png for all guest users if no photo exists

.\Set-GuestUserPhoto.ps1 -FilePath D:\Photos\ExternalUser.png -GuestUsersToSelect All -UpdateMode SetIfNoPhotoExists

# EXAMPLE
# Set the photo ExternalUser.png for guest user JohnDoe@varunagroup.de if no photo exists

.\Set-GuestUserPhoto.ps1 -FilePath D:\Photos\ExternalUser.png -GuestUsersToSelect Single -UserPrincipalName JohnDoe@varunagroup.de

Version History

• 1.0, Initial community release

Links

• Download and follow at Github: https://github.com/Apoc70/Set-GuestUserPhoto
• Download and like at TechNet Gallery: https://gallery.technet.microsoft.com/Set-Thumbnail-Photos-for-ae2d437c

Follow

• Twitter @stensitzki
• LinkedIn
• Xing

Description

This script creates an HTML report showing the following information about an Exchange 2019, 2016, 2013, 2010, and, to a lesser extent, 2007 and 2003 environment.

The report shows the following:

•  As summary
  • Total number of servers per Exchange Server version
  • Total number of mailboxes per On-Premises Exchange Server version, Office 365, and Exchange Organisation
  • Total number of Exchange Server functional roles
     
• Per Active Directory Site
  • Total number of mailboxes
  • Internal, External, and CAS Array names
  • Exchange Server computers
    • Product version
    • Service Pack, Update Rollup, and/or Cumulative Update
    • Number of preferred and maximum active databases
    • Functional Roles
    • Operating System with Service Pack
       
• Per Database Availability Group
  • Total number of member servers
  • List of member servers
  • DAG databases
    • Number of mailboxes and average mailbox size
    • Number of archive mailboxes and average archive mailbox size
    • Database size
    • Database whitespace
    • Disk space available for database and log file volume
    • Last full backup timestamp
    • Circular logging enabled
    • Mailbox server hosting an active copy
    • List of mailbox servers hosting database copies
       
• Per Database (Non-DAG, pre-DAG Exchange Server)
  • Storage group and database name
  • Server name hosting the database
  • Number of mailboxes and average mailbox size
  • Number of archive mailboxes and average archive mailbox size
  • Database size
  • Database whitespace
  • Disk space available for database and log file volume
  • Last full backup timestamp
  • Circular logging enabled
     

The script uses a separate CSS file for styling the HTML output.

Examples

# Example 1
# Generate an HTML report and send the result as HTML email with attachment 
# to the specified recipient using a dedicated smart host

.\Get-ExchangeEnvironmentReport.ps1 -HTMReport ExchangeEnvironment.html -SendMail `
-ViewEntireForet $true -MailFrom roaster@mcsmemail.de -MailTo grillmaster@mcsmemail.de -MailServer relay.mcsmemail.de

Version History

• 2.0, Initial community release

Links

• Download and follow at Github: https://github.com/Apoc70/Get-ExchangeEnvironmentReport
• Download and like at TechNet Gallery: https://gallery.technet.microsoft.com/Exchange-Environment-11fa7246

Additional Credits

Additional credits go to Steve Goodman for the original Exchange Environment Report V1.x scripts.

Follow

• Twitter @stensitzki
• LinkedIn
• Xing

Learn - Connect - Explore

This year's Microsoft Ignite Conference takes place on November 4 - 8 at the Orange County Convention Center (OCCC), Orlando, Florida.

Choose from over 1,000 Breakout and Theater Sessions to learn about new technologies and methods, or talk directly to Microsoft professionals and MVPs about your technical challenges. Select the sessions and hands-on experiences that are most interesting for you based on the Microsoft Learning Paths to suit your job role.

You will find me directly in the OneDrive for Business Experience in the exhibition area. Just stop by to learn more about the possibilities of modern and secure collaboration based on OneDrive.

Feel free to contact me via email to arrange an appointment at Ignite 2019: thomas@mcsmemail.de.

Links

• Microsoft Ignite 2019 Conference
• Session Catalogue
• Microsoft Learning Paths

See you in Orlando!

Description

This scripts gather a list of enabled users for a selected Exchange Server client protocol. The list of users is sent by email as HTML text in the email body or as an attached CSV file. You can select to gather data for a single protocol or for all protocols.

Available protocols are:

• POP
• IMAP
• ActiveSync

Requirements

• Windows Server 2012 R2 or newer
• Exchange 2016+ Management Shell
• GlobalFunctions module (found here)

Examples

# Find users having all protocols enabled, create a CSV file per protocol and send an email with CSV attachments

.\Get-EnabledProtocolReport.ps1 -SendMail -MailFrom automation@varunagroup.de -MailTo report@varunagroup.de -MailServer relay.varunagroup.de -Protocol ALL


# Find users having all protocols enabled, create a CSV file per protocol

.\Get-EnabledProtocolReport.ps1 -Protocol ALL -ExportCsv

Version History

• 1.0, Initial community release

Links

• Download and follow at Github: https://github.com/Apoc70/Get-EnabledProtocolReport
• Download and like at TechNet Gallery: https://gallery.technet.microsoft.com/Script-to-remove-unwanted-9d119c6b

Follow Me

• Twitter @stensitzki
• LinkedIn
• Xing

Description

This script reads Exchange Organization data and creates a single Microsoft Word document. A later version will support exporting to an Html file.

The script requires an Exchange Management Shell for Exchange Server 2016 or newer. Older EMS versions are not tested.

A locally installed version of Word is required, as plain Html export is not available, yet.

The default file name is 'Exchange-Org-Report [TIMESTAMP].docx'. 

Most of the script requires only Exchange admin read-only access for the Exchange organization. Querying address list information requires a membership in the RBAC role "Address Lists".

The script queries hardware information from the Exchange server systems and requires local administrator access to the computer systems.

Examples

# Example 1
# Create a Word report for the local Exchange Organization using 
# the default values defined on the parameters section of the PowerShell script.

.\Get-ExchangeOrganizationReport.ps1 -ViewEntireForest:$true

# Example 2
# Create a Microsoft Word report for the local Exchange Organization with 
# a verbose output to the current PowerShell session.

.\Get-ExchangeOrganizationReport.ps1 -Verbose

Version History

• 0.9. Initial community release
• 0.91, Information about processor cores, memory, and page file size added

Links

• Download and follow at Github: https://github.com/Apoc70/Get-ExchangeOrganizationReport
• Download and like at TechNet Gallery: https://gallery.technet.microsoft.com/Gather-Exchange-Organizatio-8c0dd625

Additional Credits

The script is based on the ADDS_Inventory.ps1 PowerScript by Carl Webster: https://github.com/CarlWebster/ActiveDirectory

Follow

• Twitter @stensitzki
• LinkedIn
• Xing

Azure AD Pass-through authentication (PTA) recommends that you run at least three authentication agents to provide high availability for authentication. 

When you download and install the PTA agent, registering the PTA agent to Azure AD might fail. This happens most of the time when the network connectivity to Azure AD requires the use of a proxy server. In such a network setup you normally encounter configuration errors only, if the proxy server is misconfigured or the Internet Explorer zone configuration is missing required entries for trusted sites.

When you encounter an error during installation and registration of the dedicated PTA agent I recommend to separate these two steps. You need the credentials of an Azure AD account that is a member of the Global Administrator management group.

1. Download the most current release of the PTA agent: https://aka.ms/getauthagent
2. Copy the downloaded file to the server that will serve as a PTA agent
3. Open an administrative command prompt and install the PTA agent software in silent mode without registering the agent:

AADConnectAuthAgentSetup.exe REGISTERCONNECTOR="false" /q

4. Open an administrative PowerShell session, navigate to the default installation location and register the PTA agent manually

# navigate to the default installation location
cd "C:\Program Files\Microsoft Azure AD Connect Authentication Agent"

# enter the global admin credentials
$cred = Get-Credential

# register the PTA agent using the RegisterConnector.ps1 script
# multiline example
.\RegisterConnector.ps1 `
-ModulePath "C:\Program Files\Microsoft Azure AD Connect Authentication Agent\Modules\" `
-ModuleName "PassthroughAuthPSModule" `
-AuthenticationMode Credentials ` 
-UserCredentials $cred `
-Feature PassthroughAuthentication

# single line example
.\RegisterConnector.ps1 -ModulePath "C:\Program Files\Microsoft Azure AD Connect Authentication Agent\Modules\" -ModuleName "PassthroughAuthPSModule" -AuthenticationMode Credentials -UserCredentials $cred -Feature PassthroughAuthentication

The Azure AD Pass-through agent Quickstart documentation has an example for automating the installation of the PTA agent as part of a server provisioning process. The current example references the wrong PowerShell module named AppProxyPSModule. The most recent release of the PTA agent does not contain a PowerShell module by that name. Use the PowerShell module PassthroughAuthPSModule, as shown in the PowerShell example shown above.

Links

• Azure Active Directory Pass-through Authentication: Quickstart
• Hybrid Identity Required Ports and Protocols

Enjoy Azure AD!

Exchange Server 2016 introduced the PowerShell cmdlet Get-MailboxServerRedundancy. This cmdlet helps you plan and prepare for Exchange Server maintenance by querying the current maintenance readiness of the database availability group (DAG). 

Interestingly, there is no PowerShell help available for this vital cmdlet. Microsoft Docs or Exchange Management Shell's Get-Help provide any valuable information.

When querying a DAG about the server redundancy status, the cmdlet's default output provides you with the essential information.

The default output contains information about:

• Identity
  Name of the DAG member server
   
• IsServerFoundInAD
  Indicates if the corresponding server computer object exists Active Directory
   
• IsInMaintenance
  Indicates if the server is currently in maintenance mode
   
• RepairUrgency
  Indicates an aggregated state of the mailbox database and search index repair modes 
   
• SafeForMaintenance
  Indicates if you can safely activate the maintenance mode for this server
   
• HealthInfoLastUpdateTime
  Timestamp when the server's health state was last updated
   

Example - Prior Maintenance

This example shows the Get-MailboxServerRedundancy output of a six server DAG, before activating maintenance mode for server LOCEXS06.

Get-MailboxServerRedundancy -DatabaseAvailabilityGroup EXDAG01

Identity        IsServerFound IsInMainten RepairUrgency SafeForMaintenance HealthInfoLastUpdateTime
                InAD          ance
--------        ------------- ----------- ------------- ------------------ ------------------------
LOCEXS01        True          False       Prohibited    False              17.02.2020 09:10:11
LOCEXS02        True          False       Normal        True               17.02.2020 09:10:11
LOCEXS03        True          False       Normal        True               17.02.2020 09:10:11
LOCEXS06        True          False       Normal        True               17.02.2020 09:10:11
LOCEXS05        True          False       Normal        True               17.02.2020 09:10:11
LOCEXS04        True          False       Prohibited    False              17.02.2020 09:10:11

As Exchange Administrator, you are most interested in the information displayed in columns RepairUrgency and SafeForMaintenance.

As you can see in this screenshot, no server is in maintenance mode. Servers S01 and S04 have a RepairUrgency state of Prohibited, and a SafeForMaintenance state of False. The latter tells us that we cannot activate maintenance mode for servers safely without risking mailbox database redundancy. 

What is the reason for this? Let's have a look.

Server Information

You can use the same cmdlet to query detailed information for each member server of the DAG. The default output for a single server does not provide any additional information on the server status. 

Get-MailboxServerRedundancy -DatabaseAvailabilityGroup EXDAG01 -Identity LOCEXS01

Identity        IsServerFound IsInMainten RepairUrgency SafeForMaintenance HealthInfoLastUpdateTime
                InAD          ance
--------        ------------- ----------- ------------- ------------------ ------------------------
LOCEXS01        True          False       Prohibited    False              17.02.2020 09:11:11

Because we cannot activate maintenance mode for server LOCEXS01 safely, we are interested in identifying which redundancy state is responsible.

You can find this information by displaying the detailed server information.

Detailed Server Information

Use the Format-List, or short FL, cmdlet to display the Get-MailboxServerRedundancy cmdlet output as a formatted list.

Get-MailboxServerRedundancy -DatabaseAvailabilityGroup EXDAG01 -Identity LOCEXS01 | FL

RunspaceId                                  : 70d82f8d-e6ca-4bfc-863f-11300a9784ff
Identity                                    : LOCEXS01
IsServerFoundInAD                           : True
IsInMaintenance                             : False
RepairUrgency                               : Prohibited
SafeForMaintenance                          : False
ServerContactedFqdn                         : LOCEXS04.VARUNAGROUP.DE
HealthInfoCreateTime                        : 15.06.2018 15:16:19
HealthInfoLastUpdateTime                    : 17.02.2020 09:11:11
ServerFoundInAD                             : CurrentState: Active; LastActiveTransition: 15.06.2018 15:22:16;
                                              LastInactiveTransition:
InMaintenance                               : CurrentState: Inactive; LastActiveTransition: 17.01.2020 09:07:02;
                                              LastInactiveTransition: 17.01.2020 10:42:02
AutoActivationPolicyBlocked                 : CurrentState: Inactive; LastActiveTransition: 09.01.2020 10:14:50;
                                              LastInactiveTransition: 09.01.2020 11:00:51
ActivationDisabledAndMoveNow                : CurrentState: Inactive; LastActiveTransition: ; LastInactiveTransition:
                                              15.06.2018 15:22:16
HighAvailabilityComponentStateOffline       : CurrentState: Inactive; LastActiveTransition: 17.01.2020 09:07:02;
                                              LastInactiveTransition: 17.01.2020 10:42:02
CriticalForMaintainingAvailability          : CurrentState: Inactive; LastActiveTransition: 31.01.2020 16:52:49;
                                              LastInactiveTransition: 31.01.2020 16:56:49
CriticalForMaintainingRedundancy            : CurrentState: Active; LastActiveTransition: 29.01.2020 11:43:06;
                                              LastInactiveTransition: 29.01.2020 11:42:06
PotentiallyCriticalForMaintainingRedundancy : CurrentState: Active; LastActiveTransition: 01.02.2020 05:49:37;
                                              LastInactiveTransition:
CriticalForRestoringAvailability            : CurrentState: Inactive; LastActiveTransition: 06.05.2019 09:16:36;
                                              LastInactiveTransition: 06.05.2019 09:20:36
CriticalForRestoringRedundancy              : CurrentState: Inactive; LastActiveTransition: 29.01.2020 11:42:06;
                                              LastInactiveTransition: 29.01.2020 11:43:06
HighForRestoringAvailability                : CurrentState: Inactive; LastActiveTransition: 29.01.2020 11:42:06;
                                              LastInactiveTransition: 29.01.2020 11:43:06
HighForRestoringRedundancy                  : CurrentState: Inactive; LastActiveTransition: 10.02.2020 09:05:02;
                                              LastInactiveTransition: 10.02.2020 09:06:02
IsSafeForMaintenance                        : CurrentState: Inactive; LastActiveTransition: 03.11.2019 09:42:35;
                                              LastInactiveTransition: 12.11.2019 06:29:58
IsValid                                     : True
ObjectState                                 : Unchanged

The lines 24-27 show the information we want to know. Both, the CriticalForMaintainingRedundancy and PotentiallyCriticalForMaintainingRedundancy parameters have a CurrentState value of Active. The Primary Activation Manager (PAM) considers the server availability critical to provide redundant availability of the database copies hosted by this server. 

Each of state-parameter shows three pieces of information:

• CurrentState
  The current state, either Active  or Inactive
   
• LastActiveTransition
  The timestamp of the last state change to Active
   
• LastInactiveTransition
  The timestamp of the last state change to Inactive

But there is still the bothering question of why are two of the six servers not safe for activating maintenance?

The reason is simple. The mailbox databases mounted by the member servers of the DAG have a different number of database copies. This configuration is due to data storage capacity constraints.

The mailbox databases storing primary user mailboxes use four database copies per database. Those copies are evenly distributed across all six mailbox servers. Mailbox database storing online archive mailboxes use three copies per database. This database copy layout allows for safely activating server maintenance for one server at a time without risk to database redundancy.

The servers LOCEXS01 and LOCEXS04 hold mailbox databases with just two copies per configured database. Placing one of those two servers into maintenance mode reduces the database availability for these mailbox databases to one. Therefore, PAM informs us that database redundancy is at risk when activating maintenance for those two servers. 

Example - During Maintenance

This example shows the member server redundancy state while LOCEXS06 is in maintenance. The reason for monthly maintenance for installing Windows updates.

Maintenance was activated using the StartDagServerMaintenance.ps1 PowerShell script.

Get-MailboxServerRedundancy -DatabaseAvailabilityGroup indag01

Identity        IsServerFound IsInMainten RepairUrgency SafeForMaintenance HealthInfoLastUpdateTime
                InAD          ance
--------        ------------- ----------- ------------- ------------------ ------------------------
LOCEXS01        True          False       Prohibited    False              17.02.2020 11:04:12
LOCEXS02        True          False       Normal        True               17.02.2020 11:04:12
LOCEXS03        True          False       Prohibited    False              17.02.2020 11:04:12
LOCEXS06        True          True        High          True               17.02.2020 11:04:12
LOCEXS05        True          False       Prohibited    False              17.02.2020 11:04:12
LOCEXS04        True          False       Prohibited    False              17.02.2020 11:04:12

Having a single server in maintenance has a significant impact on all other servers in the DAG. The servers LOCEXS03 and LOCEXS05 are not safe for maintenance as well. Activating maintenance for those two servers would affect the database redundancy for the databases hosted by those two servers.

Example - After Maintenance

After completing all maintenance tasks, e.g., installing Windows Updates or a new Exchange Server Cumulative Update, you end server maintenance using the PowerShell script StopDagServerMaintenance.ps1.

We query the server redundancy state again. 

Get-MailboxServerRedundancy -DatabaseAvailabilityGroup indag01

Identity        IsServerFound IsInMainten RepairUrgency SafeForMaintenance HealthInfoLastUpdateTime
                InAD          ance
--------        ------------- ----------- ------------- ------------------ ------------------------
LOCEXS01        True          False       Prohibited    False              17.02.2020 11:23:12
LOCEXS02        True          False       Normal        True               17.02.2020 11:23:12
LOCEXS03        True          False       Normal        True               17.02.2020 11:23:12
LOCEXS06        True          False       High          True               17.02.2020 11:23:12
LOCEXS05        True          False       Normal        True               17.02.2020 11:23:12
LOCEXS04        True          False       Prohibited    False              17.02.2020 11:23:12

Server LOCEXS06 is not in maintenance, but the RepairUrgency state is High. The local Exchange Server replication engine is still busy replicating and processing log files, and updating the search indices. When CopyQueueLength and ReplayQueueLength are back to 0, and ContentIndexStates are back to Healthy, the RepairUrgency switches to Normal.

Tip

• You receive an error message when activating maintenance for an Exchange Server not safe for maintenance using
  ​StartDagServerMaintenance.ps1 -serverName [SERVER]
  
  In this case, you must use:

.\StartDagServerMaintenance.ps1 -serverName SERVERNAME -overrideMinimumTwoCopies:$true

Enjoy Exchange Server!

Once upon a time at an Exchange Conference near you, a member of the Exchange Product Group (PG) announced that the very last Exchange Server will go away when having an active Exchange hybrid setup.

This was a hot topic for discussions at the Microsoft Exchange Conferences (MEC, @IamMEC) in 2012 and 2014, already. Since then the Exchange PG came up with a number of reasons why this is not possible. The question on when we will finally be able to remove the very last Exchange Server from the on-premises Exchange organization was asked every year at the Ignite Conference. 

Current Situation

Currently, the supported scenario for hybrid configurations between your on-premises Exchange organization and Exchange Online requires that you keep the last Exchange Server for creating, and managing Exchange related objects, even if those objects are located in Exchange Online. 

The following diagram illustrates the current requirements:

• Domain Controller Servers, with the most recent Active Directory Schema Update for a supported Exchange Server version, and stored Exchange-extended AD objects.
• DirSync Server, with AAD Connect, synchronizing Exchange-extended AD objects stored in on-premises Active Directory with Azure AD.
• Last Exchange Server, running a supported version of Exchange Server, managing the objects stored in on-premises Active Directory.

Interim solutions

In the past, there was communication on certain interim solutions that were supposed to support you in removing the last Exchange Server from your Exchange organization. Such interim solutions were:

• ADSI Edit
• Identity Management Solutions (IDM)
• PowerShell

At Ignite those solutions even made it into the official session catalog:

• Ignite 2018 - THR2145 - Why do we need to keep an Exchange Server on-premises when we move to the cloud?

All those interim solutions leave your on-premises Exchange organization and the Active Directory configuration in an uncomfortable twilight-zone. It was still something that worked somehow, but you knew it was officially not supported, and the secure and stable operation of the hybrid configuration was at risk.

But wait...

Removing the last Exchange Server is supported!

(at least when all components are released)

Solution

The new approach for managing your Exchange Online tenancy after migrating your on-premises Exchange organization to Exchange Online does not require an on-premises Exchange Server. 

The new mode of operation reduces your on-premises requirements to:

• Domain Controller Servers, running the most recent release Windows Server 2019 with the most recent Active Directory Schema Update for Exchange Server 2019 CU 5. This updates the Exchange-extended AD objects and the hybrid configuration object to support modern EXO management. Also, you must enable the Windows Feature "Exchange Online Remote Features" as described below.
   
• DirSync Server, with AAD Connect, synchronizing Exchange-extended AD objects stored in on-premises Active Directory with Azure AD. You must run the most recent release of Azure AD Connect (1.4.38.0) and have Exchange Hybrid enabled in AAD Connect.
  See release notes for Azure AD Connect. 
   
• Administrative PC, running the most recent version of the Exchange Online PowerShell v2 (aka ExchangeOnlineManagement)

The following diagram illustrates the new modern Exchange Online Management experience:

Simply you remove the requirement to use on-premises Exchange Server to write to your on-premises Active Directory. Instead, Azure AD Connect uses a new synchronization capability to handle the new Exchange Management experience in the AAD Connect MetaVerse. The on-premises AD-connector writes the changes to Active Directory which keeps the Active Directory up-to-date for all other on-premises solutions that require identities to have a proper state.

You execute all Exchange-related actions using the new Exchange Online Management PowerShell module, or, if needed, the new Modern Exchange Admin Center (EAC, which was announced at Ignite 2019.

Enable Modern Exchange Admin Experience (MEAE)

Before you uninstall the last Exchange Server from your on-premises Exchange organization, ensure that you

• Updated the Active Directory Schema Version to Exchange Server 2019 CU5
• Prepare the Active Directory and all domains in the Active Directory Forest that contain Exchange objects
• Ensure that there are not pre-Windows 2019 domain controller in use, and patch all domain controller to the March 2020 release
• Install the new EXORemote Windows Feature 

PS C:\> Get-WindowsFeature

Display Name                                            Name                       Install State
------------                                            ----                       -------------
[ ] Active Directory Certificate Services               AD-Certificate                 Available
    [ ] Certification Authority                         ADCS-Cert-Authority            Available
    [ ] Certificate Enrollment Policy Web Service       ADCS-Enroll-Web-Pol            Available
    [ ] Certificate Enrollment Web Service              ADCS-Enroll-Web-Svc            Available
    [ ] Certification Authority Web Enrollment          ADCS-Web-Enrollment            Available
    [ ] Network Device Enrollment Service               ADCS-Device-Enrollment         Available
    [ ] Online Responder                                ADCS-Online-Cert               Available
[ ] Active Directory Domain Services                    AD-Domain-Services             Available
[ ] Active Directory Federation Services                ADFS-Federation                Available
[ ] Active Directory Lightweight Directory Services     ADLDS                          Available
[ ] Active Directory Rights Management Services         ADRMS                          Available
    [ ] Active Directory Rights Management Server       ADRMS-Server                   Available
    [ ] Identity Federation Support                     ADRMS-Identity                 Available
[ ] Device Health Attestation                           DeviceHealthAttestat...        Available
[ ] DHCP Server                                         DHCP                           Available
[ ] DNS Server                                          DNS                            Available
[ ] Exchange Online Remote Features                     EXORemote                      Available
[ ] Fax Server                                          Fax                            Available
[X] File and Storage Services                           FileAndStorage-Services        Installed
    [X] File and iSCSI Services                         File-Services                  Installed
        [X] File Server                                 FS-FileServer                  Installed
        [ ] BranchCache for Network Files               FS-BranchCache                 Available
[...]

PS C:\> Install-WindowsFeature -Name EXORemote

Display Name                                            Name                       Install State
------------                                            ----                       -------------
[ ] Active Directory Certificate Services               AD-Certificate                 Available
    [ ] Certification Authority                         ADCS-Cert-Authority            Available
    [ ] Certificate Enrollment Policy Web Service       ADCS-Enroll-Web-Pol            Available
    [ ] Certificate Enrollment Web Service              ADCS-Enroll-Web-Svc            Available
    [ ] Certification Authority Web Enrollment          ADCS-Web-Enrollment            Available
    [ ] Network Device Enrollment Service               ADCS-Device-Enrollment         Available
    [ ] Online Responder                                ADCS-Online-Cert               Available
[ ] Active Directory Domain Services                    AD-Domain-Services             Available
[ ] Active Directory Federation Services                ADFS-Federation                Available
[ ] Active Directory Lightweight Directory Services     ADLDS                          Available
[ ] Active Directory Rights Management Services         ADRMS                          Available
    [ ] Active Directory Rights Management Server       ADRMS-Server                   Available
    [ ] Identity Federation Support                     ADRMS-Identity                 Available
[ ] Device Health Attestation                           DeviceHealthAttestat...        Available
[ ] DHCP Server                                         DHCP                           Available
[ ] DNS Server                                          DNS                            Available
[X] Exchange Online Remote Features                     EXORemote                      Installed
[ ] Fax Server                                          Fax                            Available
[X] File and Storage Services                           FileAndStorage-Services        Installed
    [X] File and iSCSI Services                         File-Services                  Installed
        [X] File Server                                 FS-FileServer                  Installed
        [ ] BranchCache for Network Files               FS-BranchCache                 Available
[...]

Even though not explicitly stated, you should restart the server after installing the Windows feature.

• Connect to the modern Exchange Online Admin Center as a Global Administrator or Exchange Services Administrator and add at least one of your on-premises domain controllers to the list of modern management servers.
  https://admin.exchange.microsoft.com/#/modernmanagement

As part of the next AAD Connect synchronization cycle, the magic happens.

• The added EXO modern management server is validated
  • You'll see an error sign in Modern Exchange Admin Center if the validation has failed
•  Azure AD removes the "on-premises"-lock from the Exchange related attributes, so you can start managing these attributes in EXO
• The Exchange hybrid configuration object is set to "Modern Coexistence", ensuring that a newly added on-premises Exchange Server will not interfere with the setup

Verify that you can edit the Exchange related attributes of synchronized Active Directory objects in Exchange Online or Azure AD before you remove your last Exchange Server. 

Whey ready to uninstall the last Exchange Server you must use the following command line parameters to remove the server as intended. Otherwise, you'll leave the Exchange organization in an inchoate state. Ensure that you use an administrative PowerShell session. 

./Setup.exe /mode:uninstall /SwitchToMEMA /IAcceptExchangeOnlineLicenseTerms

Normally, you do not have to accept license terms when uninstalling Exchange Server, but in this case, you have to accept the Exchange Online license terms.

Prerequisites

• Windows Server 2019 Desktop Experience Editon or Core Edition, March 2020 Update
  Core Edition recommended
• Azure AD Connect, release 1.4.38.0
• Exchange Server 2019 CU5, as the last Exchange Server

Links

• Exchange Online Management PowerShell Module v2
• Hybrid deployment prerequisites
• Exchange Server hybrid deployments
• Install-WindowsFeature
• You must follow the instructions given in the follow article:
  Final instructions for enabling this awesome new MEMA-experience

Enjoy the modern experience and management options of Exchange Online!

Exchange Conferences

• MEC 2014 - Austin
• MEC 2012 - Orlando

When you plan to implement an Exchange Hybrid Configuration between your on-premises Exchange Organization and Exchange online you have to choose between two variants and five operating modes. It is not as complicated as it sounds.

I have written a blog post about the different options available. 

The post is published in ENow's ESE blog.

• What are your Exchange Hybrid Options?

Enjoy.

The Microsoft 365 Virtual Marathon is happening on May 27-28 2020.

This is a free online event, providing you with 36 hours of non-stop sessions from speakers around the globe. You can join every time. 

• 300+ Speakers
• 400+ Sessions
• Keynotes by Jeff Teper, Naomi Moneypenny, Bill Baer, Jon Levesque, Laurie Pottmeyer, and Michael Holste
• Sessions are primarily in Englisch, but there are session in six additional languages
  • French, German, Japanese, Korean, Portuguese, and Spanish 
• Hashtag: #M365VM

The virtual conference is a joint effort with SPC.

I speak at Microsoft 365 Virtual Marathon about:

• Exchange Hybrid - What, Why, and How
• Wednesday, May 27th
• 23:00h (CEST)

The marathon session plan is available here.

Register now.

Link

• Register for Microsoft 365 Virtual Marathon

Enjoy!

Microsoft 365 Groups are the backbone of various Microsoft 365 workloads. As you might know, each group utilizes a SharePoint site collection, and an Exchange shared mailbox.

When you create a new Microsoft 365 group, SharePoint Online must store the associated site collection somewhere. SharePoint Online uses predefined paths to determine the storage location. These paths are called: Managed Paths.

SharePoint Online uses two different pre-configured managed paths:

• /sites
• /teams

With /sites as the default setting for the Microsoft 365 tenant.

Whenever you create, e.g., a new team in Microsoft Teams, the associated site collection is stored in https://TENANTNAME.sharepoint.com/sites/TEAMNAME. As a SharePoint administrator, you see the site collection paths in the list of active sites in the SharePoint Admin Center.

But what can you do, if you want to store the associated site collections in the /teams managed path?

Changing the Managed Path

The SharePoint Admin Center provides you with an option to change the managed path for sites, created by users. 

Open the SharePoint Admin Center, navigate to Settings -> Site Creation.

Change the setting for Create team sites under to /teams/.

The description of this setting is misleading. This setting affects not only SharePoint team site creation initiated by users on the SharePoint start page or OneDrive, but site collections created by Microsoft 365 Groups as well.

You do not need to enable the checkbox to let users create sites from the SharePoint start page and OneDrive. This setting is only required, when you want to enable self-service site creation of modern SharePoint sites for users. The modern SharePoint sites are based on Microsoft 365 Groups.

After changing the path, SharePoint Online creates new associated site collections for Microsoft 365 Groups in /teams/.

Enjoy SharePoint Online.

This is a post summarizing the configuration values for important Exchange-related Active Directory object attributes.

Whenever you need to look up these values for troubleshooting, or editing the values manually.

RemoteRecipientType

Attribute

• msExchRemoteRecipientType 

Recipient Type 

Attribute

• msExchRecipientDisplayType

• Exchange Server: msExchRecipientTypeDetails
• Exchange Online: RecipientTypeDetails

The Microsoft 365 Virtual Marathon took place on May 27-28 2020.

The recording of my session "Exchange Hybrid - What, Why, and How" is available on YouTube. 

Browse all recordings of the Microsoft 365 Virtual Marathon here: https://www.youtube.com/channel/UCrtmT6Ir1MIs0ZES7sKMmqA

Enjoy!

Exchange Server uses Receive Connectors for providing SMTP endpoints for incoming connections. A modern Exchange Server provides a default connector on TCP port 25. 

Sometimes you might have a requirement to create a new receive connector for selected incoming SMTP connections. A standard requirement is a receive connector for relaying messages to external recipients. This cannot (should not) be achieved using the default connector.

Each connector uses the RemoteIPRanges attribute to store the list of IP addresses of remote systems that can connect to that connector. The default connector utilizes the full IPv4 and IPv6 addresses ranges.

Your new receive connector requires at least a single IP address for a selected remote system that is supposed to connect to that receive connector. You can add a single IP address, address ranges, or IP addresses using CIDR notation.

The attribute RemoteIPRanges is a multi-value attribute and has a limit of IP address entries that can be added. 

The maximum number of address entries that you can add to that attribute varies. You can store approximately 1,300 entries.

When you exceed the number of values you receive the following error message:

The administrative limit for this request was exceeded.
    + CategoryInfo          : NotSpecified: (:) [Set-ReceiveConnector], AdminLimitExceededException
    + FullyQualifiedErrorId : [Server=EX01,RequestId=ee9d45ad-418b-4172-9235-963eca1a7830,TimeStamp=18.08.2020
    20:07:54] [FailureCategory=Cmdlet-AdminLimitExceededException] AC1E336E,Microsoft.Exchange.Management.SystemConfi
  gurationTasks.SetReceiveConnector
    + PSComputerName        : ex01.varunagroup.de

I have tested the number of values that can be stored in that multi-value attribute. Depending on the IP address format I was able to add 1,238 (172.80.x.y) or 1,244 (10.1.x.y) single IP addresses to the RemoteIPRanges attribute.

Plan your IP address configuration requirements carefully and avoid using single IP addresses. Preferably, you should use IP address ranges or IP address CIDR notation for networks.

Links

• Set-ReceiveConnector

Enjoy Exchange Server!

Problem

The use of Exchange Edge Transport Servers requires the synchronization of user and configuration data from internal Exchange Servers to the Edge Transport Servers. The synchronization utilizes secure LDAP (EdgeSync) to transmit the data securely and is based on an Edge Subscription.

When you create a new Edge Subscription on your internal Exchange Servers by importing the Edge Subscription XML-file, establishing the EdgeSync-connection might fail.

You will find the following error in the application event log of the internal Exchange Server:

Log Name:      Application
Source:        MSExchange EdgeSync
Event ID:      1035
Task Category: Synchronization
Level:         Error
Keywords:      Classic
Description:
EdgeSync failed to synchronize because it only supports Cryptographic API certificates. 
The local Hub Transport server's default certificate with thumbprint XYZ isn't a 
CAPI certificate. To set a CAPI certificate as the default certificate, use the 
Enable-ExchangeCertificate cmdlet with the Services parameter using the value of SMTP.

Reason

The private key of the current Exchange Transport default certificate of the internal Exchange servers uses a CNG private key. EdgeSync requires a CAPI1 based private key.

• CNG = Cryptography Next Generation
• CAPI1 = Cryptographic API (already deprecated)

This problem occurs primarily when using an Enterprise Certificate Authority using certificate templates with individual template settings. 

How do you determine, if the type of the default transport certificate is a CNG or CAPI1 certificate?

• Log on to the internal Exchange Server where you imported the Edge Subscription file and start a new Exchange Management Shell session
• Query the Transport Service to identify the default certificate thumbprint

Get-TransportService | ft Name,InternalTransportCertificateThumbprint

• Open an administrative command prompt
• Export the certificates information from the certificate store to a text file

certutil -v -store my > cert.txt

• Open the text file using an editor tool of your choice
• Search for the certificate thumbprint identified in step 2
  This thumbprint is the SHA1 certificate hash
• Scroll down to the provider section to find the following two attributes
  • ProviderType
  • KeySpec

If both attribute are of the value 0, the certificate if a CNG certificate.

The section might look like this:

Unique container name: XYZ
    Provider = Microsoft Software Key Storage Provider
    ProviderType = 0
  Flags = 20 (32)
    CRYPT_MACHINE_KEYSET -- 20 (32)
    KeySpec = 0 -- XCN_AT_NONE

Solution

Use OpenSSL to convert the CNG certificate to a CAPI1 certificate.

Using OpenSSL requires the download of the Windows release of OpenSSL. I recommend to not install the software on the Exchange Server but a separate Windows server or your administrative desktop system. Additionally, you need the certificate with its private key as a PFX-file.

Use the following steps to convert the CNG certificate to a CAPI1 certificate.

• Download and install OpenSSL
• Open the OpenSSL Command Prompt
• Navigate to the folder containing the PFX-file
• Convert the PFX-file to a PEM-file
  The tool will query to enter the PFX password

openssl pkcs12 -in CERT.pfx -out cert.pem -nodes

• Convert the PEM-file to a new PFX-file
  The tool will query you to set a PFX password

openssl pkcs12 -export -in cert.pem -out NEWCERT.pfx

The new PFX-file is now a CAPI1 certificate. The new certificate has the same thumbprint. Now you must replace the current certificate used by Exchange Server with the new certificate. 

Replacing the certificate requires a downtime of each Exchange Server requiring the certificate replacement. This is due to the requirement to remove the CNG certificate first, following the import of the CAPI1 certificate. Afterward, you need to enable the required Exchange services.

• Log on to the internal Exchange Server where you imported the Edge Subscription file and start a new Exchange Management Shell session
• Query local Exchange Server certificates and identify the thumbprint of the default Exchange Server self-signed certificate 
  The certificate common name (CN) equals the server name

Get-ExchangeCertificate -Server SERVERNAME

• Change the Exchange Transport default certificate to the self-signed certificate before deleting the CNG certificate

# It is mandatory to answer the query for replacing the default certificate with YES
Enable-ExchangeCertificate -Thumbprint THUMBPRINT -Services SMTP

# Restart the transport service
Restart-Service MSExchangeTransport

• Remove the CNG certificate
  • Use either the certificate store MMC, Exchange Management Shell, or Exchange Admin Center
• Import the CAPI1 certificate
  • Use either the certificate store MMC, Exchange Management Shell, or Exchange Admin Center
• Enable the imported certificate and replace the default transport certificate

# It is mandatory to answer the query for replacing the default certificate with YES
Enable-ExchangeCertificate -Thumbprint NEWCERTTHUMBPRINT -Services SMTP

# Restart the transport service
Restart-Service MSExchangeTransport

• Repeat the certificate replace for each Exchange Server in the same Active Directory site

Now, that you updated the local Exchange Servers there is one more step that needs to be checked on the Edge Transport Servers.

Edge Transport Servers are not domain-joined and therefore do not receive any GPO-based configuration. Each required configuration must be performed locally. To ensure that the default transport certificate of the internal Exchange servers can be used for cryptographic operations we must ensure that the certificate chain of that certificate is present in the certificate store of Edge Transport servers.

Take a look at the certificate chain of the converted CAPI1 certificate and import the Root-CA and Subordinate-CA certificates into the Edge Transport servers local certificate store. You must ensure that the certificates are placed into appropriate stores:

• Root-CA certificate goes into Trusted Root Certification Authorities \ Certificates
• Subordinate-CA certificate goes into Intermediate Certification Authorities \ Certificates

Next, you create a new Edge Subscription on your Edge Transport server and create a new subscription for the Active Directory site on the internal Exchange Server. The internal Exchange Servers are now able to establish an EdgeSync connection and encrypting the data transferred to the Edge Transport servers.

Links

• Exchange Edge Transport Server Role
• Edge Subscriptions
• Cryptography API: Next Generation
• Cryptographic Service Providers
• OpenSSL for Windows

Enjoy Exchange Server and Edge Transport!

I am honored to speak at TeamsFest 2020. 

TeamsFest 2020 is a TeamsFest is a 100% free, 100% community-driven conference dedicated to Microsoft Teams. It aims to bring together exceptional technical talent and thought leaders to democratize knowledge about Microsoft Teams, encourage participation in the Microsoft Teams community, and give those who are struggling financially an opportunity to attend a first-class Teams conference.

My session will cover the requirements for implementing an Exchange Hybrid configuration with Exchange Online when utilizing on-premises mailboxes with Microsoft Teams.

Date

• 7th October
• 08:00h - 18:30h (CEST)

Links

• TeamsFest 2020 Registration
• TeamsFest Overview and agenda

See you at TeamsFest 2020!

I was involved in a troubleshooting request for a hybrid mail flow issue. Before I take a closer look at the issue, let's talk about the hybrid setup.

Hybrid Setup

A managed service provider runs separated on-premises Exchange Organizations for various clients. Also, the service provider runs it's own Exchange Organization in a hybrid setup with Exchange Online (EXO) utilizing centralized mail flow. Let's name the managed service provider Varunagroup, using the primary domain varunagroup.de.

The on-premises IT-Infrastructure consists of the following email components:

• Centralized Third-Party Email Gateway Solution with two nodes
  TLS certificates in use
  • mx01.varunagroup.de
  • mx02.varunagroup.de
     
• Varunagroup on-premises Exchange Organisation
  • Hybrid setup with Exchange Online
  • Hybrid mail flow using Edge Transport Servers
    TLS certificate in use
    • smtpo365.varunagroup.de
  • Centralized mail flow with EXO inbound connector configured by HCW 
  • Tenant name: varunagroup.onmicrosoft.com
  • Internet Send Connector with address space '*' uses the centralized Third-Party gateways as smart hosts
     
•  Multiple separated on-premises Exchange Organization hosted for SPLA-clients
  • Internet Send Connector with address space '*' uses the centralized Third-Party gateways as smart hosts

The following diagram illustrates the setup and the expected mail flow.

Let's name one of the clients Setebos AG, using setebos-ag.com as their primary domain. 

The Issue

Varunagroup's IT department activated journaling in Exchange Online, using an on-premises Journaling mailbox. After a few days, an IT administrator checked the inbox folder for journaling messages and journaling reports. The journaling inbox did not contain messages of Varounagroup senders or recipients only, but messages from client sender domains, e.g., setebos-ag.com.

In reality, the mail flow from on-premises to external recipients from any of the local Exchange organizations looked like shown in this diagram.

Question

Why does the Variangoup journaling mailbox contain messages from Setebos senders sent to external recipients?

We choose a single message for troubleshooting purposes, originating from the Setebos.com domain, sent to a non-Varunagroup recipient.

Analysis

1. The first thing to check is the Exchange Online Message Trace.
   In this case, the administrator already checked the Message Trace using the legacy Exchange Online Admin Center.
   
   The Exchange Online message trace showed the Varunagroup Exchange Online tenant received the Setebos message.

• Row 1: Exchange Online received the message for Varunagroup 
• Rows 2-5: The DLP Journaling rule processed the message, and the journaling report got routed to the journaling mailbox
• Row 6: The message was sent to an external mail server using the Exchange Online DNS resolver
• Row 7: Spam diagnosis for outgoing messages

The interesting piece of information is row 6. 

You see that EXO resolves the target mail exchanger via DNS. The target is another Microsoft 365 tenant as we see an xxx.mail.protection.outlook.com host.
 

2. Why did this message end up in the Varunagroup tenant?

When checking the on-premises mail gateway connection log, we found the distracting information that the gateway resolved the target mail exchanger as xxx.mail.protection.outlook.com.

As a next step, we checked the extended message tracking log using the new Exchange Admin Center. We created a new custom query with the following search criteria:

• Time range: Last 7 days
• Message-Id: The message Id fetched from the outbound connection log 
• Report type: Extended report

When you troubleshoot connection issues with Exchange Online, always select the extended report. You'll receive the report as a CSV file attachment. Use the Data tab in Excel to import the CSV file. Do not access the content by simply clicking the received file attachment. 

The interesting information is stored in the custom_data column for row source=SMTP and event_id=RECEIVE. 

S:ProxyHop1=HE1EUR01FT049.mail.protection.outlook.com(10.152.0.221);
S:ProxyHop2=AM0PRxxCAxxxx.outlook.office365.com(2603:10a6:208:fa::40);
S:InboundConnectorData=Name=Inbound from [EXCHANGE ORG GUID];
ConnectorType=OnPremises;
TenantId=[VARUNAGROUP GUID];
S:InboundTlsDetails=TLS=SP_PROT_TLS1_2_SERVER [...];
S:CorrelationId=d9ac6a10-8de9-4308-4205-07d865e8909b;
S:MimeParts=Att/Emb/MPt:0/0/1;
S:MessageValue=MediumHigh;
S:Replication=AM6PRxxxxMBxxxx;
S:FirstForestHop=AM0PRxxxxMBxxxx.eurprd03.prod.outlook.com;
S:FromEntity=HybridOnPrem;
S:Oorg=varunagroup.de;
S:ProxiedClientIPAddress=81.173.212.44;
S:ProxiedClientHostname=mx01.varunagroup.de;
S:DeliveryPriority=Normal;
S:AccountForest=EURPRxxAxxx.PROD.OUTLOOK.COM

The information in line 3 shows the actual name of the configured Varunagroup inbound connector, as shown in the Exchange Online connector configuration. The message did not enter the Varunagroup EXO tenant due to a mysterious connection, it was received by the dedicated inbound connector, configured by HCW.

3. Why was the Hybrid Inbound Connector chosen?

The key to this question is the TLS certificate used by the centralized email gateway and the TLS common name filtering in Exchange Online.

• The email gateways use the following TLS certificate with the two following common names
  • mx01.varunagroup,de
  • mx02.varunagroup.de
    ​
• The hybrid inbound connector used the TLS common name filtering, controlled by the TlsSenderCertificateName attribute, with the following name
  • *.varunagroup.de

The wildcard name *.varunagroup.de resulted in a matching string comparison for the incoming TLS common names of mx01.varunagroup.de and mx02.varunagroup.de. At the same time, the inbound connector matched the Edge Transport TLS certificate smtpo365.varunagroup.de.

Nobody knew, how the inbound connector configuration got "changed" to the wildcard name or for how long that configuration resulted in outbound messages from customer domains routed via the service provider tenant.

Solution

The solution contains two configurations.

1. Ensuring that the FQDN attribute of the Edge Send Connector is set to smtpo365.varunagroup.de
   
   This ensures that Exchange Server Transport selects the installed and SMTP-enabled TLS certificate for that name.  
    
2. ​Changing the TlsSenderCertificateName to smtpo365.veruangroup.de 
   
   This ensures that Exchange Online selects the hybrid inbound connector for Edge Transport established connections only.
    

The TLS common name behavior is by design and described in this blog post as FAQ #6(b). As a customer, you identify this as a misbehaving SMTP receive connector. But as described in the blog post, this is by design.

It is required that you understand the inbound routing behavior of Exchange Online if you have complicated outbound routing requirements. The blog post provides detailed information on how Office 365 inbound routing works and what you should be aware of.
 

Links

• Office 365 Attribution
• Hybrid Deployment Requirements
• Hybrid Configuration Wizard

Enjoy Exchange Online.

Description

When you want to migrate your modern public folders from Exchange 2013 or newer to modern public folders in Exchange Online, you must prepare the public folder names for migration.

Public folder names are not allowed to contain the following:

• A backslash "\"
• A forward slash "/"
• A semicolon ";"
• A comma ","
• A colon ":"
• Leading or trailing spaces

The script Fix-ModernPublicFolderNames.ps1 fixes the public folder names to prepare migration to modern public folders in Exchange Online.

Examples

# EXAMPLE 1
# Rename and trim public folders

.\Fix-ModernPublicFolderNames.ps1

# EXAMPLE 2
# Rename and trim public folders, export list of renamed 
# folders and folders with renaming errors as text files

.\Fix-ModernPublicFolderNames.ps1 -ExportFolderNames

Version History

• 1.0, Initial community release

Links

• Download and follow at Github: https://github.com/Apoc70/Fix-PublicFolderNames

Follow

• Twitter @stensitzki
• LinkedIn

Community

Are you located in Germany, Austria, or Switzerland? Join the Exchange User Group DACH to collaborate with other Exchange enthusiasts. Follow us on Twitter @exusg.