Exchange Recipient Types and Office 365 – Setting Active Directory attribute values

In doing some digging for a recent post on Online Archives I found that I had to dig around multiple places on the internet (primary Technet blogs) to find exactly what each of the Active Directory attribute values around Exchange recipient types mean.


So instead of multiple places, here they are all in one!

Continue reading “Exchange Recipient Types and Office 365 – Setting Active Directory attribute values” »

Enabling Exchange Online Archive give error “Primary mailbox is located on an on-premises server”

So I’m deep in the throws of an Office 365 project, and after going thru the process of setting up Exchange Hybrid with on-premise ADFS, testing mailflow, and performing a mailbox move, the next step was working on Retention Policies to migrate email older than 1 year from their Primary Mailbox with 50gb storage to their Online Archive with 100GB of storage.

I tried to enable the archive from the Exchange Online portal as well as thru Exchange online Powershell but didn’t have any luck. With Powershell I was getting the message:

"Can't enable the archive for user because their primary mailbox is located on an on-premises server. To enable a cloud-based archive mailbox for this user, you must use your on-premises Exchange admin center or Exchange Management Shell."

I found this particularly odd because, well, the mailbox WASN’T on-premises any more nor was there any kind of archive mailbox enabled for my test acount.

After digging for hours (which is typically the catalyst for most of these posts) I came across a solution through the Office 365 community which detailed out adjusting the source AD user’s object on-premises attributes in order for the Archive to come online. Again, since this was a hybrid identity design, on-premises Active Directory was the source of truth and directory synchronization was in place to populate the objects in Azure AD / Office 365.

First, we need to modify the msExchArchiveName attribute to reflect the archive name (this can be whatever we want), as well as modify the msExchRemoteRecipientType to 3.

We’ll leave the msExchRecipientDisplayType and msExchRecipientTypeDetails as is – you can find what these means in a post I made here.

Once completed, force a Dirsync

Once complete, we run the Exchange Online powershell to see that the Get-Mailbox command to see the archive has been created

And that Outlook shows our online archive (with the name that we provided)


MDM in Office 365 Getting Closer to the Big Stage

After Microsoft announced that they would be rolling out the Mobile Device Management integration within Office 365 back in April, we’re finally starting to see the Mobile link show up into client’s portals.

Once Microsoft is done “setting things up for you” (which in the most recent case for me was a few days before it was done) you’ll see the MDM “dashboard”

There are still a few final steps that are required before you’re ready to start connectivity: setup DNS records & configure an APN (Apple Push Network) certificate

The keys to enabling this functionality rest in the Enterprise Mobility Suite (EMS) license, which essentially gives you:

  • Azure AD Premium
    Full AD management from the cloud. Allows IT to manage on premise password sync / write-back (here now) with self-service, user/group/device creation & attribute change (in preview with AD Connect), and provide multi-factor authentication
  • InTune
    Manage device policies and software, as well as access to corporate resources
  • Azure Rights Management
    Encrypt files, control access, and email encryption (in conjunction with Exchange online)

You’ll see the Mobile Device Management license type in the Office 365 portal

This backends in conjunction with the EMS license you’ll find in the Azure AD portal

Microsoft has been giving customers renewing their EAs a sweetheart deal by providing them the Enterprise Cloud Suite license, which includes the E3/G3 license as well as the EMS licenses bundled together. They’re trying to gain some hot & heavy traction in the MDM space this year, getting their foot in the door with the Gartner quadrant!

For for about the toolset available within the Office 365 portal, Microsoft has gone into detail with tasks as well as capabilities of MDM on the MDM TechNet page. Further capabilities are extended once you start integrating InTune with SCCM.

Office 365 Click-to-Run Something went wrong…

I was helping a client start to roll out their Office 365 Pro Plus click-to-run installs and some of their users were getting Error Code 30174-4

After looking around online to find anything about this error, most hits had to do with the Network connections on the machine, namely laptops with multiple network connections. In the case of this client, they had a wired LAN on one subnet and a wireless LAN on another. Plus they have multiple internet connections for redundancy.

On top of that, they also had a Cisco VPN client adapter, and several notorious Microsoft Virtual WiFi Miniport Adapters. Once all of these were disabled besides the wired LAN, the install went without a hitch!


Ultimate Lync / Skype for Business Registry Repository!

After search for days and days for a good “core” source for customizing the Lync / Skype for Business client (since I’m working with a client using Office 365 and we cannot use Client Policies), all I’ve found is sources here and there, a listing of “some” keys smattered on Technet, and the very limited list in the Office 2013 Administrative Templates, I’ve decided to compile my own list as a reference.

Includes the likes of EnableAppearOffline, DisableSavingIM, HidePersonPhoto, DuplicatePrimaryMonitorPresentingSetting, AlertsDisplayName, PublishResolution to name a few popular ones. Plus it includes the settings tab they’re references as well as usage. Something you won’t find anywhere else.

If you happen to come across one that is incorrect, or even a new one, I’d love to hear about it! Just drop me a comment and I’ll gladly add it in plus give you a plug 🙂

Here is the Repository!

When all is broken… It’s not as bad as you think.

It’s a bizarre blog title I know, but I was in the process of trying to spin up Exchange 2013 in a test environment with Exchange 2010 already existing and found that none of the services across any of these 3 servers would start. So the following details my day’s worth of diving into resolving this, and how quick/easy it was in the end. No fun pictures or how to’s this time, just some useful troubleshooting commands and concepts 🙂

First I looked in the Application event log. The MSExchangeADAccess event logs would return Error 2120 (ERROR_TIMEOUT) or Error 2014 (LDAP_SERVER_DOWN).
I tried the standard netdom /resetpwd /s:<dcname> /ud:domain\User /pd:* on the machines in question with no change (Note: full command details at:
Then I used the nltest /SC_QUERY:<domain> command, which came back saying the domain didn’t exist
Another great command that you can use via Powershell, Test-ComputerSecureChannel -server <dcname>, also came back saying the domain didn’t exist.

I checked the lastlogon & lastlogontimestamp attributes of these “problem” servers in AD – all showed 4 months before today – even with a reboot of the server. And of course the netdom /resetpwd registers properly in the pwdLastSet attribute in AD – but does me no good.

Then I became concerned it was the actual domain controller not correctly handing out Kerberos tickets or renewing the computer password accounts. I went as far as to reset the domain controller password against another working one using the netdom /resetpwd commands and other steps in Method 6 at with no luck.

But in stepping back and seeing of the 12 VMs in my environment 8 of them (most of which were recently built) had no problems, so I gave in to the notion that these older VMs must have had some hiccup when I was dealing with tombstoning from when a former counterpart built the environment and didn’t keep an eye on things.

I then stumled across this blog post:

In a production environment who in their right mind would disjoin a computer with an AD-tied role from the domain, reset the computer account, and join it back to resolve the problem? Well, it works for workstations, so why not servers – even if they are running Exchange 🙂

After working thru the apprehension, I had nothing to lose and did just this.

Guess what? Everything started working again. So while I’m still somewhat baffled on what would have caused this issues, nonetheless I had to admin – THIS WORKS!!!!!



Using Office 365 & Exchange Online for SMTP Relay

My current client is getting ready to migrate off of FOPE smarthosts to EOP and there were some questions around how this process goes. And thankfully I can say it’s pretty easy – just point your smarthosts to your MX record, found in the Office 365 portal.

Without delving too much into the process, a fellow O365 admin Mark Kean has written a great blog post on how this process works:

NOTE: You don’t have to setup anther Inbound Connector in Office 365 – this way you avoid needing another SSL certificate. Just use the Hybrid Mail Flow Inbound Connector and add your on-premise IP into the Sender IP Addresses list for the same results.

This process allows you to continue to use onsite applications, MTAs, copiers, etc to process messages from on premise. And you don’t have to setup the arduous SMTP relay through via TLS and with an existing account. This relies on the traditional, allowed IP address method to blanket accept everything sent.

I’m happy to say that it even allows you to relay messages from address that don’t even exist in the organization. So lets say you want to send out messages from on an internal mailing system and that mailbox doesn’t exist. EOP processes these messages with no problem.

There’s another great Technet article I like to refer customers to who have questions on the different email methods EOP allows. The article references multi-function devices but this encompasses any number of devices:

Exchange Online message limits – not that cut and dry!

Update 4/15/15 – Office 365 has increased the allowed maximum message size to 150 MB, giving Office 365 administrators the ability to set the maximum message size of their choosing from 1 MB up to 150 MB. The default maximum message size for Office 365 mailboxes is still 25 MB, and they don’t plan on to changing the setting on existing accounts.
More at

I’m currently on project finishing an Office 365 migration (yay – I’m finally back together with my true love: messaging!) and we’re in the process of migrating their 50+ domains off of FOPE, as they were initially a Wave 14 tenant, and over to EOP.  Technically, they were automatically migrated to EOP as part of the upgrades in Q3/Q4 2013, however they still have their MX records pointing to either the or domains, so traffic is being first routed thru FOPE before it makes it to EOP. And if you may or may not know, it’s crunch time and Microsoft wants everyone off by June 1 (if you have an O365 domain):

As part of determining the impact these MX record changes will have on message flow, the big one is around accepted message size. In FOPE, if a message went over the size limit you could have it qurantined and the messaging administrator could release it to the mailbox, granted your Receive Connector allowed it, and your MaxReceiveSize on your mailbox matched according.

A large debate has come up around Exchange Online limits, as detailed below:

In talking with my collegues, there was a lot of confusion around message limits, and in talking with with my contacts in Microsoft, I can finally clear the air on what these limits are. And it’s actually simpler than you think :mrgreen: Continue reading “Exchange Online message limits – not that cut and dry!” »

Highlight: Exchange 2013 Installation Troubleshooting

I’ve had quite a bit of traction on my Exchange 2013 Liftoff! Part 1.5, Installation Troubleshooting post and have even been able to personally help a few people dig in on repairing an install. I’m happy to say I’ve been able to expound on the post with some fresh information, and will throw out that I’d love to continue in growing this post with information to help someone else. So go over and check it out 😎

Office 365 “Wave 15” Certifications – Part 2: 70-347

I received my results for the beta 70-346 last week and was very happy to see the passing results, so the heat was on to finish my MCSA: Office 365. After some unforeseen circumstances around being unable to take the 70-347 exam while in beta, I pulled in my notes and went today to take the test.

I’m happy to announce that I passed and without further adieu, here is a study guide to help you achieve your 70-347 as well: Continue reading “Office 365 “Wave 15” Certifications – Part 2: 70-347” »