Tag Archives: EAC

DKIM in Office 365

Microsoft has implemented DKIM, DMARC and SPF in Exchange Online, the only thing you have to do is enable it. The only thing for DKIM you have to do is create two CNAME records in DNS and enable DKIM in the Exchange Admin Center.

DKIM CNAME records

The CNAME records you have to create for DKIM look like this:

selector1._domainkey.contoso.com
selector2._domainkey.contoso.com

Selector1 and selector 2 are the 2 selector tags (in Office 365 these will always be selector1 and selector2), the _domainkey is a default tag that will be added. Of course you have to replace the contoso.com with your own domain.

The CNAME records have to point to the following locations:

selector1-contoso-com._domainkey.contoso.onmicrosoft.com
selector2-contoso-com._domainkey.contoso.onmicrosoft.com

Continue reading DKIM in Office 365

SuspendWhenReadyToComplete when using a migration batch in Office 365

Currently I’m working with a customer in a hybrid Exchange 2010 environment. There are multiple offices around the US, and one office in California will close soon. Therefore, all Mailboxes need to be moved to Office 365. The customer created multiple migration batches, and all batches are set using the -SuspendWhenReadyToComplete option. So, when a Mailbox migration in this batch reaches 95% the move will stop, and both Mailboxes will be kept in sync.

So, I started a Remote PowerShell session to Exchange Online (completing an individual move request as part of a batch is not possible in the Exchange Admin Console) and executed the following command:

Get-MoveRequest -Identity John@contoso.com | Resume-MoveRequest -Confirm:$false

While no error message was generated, the move requests were not finished. After some head scratching I realized that the -SuspendWhenReadyToComplete option is set on the migration batch, and that the move requests ‘inherit’ this setting. So, when resuming the move request it will automatically suspend again when hitting 95% (which is a matter of seconds).

So, I executed the following commands:

Get-MoveRequest -Identity John@contoso.com | Set-MoveRequest -SuspendWhenReadyToComplete:$false
Get-MoveRequest -Identity John@contoso.com | Resume-MoveRequest -Confirm:$false

Unfortunately, nothing happened and the move request stayed in the ‘synced’ state and was not willing to finalize. And of course no errors were logged.

At one point I realized I read something in the New-MoveRequest page on TechNet, where it says at the SuspendWhenReadyToComplete option:

“The SuspendWhenReadyToComplete switch specifies whether to suspend the move request before it reaches the status of CompletionInProgress. Instead of this switch, we recommend that you use the CompleteAfter parameter.”

This time I executed the following commands:

$Date = Get-Date
Get-MoveRequest -Identity John@contoso.com | Set-MoveRequest -CompleteAfter $Date
Get-MoveRequest -Identity John@contoso.com | Resume-MoveRequest -Confirm:$false

And this time the individual move requests in the migration batch were successfully finalized.

Delegated Mailbox Permissions cross-premises

This is one of the most requested features in an Exchange hybrid scenario (i.e. Exchange Online combined with Exchange on-premises) and as of early February 2016 it is finally officially supported: Cross premises Full Access Permissions.

This means that if you have a manager’s Mailbox on-premises, and an assistant Mailbox in Exchange Online, the assistant can open the manager’s Mailbox. This works both ways, so if the manager’s Mailbox is in Exchange Online and the assistant’s Mailbox is in Exchange on-premises the results are the same.

There are some caveats however:

  • This only works when Full Access permissions are granted, and this is achieved using the Exchange Admin Center or Exchange Management Shell in Exchange Online.
  • Send-As, Receive-As and Send-on-behalf-of permissions are not supported cross-premises.
  • Your Outlook 2013 should be patched with at least the November 2015 update.
  • The first time users open a Mailbox in the other organization they might see a credentials pop-up

The people picker in in the EAC in Exchange Online supports adding Mail-Enabled Users (MEU) and regular Mailboxes, so you can use EAC in Exchange Online to add cross-premises permissions. The EAC in Exchange 2013/2016 on-premises only supports adding Mailboxes, so the online version of EAC need to be used.

More information can be found on the following Microsoft articles:

How to change the Postmaster address in Exchange 2013

While testing mail flow I noticed that when an NDR was sent out by my Exchange 2013 the default postmaster account was used, with the default domain, i.e. postmaster@contoso.local (I use a .local TLD on my Active Directory domain) instead of a regular and routable SMTP domain.

To change this you can open the Exchange Admin Center, navigate to Mail Flow | Receive Connectors and click the more options (the three dots) and select Organization Transport Settings as shown in the following figure.

image

Continue reading How to change the Postmaster address in Exchange 2013

Unable to perform the save operation when enabling Exchange Online Archive

Customer wanted to enable the Exchange Online Archive on his Exchange Online Mailbox. Open the Exchange Admin Center, select the user and in the actions pane select “enable” under In-Place Archive. Continue reading Unable to perform the save operation when enabling Exchange Online Archive