Archive

Author Archive

Scripting to prepare migration user gmail to o365

February 25, 2017 Leave a comment

a few days ago I got the project to implement migration from google to o365 incude mailbox and onedrive online, we have done migration data mailbox using third party, but this post i dont want to discuss how to migration the data from google to o365 but I want to share step by step to migration the users using scripting while users will be moved to o365

just for information we have to change the domain from @demagnum.com to @demagnum.co.id

  1. Create forwarding users in gmail to forward users o365, here i dont have script to enable forwarding in gmail because i dont have experience in gmail
  2. Remove-MailContact -Identity “deby@demagnum.co.id” -confirm:$false previously we create all contact in gmail because for this implementation we didnt migration big bang, so we have migration for partial users,
  3. set-aduser “deby” -clear msexchhidefromaddresslists we need to clear exchange address list in proxy SMTP address because we will create new smtp proxy address will be defined
  4. Get-Aduser -identity “deby” | Set-aduser -Clear Proxyaddresses yes we need step to clear proxy addres
  5. Get-Aduser -identity “deby” | Set-aduser -add @{proxyaddresses = “SMTP:deby@demagnum.co.id”} we need add SMTP proxy address will be defined
  6. Running delta azure AD Connect, because primary address SMTP on active directory need sync to o365
  7. Set-MsolUserPrincipalName -UserPrincipalName “deby@demagnum.com” -NewUserPrincipalName “deby@demagnum.co.id” we need to change UPN existing from @demagnum.com to @demagnum.co.id
  8. Get-Aduser -identity “deby” | Set-aduser -add @{proxyaddresses = “smtp:deby@demagnum.com”}  we need add additional SMTP previously to be secondary SMTP address to o365
Advertisements
Categories: Office 365

AD RMS Troubleshooting: Reset the Client (MSIPC)

February 23, 2017 Leave a comment

In the course of troubleshooting the MSIPC rights management it may be beneficial to reset the client. The reset process removes the pertinent registry settings and files. This reset applies to the logged on user. Other users on the same machine are not reset.

The steps are as follows.

  1. Exit running Office applications.
  2. Delete existing registry entries.
  3. Clear existing licenses, GICs (RACs), and etc.
  4. Reproduce the issue.

NOTE: Feel free to export the DRM registry key before deleting it. Moving the entire MSIPC directory to another location or renaming it may be done instead of deleting it.

Delete the RMS registry settings for the user.

  1. Open regedit.exe.
  2. Navigate to HKCU\Software\Microsoft\Office\XXX\Common\DRM.
    XXX is the current Office version. 15.0 is Office 2013, 16.0 is Office 2016. There may be multiple versions listed (which is normal). Picking the highest is usually the correct one.

    1. Delete the DefaultServer and DefaultServerURL values.
  3. Navigate to HKCU\Software\Classes\Local Settings\Software\Microsoft\MSIPC.
    Note: this step resets the template distribution settings to default.

    1. Delete the <Server name> key that corresponds with desired RMS server/cluster.

Clear the existing licenses, GICs (RACs), and etc.

  1. Use one of the following methods to open the user MSIPC directory.
    1. Open a command prompt and enter the following commands.
      1. Cd %localappdata%
      2. Start . (the command is the word Start followed by a “period” and the enter key.
    2. In the “Search programs and files” dialog type %localappdata%
  2. In the AppData\Local directory navigate to the Microsoft directory.
  3. Delete the MSIPC directory.

NOTE: The CLC*.drm file may be too long for either Explorer or the command prompt to delete. Explorer reports a “destination path too long” error and the command prompt says “the file name or extension is too long.” In this case we may use robocopy.exe to move the MSIPC directory to another location.
I created a C:\Temp directory and used the following command.
robocopy “C:\Temp” %localappdata%\Microsoft\MSIPC /mir

Screenshots

Using the start menu to navigate to the MSIPC directory

Sample contents of the MSIPC directory for the curious.

Reference: https://social.technet.microsoft.com/wiki/contents/articles/19251.ad-rms-troubleshooting-reset-the-client-msipc.aspx#Delete_the_RMS_registry_settings_for_the_user

Categories: EMS, Windows Client

How to uninstall windows intune client

February 23, 2017 Leave a comment

It is not possible to uninstall the Windows Intune client from Programs and Features (for obvious reasons). Step by Step Guide describes how to do this.

There are 3 methods:

  1. Intune Administrator console – “retire the device”.
  1. Command line on the device
  • Open an admin command prompt
  • Navigate to C:\Program Files\Microsoft\OnlineManagement\Common
  • Run “ProvisioningUtil /UninstallAgents /WindowsIntune”

This will create a scheduled task and shortly uninstall all the agents.

3. Download and run the Microsoft uninstall script

Windows_Intune_AIS_Uninstall_Scripts_Extractor.exe

reference: http://gerryhampsoncm.blogspot.co.id/2013/08/uninstall-windows-intune-client.html

Categories: EMS, Windows Client

Azure Active Directory Connect Export profile error: stopped-server-down.


Kloud Blog

Originally posted on Lucian’s blog over at clouduccino.com.

Follow Lucian on Twitter @LucianFrango.


A couple of weeks ago I deployed Azure AD Connect in production. It was a relatively smooth process. The wizard did most of the work which was great. There was a few hiccups (blog post) along the way, which, in most cases is expected if the problems are not so serious.

Fast forward to my second install of the latest and greatest sync service for Azure AD and Office 365 cloud identities and we have problem no. 2. This time, though, I can say that the process ran through allot smoother. There was no real errors. Things were looking straight great and I was looking at my next task with some enthusiasm.

However, come 8.30ish this morning and going over the AADConnect server once more for peace of mind, I had noticed that the…

View original post 442 more words

Categories: Windows Client

Moving resource Mailbox on premises to O365


Open Powershell Windows Azure

Type Credential and input username and password o365

 $cred=Get-Credential

Type for session Exchange Online

PS C:\Windows\system32> $session = New-PSSession -ConfigurationName microsoft.exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $cred -Authentication basic -AllowRedirection

Import Session Exchange Online

PS C:\Windows\system32> Import-PSSession $session

Type Credential for administrator Exchange onpremises with the format domain/username

PS C:\Windows\system32> $onpremadmin = Get-Credential

run moving resource mailbox
Identity = Name room Mailbox
Remotehostname = name URL External OWA onpremises
Remote Credential = Credential onpremises

PS C:\Windows\system32> New-MoveRequest -Identity ruang.rapat -Remote -RemoteHostName mail.demagnum.co.id -TargetDeliveryDomain demagnum.mail.onmicrosoft.com -RemoteCredential $onpremadmin -SuspendWhenReadyToComplete -AcceptLargeDataLoss -BadItemLimit 100 -BatchName ruang.rapat

Check Status moving request

PS C:\Windows\system32> Get-MoveRequest -Identity ruang.rapat

if the status detail has autosuspend please continue to moving resource mailbox

PS C:\Windows\system32> Resume-MoveRequest -Identity ruang.rapat

 

Categories: Lync

MANAGING MESSAGE SIZE LIMITS FOR EXISTING MAILBOXES o365


GET A DEFAULT MAX MESSAGE SIZE LIMIT

1

set a send/receive message size limit of 150MB for new mailboxes when they are created. The mailbox plan can be updated with that new setting as follows.

2

Get information exisiting setting mailbox user for message limited send and receive

3

modify all of your mailboxes you can pipe Get-Mailbox into Set-Mailbox as follows.

5

To modify a single mailbox we can simply run Set-Mailbox as follows.

6

Ref: http://exchangeserverpro.com/configuring-max-email-message-size-limits-for-office-365/

Categories: Office 365

Disable Certificate Revocation Check

April 28, 2016 Leave a comment

 

There may be several scenarios where we may experience long wait time for the services or application to start.
This problem is when the server has no internet access or when the server has limited internet access. One of the reasons for this issue is that the routine check of the certificate revocation list for .NET assemblies. Let’s see as how to disable the certificate revocation check in this article.

There are two ways to turn of the certificate revocation while doing a rollup update.

Turn off certificate revocation check in Internet Explorer:

Step 1: In Internet Explorer => go to Tools =>Internet Options => Advanced tab

Step 2: In the Security section => uncheck or clear the box for:

“Check for publisher’s certificate revocation”

“Check for server certificate revocation”

Step 3: Save Settings.

Turn off certificate revocation check in registry:

Step 1: Open registry editor => Navigate to the following key: HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionWinTrustTrust ProvidersSoftware Publishing

Step 2: Change Value “State” to 146944 Decimal or 0x00023e00 Hexadecimal

This will disable the certificate revocation check & the rollup update will complete successfully. However, disabling the revocation check in production environment is not recommended. We have to make sure to enable it back. Certificate revocation checking protects our clients against the use of invalid server authentication certificates either because they have expired or because they were revoked.

Turn on certificate revocation check in Internet Explorer:

Step 1: In Internet Explorer => go to Tools =>Internet Options => Advanced tab

Step 2: In the Security section => check the box for:

“Check for publisher’s certificate revocation”

“Check for server certificate revocation”

Step 3: Save settings.

Turn on certificate revocation check in registry:

Step 1: Open registry editor => Navigate to the following key: HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionWinTrustTrust ProvidersSoftware Publishing

Step 2: Change Value “State” to 146432 Decimal or 0x00023c00 Hexadecimal.

Ref: http://msexchangeguru.com/2015/10/07/certificate-revocation-check/

 

Categories: Internet, Windows Client