Hide DL membership in Exchange 2010

As we know while sending a mail to a distribution group, we can view the members of the distribution group by clicking on the ‘+‘ symbol next to the email address in outlook.


In case you want to disable expanding the distribution group, you can achieve it through ADSI Edit as discussed below:

Launch ADSI Edit, find your distribution group and select Properties.

Select Attribute Editor and find out the attribute ‘hideDLMembership‘. Now set the value to ‘True‘ to hide the membership of the DL.



Reference : http://exchangeblog.pl/en/tag/distribution-group-en/

Disable Clutter folder in Office 365

Office 365 has added a new feature called Clutter starting from June 2015. A new folder called Clutter will be available, if you have an Exchange Online mailbox. It performs intelligent email filtering and based on the behavior of an individual, moves low priority mails to this folder.

You can see it as a great feature, at the same time some people feel it is unnecessary. This blog post hence will describe how to disable the clutter folder or de-clutter your inbox.. 🙂

For an individual, this can be achieved through your OWA settings. Once logged into OWA, select Options -> Mail -> Clutter.

If clutter is enabled, you will see the below screen


You can just un-check the above boxes and save the settings to disable this feature.

A point to be noted, even-though you disable the feature, the clutter folder still remains in your mailbox and all the mails which were previously in this folder will remain there itself. Since you disabled the feature, new mails wont be moved to this folder. 

An administrator can disable a user’s clutter folder through PowerShell as follows:

Set-Clutter -Identity user@domain.com -Enable $false

In order to globally disable the clutter feature, use the below cmdlet [this may consume some time]:

Get-Mailbox | Set-Clutter -Enable $false

Administrators at some point may have to disable this feature for a certain set of people in your organization, based on some parameters or attributes. For example, the Company attribute. In that case you can use the below cmdlets

For simplicity, we can assign all the user mailboxes in Contoso company to a variable and then call the variable and disable clutter.

$contosousers=Get-Recipient -filter {company -eq “Contoso”} | where {$_.recipienttype -eq “usermailbox”}

In the next step, execute

$contosousers | Set-Clutter -Enable $false

This may also take some time depending on the number of mailboxes.

Configuring Send on Behalf permission for a shared mailbox in Exchange Online

Most of you guys must have noticed that you do not have the option to configure Send on Behalf permission for shared mailboxes in O365. This can be done only using the PowerShell. The below command could be run on PowerShell to achieve this:

Set-Mailbox -Identity test@contoso.com -GrantSendOnBehalfTo testuser

where, ‘test@contoso.com’ is the shared mailbox and ‘testuser’ is the user account or mailbox for which the permission is assigned.

You can confirm the above operation by using the below Get-command

Get-Mailbox -Identity mailbox | FL GrantSendOnBehalfTo

Reference : https://technet.microsoft.com/en-us/library/jj919240(v=exchg.150).aspx

Recovering a mailbox in an Exchange Hybrid Environment

In an hybrid environment a user account can be of two types:

a) User account which is managed in Cloud

b) User account which is synced from on-premise Active Directory

In the first case, if the user account and its corresponding mailbox is deleted [Soft Delete], it can be restored from O365 itself from Deleted Users section. By default, the retention period configured for an Exchange online mailbox is 14 days. You can extend this up to a maximum of 30 days.

To check the configured retention period through Exchange Online PowerShell use the cmdlet : Get-Mailbox | FL RetainDeletedItemsFor

To change the retention period value to a max of 30 days use : Set-Mailbox -Identity “Name” -RetainDeletedItemsFor 30

However, in the latter case if the user account and its corresponding mailbox is deleted, the user account should be restored in the on-premises AD first. The mailbox will automatically re-attach later after directory synchronization.

In the scenario we are about to discuss, we will be merging the contents a disconnected mailbox to a new mailbox in Exchange Online. So lets start:

We have a disconnected source mailbox in Exchange Online now. A new AD user account and remote mailbox was provisioned. This will be the target mailbox.

Note:- You may think that instead of provisioning a new mailbox, we could have attached the disconnected mailbox to the new AD account. But it does not work that way, because the GUID of the old account will be different from the one created now and will result in issues.

  • The next step is to identify the GUID of the soft-deleted mailbox and the target mailbox. For this you will have to connect to Exchange Online through PowerShell first. You can refer here to connect to Exchange Online.

Once connected use the following cmdlet:

For soft-deleted mailbox, Get-Mailbox -SoftDeletedMailbox -Identity “Name” | fl

For target mailbox, Get-MailboxStatistics -Identity “Name” | fl

  • Now, run the cmdlet to restore the mailbox : New-MailboxRestoreRequest -SourceMailbox “GUID” -TargetMailbox “GUID”

You can also restore the archive mailboxes : New-MailboxRestoreRequest -SourceMailbox “GUID” -SourceIsArchive -TargetMailbox “GUID” -TargetIsArchive

If you need to restore both regular mailbox and archive, run both the commands one after the other.

Reference : http://blogs.technet.com/b/exchange/archive/2015/01/13/a-better-way-to-recover-a-mailbox.aspx

Configuring Impersonation rights in Exchange 2010

Recently, the IT team decided to try out a third party add-on that supports Exchange Online with Outlook client. In order to configure this add-on on the server, one of the requirement was to configure a service account to impersonate the users in a Distribution Group. This post provides the steps to achieve the same.

Starting from Exchange 2010, the permission model being used is called Role Based Access Control (RBAC) which allows fine-grained as well as easy control over the level of permissions to be assigned for users or administrators. Impersonation leverages RBAC and in this post, we discuss the ApplicationImpersonation management role associated with impersonation.

First, we will have to define a management scope (say, “TestImpersonationScope“)to filter out the users of the distribution group (say, “Admin Group“):

New-ManagementScope -Name:TestImpersonationScope -RecipientRestrictionFilter: {MemberOfGroup -eq “Admin Group”}

You can use the below command to get more info on the created management scope:

Get-ManagementScope “TestImpersonationScope” | fl

Now, run the below command to allow the service account (say, “testuser“) to impersonate all the members of the created scope:

New-ManagementRoleAssignment –Name:”Admin Group Impersonation Role” –Role:ApplicationImpersonation –User:testuser –CustomRecipientWriteScope:TestImpersonationScope

You can also configure impersonation for all users in an organization.

Reference : https://msdn.microsoft.com/en-us/library/office/dn722376(v=exchg.150).aspx

Updating a Dynamic Distribution List

A Dynamic Distribution Group is little bit different from a normal distribution group. The membership of a dynamic distribution group depends on the filters or conditions supplied to it whereas, a normal distribution group membership is calculated by the users added to the particular group. Also, you will not be able to expand a DDL like you can do on a normal distribution group.

This post discusses the steps to modify the filter for a particular DDL to include a new department or role. Once the new filter is applied, all the members matching the filter gets added to the DDL. This has to be done from Exchange Management Shell.

The below fig shows a DDL with the filter details :


You can use the below command to view the currently configured recipient filter :

Get-DynamicDistributionGroup “test” | fl recipientfilter


Now in order to modify the recipient filter, use the following cmdlet:

Get-DynamicDistributionGroup “test” | Set-DynamicDistributionGroup -recipientfilter {}

The modified recipient filter should be mentioned in between the brackets {} as shown above. The change will be applied shortly and if you click the Preview button in the filter tab, you can find the newly added members based on the new filter.

Reference : https://social.technet.microsoft.com/Forums/exchange/en-US/cdd98de6-550d-4821-9ca3-9496c8cf18aa/edit-existing-dynamic-distribution-group

PowerShell commands to connect to Exchange Online

As more and more businesses are moving to Office 365 for email, IM etc managing their respective service lines is a day to day task for an IT Engineer. Similar to managing your environment through the Office 365 portal, admins also use PowerShell for more flexibility every now and then. In order to perform any complex admin tasks on Exchange Online, admins need to connect to their O365 tenant. The below commands can help you achieve the same :

$UserCredential = Get-Credential

Click Enter Key after the above command. You will be asked to supply your O365 tenant credentials.


$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

Import-PSSession $Session

The modules will be loaded and you will be connected to Exchange Online.


EMC Crash with exception “FX:{A5406CA3-6393-48a0-8827-CF06F0C94C55}”

There has been many instances where the Exchange Management console crashes when I used to work on Exchange Servers, particularly on Exchange Server 2010. Most of the time the issue gets resolved when you end the task from Task Manager and launch a new session.

However, in this particular Exchange Server I was working with, the MMC kept on crashing throwing exceptions. This post provides the steps to resolve a similar issue.

The Exception I kept on getting is shown below :


mmc crash

This issue can be resolved with the help of a small .bat script..

All you have to do is in a notepad copy the below script and save it in .bat format.

set COMPLUS_Version=v2.0.50727
“C:\Program Files\Microsoft\Exchange Server\V14\Bin\Exchange Management Console.msc”

Execute the script and confirm the working of EMC.


Reference :- https://social.technet.microsoft.com/Forums/exchange/en-US/02881780-9982-4a5a-a7fd-1cf609913779/exchange-2010-installing-emc-sp2-on-windows-8?forum=exchangesvrdeploylegacy

Error “Outlook Web App didn’t initialize. If the problem continues, please contact your helpdesk.”

Recently, I faced an issue logging in to OWA on our client’s Exchange 2010 server. The error reported was as follows :

Outlook Web App didn’t initialize. If the problem continues, please contact your helpdesk.
Couldn’t find a base theme (folder name=base)


Initial troubleshooting steps were taken, like restarting the Microsoft Exchange Form Based Authentication service, re-creating OWA virtual directories etc..

Upon further researching on the issue, I found a similar post online where the OWA crashed after installing the Exchange updates..

So, in order to resolve the issue all you need to do is launch Exchange Management Shell, navigate to the location C:\Program Files\Microsoft\Exchange Server\V14\Bin and then execute the power shell script UpdateCas.ps1.


This script will find your OWA/ECP virtual directories, update them and make some modifications to metabase etc.. Once completed, you will be able to access your OWA/ECP like before.. 🙂


Reference :- https://social.technet.microsoft.com/Forums/exchange/en-US/dd91598d-3af9-4a98-8493-34726c763c62/owa-failed-to-initialize-after-install-of-rollup-1-for-exchage-sp1?forum=exchange2010

“Creating a Point-to-Site VPN connection to Azure network !! “

Microsoft Azure lets you create both Point-to Site and Site-to-Site VPN connections between your on premise network and Azure network. In this post, I will be demonstrating the steps to create a Point-to-Site VPN connection ie you can connect to Virtual Networks in Azure from your workstations. Point-to-Site VPN which we discuss here makes use of SSTP [Secure Socket Tunneling Protocol, which makes use of certificates] protocol.

  • First log in to your Azure account. In my environment, I have already created a DNS Server in Azure as shown below:


The steps for creating a Virtual Network is shown below:

  • Configure a new Virtual Network for this purpose by navigating to NEW -> Network Services -> Virtual Network -> Custom Create.


  • Specify a Name for the connection and the Datacenter Location and click Next.


  • You can either specify the DNS server you have configured or leave this section blank for Azure default name resolution service. Then select the checkbox for Point-to-Site connectivity.


  • On the next page, specify the Address Space and Usable IP Address Range. This IP address will be assigned to VPN clients, while connecting to the Virtual Network.


  • On the next page, specify the Address Space and Usable Address Range to be used by the VMs. Make sure this IP range does not overlap with the on premise network. Select the option ‘Add gateway subnet‘ to specify a gateway for the Point-to-Site connection as well.


  • Complete the Virtual Network configuration. You will see the status of the Virtual Network as Created.


Next step is to create a Dynamic Routing Gateway.

  • Select Networks -> Your Virtual Network -> Select Dashboard -> Select Create Gateway.


  • Click on Yes when it asks if gateway needs to be created or not. Once the gateway is created, this is how the screen will look like:


Now create a Root Certificate and upload it to Azure Virtual Network.

  • Install Microsoft Visual Studio Express 2013 for Windows Desktop which is a free version. Navigate to the Visual Studio Tools folder and launch the command prompt for VS2013.
  • Use the below command to install a root certificate in the personal certificate store of the machine:

makecert -sky exchange -r -n “CN=RootCertificateName” -pe -a sha1 -len 2048 -ss My “RootCertificateName.cer”

RootCertificateName :- Name of the Certificate


  • Upload the root certificate file to the management portal under the certificate section in Virtual Network. Once uploaded it will show the status as Created under the Certificates tab.



Next step is to create a Client Certificate.

  • Use the below command to create a Client Certificate. Once the command is executed, it will be installed in the Personal certification store of the computer.

makecert.exe -n “CN=ClientCertificateName” -pe -sky exchange -m 96 -ss My -in “RootCertificateName” -is my -a sha1


In order to connect to the Virtual Network from multiple computers, export the client certificate and install it in the machines.

Download and Install the VPN client:

  • Based on the workstation architecture, download the suitable VPN client package and install on your machine from this section:


  • When installed, you will see the VPN icon created in the Network Settings. You can click on Connect button to initiate the VPN connection to Azure Virtual Network. Click on Connect again.



  • You will have to specify the Client certificate when asked for.


  • To check the working of VPN connectivity execute the command ipconfig /all to find out the IP address details.