Get-Mailbox <mail address or alias> | select-object WhenCreatedUTC, Name
Category: Exchange
Remove EOL Automapping
Automapping is an Exchange & Exchange Online feature which automatically opens mailboxes with Full Access permissions in a delegate’s Outlook client.
Remove the access permissions. This also removes automapping.
Logon to Azure EOL (with MFA)
Business@contoso.ie is the mailbox being shared.
anna.grimm@contoso.ie is the account that has the access rights.
In EOL PowerShell
Remove-MailboxPermission -Identity “Business@contoso.ie” -User “anna.grimm@contoso.ie” -AccessRights FullAccess
Confirm
Are you sure you want to perform this action?
Removing mailbox permission Identity:”Business@contoso.ie” for user “anna.grimm@contoso.ie” with access rights “‘FullAccess'”.
[Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is “Y”): select A
You might get this error
WARNING
Can’t remove the access control entry on the object “User” for the user account because the ACE doesn’t exist on the object.
So use
Remove-MailboxPermission -Identity “Business@contoso.ie” -User “anna.grimm@contoso.ie” -AccessRights FullAccess –Confirm:$false –BypassMasterAccountSid
Re-add the permissions but without Automapping
Add-MailboxPermission -Identity “Business@comtoso.ie” -User “anna.grimm@contoso.ie” -AccessRights FullAccess -AutoMapping:$false
Use EOL PowerShell with MFA
Import-Module -Name ExchangeOnlineManagement
Connect-ExchangeOnline -UserPrincipalName <Azure admin account UPN>
This brings up a small logon web window. Input the password and select the MFA authentication method. On success PowerShell will finishing connecting to EOL.
Outlook with MFA keeps asking for password following AD password change
Problem
- Outlook is disconnected
- “Needs Password” shown in lower right side of client
- No folders updated
- When you click on “Needs Password” M365 sends you a text code. You input it, nothing happens and this loops.
Reason
By default, Microsoft Office 365 ProPlus (2016 version) uses Azure Active Directory Authentication Library (ADAL) framework-based authentication. Starting in build 16.0.7967, Office uses Web Account Manager (WAM) for sign-in workflows on Windows builds that are later than 15000 (Windows 10, version 1703, build 15063.138). There are generally two problems we see WAM causing:
Users unable to authenticate (particularly after a password reset)
WAM introduces new requirements for Identity Providers (IdP) used to federate Microsoft 365 (O365) logins. When a Windows 10 workstation is joined to an on-premise Active Directory, WAM/M365 requires the IdP to support the WS-Trust protocol. Currently this is not supported in the Duo Access Gateway (DAG). When a user’s access/refresh tokens become invalid, such as after a password reset, the WAM framework tries to re-authenticate the user. The expected end-user experience is a popup window showing the login page of the IdP asking the user to re-authenticate. When the IdP is the DAG, this process will fail causing the user to be unable to re-connect to M365 with applications such as Microsoft Outlook. The user will see the authentication window open briefly then immediately close while Outlook continues to show the message “Need Password”.
Solution
- Log out of all O365 related web pages
- Close Outlook
- Open Registry and add the following 2 dwords
[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity]
DisableADALatopWAMOverride=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity]
DisableAADWAM=dword:00000001
Mailbox Rules
Get rules list
Get-InboxRule -Mailbox <mailbox name or alias>
Get detail on each rule
Get-InboxRule -Mailbox <mailbox name or alias> -Identity “<rule name>” | Select -Property *
Disable Rule
Disable-Inboxrule -identity “<Rule name>” -mailbox <mailbox name or alias>
Remove Rule
Remove-Inboxrule -identity <Rule Name> -mailbox <mailbox name or alias>
Get All Shared mailboxes permissions
Get-Mailbox -RecipientTypeDetails SharedMailbox -ResultSize:Unlimited | Get-MailboxPermission | select identity,user,accessrights | where { ($_.User -like ‘@‘) } | Export-Csv -path C:\temp\Shared.csv -NoTypeInformation
Purge Mailbox Deleted Items Folder
Get current Settings
Get-Mailbox service@contoso.de | Format-List SingleItemRecoveryEnabled,RetainDeletedItemsFor
or use
Get-mailbox service@contoso.de | fl *retention*,*retain*
Set New Settings
Set-Mailbox -Identity service@contoso.de -SingleItemRecoveryEnabled $false -RetainDeletedItemsFor 1
#Purges folder deletes after 1 day
Delete Items in Dumpster
Search-mailbox -identity service@contoso.de -SearchDumpsterOnly -DeleteContent
View Recoverable items in Dumpster
Get-MailboxFolderStatistics service@contoso.de -FolderScope RecoverableItems | Format-List Name,FolderAndSubfolderSize
EMS Not working
Sometimes an Exchange server installation goes bad and EMS will not launch from the Start Menu. This post helps to get a local EMS when you start to cleanup or want put things right.
Run these 2 commands in order on the Exchange server
exshell.psc1
exchange.ps1
Get all Remote IP Ranges from All Receive Connectors
$FormatEnumerationLimit =-1
Get-ReceiveConnector | Select-Object -Property ‘Identity’,’RemoteIPRanges’ | FL > c:\temp\relay.txt
Search a user’s mailbox for meetings
Search-Mailbox -identity Jbloggs@contoso.com -SearchQuery ‘Kind:meetings AND From:peter@xyz.com AND Subject:”Managers Monthly Meeting”‘ -TargetMailbox myaddress@contoso.com -TargetFolder ExchangeSearches -LogLevel full