Friday, April 28, 2017

Hybrid 365 User creation

Recently a friend of mine was doing a deployment of Office 365 in a hybrid environment with Exchange 2013.

There was a CSV file with the required fields, and he asked me to help him create a script to create the users.

I did him one better, and also enabled the mailboxes on 365 for him.

$Users = Import-Csv -Path "C:\Users.csv"
$OU = "What OU would you like the users created in?"       
$domain = "What is your domain?"
$Password = "What password would you like to set all accounts to?"     
foreach ($User in $Users)            
    $Displayname = $User.Firstname + " " + $User.Lastname            
    $UserFirstname = $User.Firstname            
    $UserLastname = $User.Lastname            
    $SAM = $User.Username          
    $UPN = $User.Firstname + "." + $User.Lastname + "@" + $domain
    $Mobile = $User.Mobile
    $Home = $User.PersonalEmail
    New-ADUser -Name "$Displayname" -DisplayName "$Displayname" -SamAccountName $SAM -UserPrincipalName $UPN -GivenName "$UserFirstname" -Surname "$UserLastname" -AccountPassword (ConvertTo-SecureString $Password -AsPlainText -Force) -Enabled $true -Path "$OU" -ChangePasswordAtLogon $false –PasswordNeverExpires $true -MobilePhone $Mobile -HomePhone $Home
    $RemoteRouting = "smtp:" + $UPN
    Enabled-RemoteMailbox $SAM -RemoteRoutingAddress $RemoteRouting

A quick run through.
The script will prompt the OU path where you want to create the users, the domain and the password you want to use.

It then creates the account, with the fields populated by the CSV file.
Those fields are Firstname, Lastname, Username, Mobile, PersonalEmail
Once the account is created, it will then create the mailbox on 365.

All that's left to do is assign the licenses.

Quick sidenote: while running through the script in the lab worked well without problem, in production we could not run the script more than once without requiring a restart of EMS.

Friday, March 17, 2017

Event ID 15021 HttpEvent

I received a call to advise that none of my clients Outlook clients could connect to Outlook.
After ruling out the usual suspects, I dug a little deeper, and found a number of these events in the System event logs on the mail server.

This was also 

The fix was pretty straight forward.
On the mail server, run CMD as Administrator, and run the following commands.

netsh http show sslcert

Copy down the certhash and appid from

netsh http delete sslcert ipport=
netsh http add sslcert ipport= certhash=<insert your copy here without the brackets> appid="Insert your copy here, including the " and {}."
Once all that is done, everything should be working perfectly fine again.

Tuesday, February 7, 2017

Server 2012 R2 drive Access Denied

Recently we took over a client, whose entire network structure was just....abysmal. While doing an audit of the system, I discovered that my Domain Admin account had no access to the data drive on the file server.

I could get to the share without a problem, but could not access the drive through the server directly.

I took stock of who had access to what folders in the shares, and took control of the folder. Some hours later, after it had finished, I had full access to the security tab again, but I still could not access the drive normally.

Ultimately, the resolution was to the local server group "Users" with default access, as seen below.

Best practice is a thing for a reason. Never change the permissions on the drive - only on a folder.