Tuesday, 25 August 2015

#Exchange 2010 - Export User Mailbox to PST via Exchange Management Shell

1. Create a share folder for save the PST file. (In my case, my share folder named PST).
2. Launch Exchange Management Shell with administrator.
3. Add the user that run the export mailbox with Mail Import Export role. (In my case, i use administrator).

  • New-ManagementRoleAssignment -Role "Mailbox Import Export" -User "administrator" 



To Export a user mailbox
  • New-MailboxExportRequest -Mailbox user FilePath \\Server1\PST\ user.pst



To check the export status
  • Get-MailboxExportRequest


Posted by at No comments:

#O365 - Set up Microsoft Azure Rights Management for Office 365 Message Encryption

1. Activate Azure Right Management

** You can activate via portal or powershell

1.1 Activate via Portal 

a) Login to Office 365 Portal.
b) Go to Admin, expand Service Settings, click on Rights Management.

c) Click on Manage.
d) Click on Activate.

OR


1.2 Activate via Powershell

a) Download RMS module for powershell here.
b) Install the RMS module for powershell. (required Microsoft Online Services Sign-in Assistant 2.1 or greater)
c) Run Windows PowerShell with administrator.

run command as below:

  • $user = "<your Office 365 administrator email">
  • $cred = Get-Credential -Credential $user
  • Import-Module AADRM
  • Connect-AadrmService -Credential $cred
  • Enable-Aadrm


2. Setup Azure Rights Management for Office 365 Message Encryption

** You can configure Automatic Protection or/and Manual Protection

Automatic Protection - If user send an email match the rule/policy pre-set by admin, rule/policy will automatic apply, and prevent IRM templates available in OWA and Microsoft Outlook.

Manual Protection - User can select which rule/policy when they send an email in OWA and Microsoft Outlook.

2.1 Automatic Protection

a) Connect to Exchange Online with Windows Power Shell (Run as Administrator) and import the session.

  • Set-ExecutionPolicy RemoteSigned
  • $cred = Get-Credential
  • $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic –AllowRedirection
  • Import-PSSession $Session




Reference: Connect to Exchange Online

b) Configure the Rights Management Services (RMS) online key-sharing location in Exchange Online. Use the RMS key sharing URL corresponding to your location, as shown in this table:

Location                                 RMS key sharing location

North America                        https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc
European Union                      https://sp-rms.eu.aadrm.com/TenantManagement/ServicePartner.svc
Asia                                         https://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc
South America                        https://sp-rms.sa.aadrm.com/TenantManagement/ServicePartner.svc
Office 365 for Government (Government Community Cloud)
https://sp-rms.govus.aadrm.com/TenantManagement/ServicePartner.svc1

  • Enable-OrganizationCustomization
  • Set-IRMConfiguration -RMSOnlineKeySharingLocation https://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc

c) To import the Trusted Publishing Domain (TPD) from RMS Online
  • Import-RMSTrustedPublishingDomain -RMSOnline -name "RMS Online"
d) To verify that you successfully configured IRM in Exchange Online to use the Azure Rights Management service.
  • Test-IRMConfiguration –sender user@domain.com


e) Run the following commands to disable IRM templates from being available in OWA and Outlook and then enable IRM for your cloud-based email organization to use IRM for Office 365 Message Encryption.

Disable IRM templates from being available in OWA and Outlook
  • Set-IRMConfiguration -ClientAccessServerEnabled $false

Enable IRM for your cloud-based email organization
  • Set-IRMConfiguration -InternalLicensingEnabled $true

f) To view the IRM Configuration
  • $true Get-IRMConfiguration
Reference: https://technet.microsoft.com/en-us/library/dn621036(v=exchg.150).aspx

g) Define rules to encrypt or decrypt email messages

I) Go to Admin, expand Admin, click on Exchange.

II) Go to Mail Flowrules, click on +create a new rules..

III) 

reference: https://technet.microsoft.com/en-us/library/dn569289.aspx


OR / AND


2.2 Manual Protection
a) Connect to Exchange Online with Windows Power Shell (Run as Administrator) and import the session.
  • $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionURI https://ps.outlook.com/powershell/ -Credential $Cred -authentication Basic –Allowredirection
  • Import-PSSession $session
  • Enable-OrganizationCustomization
  • Set-IRMConfiguration -RMSOnlineKeySharingLocation https://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc\
(Depend your location)
Location                                 RMS key sharing location

North America                        https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc
European Union                      https://sp-rms.eu.aadrm.com/TenantManagement/ServicePartner.svc
Asia                                         https://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc
South America                        https://sp-rms.sa.aadrm.com/TenantManagement/ServicePartner.svc
Office 365 for Government (Government Community Cloud)
https://sp-rms.govus.aadrm.com/TenantManagement/ServicePartner.svc1
  • Set-ExecutionPolicy RemoteSigned
  • $cred = Get-Credential
  • Import-RMSTrustedPublishingDomain –RMSOnline –Name “RMS Online”
b) To verify that you successfully configured IRM in Exchange Online to use the Azure Rights Management service.
  • Test-IRMConfiguration –sender user@domain.com
c) Enable IRM templates from being available in OWA and Outlook
  • Set-IRMConfiguration -ClientAccessServerEnabled $true
d) Enable IRM for your cloud-based email organization
  • Set-IRMConfiguration -InternalLicensingEnabled $true
Reference: 


Posted by at No comments:

Thursday, 13 August 2015

#Hyper-V 2012 R2 - Virtual Machine unknowns device (Windows 2008 R2 / 7 and below)

If you install Windows 2008R2/2008/7/Vista as virtual machine in Hyper-V 2012 R2, and notice unknown devices show in device manager.
Actually one is Automatic Virtual Machine Activation (AVMA), and another one is Remote Desktop Control Channel/Enhance Session Mode. This two features are new in Windows Server 2012 R2, and required virtual hardware. 



Solution:
1. You can find the driver in Hyper-V 2012 R2 integration service setup disc or download the driver from link below:
    32 bit driver
    64 bit driver
2. Update the driver manually in device manager.
3. Restart Computer.
Posted by at No comments:

Tuesday, 4 August 2015

#O365 - Force delete user with DirSync

Force delete Office 365 active users

1. Run Windows Azure Active Directory Module for Windows PowerShell as administrator
2. To connect Office 365, type
  • Connect-MsolService
3. To disable dirsync, type
  •   Set-MsolDirSyncEnabled –EnableDirSync $false
(remember enable back the dirsync after delete user completed by type, Set-MsolDirSyncEnabled –EnableDirSync $true)

4. To check dirsync was fully disable, type
  • (Get-MSOLCompanyInformation).DirectorySynchronizationEnabled
(Enable and disable might take a while to complete. Please wait until the dirsync fully disable and continue next step)

5. To remove the active users, type
  • Remove-MsolUser –UserPrincipalName darren@Contoso.com
6. To remove all the active users, type
  •  Get-MsolUser | Remove-MsolUser -Force
Force delete Office 365 user from deleted users

1. Run Windows Azure Active Directory Module for Windows PowerShell as administrator
2. To connect Office 365, type
  • Connect-MsolService
3. To remove the deleted users, type
  • Remove-MsolUser -UserPrincipalName darren@Contoso.com -RemoveFromRecycleBin

or
  • Remove-MsolUser -UserPrincipalName darren@Contoso.com -RemoveFromRecycleBin -force
4. To remove all deleted users, type
  • Get-MsolUser -ReturnDeletedUsers | Remove-MsolUser -RemoveFromRecycleBin -Force
Posted by at No comments:

#Azure - Create Azure Right Management template

1. Log on to O365 portal with admin.
2. Go to Service Settings, Rights Management, select Manage.

3. Select Advanced Features

3. Go to Active Directory, select Rights Management. (If you haven't activate an Azure account, you can activate now)  

4. Select your domain. (By default,two template will created, and DO NOT FORWARD rule included)
5. Select Create a new rights policy template.

6. Select a language and enter a name.

7. Select groups or users. 


8.Select a rights

9. Publish the template.
Posted by at No comments:
Subscribe to: Posts (Atom)