Install Active Directory Module on Windows 10

In order to install ActiveDirectory Module on Windows 10 we need to install the RSAT Tools for Windows 10 downloadable from the location:

https://www.microsoft.com/en-us/download/confirmation.aspx?id=45520

Once the RSAT Tool is installed on Windows 10 we will be able to run this command successfully, which is not the case otherwise:

Import-Module ActiveDirectory

In order to do remote management on Office 365 we need to install two things

• Sign-In Assistant
• PowerShell module for Azure

The the following command works in PowerShell:

connect-msolservice

https://www.microsoft.com/en-us/download/details.aspx?id=28177

http://social.technet.microsoft.com/wiki/contents/articles/28552.microsoft-azure-active-directory-powershell-module-version-release-history.aspx

 

 

Error: The Mailbox Replication Service was unable to connect to the remote server using the credentials provided

In order to move mailbox from On-premise to O365 we need to provide two credentials, the credentials of O365 admin and also the credentials that are used to authenticate on local domain.

$LiveCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $LiveCredential -Authentication Basic –AllowRedirection

Import-PSSession $Session

$LocalCred = Get-Credential

New-MoveRequest -id "test5@domain.com" -Remote -RemoteHostName "mail.domain.com" -TargetDeliveryDomain aupedu.mail.onmicrosoft.com -RemoteCredential $LocalCred

For more information

https://community.office365.com/en-us/f/156/t/343720

Remote Mailbox Move to O365 using Powershell

The following sequence of Commands can be used in Windows native powershell to migrate an on-premise mailbox to O365.

$LiveCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $LiveCredential -Authentication Basic -AllowRedirection

Import-PSSession $Session

$LocalCredential = Get-Credential

New-MoveRequest -id "test5@domain.com" -Remote -RemoteHostName "mail.domain.com" -TargetDeliveryDomain domain.mail.onmicrosoft.com -RemoteCredential $LocalCredential

It is worth noting that we should not launch these commands using Exchange Management Shell (EMS) as in that case we get the following error:

remote move request target user already has a primary mailbox

It is also imperative to know that if you have a different internal and external domain i.e. domain.local internally and lets say domain.com externally, it is recommended to remove domain.local from list of accepted domains.

The credentials for Office 365 need to be given in the format O365-admin@domain.com

The local credentials should be in the format domain\localAdministrator.

If you do not provide the local credentials you will get this error:

[outlook.office365.com] Connecting to remote server failed with the following error message: [ClientAccessServer=HE1PR02CA0029, BackEndServer=, RequestId=e655d769-b1a4-4a6c-b076-3ccd24909f58,TimeStamp=1/13/2016 1:51:26 PM] Access Denied For more information, see the about_Remote_Troubleshooting Help topic.

 

Active Directory Replication

We can use this command to check replication status:

repadmin.exe /showrepl /verbose /all > c:\replication.txt

When we open the text file we can see that it tells about the replication status of different AD partitions. e.g. in my case

DC=domain,DC=local
CN=Configuration,DC=domain,DC=local
CN=Schema,CN=Configuration,DC=domain,DC=local
DC=DomainDnsZones,DC=domain,DC=local
DC=ForestDnsZones,DC=domain,DC=local

For all the above mentioned AD partitions it tells us the status:
Example: Last attempt @ 2016-01-05 06:51:34 was successful.

The /replicate switch is used to launch replication immediately.

repadmin.exe /replicate

Force Replication – GUI Method

Find System Last Boot Time

Often we have a situation when we need to know the last time the server was restarted, specially in case of an un-expected shutdown.

We can use either this command:
wmic os get lastbootuptime

Or

systeminfo | find /i "Boot Time"

This command takes longer as it said it was collecting hotfix information etc.

So I personally prefer the first one.

<

VSS Backups

VSS or volume Snapshot as the name indicates makes snapshots of volumes not individual files/folders. Later on the files which are related to application requesting backup are preserved as there is no use of keeping the files of the whole volume.

VSS operates at the block level of volumes.

Service and Applications keep on functioning normally while backup is being performed.

VSS has the ability to backup open files.

VSS backups are much more rapid as compared to traditional backups.

VSS solves the inconsistent data problem by creating and maintaining a point–in–time snapshot of the volume to be backed up. The backup job can then use this snapshot.

VSS can only be called by one requester at a time.

How Volume Shadow Copy Service Works

VSS service   makes the backup components communicate and work together.
VSS requester   The software that requests the actual creation of shadow copies like System Center Data Protection Manager application or non-microsoft backup applications like Tivoli backup application are VSS requesters.
VSS writer   The component that guarantees we have a consistent data set to back up. VSS writers for various Windows components, such as the registry, are included with the Windows operating system. Other VSS writers are like IIS writer, Exchange writer, SQL writer etc.
VSS provider   The component that creates and maintains the shadow copies. This can occur in the software or in the hardware. The Windows operating system includes a VSS provider that uses copy-on-write. If you use a storage area network (SAN), it is important that you install the VSS hardware provider for the SAN, if one is provided. A hardware provider offloads the task of creating and maintaining a shadow copy from the host operating system.

http://blogs.technet.com/b/exchange/archive/2012/06/04/everything-you-need-to-know-about-exchange-backups-part-1.aspx

http://searchdatabackup.techtarget.com/definition/VSS-based-backup

https://www.youtube.com/watch?v=Dsol6s2_w3w

 

Exchange Handy Tools

Here are some of the handy tools that I have used myself. There are many others but I am citing the ones that I used practically and have some kind of first hand experience with.

EMTShooter
It is used to troubleshoot Exchange management console not opening and giving errors.
https://gallery.technet.microsoft.com/office/Exchange-Management-b9d918b1
https://everythingsysadmin.wordpress.com/tag/emtshooter/

Log Parser Studio (LPS)
works on IIS log files to give very useful information

http://blogs.technet.com/b/exchange/archive/2013/06/17/log-parser-studio-2-2-is-now-available.aspx

Remote Connectivity Analyzer
For all kind of Connectivity troubleshooting
https://testconnectivity.microsoft.com/

EXMON
http://blogs.technet.com/b/nawar/archive/2011/12/18/microsoft-exchange-server-user-monitor-exmon.aspx

MFCMAPI
low level tool to troubleshoot user mailbox
http://windowsitpro.com/blog/new-version-mfcmapi-available
http://blogs.technet.com/b/outlooking/archive/2010/05/14/useful-tools-while-troubleshooting-outlook-issues-3-mfcmapi.aspx

Active Directory Snap-ins

The threee Active Directory related snap-ins that Microsoft has put to our disposal are:

Active Directory Users and Computers
Active Directory Sites and Services
Active Directory Domains and Trusts

In a single site single domain environment the other two snap-ins are not used frequently.

Active Directory Users and Computers
ADUC is used all the time by any AD administrator specially for user management, password resets, OU and group modifications etc.

Active Directory Sites and Services
If we have a single site the name by default is “Default-First-Site-Name” and if we happen to add a site to our domain we can name the second site differently.

Active Directory Domains and Trusts
We use Active Directory Domains and Trusts when bringing the domain functional level up. It is worth noting that when we raise the domain functional level we are actually changing the way replication works between domain controllers. Microsoft has fine tuned over years with the evolving server editions and optimized replication more and more.

 

Restoring a Domain Controller Through Reinstallation

Normally even a single site single domain has at least 2 domain controllers. It is because Active Directory is at the heart of any organization where authentication takes place on domain controller. Domain controller houses the centralized database of users, computers, printers and other objects.

So lets say if one of your domain controller is not getting replicated and users are not getting authenticated via that particular domain controller and after the basic troubleshooting you cannot correct the problem, you can go for reinstalling the malfunctioning DC as you have a healthy DC in the same site.

I practically went through the steps given by Microsoft here. Pretty straightforward and lets you get back to normal quickly. In my personal view it is simpler to use this method than to restore from backup. But again you must have a healthy DC up and running in order to use this method:

https://technet.microsoft.com/en-us/library/cc785849(v=ws.10).aspx

 

 

 

Exchange Clients and their Protocols

Here is some important information about commonly used clients and the protocols they use:

OUTLOOK	MAPI
OUTLOOK 2011 FOR MAC	EWS/HTTP
IPHONE DEFAULT MAIL CLIENT	EWS/HTTP
ENTOURAGE	EWS/HTTP
THUNDERBIRD	EWS/HTTP