Organizational e-mail business etiquettes

May 5, 2021 No comments

Hope your doing well.

I hope your day went well.

Greetings!

Introduction:

  • Thank you for your partnership with __________________. My name is ________________ I am the_______________ who will be working with you _______________. You may reach me using the contact information listed below, referencing the ticket number #.
  • I am ______________ from the ___________  team. This is in relation to _____________ , wherein one ________________ was assisting you in resolving the issue. I would love to confer if there is anything that might require my intervention or was a cause of concern during your support experience.
  • My name is ______________  and I am (the/a)  <title> with  <company, team>.

Referencing:

  • As per the document
  • Similarly, the
  • In fact, when
  • Here’s an example
  • Please confirm

Body:

  • I was going through the case notes and understand you are facing issues with the Outlook mobile and can’t see the calendar.

  • I was reviewing the incident and noticed,
  • I would be happy to know more from you on your overall experience and if you still need support. If the incident has taken longer to resolve, please do bring that to my notice if not as per your expectation. 

Closing:

  • At _____________ , we are dedicated and proactive in providing timely ______________  with exceptional customer service to our customers. We have made multiple attempts to
  • Given I personally and so do _______________ accept and consider you as our valuable _____________, it would go a long way to know if there is anything else that you would like our help with, on _________ . As evident, it will be my sole responsibility to ensure I address any open concerns or issues, while at the same time I will do my best to accept and implement any Concern / Feedback you wish to share. 

  • connect but have been unsuccessful. I understand that you might be busy with other commitments and thus unable to action our attempt at connection.
  • In case you have any issues left un-attended, I will be more than glad to assist you.
  • I look forward to speaking with you. Please provide this information as soon as possible so we can work towards a resolution.
  • Have a great day!
  • Looking forward to hearing from you soon again.  

  • Please allow me sometime to review ___________ . I will get back to you with next action. If you have any questions or concerns, please don’t hesitate to contact me.
  • If you have any questions or concerns, please do let me know.

    Thank you for choosing <company>.

Categories: Technical Writing Tags:

[EXO] Various ways to grab all SMTP address from mailbox

February 19, 2021 No comments

 

Categories: Exchange, Powershell Tags:

[EXO] Concert IMCEAEX string to X500

February 16, 2021 No comments

Simple script to convert IMCEAEX to X500 Address.

 

Categories: Exchange Tags: , ,

[IAM] Explaining Security Assertion Markup Language ( SAML 2.0 )

October 24, 2020 No comments

What is SAML?

Security Assertion Markup Language (SAML) is an open standard federation protocol.

  • SAML was introduced in 2001
  • SAML 2.0 superseded SAML in 2005

SAML protocol is used for authentication (AUTHN), and authorization (AUTHZ), and is often used for SSO (Single Sign-on) to web-based applications.

The SAML specification defines three entities or roles:

  1. The principal : typically a human user or USER Agent, such as a user’s internet browser
  2. Identify Provider (IdP)
  3. Service Provider (SP) : application or service your trying to access

A SAML federation is established (trust relationship)  between the SP and IdP for SAML to work.

How SAML works

  1. User request access to SP
  2. SP must first authenticates with IdP
    1. Once user is successfully authenticated, Idp generates a SAML assertion
    2. The SAML assertion is then sent to the SP (trusted)
  3. Based on SAML assertion, SP makes a access control decision to decide to perform the service for the user.
    1. Since SP trusts the IdP,  it will validates the assertion.
    2. Once SP authenticated to IdP, can SSO to other applications.

SAML flow:

  • The IdP knows about your users and their attributes. The SP has its own knowledge about the users.
  • When IdP generates an assertion, it populates with a user identifier (UID), and sends over to SP.
    • IdP signs the assertion, so SP can verify the issuer of the assertion (trusted party)
  • If successful, SP will read the UID and attempt to map session to the user in it’s inventory.
    • IDP and SP meta data (XML file) exchange establishes the trust or federation
    • The meta is contained in the XML (settings, configurations, and certificate of system)
    • IdP dictates  UID and SP must agree so SAML assertion can be mapped to user object at SP
      • For example if email address is used as user id, SP and IdP must be configured to match to allow access.

SAML initiation flow:

There are two primary initiation SAML flows:

  1. IDP-Initiated flow.
    1. User starts by accessing the IDP
    2. IDP prompt’s user for authentication via User Agent to request service
    3. If authorized, IDP creates SAML assertion
    4. Using user agent > assertion is sent to SP via Post message (transport mechanism)
    5. SP verifies the SAML assertion and maps it to a user in its inventory
    6. SP than starts the session
  2.  SP-Initiated flow
    1. User starts by reaching out to SP
    2. SP will redirect to User Agent for authentication against IDP (Request for authentication)
    3. Once validated, IDP will generate assertion
    4. IDP sends assertion to SP  (IDP > User Agent > SP)
    5. SP than starts the session
Categories: Identity Access Management Tags:

[EXO] Inbox Rule Issues Post Migration

September 18, 2020 No comments

In some instances, users with client side rules may  break as they do not get touched in the migration. For any client rules that reference a specific sender/folder/etc they will normally use X500/LegacyDN to identify conditions and will stop working.

  • There is no set limit for the amount of Inbox rules a user can have.
  • The amount of rules is dictated more ever by the rule size limit and limited to 256 KB total for all rules.

Each rule you create will take up space. The actual amount of space a rule uses depends on several factors, such as how long the name is and how many conditions you’ve applied. When you reach the 256 KB limit, you’ll be warned that you can’t create any more rules or that you can’t update a rule. You can’t increase the amount of space that’s allocated to store Inbox rules in Exchange Online, but you can decrease it to suit your business needs.

  • There is no way to calculate the size for all rules (avg around 3kb for a basic rule)

https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-on-the-web/increase-the-space-used-by-inbox-rules)

Options:

  • Recreate their rules entirely. Allows user to reorganize and customize their inboxes to their preference.
  • Audit, review, and consolidate rules by exporting using below cmdlet:

 

Categories: Exchange, Office365 Tags:

[EXO] Identifying Validation Errors

July 27, 2020 No comments

$errors = (Get-MsolContact –ObjectID <Object_ID>).Errors
$errors | foreach-object {“nService: " + $_.ErrorDetail.Name.split("/")[0]; "Error Message: "+ $_.ErrorDetail.ObjectErrors.ErrorRecord.ErrorDescription}

$errors = (Get-MsolGroup –ObjectID <Object_ID>).Errors
$errors | foreach-object {"
nService: ” + $_.ErrorDetail.Name.split(“/”)[0]; “Error Message: “+ $_.ErrorDetail.ObjectErrors.ErrorRecord.ErrorDescription}

$errors = (Get-MsolUser -UserPrincipalName “<User_ID>”).Errors
$errors | foreach-object {“`nService: ” + $_.ErrorDetail.Name.split(“/”)[0]; “Error Message: ” + $_.ErrorDetail.ObjectErrors.ErrorRecord.ErrorDescription}

Get-MsolUser -HasErrorsOnly -All | ft DisplayName,UserPrincipalName,@{Name=”Error”;Expression={($_.errors[0].ErrorDetail.objecterrors.errorrecord.ErrorDescription)}} -AutoSize -wrap

https://support.microsoft.com/en-au/help/2741233/you-see-validation-errors-for-users-in-the-office-365-portal-or-in-the

 

 

Categories: Exchange, Office365, Powershell Tags:

[EX2010] Identifying Cmd-let associated with Role, and who has it.

June 2, 2020 No comments

$Perms = Get-ManagementRole -Cmdlet remove-remotemailbox
$Perms | Foreach {Get-ManagementRoleAssignment -Role $_.Name -Delegating $false | Format-Table -Auto Role,RoleAssigneeType,RoleAssigneeName}

Role RoleAssigneeType RoleAssigneeName
—- —————- —————-
Mail Recipient Creation RoleGroup Recipient Management
Mail Recipient Creation RoleGroup Organization Management

Get-ManagementRoleAssignment -Role “Mail Recipient Creation”
get-rolegroupmember “organization management”

Categories: Exchange Tags:

[EXO] The client and server cannot communicate, because they do not possess a common algorithm

  • Windows Server 2008 can’t do beyond TLS 1.0.
  • Newer versions can, but don’t have TLS 1.1 or 1.2 turned on by default.
  • Best pratice to disable 1.0, 1.1 – mostly depreciated and not supported

Check supported protocols:

https://www.ssllabs.com/ssltest/index.html

Turn off TLS 1.0.1.1 and SSL

Enabling TLS 1.2 Use

 

Categories: Exchange, Office365 Tags:

[EXO][EX2010] Removing dual mailboxes

March 2, 2020 No comments

Ensure you have a user mailbox backup prior to starting the following process as there is potential risk of data loss.  Options are to have a third party solution to perform a mailbox backup or export to PST (see new-mailboxexport cmdlet).

  1. Capture relevant information from on-premise exchange and exchange online.
    • Grab the mailbox information (primary and archive) to help determine which mailbox is active and which one to disable (remove)
      • get-mailboxstatistics <user>
      • get-mailboxstatistics <user> -archive
      • get-exomailboxstatistics (exo ps v2)
    • Grab the x500 address (legacydn)
    • Grab GUID information
      • get-recipient <user> | fl *guid*
  2. Determine which mailbox is active and which one to disable (remove) – 
    1. Removing the on-premise mailbox will require you to delete and recreate the remote mailbox – an object on-premise will need to represent the object on exchange for remote routing.
      1. Disable the on-premise mailbox – do not remove, or you will remove the AD user object:
        • disable-mailbox <user>
      2. If litigation hold is enabled, you will need to disable the hold, then disable the mailbox.
      3. Recreate the remote mailbox on-premise
        • Enable-RemoteMailbox -Identity <user> -RemoteRoutingAddress “<user>@<tenant>.mail.onmicrosoft.com”
      4. Associate the GUID and x500 for sync and mail routing:
        • Set-RemoteMailbox -exchangeguid <exchange guid> -archiveguid <archive guid>  -EmailAddresses X500: <x500>
    2. Removing the cloud mailbox
      1. Remove the user from Office 365 and resync with AD sync.
        • remove-msoluser <user>
        • remove-msoluser <user> -removefromrecyclebin -force
      2. Clearing the previous mailbox information
        • Set-User <user> -PermanentlyClearPreviousMailboxInfo

Accidentally deleted a on-premise mailbox?

  1. Identify where the disconnected or soft deleted mailbox is. 
    • $dbs = Get-MailboxDatabase $dbs | foreach {Get-MailboxStatistics -Database $_.DistinguishedName} | where {$_.DisconnectReason -eq “Disabled”} | Format-Table DisplayName,Database,DisconnectDate
  2. Reconnect the mailbox
    1. Connect-Mailbox -Identity “<identity>” -Database <database> -User “<user>” -Alias <alias>

Accidentally deleted the on-premise user, but need to restore the data to cloud mailbox?

  1. Create a new temporary mailbox on-premise to restore the data to.
  2. Identify where the disconnected or soft deleted mailbox is. 
    • $dbs = Get-MailboxDatabase $dbs | foreach {Get-MailboxStatistics -Database $_.DistinguishedName} | where {$_.DisconnectReason -eq “Disabled”} | Format-Table DisplayName,Database,DisconnectDate,*guid*
  3. Restore the primary and archive data to the temporary mailbox
    • New-MailboxRestoreRequest -SourceStoreMailbox <mailbox guid> -SourceDatabase <database> -TargetMailbox <mailbox> -AllowLegacyDNMismatch
    • New-MailboxRestoreRequest -SourceStoreMailbox<mailbox guid> -SourceDatabase <database> -TargetMailbox <mailbox> -TargetIsArchive
  4. Export the data to PST (requires rights) 
    • NewManagementRoleAssignmentRole “Mailbox Import Export”User Administrator
    • New-MailboxExportRequest -Mailbox <mailbox> -FilePath <path>
    • New-MailboxExportRequest -Mailbox <mailbox> -FilePath <path> -isarchive
      • Ensure the Exchange Trust Subsystem group has read/write permissions to path
  5. Check status:
    • GetMailboxExportRequest | where {$_.status eq “Completed”}
  6. Remove job:
    • Get-MailboxRestoreRequest -Status Completed | Remove-MailboxRestoreRequest
    • Get-MailboxRestoreRequest -Status Failed | Remove-MailboxRestoreRequest
  7. Import to mailbox:
    • In Outlook with Exchange Online Mailbox, you can import directly – ensure you do not copy duplicates.
Categories: Exchange, Office365, Powershell Tags:

[EX2010][EXO] Forwarding Address Export and Import

February 11, 2020 No comments

 

Categories: Exchange, Office365, Powershell Tags: