Monday, July 11, 2011

Lab Environment: Set All Users With Non-Expiring Passwords

Using Active Directory Module for Windows Powershell (part of Windows 2008 R2 Active Directory and downloadable for earlier versions of AD) use the following cmdlet to set all your user to have non-expiring passwords. Great for lab environments:

Get-ADUser | Set-ADAccountControl –PasswordNeverExpires $True

Posted by at 1 comment:

Friday, July 08, 2011

Free/Busy Cross-Forest Working One Way Only

Or indeed, not working at all! I had the issue of it working one way only (On-Premise Exchange organization > Office 365) but the other way (cloud to on-premise) did not work at all.

The answer is shown in this video

http://www.microsoft.com/showcase/en/us/details/a16a9d39-416a-4b01-a88f-5ff511580424

This covers the reasons why Free/Busy (and the other federation features of MailTips, archive and move mailbox might not work both ways in a Hybrid Coexistence setup for Office 365 or between two Exchange on-premise organizations.

The reason I found was the Organization Relationship contained the wrong list of domains. There are three domains (at least) that are needed in the organization relationship. These are:

  • Primary SMTP Namespace Domain (i.e. fabrikam.com)
  • Namespace for other organization (i.e. service.fabrikam.com)
  • Exchange Delegation domain (i.e. exchangedelegation.fabrikam.com)

In the organization relationship on-premise (or Org A if you are doing two on-premise organizations) set the following domains after the relationship is created. This includes the primary SMTP namespace and the service namespace for the other organization. This can be set with the following Exchange Management Shell cmdlet:

Set-OrganizationRelationship -Identity "To Cloud" -DomainNames "service.fabrikam.com","fabrikam.com" -MailTipsAccessEnabled $True -MailTipsAccessLevel All -DeliveryReportEnabled $True –TargetOwaUrl https://outlook.com/owa/fabrikam.com -ArchiveAccessEnabled $True –MailboxMoveEnabled $True

In Org B (or on Office 365) use a similar cmdlet, but use the Exchange Delegation namespace and the primary SMTP domain. Also Office 365 does not let you set the MailboxMoveEnabled property to $True

Set-OrganizationRelationship -Identity "To On-premises" -DomainNames "exchangedelegation.fabrikam.com","fabrikam.com" -MailTipsAccessEnabled $True -MailTipsAccessLevel All -DeliveryReportEnabled $True -ArchiveAccessEnabled $True

Supposedly Service Pack 2 for Exchange 2010 will do all this and more for you with the Hybrid Configuration Wizard, but its always useful for troubleshooting to discover what changes and why when you run a wizard to do things!

Posted by at 1 comment:

Monday, July 04, 2011

CRM Router and Exchange 2010

To configure the CRM Email Router with Exchange 2010 you need to do the following. Not all of these points are clearly documented on the internet.

  1. Create a mailbox (CRM_Router@domain.com)
  2. Set password never to expire
  3. Ensure that the mailbox is not hidden from the address list
  4. Login to above mailbox
  5. Enable impersonation with the following Exchange Management Shell command

      6. New-ManagementRoleAssignment –Name: "ApplicationImpersonation-CRM Router" -User: "CRM_Router@domain.com" –Role:"ApplicationImpersonation"

  6. [Optional] See http://blogs.msdn.com/b/crm/archive/2009/12/21/how-to-configure-microsoft-dynamics-crm-4-0-e-mail-router-on-premise-with-microsoft-exchange-server-2010.aspx for EMS commands to limit the scope of the CRM_Router user account
  7. Configure the CRM Email Router as per http://snackbox.microsoft.com/pages/snackdetail.aspx?itemId=152&userId=&caid=&csId=%257b4c712394-1373-4d8e-b85e-369111823def%257d%2540%257b4a9965c4-db36-4193-9e83-32347ea3b0f1%257d
  8. Ensure that CRM_Router@domain.com is a CRM System Administrator level account.
Posted by at No comments:
Subscribe to: Posts (Atom)