Zoho Banner September 2011

Posts tagged ‘O365’

Actually, this is more of a question than answer – although I have an answer of sorts, albeit far from elegant.

I’ve been scheduling some batch onboarding mailbox migrations from a hybrid environment with Exchange 2010 to Exchange Online.  The batch process is pretty straightforward, but I haven’t found an easy way to dump the list of users within the batch after it has been created.  Of course if you are using the CSV import method of populating the batch this is a bit of a non-issue.  However, if you’re creating the batch manually you might want to check back in at some point and remind yourself who is in the batch – or you might want to export the list to send to someone else.  Now I’m not entirely new to Powershell, but I can’t see any obvious way to do this easily.  Here’s what I ended up with:

(Get-MigrationBatch -Identity “MyBatchName” -IncludeReport | select -ExpandProperty report).entries.message.formatparameters | ?{$_ -like “*@*”}

Ugly, isn’t it?  The above command will provide a list of email addresses of the mailboxes within the batch.

If you have found an easier way of doing this, please post a comment below.

 

 

It seems that a couple of weeks ago my standalone Exchange Online Protection (EOP) configuration was changed without me being involved. Basically, it looks like my default Accepted Domain was changed from type “Internal Relay” to “Authoritative” without my knowledge or consent.

The first I knew of this was when I noticed my on-premises mail server was no longer receiving email. The current usage is low, so I didn’t notice it for a couple of weeks. After some troubleshooting I pinned the problem down to the fact that the Accepted Domain was showing as “Authoritative”. After changing it back to “Internal Relay” mail started getting delivered to my on-prem server almost immediately.

Accepted Domains

I have no delegated admins for this service, so nobody could have gone rogue on me. I have also checked the admin audit logs and the only entries shown for modifying the Accepted Domains configuration are a) when I originally set it up last September and b) when I changed it back yesterday. Here are a few screenshots to show the evidence.

Firstly the graph below shows when mail stopped being received…

graph

 

…then the audit entries showing when I made modifications to the mail.activedir.org Accepted Domain. It only shows the two entries. The first was when I set up the service last September and the second was when I made the change from “Authoritative” to “Internal Relay”yesterday.

 

EOP_audit2

 

 

EOP_audit1

It looks like I don’t have access to the external admin audit log report. It doesn’t appear in my EAC view (see below), so perhaps it is simply not available to EOP-only subscriptions. This might have been insightful as the the log apparently shows actions performed by datacentre administrators, which is where I believe the change was made.

 

Audit_View

Given the external admin audit log report wasn’t available via the EAC, I thought I would try to invoke it via Powershell. All I got from the output was the changes that I had made in the portal, i.e. no external admin entries.

 

PS C:\> Search-AdminAuditLog -ExternalAccess $true

RunspaceId         : 4e7bfd93-6f40-493b-b294-4f936506f863
ObjectModified     : FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/fisheaglelimited2014.onmicrosoft.com/Configuration/mail.activedir.org
CmdletName         : Set-AcceptedDomain
CmdletParameters   : {MatchSubDomains, Identity, DomainType}
ModifiedProperties : {AcceptedDomainFlags, AcceptedDomainType}
Caller             : tony@mail.activedir.org
ExternalAccess     : 
Succeeded          : True
Error              : None
RunDate            : 5/03/2015 1:44:26 a.m.
OriginatingServer  : DB3FFO11WS056 (15.01.0099.000)
Identity           : e7054efb-d9f5-461a-9c85-08d224fd0c3a
IsValid            : True
ObjectState        : New

PS C:\> $now = get-date

PS C:\> $start = $now.AddYears(-1)

PS C:\> Search-AdminAuditLog -ExternalAccess $true -StartDate $start -EndDate $now

RunspaceId         : 4e7bfd93-6f40-493b-b294-4f936506f863
ObjectModified     : FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/fisheaglelimited2014.onmicrosoft.com/Transport Settings/FE Outbound
CmdletName         : New-OutboundConnector
CmdletParameters   : {TlsDomain, CloudServicesMailEnabled, TlsSettings, Enabled...}
ModifiedProperties : {ConfigurationUnit, SmartHostType, Id, OrganizationId...}
Caller             : tony@fisheaglelimited2014.onmicrosoft.com
ExternalAccess     : 
Succeeded          : True
Error              : None
RunDate            : 7/09/2014 8:57:44 p.m.
OriginatingServer  : AM1FFO11WS040 (15.00.1010.011)
Identity           : ec85e346-1d12-4ab0-2067-08d198f581a9
IsValid            : True
ObjectState        : New

RunspaceId         : 4e7bfd93-6f40-493b-b294-4f936506f863
ObjectModified     : FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/fisheaglelimited2014.onmicrosoft.com/Transport Settings/FE Inbound
CmdletName         : New-InboundConnector
CmdletParameters   : {SenderIPAddresses, CloudServicesMailEnabled, RestrictDomainsToCertificate, Enabled...}
ModifiedProperties : {ConfigurationUnit, Id, OrganizationId, RawName...}
Caller             : tony@mail.activedir.org
ExternalAccess     : 
Succeeded          : True
Error              : None
RunDate            : 8/09/2014 1:17:15 a.m.
OriginatingServer  : AM1FFO11WS002 (15.00.1019.000)
Identity           : 50f7f697-a501-4106-56a9-08d19919c2fb
IsValid            : True
ObjectState        : New

RunspaceId         : 4e7bfd93-6f40-493b-b294-4f936506f863
ObjectModified     : FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/fisheaglelimited2014.onmicrosoft.com/Configuration/FE Outbound
CmdletName         : Set-OutboundConnector
CmdletParameters   : {TlsDomain, CloudServicesMailEnabled, Identity, TlsSettings...}
ModifiedProperties : {RecipientDomains, RecipientDomainsEx, SmartHosts}
Caller             : tony@mail.activedir.org
ExternalAccess     : 
Succeeded          : True
Error              : None
RunDate            : 8/09/2014 1:19:30 a.m.
OriginatingServer  : DB3FFO11WS013 (15.00.1019.000)
Identity           : 9f184a42-929c-4a98-54c8-08d1991a134d
IsValid            : True
ObjectState        : New

RunspaceId         : 4e7bfd93-6f40-493b-b294-4f936506f863
ObjectModified     : FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/fisheaglelimited2014.onmicrosoft.com/Configuration/mail.activedir.org
CmdletName         : Set-AcceptedDomain
CmdletParameters   : {MatchSubDomains, Identity, DomainType}
ModifiedProperties : {AcceptedDomainFlags, AcceptedDomainType}
Caller             : tony@mail.activedir.org
ExternalAccess     : 
Succeeded          : True
Error              : None
RunDate            : 8/09/2014 1:24:06 a.m.
OriginatingServer  : AM1FFO11WS002 (15.00.1019.000)
Identity           : 55b909e6-abbd-43af-8c21-08d1991ab767
IsValid            : True
ObjectState        : New

RunspaceId         : 4e7bfd93-6f40-493b-b294-4f936506f863
ObjectModified     : FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/fisheaglelimited2014.onmicrosoft.com/Configuration/mail.activedir.org
CmdletName         : Set-AcceptedDomain
CmdletParameters   : {MatchSubDomains, Identity, DomainType}
ModifiedProperties : {AcceptedDomainFlags, AcceptedDomainType}
Caller             : tony@mail.activedir.org
ExternalAccess     : 
Succeeded          : True
Error              : None
RunDate            : 5/03/2015 1:44:26 a.m.
OriginatingServer  : DB3FFO11WS056 (15.01.0099.000)
Identity           : e7054efb-d9f5-461a-9c85-08d224fd0c3a
IsValid            : True
ObjectState        : New

 

I’ve opened a support incident with Microsoft about this, so I’ll post a follow-up here when that it resolved.

Anyone else out there experienced something similar?