Configure On-Premises Public Folders for a Hybrid Deployment with Exchange 2013


situation

Exchange Hybrid environment (Office 365 – Exchange Online) with Exchange 2013 on premise. Public Folders are hosted on-premise and need to be accessed by online users.

problem

The only official documentation provided by Microsoft how to configure on-premises public folder access (http://technet.microsoft.com/en-us/library/dn249373(v=exchg.150).aspx), talks about “legacy public folders”. Which in this case are Public folders hosted on Exchange 2007 SP3 RU10 or 2010 SP3.

So the first thought was to configure a proxy mailbox as outlined in the TechNet article and acting as if we had a 2007 or 2010 environment. This seemed to be working until the installation of CU3 on the Exchange 2013 server(s). Outlook clients got the following error while trying to open public folders:

solution

The solution is actually quite simple and strange that it’s not documented in any way by Microsoft so far. The Public folders on the Exchange 2013 server are, like the ones in Exchange Online, “Modern Public folders” and do not need a proxy mailbox. So just use the “Windows Azure Active Directory Sync” to synchronize the on-premises Public Folder mailbox objects to Azure AD/Office 365/Exchange Online. These mailbox objects will exist as mail enabled user objects in the online environment.

Next step (after you verify that the objects exist online) is to configure Exchange Online to use the on-premises public folders with the following PowerShell command:

Set-OrganizationConfig -PublicFoldersEnabled Remote -RemotePublicFolderMailboxes 
PFMailbox01,PFMailbox02,PFMailbox03

The autodiscover process is responsible for redirecting the online Outlook users to the on-premises public folders.

Be aware that Autodiscover should point to you on-premise environment to get this to work and that online users won’t be able to access on-premises public folders using Outlook Web App!

I’ve checked the above method with Microsoft Exchange Engineers and they have confirmed this way of configuring the environment is correct.

Advertisements
Configure On-Premises Public Folders for a Hybrid Deployment with Exchange 2013

Unwanted change of the public IP address of your Windows Azure Cloud Service


I recently had some cases where I lost the public IP address which was assigned to a cloud service within Windows Azure. This was not really a desired scenario because these IP addresses were already used and registered in DNS. The use of a CNAME to *.cloudapp.net was not an option because the use of certificates.

The reason why I lost the public IP address on these services was because of the state of the Virtual Machines within the services. Because of the changes of the billing mechanism in Windows Azure (June, 2013), there was a new status introduced for the Virtual Machines. The new status: Stopped (Deallocated) places the VM in a special state which means that the configuration of the VM is not actively being associated with fabric resources. This results in the fact that you are not being billed for the hourly compute time while the VM is in that state. This is of course a very useful feature, however when all of your VM’s in a Cloud Service are put in this state, the public IP address associated with that service will be released. The next time you start a VM in the Cloud Service it will have a new public IP address assigned. How can we prevent this? Just be aware about the way you shutdown your VM’s in a Cloud Service and/or assure that there’s at least one VM running all the time. There are three ways to shutdown/stop a VM within Azure:

  1. Shutdown VM via Windows Azure Management Portal
    When using the Shutdown button within the Azure portal by selecting the VM, it puts the VM in the Stopped (Deallocated) state. 11/112913_2256_unwantedcha1
  2. Shutdown Guest Operating System inside the VM
    Using shutdown (via RDP) from within the VM causes it to go into Stopped state.
  3. Stop VM via Windows PowerShell using Windows Azure PowerShell Module
    In the latest version of the Windows Azure PowerShell Module there’s a new StayProvisioned parameter added to the Stop-AzureVM cmdlet. With this parameter you can determine the state that the VM goes in when shutting it down:
    Stop-AzureVM -ServiceName “myservice1” -Name “MyVM”
    This causes the VM to go in the Stopped state.
    Stop-AzureVM -ServiceName “myservice1” -Name “MyVM” –StayProvisioned
    This causes the VM to go in the Stopped (Deallacated) state.

Summary: just put your VM’s in a Cloud in the correct state (stopped) and/or keep at least one VM running. This way you don’t lose your public IP address.

For more information: http://msdn.microsoft.com/en-us/library/windowsazure/dn133803.aspx

Unwanted change of the public IP address of your Windows Azure Cloud Service

Assign License to Users with Group Membership


This script can be used to assign users a license who are member of a specific Office365-Security Group.
The password in this script is encrypted!
Please note that this script only works for users who do not have a license assigned yet.
There are a couple of variables used in this script. Please adjust them if necessary:

Variable Description
GName Name of the Office 365 Security Group
LicenseN Name of the license that will be assigned to the users
Make sure you fill in the license in the correct format! For example: a P1 license is: EXCHANGESTANDARD
UsageLocation Set user location
Make sure you use the correct format! For example: Netherlands = NL
AdminUser Username of the admin user in Office 365 to run this script
Use the UID of the user. For example: AssignLicenses@wortelltechready.com

Script

Here’s the code for the script:

#### Set Variable
Set-Variable -name GName -value "AssignLicenses@wortelltechready.com"
Set-Variable -name LicenseN -value EXCHANGESTANDARD
Set-Variable -name UsageLocation -value NL
Set-Variable -name AdminUser -value "admin@wortelltechready.com"


#### Set Encrypted Password
$Password = "01000000d08c9ddf0115d1118c7a00c04fc297eb010000000ec5c2fd088ac741a6882556fafff2bd0000000002000000000003660000c00000001000000040e00f5a263e04689f6499394c5c6bbe0000000004800000a000000010000000bd5dea3f12458d5030966c7c2cbd0f5528000000474330610cdcc62da9e80a3f19a1eb3b144b1c819ee6d6457906ddbad33baa9cd0944e904bf50000140000003974ffe84f0b9fa5df07c79eaeb3b2b84e5d0023"
$PasswordSecure = ConvertTo-SecureString -String $Password
$cred = New-Object system.Management.Automation.PSCredential($AdminUser, $PasswordSecure)

#### Create Function Logon to Office365
function Logon {
    Import-Module MSOnline
    Connect-MsolService -Credential $cred
               }


############################################################################################################################
############################################################################################################################

#### Logon to Office 365
Logon

#### Create Log File + Start Logging
$Log = "AssignLicenseByGroup.ps1" + ".log"
$ErrorActionPreference="SilentlyContinue"
Stop-Transcript | out-null
$ErrorActionPreference = "Continue"
Start-Transcript -path $Log -append


#### Get DistributionGroupMembers
$GUIDT = Get-MsolGroup -SearchString $GName
$GUID = $GUIDT.ObjectId

#### Set License
$CompanyInfo=Get-MsolAccountSKU
$CompanyName=$CompanyInfo.AccountName
$LicenseName=$CompanyName+":"+$LicenseN.ToUpper()

#Get-MsolGroupMember -GroupObjectId $GUID -All | Set-MsolUser -UsageLocation $UsageLocation
Get-MsolGroupMember -GroupObjectId $GUID -All | ForEach-Object {
    Set-MsolUser -ObjectId $_.ObjectId -UsageLocation $UsageLocation
	Set-MsolUserLicense -UserPrincipalName $_.EmailAddress -AddLicenses $LicenseName
    }
#### Stop Logging
Stop-Transcript

Copy and paste the code in notepad (for example) and save it as “AssignLicenseByGroup.ps1”. Go through the following steps to use the script.

Steps


This is the final part of a series of posts about some PowerShell scripts I created or used and modified for some Office 365/Exchange Online migrations.
An overview of the series can be found here.

Assign License to Users with Group Membership