User Profile
ThomasOeser
Brass Contributor
Joined 10 years ago
User Widgets
Recent Discussions
AADConnect Multi Forest + Linked Mailboxes Question
So we have 3 ad forests that are trusted. In forest A we have the majority of users and computers and the exchange server. In forest B we have users and computers and the users have linked mailboxes on the exchange server in forest A. In forest C we have users and computers and the users have seperate users with "normal" mailboxes on the exchange server in forest A. They just use the separate login information to connect to the mailbox in outlook and then save credentials. We now want to move all mailboxes to O365 via Exchange Hybrid and we already installed AADConnect in forest A. The question is on how to do the user matching in this szenario because it is not a classic exchange resource forest scenario. The end goal is to merge the forests in to one but we are far away from this. Whats the best way to do the user matching here? One other idea was to migrate the mailboxes (about 200) from forest B and C with a 3rd party tool to O365 first and convert their mailboxes in forest A to mail users with a target address that will not be synced to O365.2.6KViews0likes3CommentsCannot reject second incoming call (repeated popups)
Hello, we have experienced a problem with MS Teams in different customer environments when wanting to reject a second incoming call in Teams Client. From time to time (cannot reproduce this) a second incoming call cannot be rejected, if the user clicks the reject button the incoming call popup goes away for a moment but immediately returns. Has somebody experienced similar problems and knows the root cause of this issue? Enabling busyonbusy is not an option. Second incoming calls should be allowed but rejecting the calls should just work.1.3KViews0likes1CommentSign-In to Teams blocked by Conditional Access only in Preview-Mode
Hello, we want to enable Teams Public Preview Mode by configuring the Teams Update Policy for a few users. During our first test we have noticed that users can no longer login to MS Teams in Public Preview-Mode. If they disable Public Preview-Mode they can immediately sign-in again. In Azure AD Sign-In logs we see that the sign-in is blocked by conditional access. Access policy does not allow token issuance teams Sign in error code 53003 Anybody experienced similar problems and know a workaround? I suuspect that Teams is using an unkown App-iD in Public Preview-Mode or something like that.5.1KViews0likes2CommentsSMTP relay to EXO internal relay domain recipients fails with 550+5.4.1+Recipient+address+rejected
Hello, we have all mailboxes in Office 365 and decomissioned our Hybrid Setup. We did setup an IIS SMTP relay to relay mails to (through) Office 365 from our internal applications. Recently we needed to add a new domain to our tenant . All of the mailboxes from this domain are located in another email system outside of the tenant so we did setup the domain to internal relay and did setup a send connector which uses MX to determine the connection endpoint for mails to this domain. Mails from Office 365 senders to recipients in this domain work fine. But mails from our on premises applications relaying through our IIS SMTP relay to recipients in the new domain fail with message: 550+5.4.1+Recipient+address+rejected:+Access+denied. Only if i add the target email address from the new domain as mail contacts mail will be delivered outside of the tenant to the recipients. We do not want to create contacts for all recipients of the new domain. Any ideas how to solve this?2.2KViews0likes1CommentRe: Teams Federation with Pure On Prem Skype for Business
Pawel_88 Based on my understanding the Skype for Business pure on prem partner needs to configure this for Teams federation to work? Is this correct? Anything on our side (Teams Only) to configure? https://docs.microsoft.com/en-us/skypeforbusiness/manage/federation-and-external-access/federation-support/configuring-federation-support5.4KViews0likes0CommentsRe: Teams Native Chat Problem
Mitchell Bakker Thank you for your answer. Based on my understanding the global setting for Coexistence mode does not need to be touched. Should work on an individual bases. My assumption was that Teams native federated chat does no longer need the external DNS records and instead the chats are routed directly in the Office 365 Teams infrastructure. But i could be wrong on that. So if the missing DNS records could be the problem here, i think i will give it a try.8.8KViews0likes2CommentsTeams Native Chat Problem
Hello, following szenario: Tenant A user is Teams Only (Moved from SfB Online to Teams Only a year ago) Tenant B user had S4B on prem (no usage) and was using Teams in parallel (No Hybrid). On Prem S4B user was removed, changes synced to cloud (lync attributes removed, sip address changed to UPN). User was upgraded to Teams Only 2 days ago. Tenant B users new sip domain (from UPN) has no external Skype for Business DNS records like sip.domain.com. I would expect that the new Teams native chat should work here but following problem occurs: Tenant B user sends chat message to tenant A user. Tenant A user receives the message but a Skype Symbol is displayed next to tenant B user. The Message "Due to an org policy change, you can enjoy a richer chat and calling experience" is displayed. When clicking the link a new chat opens with rich features but the reply there is again received in a new chat on Tenant B users Teams. So replies to messages initiated in either tenant always end up in a seperate chat. Do we need to add the SIP DNS records despite native federation capability here to solve the problem or is this completely unrelated? What could be the problem here?8.9KViews0likes5CommentsExchange Hybrid 2013 Prereq at least one multirole CAS+MBX
Does anybody know what this requirement for EX Hybrid 2013 means? We have a large EX 2013 environment with dedicated CAS and Mailbox servers, there is no server which holds both roles. The first sentence in the statement states that at least one multirole server is a hard requirement but the second sentence states, that it is only recommended. Exchange Hybrid Requirement Exchange 2013: At least one server with the Mailbox and Client Access server roles installed. While it's possible to install the Mailbox and Client Access roles on separate servers, we strongly recommend that you install both roles on each server to provide additional reliability and improved performance.667Views0likes1CommentModern Auth On for EXO and S4B Online but Off for S4B Hybrid / EX Hybrid
Hello, i want to understand the impact of enabling modern authentication for Exchange Online and Skype for Business Online in the following scenario: Skype for Business On Premises Environment with 1 S4B 2015 Site (Main Site) and 1 Lync 2013 Site Skype for Business Hybrid PSTN configured with Office365 Exchange On Premises 2013 with existing Hybrid setup with Office 365 Polycom Trio and VVX devices No MFA for users Modern Authentication only activated for Sharepoint Online, not for Exchange Online and Skype for Business Online Office 2016 Click2Run for all Clients ADFS 3.0 is in use with no special claims Intune should be used for conditional access User combinations: S4B User On Premises with mailbox in Exchange Online S4B User On Premises with mailbox in Exchange On Premises S4B User in Office 365 with mailbox in Exchange Online S4B User in Office 365 with mailbox in Exchange On Premises What we want: We only want to enable modern authentication for Exchange Online and Skype for Business Online. The documentation from Microsoft is somewhat confusing. Some articles state that we would have to enable modern authentication for the S4B on premises environment too. So basically the qiuestion is can we activate modern authentication for Exchange Online and Skype for Business Online and leave it off for the S4B Hybrid / Exchange Hybrid On Premises environment? I have attached a picture which undermines my assumption that it should be possible to turn Modern Authentication On for EXO and S4B Online and leave it off for the on premises components even if they are hybrid.1.3KViews0likes1CommentBoss suddenly Missing from People I Manage Calls For Group in Boss/Admin Szenario
Hello, we have the Problem in a boss/admin Scenario where the user is Admin of 2 bosses that one of the bosses is removed after a few days from the "People I Manage Calls for" group in the admins skype for Business Client. She is still in the bosses delegates group in his skype for Business Client and all Boss/Admin Features still work. Boss is just missing from the relevant group in the S4B Client. If we remove the delegate on the boss pc and readd it the same happens after a few days again. I somehow could reproduce this issue in one of my test labs. After i came back to my test lab after about a week turned the lab PCs on and looked at the "People I Manage Calls for" group the boss was missing. This is really strange as it happened with different users, different PCs and even different Skype for Business online C2R versions. Only thing special is that we do not use Outlook Delegation on the bosses PCs. Admin has just Full Access and Sendas Rights to the boss Mailbox as apposed to SendOnBehalf. Any ideas?850Views0likes0CommentsAzure AD (Connect) Passthrough Auth and Office ProPlus Shared Computer Licensing
Hello, i usually recommend customers to utilize ADFS SSO when they want to install Office Pro Plus with Shared Computer Activation in Terminalserver (Citrix) cause Office will activate in background without prompting users to activate. What will be the behaviour when Azure AD Connect: Passthrough Authentication is used? Anybody tested this?6.5KViews0likes7CommentsADFS Rapid Restore Tool
Just wanted to notify about a new tool released a couple of weeks ago for backing up and restoring ADFS. https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-fs/operations/ad-fs-rapid-restore-tool Will start testing this in the next weeks.2.7KViews4likes2CommentsResend Creation Notifications Site Mailbox
From time to time i get notifications about creation of Site Mailboxes that were created a long time ago. Does anyone know what triggers the resend of these notifications. Powershell shows that the site mailboxes where changed on the date that i got the notification. But i have ask my team and nobody changed anything. So i really need to know what triggers these events.740Views0likes2Comments
Recent Blog Articles
No content to show