Applying On-Prem EAP with New-Remote Mailbox
BACKGROUND: my org is in a hybrid AD/Exchange environment, and will remain so for some time. All mailboxes, other than a very small number with on-prem dependencies, were migrated to M365 a few years ago; we will continue to have 1-2 Exchange Servers on-premises for both management and some legacy on-prem processes. All user accounts are created on-premises, and synchronized to M365 through Entra Connect Sync. Our on-prem EAP has the exact address syntaxes that we need [applies to "Users with Exchange mailboxes" + "Resource mailboxes" + "Mail-enabled groups"]. I haven't found a clear answer to the question: with an Exchange 2019 (and soon SE) server on-premises - with users initially created on-premises - is there a way to provision new EXO mailboxes [using the 'new-remotemailbox' cmdlet], such that the on-prem EAP applies during creation? I've been working with these two references, but so far haven't found a way to make the "new-remotemailbox..." cmdlet work to (a) create a new account on-premises and (b) ultimately have an EXO mailbox provisioned with the on-prem EAP addresses in place: On provisioning mailboxes in Exchange Online when in Hybrid | Microsoft Community Hub https://learn.microsoft.com/en-us/powershell/module/exchangepowershell/new-remotemailbox?view=exchange-ps Any thoughts or suggestions would be welcomed! (OR - perhaps it just can't be done?)
Authentication issues after upgrading to 2019/CU15
After upgrading to Exchange Server 2019 CU15, we started having many authentication issues. They appear in many forms. Executing a get powershell command on any virtual directory will fail for the remote system (I currently have 2 servers configured). It will log in the event viewer a DCOM 10028 error: DCOM was unable to communicate with the computer (other system FQDN name) using any of the configured protocols; requested by PID 570 (c:\windows\system32\inetsrv\w3wp.exe), while activating CLSID {2B72133B-3F5B-4602-8952-803546CE3344}. It is intermittent in nature. At first, I thought executing the Reset-ComputerMachinePassword would solve the issue, but it does not always work. We have one Windows 2025 DC in our infrastructure as we have seen some domain trust issues that have been a result of the 2025 DC. Microsoft recommends running this for those client systems. But those systems usually had an event logged in the DC indicating the need for resetting this password. This is not appearing for the Exchange servers. When the get command fails, other issues such as Outlook clients not authenticating occur as well. The Outlook clients continuously prompt for credentials without accepting them, even though correct values have been entered. However, when the get command succeeds, so does Outlook. Anyone experiencing this as well?
Unable to Add Exchange 2019 Email Account (Ionos) to Outlook (New) on Windows 11
Hello everyone, unfortunately, I am unable to add my Ionos (Exchange 2019) email account to the Outlook Windows app. On Windows 10, it was still possible to manually configure an Outlook account, which worked fine. However, on Windows 11, this option is no longer available, and I can’t revert to the previous version of Outlook either. When I try to add the account by selecting Microsoft 365 - Office 365, Exchange and entering my email address, I always get the error message: We couldn't find a work or school account with that email address. I have already contacted Ionos, but they couldn’t solve the issue either. They mentioned that Microsoft doesn’t allow setting up an Exchange account this way, even though the option is listed in the selection menu. Does anyone know how to fix that? Thank you very much!Exchange EWS API Error
After migrating from 2016 to 2019 and SE, I was trying to move my script to the new server but came up with many issues. I was using this yesterday and it was working and today it's not. Seems random and no idea why it's happening that Exchange2016 disappears from the selection. $Service = New-Object Microsoft.Exchange.WebServices.Data.ExchangeService( [Microsoft.Exchange.WebServices.Data.ExchangeVersion]::Exchange2016 ) The property 'Exchange2016' cannot be found on this object. Verify that the property exists. At line:1 char:1 + $Service = New-Object Microsoft.Exchange.WebServices.Data.ExchangeSer ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], PropertyNotFoundException + FullyQualifiedErrorId : PropertyNotFoundStrict If I run the following, Exchange2016 is no longer in the list (it was when I tried yesterday). This seems random, [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 Set-StrictMode -Version Latest Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn Add-Type -Path 'C:\Setup\ExchangeEWS\Microsoft.Exchange.WebServices.dll' # Get the type information for the ExchangeVersion enumeration $type = [Microsoft.Exchange.WebServices.Data.ExchangeVersion] # Get all declared fields $fields = $type.GetFields('DeclaredOnly, Public, Static') # Iterate over each field and display its name and value foreach ($field in $fields) { Write-Output "$($field.Name) = $($field.GetValue($null))" } Output: Exchange2007_SP1 = Exchange2007_SP1 Exchange2010 = Exchange2010 Exchange2010_SP1 = Exchange2010_SP1 Exchange2010_SP2 = Exchange2010_SP2 Exchange2013 = Exchange2013 Exchange2013_SP1 = Exchange2013_SP1 And if I run in Powershell ISE, I see more error (same script in regular powershell works). Exception calling "FindItems" with "2" argument(s): "The request failed. The underlying connection was closed: An unexpected error occurred on a send." At line:87 char:5 + $Items = $Service.FindItems( 'Inbox', ( New-Object Microsoft.Exch ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : ServiceRequestException
Creation of customrole that allows only creation of Mailenabled Security groups.
Hej Exchange community :) My first post here and i am also quick to admit that im not really super experienced with Exchange management (been a user of the Gui for many years on a servicedesk) I am trying to create a custom role in our 2019 onprem exchange installation to give our servicedesk the ability to create mailenabled security groups directly in the gui in Ecp. My custom role has access to the cmdlets bellow but im missing something Get-ManagementRoleEntry "mygroupname\*" Enable-DistributionGroup Remove-DistributionGroupMember Add-DistributionGroupMember Remove-DistributionGroup Set-DistributionGroup Get-OrganizationalUnit Get-Group Get-Recipient Get-DistributionGroup New-DistributionGroup The test user i have set up in order to test this gets access to create distributionsgroups sure enough but the security groups option is not there. as i have understand it is the "New-DistributionGroup" cmdlet with the parameter type-security that allows for the creation of the security groups, but when i try to add that with After a few hours spent googling and asking different gpt (and sorting thro the gpt hallusinations) i'm at a loss for what the issue might be. Anyone got any ideas what i'm missing? Thanks in advance :)
Moving Exchange Hybrid From Exchange 2016 To Exchange SE
Hi, I'm in the process of planning the migration of Exchange Hybrid connectivity from a single Exchange 2016 server to a single Exchange SE server. Below are the steps I've carried out so far - Imported SSL certificate used by Exchange 2016 server to Exchange SE server & assigned services. Updated virtual directories URL's on Exchange SE server to match those used by Exchange 2016 server. Added Exchange SE server IP address to firewall rules allowing access to EOL where the Exchange 2016 server IP is present. Questions I have - When I run the Hybrid configuration wizard on Exchange SE server if any of the firewall rules are incorrect will the wizard flag these? At what stage do I change internal\external DNS for Hybrid & Autodiscover to point to the IP address of Exchange SE server? If after HCW has been run successfully on Exchange SE, how quickly does DNS need to be updated, immediately, within 24hrs etc? Existing send connectors within Exchange 2016\EOL will they be auto updated with Exchange SE server added or new connectors created? If new send connectors created do you disable the old connectors used by Exchange 2016 then delete? Thanks in advanced for any replies.Not receiving <InReplyTo> tag in EWS GetItem response if mail subject changed in reply
Hello, I have an add-in that I run in Exchange Server 2019. When replying to an email, my add-in requires some information related to the parent email. For this, I use the EWS GetItem API. In the response, I get an <InReplyTo> tag, where I find information about the parent email. See below example for more info: The issue is that if I change the subject in the reply, I do not get that <InReplyTo> tag in the response, and hence cannot access parent email information. This issue is only observed in Outlook on Mac (classic UI). Any information, workaround, or timelines on a potential fix for this issue will be greatly appreciated. Do let me know if any further information is required from my end. Thanks, Raghunandan Kumbhar
Local domain mailbox migration error
I ran into an issue while migrating from on-premise to O365. On-premise AD domain is “domain.local” so users have their mailboxes smtp address as follows: primary smtp mailto:email%20address%20removed%20for%20privacy%20reasons ( public domain ) aliases smtp proxy: mailto:user@domain.local We setup the hybrid environment and started the mailbox migration but they’re failing with the error that domain.local is not an accepted domain in O365. this is the first time it occurred to us since we made a lot of migration so far What can it be ? obviously is not possible to add domain.local as accepted domain in o365
