Dynamic Distribution Group with no Disabled Accounts
Hi I'm trying to build a few Dynamic Distribution Lists in Exchange Online and want to only include Active Users (i.e., users that are marked "Active" in Azure AD). I've tried using the UserAccountControl attribute (-eq 514 or -ne 514 - both are returning the same results, which is strange), but it still includes user accounts that are disabled. This is how my recipient filter looks like: RecipientType -eq 'UserMailbox' -and UserAccountControl -ne 514 What's the best way to achieve this in Exchange Online? Thanks Taranjeet SinghPrimer: How to Use RBAC for Applications to Control App Use of the Mail.Send Permission
The temptation to use the Mail.Send application permission in scripts can lead PowerShell developers into trouble because the permission allows access to all mailboxes, including sensitive executive and financial mailboxes. Fortunately, RBAC for Applications allows tenants to control the access that apps have to mailboxes and other Exchange content. All explained here with an example script to test RBAC of Applications. https://office365itpros.com/2026/02/17/mail-send-rbac-for-applications/
DMARC rejection after Exchange upgrade
I'm having problems with inbound emails getting bounced as Undeliverable due to DMARC rejection. For many years I've had my email come through Fasthosts / Livemail to my own domain (qts.org.uk) with catch-all forwarding set to forward everything to my GMail account. Just recently Fasthosts have upgraded their servers to Exchange and I've started getting DMARC rejections from GMail which start Diagnostic information for administrators: Generating server: exchange2019.livemail.co.uk Total retry attempts: 1 (my gmail email address) t1-hex-xprelay.gem.livemail.co.uk Remote Server returned '550 5.7.26 Message rejected by DMARC policy by gmail.com. Please use your own email address as the sender, instead of (sender's email address). [MSG0009]' Which bounce from Fasthosts / Livemail back to my GMail address. My own domain has SPF, DMARC, and DKIM configured I've done a little digging and it appears to only affect senders from originating domains with DMARC set to reject. So either GMail has coincidentally become much more strict (possible) or Fasthosts are somehow failing to forward emails fully transparently. I have spoken to Fasthosts and logged the issue with them and was not impressed so I hope the experts here can offer a solution I can forward to them.
Cross tenant migration tools : New MS solution compared to Migration Wiz?
Hi, I'm looking for informations about advantages and limitations between new Microsoft Cross Tenant migration solution (Preview) and "Migration Wiz". Microsoft solution look more limited and doesn't seem to have Free/busy sync. What are the returns for those who did use MS cross tenant solution ? Thanks,Running Un-attended Scripts via Task Scheduler
I am trying to get some of my PS Scripts that are required regularly to run un-attended on a server using Task Scheduler. I am aware that App Registrations seem to be the recommended way, but I am struggling to find the best way to plan and deploy a solution. For example, one of the jobs I want to automate is a search using Exchange get-messagetracev2, I have created a service account, given the account Delegate Full Access permissions to 31 shared mailboxes I need to report on. Basically, I need to know how many emails have been received during the previous week to each mailbox. Generate a csv, list the mailbox, start date - end date, number of emails received, then ideally either email 3 users the report, or send a Teams notification (using Workflow Bot) to send a notification that the report is ready and the file is attached. I must be using the least permissive method of doing this, looking for ways to achieve this with the lowest level of access and to understand the best config for the App Registration, can I use Delegate or must it be App permissions? Thanks in advance
IS EXCHANGE 2016 HYBRID STILL SUPPORTED?
IS EXCHANGE 2016 HYBRID STILL SUPPORTED as of January 2026? Pls advise if this statement is correct: Exchange Server 2016 was supported for hybrid deployments with Exchange Online, but as of October 14, 2025, it is no longer supported by Microsoft, meaning no security updates, bug fixes, or technical support are provided. While hybrid prerequisites still technically list Exchange 2016, running it now carries security and compliance risks, and Microsoft recommends upgrading to a supported version such as Exchange Server Subscription Edition or moving fully to Exchange Online. Continuing to use Exchange 2016 in hybrid is possible, but unsupported, so for a secure and compliant hybrid setup, an upgrade or migration is strongly advised.
Distribution List & Security Group
I need a group that is a distribution list (so we can send emails to members of the group) & a security group (so I can assign the group to intune policies). How do I accomplish this? I don't want to just create the security group as our memebers don't like to go to groups in Outlook to check for email, they rather have it in their inbox... TIA, JMS Mail servers claim Hotmail domain does not exist
In my Gmail account I have a rule that forwards everything to my Hotmail/Outlook account where I primarily read all of my mail. This has worked well for a long time until the 16th January 2026 when I started to realise I was missing a few mails. Looking in the Gmail inbox I could see a few NDRs from Googlemail saying that it had failed to forward a message. I'm assuming this is an issue at the Microsoft end as the NDRs say it is a remote (i.e. Microsoft) mail server claiming that the domain Hotmail.co.uk doesn't exist, so the mail gets bounced. BTW, this is not an issue with my individual account, my wife and I have similar setups (both our Gmails forward to our Hotmails) and we both started having the same issue from that date. The key NDR details are always of this form: Address not found Your message wasn't delivered to ***@hotmail.co.uk because the domain hotmail.co.uk couldn't be found. Check for typos or unnecessary spaces and try again. The response from the remote server was: 501 5.5.4 Invalid domain name [AM4PEPF00027A67.eurprd04.prod.outlook.com 2026-01-20T22:06:56.421Z 08DE543D7B61AE38] So, it looks like some server in the chain is claiming that the whole domain "hotmail.co.uk" cannot be found!!! Surely I can't be the only one with this issue? I guess many people will be unaware they're missing mails as the original senders will be the ones receiving the NDRs, and where that is a company (rather than an individual) they probably just bin them and never investigate. This seemed to get worse over a few days and then stabilise to ~25% of mails failing: 16th Jan - 3 of 31 emails had this issue 17th Jan - 0 of 19 failed 18th Jan - 3 of 16 emails had this issue 19th Jan - 1 of 34 emails had this issue 20th Jan - 5 of 27 emails had this issue 21st Jan - 10 of 34 emails had this issue 22nd Jan - 8 of 31 emails had this issue 23rd Jan - 8 of 28 emails had this issue The issue seems to be random, there is no pattern with the times of day or senders - sometimes a particular sender is fine (e.g. Netflix, eBay), sometimes they suffer this issue. In the NDRs I'm not sure what the naming convention of the Outlook servers is but re. the above example's "AM4PEPF00027A67.eurprd04.prod.outlook.com", I've looked at all the servers mentioned in each NDR (up to 22nd) and again there's no real pattern - the hostname's always begin with either AMS0, AMS1, AM3, AM4, DB1, DB3, DB5, DU2, DU6, with the 4 character ones being followed by "EPF000xxxxx" and the 3 character ones being followed by "PEPF000xxxxx". The following subdomain is always eurprd02-eurprd05 with just two examples using EURPRD83. I did try and report to Outlook.com but their online help system currently gives an error (Error 500.30 - ASP.NET Core app failed to start). I hope this is a better place where someone might have a chance of convincing someone that there is a mail server config error somewhere?
