Sneaky tricky management scopes in Exchange Online.

If you’ve been creating scopes in Exchange Online in, for instance, following way…:

$Group = Get-DistributionGroup -Identity “RoomImpersonationGroup”
New-ManagementScope “Room Mailboxes Impersonation” -RecipientRestrictionFilter “MemberOfGroup -eq ‘$($Group.DistinguishedName)'”

…so using a DistinguishedName attribute – you might experience a moment when this solution stops to work.

itisatrap

Continue reading “Sneaky tricky management scopes in Exchange Online.”

Advertisements

Automated way to check Mellanox RDMA ping (nb_send_bw.exe) across nodes in a Hyper-V cluster.

So just recently we got need of checking RDMA ping between nodes, and as we got a few the task of running nb_send_bw.exe was getting a little fiddly. As we were waiting for repair storage jobs to finish between restarts I wrote a few lines to automating task.

GetReady

Continue reading “Automated way to check Mellanox RDMA ping (nb_send_bw.exe) across nodes in a Hyper-V cluster.”

Storage Space Direct – how to check storage jobs to not blow things up.

Just a small reminder for myself…

thisclose

Remember kids, storage jobs are only visible when running ISE or PowerShell console as an admin!

Safest is to always check the status of the jobs with invoke-command, as my dear colleague told me today, when using invoke you use the highest privileges:

Invoke-Command -ComputerName <CLUSTER_NODE_NAME> -ScriptBlock {Get-StorageJob}

 

Exchange – two ways to create new role assignments.

Forgotten this recently and got caught spending some time investigating.

Boys and girls, remember one thing – if you create role assignments like this:

New-ManagementRoleAssignment -Name "ASSIGNMENT NAME" -Role "ApplicationImpersonation" -CustomRecipientWriteScope "IMPERSONATION USERS" -SecurityGroup "IMPERSONATION ADMINS"

where “IMPERSONATION ADMINS” is your a security group created by you – this role assignment will NOT be visible in your “admin roles” area in Exchange Console:

adminrolesarea

Instead, you need firstly create a Role Group and assign role to it, for instance

New-RoleGroup -Name "ROLE GROUP IMPERSONATION ADMINS"

New-ManagementRoleAssignment -Name "ASSIGNMENT NAME" -Role "ApplicationImpersonation" -CustomRecipientWriteScope "IMPERSONATION USERS" -SecurityGroup "ROLE GROUP IMPERSONATION ADMINS"

Only assigning a role to a role group allows it to appear in the admin roles area.

Remember about that!

remember

 

How to properly reboot machine with PowerShell.

Just today my wonderful colleague showed me a great way to restart machine and at the same time – test if it has came up and is operational (basically if PowerShell responds remotely).

Restart-Computer -ComputerName <COMPUTERNAME> -Wait -Protocol wsman -force

Use -force to forcely logoff any active sessions (savage!!!!)

After performing restart in above way, console waits and will not go further, unless PS on the remote machine responds!

batmanping

 

Isn’t that cool!?

How to access HKEY_CURRENT_USER registry entry remotely.

So just recently I’ve been asked by Microsoft support to perform a change in the registry to avoid getting many local failure email messages saved in local OST.

The instruction how to do it, can be found under (In our case the solution didn’t work at all by the way):

https://answers.microsoft.com/en-us/msoffice/forum/msoffice_o365admin/how-can-i-stop-synchronization-logs-from-being/ece4da42-c641-4a73-a026-999bbfe78a76?auth=1

As you might see in the article the path given is:

hkey_current_user\software\microsoft\office\1x.0\outlook\options

This kind of change can be done remotely as well, all you need to have is an AD SID of the user.

onedoesnotsimply

Continue reading “How to access HKEY_CURRENT_USER registry entry remotely.”

Veeam Backup for Microsoft Office 365 and “Failed to synchronize item changes. The server cannot service this request right now. Try again later.” error.

Recently I’ve been struggling with a few issues on Veeam Backup for Microsoft Office 365, still struggling with one, but fortunately can post an update about two that has been resolved. Jupi!

 

Okay, so I got this error going on on Veeam:

30.10.2017 07:21:17 :: Job started at 30.10.2017 08:21:17
30.10.2017 07:21:17 :: Connected to organization
30.10.2017 07:21:20 :: Found 1 mailboxes
30.10.2017 07:21:20 :: Processing mailbox <mailbox_name>@<domain_name.com> failed with error: Failed to synchronize item changes. The server cannot service this request right now. Try again later. :: 0:21:22
30.10.2017 07:42:43 :: Processing of all mailboxes failed
30.10.2017 07:42:43 :: Job failed at 30.10.2017 08:42:43

 

Backup of one single mailbox was constantly failing.

What appeared was mailbox was over 100GB in size When running Get-MailboxStatistics against it – do not know how it is possible though as O365 gives you 100GB for the mailbox.

After enabling archive for this mailbox and runnig Start-ManagedFolderAssistant so the main mailbox went down below 100GB – the backup went just fine ^^.