Skip Navigation LinksPowerShell

 ​Sig​​n in​​

Windows Azure Active Directory Module for Windows PowerShell for Office 365 

Microsoft Online Services Sign-In Assistant for IT Professionals BETA
http://www.microsoft.com/en-us/download/details.aspx?id=39267

To install the Azure Active Directory for Windows PowerShell:
Install the Windows Azure AD Module for Windows PowerShell: You must install the appropriate version of the Windows Azure AD Module for Windows PowerShell for your operating system from the Microsoft Download Center:

Windows Azure Active Directory for Windows PowerShell (32-bit version) http://go.microsoft.com/fwlink/p/?linkid=236298
Windows Azure Active Directory for Windows PowerShell (64-bit version) http://go.microsoft.com/fwlink/p/?linkid=236297

For more information regarding this article, see the information within the link below:
Use Windows PowerShell to manage Office 365
http://technet.microsoft.com/library/jj151815.aspx#BKMK_Requirements
http://onlinehelp.microsoft.com/en-us/office365-enterprises/hh124998.aspx

Download and Install the Microsoft Online Services Module for Windows PowerShell for Single Sign on.
http://onlinehelp.microsoft.com/en-us/office365-enterprises/ff652560.aspx#BKMK_CreateOrConvertADomain

Use Windows PowerShell to manage Office 365
http://onlinehelp.microsoft.com/en-us/office365-enterprises/hh124998.aspx

Download and Install the Microsoft Online Services Module for Windows PowerShell for Single Sign on.
http://onlinehelp.microsoft.com/en-us/office365-enterprises/ff652560.aspx#BKMK_CreateOrConvertADomain

Click Start > All Programs > Microsoft Online Services (Folder) and select Microsoft Online Services Module for Windows PowerShell

Method 1:
How to connect BOTH PowerShell modules (MOSDS) and (EXO) in one session using Microsoft Online Services Module for Windows PowerShell and Windows PowerShell to Exchange online (O365).
Copy and paste the commands below:

$LiveCred = Get-Credential
Connect-MSOLservice –Credential $livecred
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
Import-PSSession $Session

NEW DNS OFFICE 365 URL outlook.office365.com​:

$LiveCred = Get-Credential
Connect-MSOLservice –Credential $livecred
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/  -Credential $LiveCred -Authentication Basic -AllowRedirection
Import-PSSession $Session​ 


Method 2:
How to Connect to Exchange online (O365) using the Microsoft Online Services Module for Windows PowerShell session (MOSDS)
Connect-MsolService

How to connect BOTH commands in one session using Regular Windows PowerShell PS (Blue):

Import-module msonline
Connect-MSOLservice
$LiveCred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
Import-PSSession $Session


To connect to regular Windows PowerShell 2.0 run the command bellow:
$LiveCred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
Import-PSSession $Session


Additional troubleshooting information:

To Verify the version application, run the command below:

Get-PSSnapin

To Verify that WinRMto connect with O365, run the following commands together:
net start winrm
winrm get winrm/config/client/auth

To Configure WinRM to support basic authentication:
winrm set winrm/config/client/auth @{Basic="true"}

If the customer was getting some sorts of restriction, the customer enter the following command "
To fix this issue use Run the command bellow:

Set-ExecutionPolicy RemoteSigned -Force
Set-ExecutionPolicy Unrestricted -Force

If the organization has a GPO that has restricted policy, run ther command below:
Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy unrestricted -Force

Additional commands:

Set-ExecutionPolicy -Scope LocalMachine -ExecutionPolicy unrestricted -Force

Set-ExecutionPolicy -Scope MachinePolicy -ExecutionPolicy unrestricted -Force

Set-ExecutionPolicy -Scope UserPolicy -ExecutionPolicy unrestricted -Force
Set-ExecutionPolicy -Scope Process -ExecutionPolicy unrestricted -Force

For more information click here

Disconnect Windows PowerShell from the cloud-based service:
Remove-PSSession $Session

To obtain a complete list of cmdlets that are available
Get-Command *MSOl*


Find commands (MSOL)
Get-Command –Module msonline

Check if you still are connected at MOS
Get-Pssession


Windows PowerShell: FAQs for Administrators

Control Users' Access to Windows Remote Management

 

How to troubleshoot computer issues that limit Office 365 rich client authentication Click Here

To troubleshoot this issue, use one or more of the following methods, depending on the likely cause of the issue.

Resolution 1: Network connectivity is limited

Use a browser and try to access http://www.msn.com. If you can't access this website, troubleshoot network connectivity issues.
  1. At a command prompt, use the ipconfig and ping tools to troubleshoot IP connectivity. For more info about how to do this, see the following Microsoft Knowledge Base article:
    169790 How to troubleshoot basic TCP/IP problems
  2. At a command prompt, run nslookup www.msn.com to determine whether DNS is resolving Internet server names.
  3. Make sure that the proxy server settings in Internet Options reflect the appropriate proxy server, if a proxy server is used in the local network.
  4. If a Forefront Threat Management Gateway (TMG) firewall is installed on the boundary of the network and the firewall requires client authentication, you might have to install and configure the Forefront TMG client program on the client device for Internet access. Contact your Office 365 admin for help.

Resolution 2: Firewall or proxy servers require additional authentication

To resolve this issue, configure an exception for Microsoft Office 365 URLs and applications from the authentication proxy. For example, if you're running Microsoft Internet Security and Acceleration Server (ISA) 2006, create an "allow" rule that meets the following criteria:

Allow outbound connections to the following destinations:

  • Local intranet zone settings aren't set up correctly in Internet Explorer

    Make sure that https://*.outlook.com is added to the Local intranet zone in Internet Explorer.

    You can't start the eDiscovery PST Export Tool from the Exchange admin center in Exchange Online http://support.microsoft.com/kb/2919825  
    Additionally, make sure that the following URLs are not listed in the Trusted sites zone:


*.office365.com

*.outlook.com

*r4.res.outlook.com

*.res.outlook.com

*.microsoft.com

*.onmicrosoft.com

*.microsoftonline.com

*.microsoftonline-p.net

*.microsoftonline-p.com

*.microsoftonlineimages.com

*.microsoftonlinesupport.net¹

*.lync.com

*.live.com

*.glbdns.microsoft.com 

*.msn.com

*.msn.co.jp

*.msn.co.uk

*.msecnd.net

*.msocdn.com

*.office.net

*.officeapps.live.com

*.Sharepoint.com

*.Sharepointonline.com

*.activedirectory.windowsazure.com

*.phonefactor.net

*.ols.officeapps.live.com/olsc

*.activation.sls.microsoft.com

*.validation.sls.microsoft.com

*.osub.microsoft.com 

*.officecdn.microsoft.com

 

If the security is enabled

https://*.outlook.com 

https://r4.res.outlook.com 

https://*.res.outlook.com  

 

ev-secure.verisign.com

evsecure-ocsp.verisign.com

evsecure-aia.verisign.com

evsecure-crl.verisign.com


PSOM/TLS 443 Lync Online (outbound data sharing sessions)
STUN/TCP 443 Lync Online (outbound audio, video, and application sharing sessions)
STUN/UDP 3478 Lync Online (outbound audio and video sessions)
TCP 5223 Lync mobile client push notifications
  
RTP/UDP 50000-50019 - Outbound Lync (outbound audio sessions)
RTP/UDP 50020-50039 - Outbound Lync (outbound video sessions)
TCP 50040-50059 - Outbound Lync Application sharing and file transfer

As you can see, besides port 443 against the misc. URLs, we now also establish a connection to "xsi.outlook.com" via port "10106".

This information is important for all customers, but especially for those that use OWA from the internal network (Kiosk users) and have configured client-side port restrictions.

  • Ports 80/443
  • Protocols TCP and HTTPS
  • Rule must apply to all users.
  • HTTPS/SSL time-out set to 8 hours

Resolution 3: Prerequisites of the rich client application aren't met, or the Microsoft Online Services Sign In Assistant is out of date

If certain operating systems or rich client applications aren't updated with the appropriate prerequisites, they may be unable to access the intended services. Make sure that the computer and the applications meet the system requirements for Office 365. For more info, go to the following Microsoft website: The easiest way to make sure that your computer is updated appropriately for Office 365 is to run the Office 365 Desktop Setup Tool. To do that, follow these steps:
  1. In a web browser, browse to https://portal.microsoftonline.com
  2. sign in, and then click Downloads in the right pane.
  3. Scroll to the bottom of the page. Under 3 Set up and configure your Office desktop apps, click Set up, and then confirm when you're prompted to run the Office 365 Desktop Setup Tool.
Or, you can download and manually install the required updates and packages from the following Microsoft website:

Resolution 4: The rich-client application isn't configured for Office 365

 

If profiles haven't been created for some rich-client applications, those applications will be unable to correctly access the intended services. The easiest way to make sure that applications are configured appropriately for Office 365 is to run the the Office 365 Desktop Setup Tool:
  1. In a web browser, browse to https://portal.microsoftonline.com, sign in, and then click Downloads in the right pane.
  2. Scroll to the bottom of the page. Under 3 Set up and configure your Office desktop apps, click Set up, and then confirm when you're prompted to run the Office 365 Desktop Setup Tool.
Or, you can manually configure application profiles. For more info, see the following Microsoft website:

 

  1. You're using an outgoing proxy server, and the connection times out

    Use the netsh command-line tool to open port 8080 on the proxy server. To do this, follow these steps:

 

Open a command prompt, and then run the following command:

netsh winhttp show proxy


Run the following command:

netsh winhttp set proxy proxyservername:8080

For example:

netsh winhttp set proxy proxy.contoso.com:8080 ​



"WinRM client cannot process the request" error when you connect to Exchange Online through remote Windows PowerShell​ 


When you try to use remote Windows PowerShell to connect to Microsoft Exchange Online in Microsoft Office 365, you receive the following error message:

[outlook.office365.com] Connecting to remote server failed with the following error message:
The "WinRM client cannot process the request because the server name cannot be resolved. For more information, see the about_Remote_Troubleshooting Help topic.

+ CategoryInfo : OpenError:
(System.Manageme....RemoteRunspace:RemoteRunspace) [].
PSRemotingTransportException

+ FullyQualifiedErrorId : PSSessionOpenedFailed


SOLUTION

To resolve this issue, check whether the Windows Remote Management service is installed and has started. To do this, follow these steps:
  1. Do one of the following:
    • In Windows 8, press the Windows logo key+R to open the Run dialog box, type services.msc, and then press Enter.
    • In Windows 7 or Windows Vista, click Start, type services.msc in the Start search field, and then press Enter.
    • In Windows XP, click Start, click Run, type services.msc, and then press Enter.
  2. In the Services window, double-click Windows Remote Management.
  3. Set the startup type to Manual, and then click OK.
  4. Right-click the service, and then click Start.
  5. Let the service start.

    Note If the service was already started but it's not responding, you may have to click Restart.
  6. Try to connect to Exchange Online again.


http://support.microsoft.com/kb/2905339 


Messages in the Office 365 portal: "Setting up... this may take a few minutes" provisioning issues Click Here

To verify the Provisioning Status in all services ECP Exchange Online / SharePoint Online (SPO)/Lync Online / Microsoft Office Desktop Apps service (Setting up... this may take a few minutes). Connect to MOSMWP using O365 admin credentials and then run the command below:

Get-MsolAccountSku | % { $_.ServiceStatus }

Get-MsolAccountSku | FL

Get-OrganizationConfig | fl rbac*,orig*


Get-User user@contoso.com | Select *server*

Get-MSOLuser -UserPrincipalName user@domain.com |Ft IsLicensed, OverallProvisioningStatus, ValidationStatus

Get-MSOLuser –All | FL UserPrincipalName ,IsLicensed, OverallProvisioningStatus, ValidationStatus > UsersInformation.txt 








How to search Mailbox / User / Contact / Distribution Group / Distribution List / Security Group  Click Here

Get-MsolUser -UserPrincipalName usuario@domain.com |FL

Get-Mailbox  user@example.com | FL

Get-User user@example.com | FL

Get-Recipient ​ -ResultSize Unlimited | Where {$_.EmailAddresses -Match "user@example.com"} | FL

Get-MailboxStatistics user@example.com | FL

Get-Mailbox -identity user@example.com | Select -Expand EmailAddresses Alias

Get-CASMAilbox -Identity user@domain.com |FL

Get-CASMAilbox user@domain.com |FL DisplayName,*MAPI*,*Pop*, *ActiveSync*,*IMAP*, *EWS*, *OWA*

 

 

 

 

How to create users in O365 with PowerShell and from the O365 portal:

To create or edit users from O365 portal Click Here

Using MOSDS O365 PowerShell:

Connect-MSOLservice

New-MsolUser –UserPrincipalName user1@domain.com –Password Welcome1 –ForceChangePassword $false -DisplayName "user 1"

 

 

 

 

How to get Mailbox / User / Distribution Group/Distribution List /Security Group INFORMATION Public article Click Here


 

Get-MsolUser -UserPrincipalName usuario@domain.com |FL 

Get-Mailbox -identity user@example.com| FL

Get-User user@example.com | FL

Get-Recipient | where {$_.EmailAddresses -match "user@example.com"} | FL

Get-MailboxStatistics user@example.com | FL

Get-Mailbox -identity user@example.com | Select -Expand EmailAddresses Alias

Get-CASMAilbox -Identity user@domain.com |FL

Get-CASMAilbox -Identity user@domain.com |FL DisplayName,*MAPI*,*Pop*, *ActiveSync*,*Imap*, *Ews*, *OWA*

To find every alias for each user or DG/DL run the command below:

Recipient

Get-MSOLuser -User user@domain.com |Select -Expand Proxyaddresses

Get-MSOLuser -All​ |Select -Expand Proxyaddresses

To find a specific alias for each mailbox, or DG/DL run the command below:

To search a user / aliases /mailbox groups using email address, run the command below:

To search an existing user using Display Name.

Get-Recipient | where {$_.DisplayName -match "Alain Lopez"} | FL Name, DisplayName, WindowsLiveID, EmailAddresses

Get-Recipient | where {$_.DisplayName -match "Alain Lopez"} | FL

To search an existing user using the windows Live Id and check if is a federated user:

Get-Recipient | where {$_.WindowsLiveID -match "alain@lgvcorp.co"} | FL

To search Mail Enable Users (MailUser) in the organization:

Get-Recipient | Where {$_.RecipientType -Match "MailUser"} | FT
Get-Recipient | Where {$_.RecipientTypeDetails -Match "MailUser"} | FT

Proxy Addesses from MOP

Get-Msoluser -All | FL DisplayName,ProxyAddresses

Security Group Addresses
Get-Msolgroup | FL DisplayName,ProxyAddresses

CHANGE THE USER'S UPN

Set-MsolUserPrincipalName -UserPrincipalName user@example.com -NewUserPrincipalName user@example.com


To change the UPN for all users in the organization for specific domain:
(The "Admin@" is the only one that will not change the domain)
Get-MsolUser -All | Where { -Not $_.UserPrincipalName.ToLower().StartsWith("Admin@") } | ForEach { Set-MsolUserPrincipalName -ObjectId $_.ObjectId -NewUserPrincipalName ($_.UserPrincipalName.Split("@")[0] + "@example.com") }



 


If you have 1 or more Global Admins in your company, and you will like to change the domain of all your users but the Admins; Add the username inside the (Admin@) like this:

Get-MsolUser -All |Where { 
-Not ($_.UserPrincipalName.ToLower().StartsWith("admin1@") -or$_.UserPrincipalName.ToLower().StartsWith("admin2@") -or$_.UserPrincipalName.ToLower().StartsWith("admin3@") )

} |ForEach { 
Set-MsolUserPrincipalName-ObjectId$_.ObjectId -NewUserPrincipalName ($_.UserPrincipalName.Split("@")[0]+"@domain.onmicrosoft.com") 


 


 

TO CREATE, CHECK VERIFY AND REMOVE DOMAIN FROM MOP O365 2293400

To create the domain from MOP (MOSMWPS):

New-MsolDomain -Name constoso.com (to add the new domain in MOP)

To create a sub domain in MOP:
New-MsolDomain -Name service.contoso.com

To check the new domain status from MOP
Get-MsolDomain -domain contoso.com (To check the domain's status)

Run the following command to obtain and TXT Record entry used for domain verification:

Get-MSOLDomainVerificationDNS -DomainName contoso.com -Mode DNSTXTRecord

Run the following command to obtain and MX Record entry used for domain verification: 
Get-MSOLDomainVerificationDNS -DomainName contoso.com -Mode DNSMXRecord

After you create the records in the domain registrar portal run the command bellow to verify the domain:
Confirm-MSOLDomain -DomainName example.com (To confirm the domain verification)

Remove Doamin from MOP using PowerShell run the cmdlet below:
Remove-MSolDomain -DomainName example.com

To view the list of the domain from MOP 
Get-AcceptedDomain

Aceepted Domain
Get-AcceptedDomain |FL name,domaintype, default

To set a domain as default domain
Set-MsolDomain -Name example.com -IsDefault

To verify if the domain is the default domain:
Get-MsolDomain |FL Name,IsDefault

Determine if the Domain is duplicated from FOPE or Exchange Online:

Get-AcceptedDomain | select Indentiy, PerimeterCDuplicateDetected

To remove the local autodiscover where exist a local server

Remove-AutodiscoverVirtualDirectory -Identity "MyServer\autodiscover(autodiscover.contoso.com)"

Usually when Dir Sync is enabled, you cannot run the PowerShell command for hide or Unhide a Mailbox:

Hide a User from the Shared Address Book in Office 365 

Set-Mailbox -Identity mailbox@domain.com -HiddenFromAddressListsEnabled $False

Set-Mailbox "Usuario Pruebas" -HiddenFromAddressListsEnabled $true

Hide a external contact from the Global Address Book in Office 365

Set-MailContact email@dominio.com -HiddenFromAddressListsEnabled $true


 

Hide all external contacts from the Global Address Book in Office 365

Get-MailContact -ResultSize unlimited | Set-MailContact -HiddenFromAddressListsEnabled $true


DNS Troubleshooting for Exchange Online


Log on to a client computer.
Click Start, and then click Run.
In the Open box, type cmd, Windows PowerShell or (MOSMWP) and then click OK. (Doesn't require connection to O365)
At the "command prompt", Type the following commands togehter and change for your domain name:

Nslookup -type=MX contoso.com
Nslookup -type=CNAME autodiscover.contoso.com
Nslookup -type=TXT contoso.com

Nslookup -type=SRV _sipfederationtls._tcp.contoso.com
Nslookup -type=SRV _sip._tls.example.com


 

Nslookup -type=CNAME Sip.contoso.com
Nslookup -type=CNAME lyncdiscover.contoso.com


Nslookup -type=NS contoso.com
Nslookup -type=A contoso.com


Nslookup -type=CNAME www.contoso.com (SharePoint Public Web)
Nslookup -type=CNAME MS=ms111111.contoso.com (Domain Verifications)




 

Check user Mailbox Size / Total Items size / MailGuid / DeletedItemsSize / ServerName / Quarentined / 

MapyIdentity / Storage limit status / Object class / Logon Time and date / 
Get-Mailboxstatistics user@example.com | fl

Exchange Online View Logon StatisticsClick Here More Information

Last Log on and Log off
Get-MailboxStatistics -Identity user@example.com | Select Identity, LastLogOnTime, LastLogOffTime 

If the organization has more than 1000 users, has to import the information to a CSV file:

Get-Mailbox -Resultsize Unlimited | Get-MailboxStatistics | FL displayname, LastLogonTime | FL | Out-file "C:\Users\UserDesktopName\Desktop\Logon1.txt"

Get-LogonStatistics -Identity user@example.com

Get-LogonStatistics -Identity user@example.com |FL (Full information)

Get-LogonStatistics -Identity user@example.com |FL UserName,LogonTime,LastAccessTime,ServerName


To view the last logon for all organization run the command below:

Get-mailbox | Get-MailboxStatistics | fl displayname, LastLogonTime


     

    To see the last DirSync, run the command below:

    Get-MsolCompanyInformation |FL LastDirSyncTime


     

    How to add an additional Alias or smtp email address to an existing user in Exchange OnlineClick Here:

    Set-Mailbox john@contoso.com -EmailAddresses @{add="john@northamerica.contoso.com"}

    If you need to remove a single alias from a mailbox via PowerShell you can do it by running: 


     

    Set-Mailbox user@domain.com -EmailAddresses @{remove="alias@domain2.com"} 

    If you need to remove a few aliases, not all, just add a coma and the other ones: 


     

    Set-Mailbox user@domain.com -EmailAddresses @{remove="alias@domain2.com","alias2@domain3.com"}

    Get-Recipient | Where {$_.EmailAddresses -Match alias@domain.com} | Set-Mailbox -EmailAddresses @{Remove=alias@domain.com}


    If need to remove ALL aliases and just leave primary: 


     

    Set-Mailbox user@domain.com -EmailAddresses $null 


     

    Get Display Name (when an admin try to add a new user and receive error that already exist run the command to identify which mailbox has the user as an alias:
    Get-Mailbox -Identity user@example.com | Fl *DisplayName 


     

    Get Address List Membership 

    Get-Mailbox -Identity user@example.com | Select -Expand AddressListMembership 


     

    Get the Aliases, SMTP, SIP, smtp for all mailbox in the organization: 

    Get-Mailbox | Select -Expand EmailAddresses Alias 


     

    To find every alias for each user, run the command below:

    Get-Mailbox | FL name, @{name="count";expression={[array]($_.EmailAddresses).Count}},EmailAddresses


     

    To find all mailboxes that is associated with specific domain: 

    Get-Mailbox | where {$_.EmailAddresses -match "example.com"} | fl Name, RecipientType, EmailAddresses 


     

    To find all distribution groups that is associated with specific domain: 

    Get-DistributionGroup | where {$_.EmailAddresses -match "example.com "} | fl Name, EmailAddresses 

    To find all Universal Distribution groups in the organization:

    Get-recipient | where {$_.RecipientType -match "MailUniversalDistributionGroup"} | FT
    Get-recipient | where {$_.GroupType -match "Universal"} | FT 

    To check External Contact information in the GAL 

    Get-MailContact "ContacName" | fl *emailaddress* 


     

    To assign Ownership for a DG: 

    Set-DistributionGroup "GroupName" -ManagedBy "Admin@example.com" -BypassSecurityGroupManagerCheck


     

    To add Member into distribution group: 

    Add-DistributionGroupMember –Identity "GroupName" –Member user@example.com


     






    SEND AS PERMISSIONS 2461791 Public Article
    To configure a mailbox so that a user other than the mailbox owner can use that mailbox to send messages:

    Add-RecipientPermission user1@example.onmicrosoft.com -AccessRights sendAs -Trustee user2@example.onmicrosoft.com

    To check Send As permissions for one user:
    Get-RecipientPermission -Identity user@example.com | Select Trustee, AccessControlType, AccessRights

    To remove Send As settings from a mailbox, use the following command:
    Remove-RecipientPermission -Identity user@example.com -AccessRights SendAs -Trustee Admin@example.com

    To view all Send As permissions you've configured in your organization:
    Get-RecipientPermission | where {($_.Trustee -ne 'nt authority\self') -and ($_.Trustee -ne 'null sid')}

    View Send As permission on a specific recipient
    Get-RecipientPermission user@example.com






    VERIFY SEND ON BEHALF 2461791 
    To grant a user the ability to send mail on behalf of another user:
    Set-Mailbox -Identity user@example.com -GrantSendOnBehalfTo admin@example.com

    To verify that the permissions send mail on behalf of another user:
    Get-Mailbox -identity user@example.com | fl *GrantSendOnBehalfTo

    To remove Send On Behalf permission from a mailbox, use the following command:
    Set-Mailbox -Identity user@example.com -GrantSendOnBehalfTo $NULL


    To export the commands or results use the following:
    Get-MailboxPermission -Identity user@example.com | Select User, AccessRights, Deny | FL| Out-file "C:\Users\UserExample\Desktop\FileName.txt"


     

    Grant Read Permissions to a user mailbox

    To grants "User3" read permission to read User1's mailbox.
    Add-MailboxPermission -Identity "user1" -User "usuario3" -AccessRights ReadPermission


    This example sets Tony Smith as the owner of the resource mailbox Room 222.

    Add-MailboxPermission -Identity "Room 222" -Owner "Tony Smith"


     

    GRANT FULL MAILBOX PERMISSIONS 2461791 Public Article

    Assign permissions to one Exchange Online administrator 
    Add-MailboxPermission -Identity user@example.com -user admin@example.com –AccessRights FullAccess -Automapping $false

    Grant full mailbox access 
    Add-MailboxPermission -Identity user@example.com -User admin@example.com -AccessRights FullAccess -InheritanceType All -Automapping $false

    This example grants the user Mark Steele full access permission to Alain Lopez mailbox and disables the auto-mapping feature. Don't see Mailbox in Outlook and OWA

    Add-MailboxPermission -Identity User1 -User 'Alain Lopez' -AccessRight FullAccess -InheritanceType All -Automapping $false

    Remove mailbox permissions Mailbox Permission 
    Remove-MailboxPermission -Identity user@example.com -User Admin@example.com -AccessRights FullAccess

    Assign Full permission to access one user to see all users' mailboxesPublic Article

    Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox') -and (Alias -ne 'Admin')} | Add-MailboxPermission -User Admin -AccessRights fullaccess -InheritanceType all -Automapping $false

    Assign Full permission to access one user to specific domain in the organization

    Get-Mailbox | where-Object {$_.EmailAddresses -match "example.com"} | Add-MailboxPermission -user admin@example.com -AccessRights FullAccess -Automapping $false


    Assign permissions to the "Organization Management" role group:
    Add-MailboxPermission user@example.com -User "Organization Management" -AccessRights FullAccess -InheritanceType All

    Add-MsolRoleMember -RoleName "Organization Management" -RoleMemberEmailAddress user@example.com


    Assign Role Member in Small Business
    Add-MsolRoleMember -RoleName "Company Administrator" -RoleMemberEmailAddress user2@example.com



    Verify Grant full mailbox access 
    Get-MailboxPermission -Identity user@example.com | Select User, AccessRights, Deny


    Disable Outlook Auto-Mapping with Full Access Mailboxes Click Here

    How to modify / edit / enable / disable Conference room properties or configuration:

    Get-CalendarProcessing -ID user@example.com |FL

    Properties to modify: If the customer needs to enable ($True) or Disable ($False).
    ******************************
    OrganizerInfo:

    Set-CalendarProcessing -ID alain@example.com -OrganizerInfo $False


    AutomateProcessing
    Set-CalendarProcessing -ID alain@example.com -AutomateProcessing $AutoUpdate

    AllowConflicts
    Set-CalendarProcessing -ID alain@example.com -AllowConflicts $True



    Assign Folder permissions Calendar permissions (if the folder is in different language "calendario"

    To gather the correct name of the folder, run the command below:

    Get-MailboxFolderStatistics User | select folderpath


    Add-MailboxFolderPermission -Identity user@example.com:\calendar -user Admin@example.com-AccessRights owner

    Add-MailboxFolderPermission Cloud2@example.com:\calendar -user User@domain.com-AccessRights PublishingAuthor

    Add-MailboxFolderPermission -Identity user@example.com:\calendar -user Default -AccessRights owner

    Add-MailboxFolderPermission jesus@example.com:\calendar -user Kiosk@example.com -AccessRights PublishingAuthor


    Spanish Mailbox Configuration use the command below:
    Add-MailboxFolderPermission Cloud2@example.com:\calendario -user Usuario5@example.com -AccessRights Editor

    Assigning permissions to calendars that have name with spaces:

    Add-MailboxFolderPermission -Identity usuario@tenant.onmicrosoft.com:\Calendar\"Luis Villegas" -User alvin.casado@example.com -AccessRights owner​




    Cannot share conference room calenders 
    As for the second concern, do you want to let all members in your Office 365 tenant can see details in the room mailbox calendar?
    If so, please run the following command in PowerShell to achieve the goal.

    For more informacion Click Here

    Set-MailboxFolderPermission -Identity "room mailbox:\calendar" -User Default -AccessRights Reviewer
    After that the default permission level of the room mailbox calendar is changed to "Reviewer". 

    For tips, if you want specific user don't have the Reviewer permission, please run the following command to assign him a specific permission:
    Add-MailboxFolderPermission -Identity "room mailbox:\calendar" -User "specific user" -AccessRights AvailabilityOnly


    Mailbox Folder Permission Click Here

    Editor
    PublishingAuthor
    AvailabilityOnly
    PublishingEditor

    • ReadItems The user has the right to read items within the specified folder.
    • CreateItems The user has the right to create items within the specified folder.
    • EditOwnedItems The user has the right to edit the items that the user owns in the specified folder.
    • DeleteOwnedItems The user has the right to delete items that the user owns in the specified folder.
    • EditAllItems The user has the right to edit all items in the specified folder.
    • DeleteAllItems The user has the right to delete all items in the specified folder.
    • CreateSubfolders The user has the right to create subfolders in the specified folder.
    • FolderOwner The user is the owner of the specified folder. The user has the right to view and move the folder and create subfolders. The user can't read items, edit items, delete items, or create items.
    • FolderContact The user is the contact for the specified folder.
    • FolderVisible The user can view the specified folder, but can't read or edit items within the specified folder.

    The AccessRights parameter also specifies the permissions for the user with the following roles, which are a combination of the rights listed previously:

    • None FolderVisible
    • Owner CreateItems, ReadItems, CreateSubfolders, FolderOwner, FolderContact, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems
    • PublishingEditor CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems
    • Editor CreateItems, ReadItems, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems
    • PublishingAuthor CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, DeleteOwnedItems
    • Author CreateItems, ReadItems, FolderVisible, EditOwnedItems, DeleteOwnedItems
    • NonEditingAuthor CreateItems, ReadItems, FolderVisible
    • Reviewer ReadItems, FolderVisible
    • Contributor CreateItems, FolderVisible

    The following roles apply specifically to calendar folders:

    • AvailabilityOnly View only availability data
    • LimitedDetails View availability data with subject and location

    Do you want to send emails as the room mailbox address?
    If so, please run the following command in PowerShell to achieve the goal.

    Add-RecipientPermission -Identity "room mailbox" -Trustee "user" -AccessRights Sendas



    To assign Full Access permissions to all Roomailbox in the Organization for one user, run the command below:

    Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'RoomMailbox') -and (Alias -ne 'Admin')} | Add-MailboxPermission -UserUser@domain.com -AccessRights fullaccess -InheritanceType all -Automapping $false

    To assign Full Access permissions to all RooMailbox in the Organization for all users using Microsoft Outlook Client, run the command below:

    Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'RoomMailbox') -and (Alias -ne 'Admin')} | Add-MailboxPermission -UserDefault -AccessRights fullaccess -InheritanceType all -Automapping $false

    To see the each folder size for a specific mailbox, run the command below:

    Get-MailboxFolderStatistics –Identity user@domain.com | Select Name,FolderSize

    To see the list of all folders with a count of the number of items and its size for one user:

    Get-MailboxFolderStatistics -Identity user@domain.com | Select Name,ItemsInFolder,FolderSize | FL

    To see the list of all folders with a count of the number of items and its size for all users in the organization:

    Get-Mailbox | Get-MailboxFolderStatistics | Select Identity,Name,ItemsInFolder,FolderSize | FL > Folder.txt

    To locate the results search the folder in your PC START > type Folder.txt







    Email Forwarding Manage Message Forwarding with Remote Domains 2461791Public Article

    Set forwarding
    Set-Mailbox -Identity user@example.com -ForwardingSmtpAddress external@domain.com -DeliverToMailboxAndForward:$true

    Get Forwarding information
    Get-Mailbox user@example.com | Select DeliverToMailboxAndForward, ForwardingSMTPAddress

    Get-Mailbox -identity user@example.com | fl displayname, forwardingsmtpaddress
    Get-Mailbox user@example.com | Select DeliverToMailboxAndForward

    Verify Forwarding's permissions
    Get-Mailbox -Identity user@example.com | Select ForwardingSmtpAddress

    To check Forwarding for one user 
    Get-Mailbox -Identity user@example.com | Select ForwardingSmtpAddress

    To check forwarding for all users in the organization:
    Get-Mailbox | Select ForwardingSmtpAddress,displayname

    To remove email forwarding for one user:
    Set-Mailbox -Identity user@example.com -ForwardingSmtpAddress $NULL

    Disable automatic message forwarding to all domains outside your organization
    Set-RemoteDomain Default -AutoForwardEnabled $false

    Disable automatic message forwarding to a specific domain outside your organization
    New-RemoteDomain -Name Example -DomainName Example.com

    Enable automatic message forwarding
    Set-RemoteDomain Example.com -AutoForwardEnabled $true

    Enable automatic message forwarding to all domains outside your organization
    Set-RemoteDomain Default -AutoForwardEnabled $true

    You can use this little script if you need to get the list of users who have forwarding set up and the address it is sending to, instead of getting a full list and then sorting:

    Get-Mailbox –ResultSize unlimited | where {($_.emailaddresses -match "tenant.onmicrosoft.com") -and -not ($_.ForwardingSmtpAddress -like $null)} | select Identity,UserPrincipalName,ForwardingSmtpAddress


    How to view Inbox Rules created in the organization Click Here

    Get-InboxRule -Mailbox Joe@Contoso.com |FL 


     

    To check all Inbox Rule in the organization 

    Get-InboxRule |fl Name,Enabled,Description,*Box*


     

    Full information run the command below: 

    Get-InboxRule


     


     


     


     


     


    How to get Transport Rules in the organization Click Here


     

    To get the transport rule list 

    Get-TransportRule | FT


     

    To get more detail of the existing transport rule: 

    Get-TransportRule |FL Name,Identity,WhenChanged,Description,IsValid,State 


     

    Get-TransportRule "Block e-mail messages between Sales and Brokerage Groups" | Format-List 


     

    Get-TransportRule [-Identity <RuleIdParameter>] [-DomainController <Fqdn>] [-Organization <OrganizationIdParameter>] [-State <Enabled | Disabled>]


     



    CHANGE PRIMARY EMAIL ADDRESS 2615519 Public Article


    Set-Mailbox "Mailbox'sDisplayName" –EmailAddresses SMTP:userprincipal@contoso.com,alias2@contoso.com,alias3@fabrikan.com


    Change Primary email Address using SIP

    Set-Mailbox "DisplayName" -EmailAddresses SMTP:user@contoso.com,alias1@ Coffeebeans.onmicrosoft.com,alias2@ Fabrikam.com; Set-Mailbox "user2" -EmailAddresses SIP:user@contoso.com






    Auto Replay

    Set-MailboxAutoReplyConfiguration user2@example.com –AutoReplyState Enabled –ExternalMessage "Please reach me after December 31, 2012" –InternalMessage "Autoreplay Test"


    Migration 

    Get-MigrationBatch -Diagnostic






    SET PASSWORD NEVER EXPIRE 2471104 Public Article

    Set password never expire for one user
    Set-MsolUser -UserPrincipalName user@example.com -PasswordNeverExpires $true

    Set password never expire for all user
    Get-MSOLUser -All | set-msoluser -PasswordNeverExpires $true

    Check what users have the password never expire
    Get-MSOLUser -All | select user*, password*

    Alternatively, to see all users and their "Password never expires setting", you can run the following PowerShell command:
    Get-MSOLUser -All | Select UserPrincipalName, PasswordNeverExpires 

    To check if one user has enabled, run the command below:

    Get-MSOLUser -UserPrincipalName user@domain.com | select user*, password*


     

    Office 365 - Password Expiration Notifications in Outlook Click Here Blog article

    Set-MSOLPasswordPolicy –DomainNameexample.com –NotificationDays 10 -ValidityPeriod 180

    To verify the Password Policy, run the command below:

    Get-MSOLPasswordPolicy -DomainName example.com | FL


     

    TO CREATE NEW PASSWORD FOR USERS VK# 2642174

    To create a new Password for one user:
    Set-MsolUserPassword -UserPrincipalName user@example.com -NewPassword Password1 -ForceChangePassword $false

    To create new password for all users in the organization:

    Get-MsolUser -All | Set-MsolUserPassword -NewPasswordPassword1 -ForceChangePassword $True


     


    Disable or Enable strong Password for User
    Set-MsolUser -UserPrincipalName user@example.com -StrongPasswordRequired $False

    To Disable the strong password for all users in the organization:
    Get-MsolUser -All | Set-MsolUser -StrongPasswordRequired $False


    To check if the Password require strong password when password is changed
    Get-MsolUser -UserPrincipalName user@example.com | FL *StrongPasswordRequired

    To check if the password require strong password when password is changed for all users:

    Get-MsolUser -All | FL UserPrincipalName,*StrongPasswordRequired

    Caveats when the strong passwords are disabled

    Administrators must set users' passwords by using the following Windows PowerShell command if passwords will not meet strong password requirements.

    Set-MsolUserPassword –UserPrincipalName[UserPrincipalName]–NewPassword [NewPassword]

    For example:

    Set-MsolUserPasswordUserPrincipalName john@contoso.com –NewPassword abc
    Passwords that are changed in the Office 365 portal are still checked for whether the passwords meet strong password requirements.




     

    LITIGATION HOLD Click Here

    Put a Mailbox on Litigation Hold 

    To enable the litigation on hold for one mailbox:

    Set-Mailbox user@domain.com -LitigationHoldEnabled $True -Force

    To verfiy the litigation on hold for a mailbox:

    Get-Mailbox -identity user1@example.com | FL DisplayName,WindowsLiveID,*Litigation*

    To enable the litigation on hold for all mailbox in the organization:

    Get-Mailbox -ResultSize Unlimited | Set-Mailbox -LitigationHoldEnabled $True -Force

    To verfiy the litigation on hold for all mailbox in the organization:

    Get-Mailbox | FL DisplayName,WindowsLiveID,*Litigation*


    The following command sets the duration of the litigation hold on Ann Beebe's mailbox to one year.
    Set-Mailbox user@domain.com -LitigationHoldEnabled $true -LitigtionHoldDuration 365


    The following command sets the duration of the litigation hold on Ann Beebe's mailbox unlimited.
    Set-Mailbox user@domain.com -LitigationHoldEnabled $true -LitigtionHoldDuration Unlimited


    The following command puts Pilar Pinilla's mailbox on litigation hold, and sets the litigation-hold duration for 7 years.
    Set-Mailbox user@domain.com -LitigationHoldEnabled $true -LitigationHoldDuration 2555

    After litigation hold activation, over 20.000 items would be lost and send to the exchange server:

    To Recover the items into one single folder run the following CMD:


    Search-Mailbox UserOnHold@domain.com -TargetMailbox admin@domain.com -TargetFolder recoveryfolder -SearchDumpsterOnly

    UserOnHold@domain.com is the mailbox to be recovered
    admin@domain.com is the target.


    To check litigationHold for specific user: 

    Get-Mailbox -identity user1@example.com | fl *LitigationHoldEnabled





     

    Recover a mailbox:

    Get-RemovedMailbox xxxx@yyyy >c:\xxxxx.txt

    Open this file (xxxxx.txt) add the MicrosoftOnlineServicesID

    New-Mailbox -Name "XXXX" -RemovedMailbox xxxx@yyyy -MicrosoftOnlineServicesID <o que se retirou do arquivo> -Password (ConvertTo-SecureString -String '<password a usar>' -AsPlainText -Force)








    RETENTION POLICY http://technet.microsoft.com/en-us/exchangelabshelp/gg271153#policycmdlets
    To obtain retention policy

    Get-RetentionPolicy


    To obtain the retention policy for all mailbox
    Get-Mailbox | ft identity, RetentionPolicy


    To delete the MRM or retention policy for one user:
    Set-Mailbox -Identity username -RetentionPolicy $null

    To delete the MRM or retention policy for the organization:
    Get-Mailbox | Set-Mailbox -RetentionPolicy $null


    Display a list of the retention policies available in your organization.
    Get-RetentionPolicy | fl Name

    Get Detail information for all user in the organization any domain Archiving 

    Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox')} | fl 

    Get-RetentionPolicy -Identity user@example.com | FL Name,RetentionPolicy

    If receive error deleting retention policies:
    This operation is not allowed for the organization with disabled customizations. To enable this operation, you need to execute Enable-OrganizationCustomization task first.

    Enable-OrganizationCustomization
    http://help.outlook.com/en-us/140/hh299030.aspx?sl=1

    To search all policy tags in the organization run:
    Get-RetentionPolicyTag | fl Name,Type,AgeLimitForRetention,RetentionAction 


    ENABLE OR DISABLE (BLOCK) A USER'S CREDENTIAL IN OFFICE 365
    This command Enable (TRUE) and Disable (FALSE) to block OWA, MOP, SharePoint and every services in O365 (which will block them from being able to sign in). This cannot be set for a synced user.


     

    Set-MsolUser -UserPrincipalName user@example.com -blockcredential $true

    Disable or remove feture "Change Password's" option from OWA/ECP. Click Here

    Create a New Role:
    New-ManagementRole –Name MyBaseOptions-NoPSD –Parent MyBaseOptions

    Remove el parameter "Password" from ECP
    Set-ManagementRoleEntry "MyBaseOptions-NoPSD\Set-Mailbox" -Parameters Password –RemoveParameter


     


     


    Assign or sets user's location (country) of this user. The country must be a two-letter ISO code. This can be set for synced users as well as managed

    Set-MsolUser -UserPrincipalName user@example.com -UsageLocation "US"






     

    GET INFORMATION Public article

    Find commands (MSOL)

    Get-Command –Module msonline*


     

    Check if you still are connected at MOS

    Get-Pssession


     


     


     

    To check External contacts information in the GAL

    Get-MailContact | FL *EmailAddress*



     

    TO CHECK EXTERNAL CONTACT INFORMATION IN THE GAL FOR ONE USER

    Get-MailContact ContactName | FL *EmailAddress*

    GROUPS 2230765 / 2519362 / Public Article
    To assign Ownership of the distribution group:

    Set-DistributionGroup "GroupName" -ManagedBy "Admin@contoso.com" –BypassSecurityGroupManagerCheck

    To assign Ownership permissions of all Distribution Group that are using specific domain:

    Get-DistributionGroup | where-Object {$_.EmailAddresses -match "example.com"} | Set-DistributionGroup -ManagedByAdmin@example.com –BypassSecurityGroupManagerCheck

    To assign Ownership permissions of all Distribution Group in the organization:

    Get-DistributionGroup | Set-DistributionGroup -ManagedBy Admin@domain.com -BypassSecurityGroupManagerCheck

    To add members in the distribution group:

    Add-DistributionGroupMember –Identity "GroupName" –Member user@contoso.com


     

    To remove a member from the distribution group:

    Remove-DistributionGroupMember -Identity "GroupName" -Member user@contoso.com


     

    To check the members list from the distribution group:

    Get-DistributionGroupMember -identity "GroupName" |FLDisplayName,WindowsLiveID,RecipientType,EmailAddresses,PrimarySmtpAddress

    To export the data to a CSV file in your PC, run the command below:

    Get-DistributionGroupMember ExchangeServers |FL DisplayName,WindowsLiveID,RecipientType,EmailAddresses,PrimarySmtpAddress | FL | Out-file "C:\Users\UserExample\Desktop\DGroup.txt"


     

    To Change the primary email address and delete the existing proxy addresses o aliases.

    Set-DistributionGroup -Identity "GroupName" -EmailAddresses shared@contoso.com


     

    Check the Aliases, Primary email addresses

    Get-DistributionGroup -Identity "GroupName" |FL *PrimarySmtpAddress,*emailaddress*


     

    Remove DG or the administrator does not have the appropriate permissions applied.

    Remove-DistributionGroup "GroupName" -BypassSecurityGroupManagerCheck


     

    The following example shows how to configure delivery reports to be sent to the message originators:

    Set-DistributionGroup -Identity "GroupName" -ReportToOriginatorEnabled $True


     

    Run the following cmdlet to hide a distribution group2413286
    Set-DistributionGroup -Identity "GroupName" -HiddenFromAddressListsEnabled $true

    Create a Distribution Group:
    New-DistributionGroup -Name Support2

    To Send As emails as a (DL) (DG) Distribution Group run the command below:
    Add-RecipientPermission -Identity user@example.com -Trustee Admin@example.com -AccessRights SendAs


     


     

    Security Groups 
    Manage Manage Security Groups using MOSMWP

    To search all security groups in the organization:

    Get-Recipient | Where {$_.RecipientType -Match "MailUniversalSecurityGroup"} | FT
    Get-Recipient | Where {$_.RecipientTypeDetails -Match "MailUniversalSecurityGroup"} | FT

    The Object Id can be obtained by using the following command: 
    Get-MsolUser -UserPrincipalName <user ID> | Select ObjectId

    After you obtain the Object Id, you can add the value when you create security group:

    New-MsolGroup -DisplayName user@example.com-Managedby <Object Id>


    Creating Security Groups
    New-MsolGroup -DisplayName <Display Name> -Desciption <Description of the Security Group>

    Remove securitygroups
    Remove-MsolGroupMember -ObjectId <Guid1> -GroupMemberObjectId <Guid2>

    To remove all Distribution Groups from MOP:

    Get-MsolGroup -ALL | Remove-MsolGroup -Force


    Add new group members
    Add-MsolGroupMember -ObjectId <Guid1> -GroupMemberObjectId <Guid2> -GroupMemberType Group

    Remove group members
    Remove-MsolGroupMember -ObjectId <Guid1> -GroupMemberObjectId <Guid2> 

    Update the properties of a group
    Set-MsolGroup -ObjectID <ObjectId> -description "Test security group"

    Verify group members

    Get-MsolGroupMember -GroupObjectId <Object Id> -All

    Example:

    Get-MsolGroup

    ObjectId DisplayName GroupType Description
    -------- ----------- --------- -----------
    dcbd02ad-9552-4ce9-96c3-46ae97335f29 Mailbox Us... Security Mailbox U...

    Get-MsolGroupMember -groupObjectid dcbd02ad-9552-4ce9-96c3-46ae97335f29 -All

    GroupMemberType EmailAddress DisplayName
    --------------- ------------ -----------
    User jesus@example.com Jesus Santaella
    User panita@example.com Alfredo Saavedra
    User brian@tenant.onmicros... Brian Scott

    Add a domain or user into safe sender (White list) list:

    Set-MailboxJunkEmailConfiguration -Identity admin@example.onmicrosoft.com -TrustedSendersAndDomains "contoso.com","fabrikam.com","user1@contoso.com","user2@fabrikam.com"



     

    CREATE USERS Public Article



    Create a user
    New-MSOLUser -UserPrincipalName user@example.com -DisplayName "user11"


    Remove User from MOP
    Remove-MsolUser -UserPrincipalName user@contoso.com -force




     

    LICENSES
    Assing a license (2584964)
    Set location first

    Set-MsolUser -UserPrincipalName user@example.com -UsageLocation co -BlockCredential $false

    Get skuid
    Get-MsolAccountSku | Select AccountSkuId

    Assing all licenses
    Set-MsolUserLicense -UserPrincipalName user@example.com -AddLicenses "jsnetwork:enterprisepack"

    Convert License:

    Set-MsolUserLicense -UserPrincipalName user@contoso.com -RemoveLicenses "contoso:standardpack" -AddLicenses "contoso:enterprisepack"


    To get the detail for each user in the organization

    Get-Msoluser -all | ForEach-Object { "============="; $_.DisplayName; $_.licenses[0].servicestatus }








     

    ActiveSync



    Get-ActiveSyncDeviceStatistics -Mailbox user@example.com


    To determine who in the organization has a Microsoft Exchange ActiveSync device. For each device, the Exchange ActiveSync device statistics are retrieved:To check mobile phone configured to synchronize with the mailbox that belongs to the user

    $UserList = Get-CASMailbox -Filter {hasactivesyncdevicepartnership -eq $true -and -not displayname -like "CAS_{*"} | Get-Mailbox

    $UserList | foreach { Get-ActiveSyncDeviceStatistics -Mailbox $_}



    How to change the languages for a user mailbox in Exchange online Click here:

    Set-Mailbox -Identity "Katarina Larsson" -Languages "Es-Es"





     


    To check the external contacts in the GAL:
    Get-MailContact ContacName |FL *EmailAddress*





     

    To verify the UPN user

    Get-Mailbox -Identity 'block' | fl *DisplayName,PrimarySmtpAddress







    Mailbox Quota Archive mailbox
    Get-Mailbox -Identity user1@example.com | FL *quota




    Get Max Size Sending and Receiving Send Receive
    Get-Mailbox -Identity user@example.com | FL *Size


    Get-Mailboxstatistics user1@example.com |FL TotalItemSize ; Get-Mailbox -Identity user1@example.com | FL *quota



    Check Office 365 Plan 
    Get-MailboxPlan -AllMailboxPlanReleases |fl name,PersistedCapabilities,Identity,Displayname








    Get-CASMailboxPlan


    To Verify CAS services if are Enabled or Disable OWA, IMAP, POP, MAPI, Active Sync Enabled
    Get-CASMAilbox -identity user@example.com


    To check Full CAS information 
    Get-CASMAilbox -identity user@example.com |FL


    To Disable OWA for specific user
    Set-CASMailbox -Identity user@example.com -OWAEnabled:$false

    To Disable OWA for all users in the organization, run the command below:
    Get-Mailbox | Set-CASMailbox -OWAEnabled:$False

    To Disable OWA for specific Domain, run the command below:
    Get-Mailbox | where-Object {$_.EmailAddresses -match "example.com"} | Set-CASMailbox -OWAEnabled:$false


    To Disable MAPI
    Set-CASMailbox -Identity user@example.com -MapiEnabled:$false


    To Disable IMAP
    Set-CASMailbox -Identity user@example.com -IMAPEnabled:$false


    To Disable POP
    Set-CASMailbox -Identity user@example.com -POPEnabled:$false

    To Disable EWS
    Set-CASMailbox -Identity user@example.com -EWSEnabled:$false



    To verify the CAS in Online MAPI, IMAP, ActiveSync, POP, EWS for all mailbox in the organization: 
    Get-CASMAilbox |FL DisplayName,MAPIEnabled, PopEnabled, ActiveSyncEnabled,ImapEnabled, EwsEnabled, OWAEnabled

    To verify the CAS in Online MAPI, IMAP, ActiveSync, POP, EWS for one user:
    Get-CASMAilbox -Identity user@example.com |FL DisplayName,MAPIEnabled, PopEnabled, ActiveSyncEnabled,ImapEnabled, EwsEnabled, OWAEnabled


     

    To enable EWS for an entire Tenant in Exchange Online:

    Get-Mailbox | Set-CASMailbox -EwsAllowOutlook $true

    This will enable EWS to function properly in Exchange Online.

    -EwsAllowOutlook

    -EwsAllowMacOutlook 
    -EwsAllowEntourage 

    To gather EWS information run the command below:

    Get-CASMailbox -Identity "user2@example.com" |FL *Ews*

    To enable the CAS for MAC and Entorurage for one user run the command below:

    Set-CASMailbox -EwsAllowOutlook $true -Identity "user2@domain.com"

    Set-CASMailbox -EwsAllowMacOutlook $true -Identity "user2@domain.com"

    Set-CASMailbox -EwsAllowEntourage $true -Identity "user2@domain.com"

    To Enable for all users in the organization run the command below:
    Get-mailbox | Set-CASmailbox -EwsAllowOutlook $true


    Get Exchange Guid
    Get-Mailbox -identity user1@example.com | FL *ExchangeGuid








    Check all User's information (E-mail fordward, PasswodNevExp, UserPrincipalName, BlackBerryUser, Using License

    Get-mailbox | FL

    Get-MSOLUser -all | FT
    Get-MSOLUser -all | FL *




    Check one User information (Email/ License / Company information / PassNevExp / 
    Get-MSOLUser -user user@example.com | FL







    To check the mailbox server name, run the command below: 

    Get-Mailbox User@example.com | Select DisplayName, ServerName

    DISABLE CONNECTED ACCOUNT FROM ECP Click Here

    We accomplished this by customizing the RBAC roles in O365 using a remote PowerShell session.

    1. Export MyBaseOptions management role entries for reference: 
      Get-ManagementRoleEntry MyBaseOptions\* | ConvertTo-Html > C:\MyBaseOptions.htm
    2. Copy the existing MyBaseOptions management role as new MyMailForwarding Role: 
      New-ManagementRole –Parent MyBaseOptions –Name MyMailForwarding
    3. Copy the existing MyBaseOptions management role as a new MyMailbox role: 
      New-ManagementRole –Parent MyBaseOptions –Name MyMailbox
    4. Remove all Set-Mailbox parameters (which include mail forwarding permissions) from the new MyMailbox role: 
      Remove-ManagementRoleEntry MyMailbox\Set-Mailbox
    5. Add Set-Mailbox parameters back to MyMailbox role except those associated with mail forwarding: 
      Add-ManagementRoleEntry MyMailbox\Set-Mailbox –Parameters AcceptMessagesOnlyFrom, AcceptMessagesOnlyFromDLMembers, AcceptMessagesOnlyFromSendersOrMembers, ErrorAction, ErrorVariable, ExternalOofOptions, GrantSendOnBehalfTo, Identity, Languages, MailTip, MailTipTranslations, OutBuffer, OutVariable, Password, RejectMessagesFrom, RejectMessagesFromDLMembers, RejectMessagesFromSendersOrMembers, RequireSenderAuthenticationEnabled, UserCertificate, UserSMimeCertificate, WarningAction, WarningVariable

    To enable Audit for an administrator to Search Mailbox in ECP:

    Set-Mailbox -Identity user@domain.com -AuditEnabled $true

    To enable mailboxes to audit search from ECP

    $UserMailboxes = Get-mailbox -ResultSize Unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox')}

    $UserMailboxes | ForEach {Set-Mailbox $_.Identity -AuditEnabled $true}


     

    To create multiple alias via PowerShell
    After the SMTP (Primary email address) can add multiple alias adding the comma

    Set-Mailbox "DisplayName" –EmailAddresses SMTP:user@contoso.com,alias1@Coffeebeans.com,alias2@Fabrikam.com,alias3@Coffeebeans.com,alias4@contoso.onmicrosoft.com

    Get Display Name (when an admin try to add a new user and receive error that already exist run the command to identify which mailbox has the user as an alias:

    Get-Mailbox -Identity user1@contoso.com | FL *DisplayName

    Get Address List Membership
    Get-Mailbox -Identity user1@ contoso.com | Select -Expand AddressListMembership

    Get the Aliases, SMTP, SIP, smtp for all mailbox in the organization:
    Get-Mailbox | Select -Expand EmailAddresses Alias

    Get the Aliases, SMTP, SIP, smtp for One user
    Get-Mailbox -Identity user1@ contoso.com | Select -Expand EmailAddresses Alias

    To check the full information for an alias or mailbox use the command bellow:
    Get-Mailbox -Identity user1@contoso.com | FL
    To find all mailboxes that is associated with specific domain:
    Get-Mailbox | where {$_.EmailAddresses -match "contoso.com"} | fl Name, RecipientType, EmailAddresses

    To find all distribution groups that is associated with specific domain:
    Get-DistributionGroup | where {$_.EmailAddresses -match "contoso.com"} | FL Name, EmailAddresses

    To find information for specific distribution group
    Get-DistributionGroup -identity "Team Group" |FLName,PrimarySmtpAddress,GroupType,EmailAddresses,GroupType,MemberJoinRestriction

    Change Primary email Address using SIP

    Set-Mailbox " DisplayName" -EmailAddresses SMTP:user@contoso.com,alias1@ Coffeebeans.onmicrosoft.com,alias2@ Fabrikam.com; Set-Mailbox "user2" -EmailAddresses SIP:user@contoso.com



    To find a specific alias for each mailbox, or DG/DL run the command below:

    Get-Recipient | where {$_.EmailAddresses -match "cloud1@example.com"} | Select -Expand EmailAddresses Aliases


    To find every alias for each user or DG/DL run the command below:

    Get-Recipient | FL name, @{name="count";expression={[array]($_.EmailAddresses).Count}},EmailAddresses


     


    Get-Msoluser -All | FL DisplayName,ProxyAddresses

    Get-Msolgroup | FL DisplayName,ProxyAddresses











    Connected Account Removed Connected Account

    New-POPsubscription
    New-IMAPsubscription
    New-Hotmailsubscription

    To remove connected account:
    Remove-Subscription "user@domain.com"


     


     


    A D F S 

    This example enables the organization identifier. This enables federation for the Exchange organization.
    Set-FederatedOrganizationIdentifier -Enabled $true
    Set-FederatedOrganizationIdentifier -DelegationFederationTrust "MicrosoftOnline" -AccountNamespace "example.com" -Enabled $true
    Get-FederatedOrganizationIdentifier
    http://technet.microsoft.com/en-us/library/dd351037.aspx



    Federation Commands Use the Get-SharingPolicy cmdlet to view the settings of sharing policies. Free/Busy Information

    http://technet.microsoft.com/en-us/library/dd335081.aspx

    Get-SharingPolicy | fl

    Get-FederationInformation -Domain example.onmicrosoft.com
    Get-OrganizationRelationShip | fl


     



     









    Shared Mailbox Public Article
    For instance, the _real_ parameters of Set-Mailbox can be retreived by running the following:
    (Get-Command -Name "Set-Mailbox").Parameters




    2638122 Shared Mailbox is being checked for whether it has an Office 365 license after the 30-day grace period even though shared mailboxes do not require a license

    Set-Mailbox -Identity <MailboxIdParameter> -SKUAssigned:$True

    How to Create Equipment MailboxesClick Here 

    New-Mailbox -Name "Notebook Computer 1" -Equipment 


    Configure the mailbox to automatically process meeting requests 

    Set-CalendarProcessing "Notebook Computer 1" -AutomateProcessing AutoAccept 


    How to Create a New Room MailboxClick Here 


    To search all mailbox in the organization:

    Get-Mailbox | Where {$_.RecipientTypeDetails -match "SharedMailbox"}

    Get-Recipient | where {$_.RecipientTypeDetails -match "SharedMailbox"} | FL Name, DisplayName, WindowsLiveID, EmailAddresses

    Specify resource delegates for equipment mailboxes 


    Set-CalendarProcessing 


    To Create a Shared Mailbox 
    This PowerShell is to create the SharedMailbox, run the following PowerShell command:

    New-Mailbox –Name "Mailbox Shared" –Alias MShared –Shared

    MailboxShared This is the display name of the SharedMailbox.
    Mshared This is the Alias 








    To Assign Mailbox Full Access permissions to a group This PowerShell let the members access to the Mailbox Shared and Calendars.
    Add-MailboxPermission "Mshared" -user "MSharedGroup" –AccessRights FullAccess -InheritanceType All

    Mshared This is the Alias of the Shared Mailbox.
    MsharedGroup This is the username of the Distribution Group. 








    To Assign the security group the SendAs permission to the shared mailbox To enable members of the Printing Services Staff security group to send e-mail from the shared mailbox, run the following command:

    Add-RecipientPermission "MShared" -Trustee "MSharedGroup" -AccessRights SendAs

    Mshared This is the Alias of the Shared Mailbox.
    MsharedGroup This is the username of the Distribution Group. 




     

    Convert a Mailbox in Exchange Online Click Here:

    Set-Mailbox ConfRoom1 -Type Room

    You can use the following values for the Type parameter:

    • Regular
    • Room
    • Equipment
    • Shared



     


    Restrict the Number of Recipients per Message in Exchange Online Click Here:

    Set-TransportConfig -MaxRecipientEnvelopeLimit 1000 

    Restricts the number of recipients per message to 300 for messages received through the Receive connector Contoso Receive Connector.

    Set-ReceiveConnector -Identity "Contoso Receive Connector" -MaxRecipientsPerMessage 300




     

    Mailbox Sixe VKB#2490230 / Public Article / Outlook Help 



    Get-Mailbox -ResultSize Unlimited | Get-MailboxStatistics | DisplayName,StorageLimitStatus,@{name="Select TotalItemSize (MB)";expression={[math]::Round(($_.TotalItemSize.Split("(")[1].Split(" ")[0].Replace(",","")/1MB),2)}},@{name="TotalDeletedItemSize (MB)";expression={[math]::Round(($_.TotalDeletedItemSize.Split("(")[1].Split(" ")[0].Replace(",","")/1MB),2)}},ItemCount,DeletedItemCount | Sort "TotalItemSize (MB)" -Descending | Export-CSV "C:\My Documents\All Mailboxes.csv" -NoTypeInformation



    View the size and quota status of a specific mailbox
    Get-MailboxStatistics "user1" | Format-List StorageLimitStatus,TotalItemSize,TotalDeletedItemSize,ItemCount,DeletedItemCount



    To view the current size and quotas status the mailbox belonging to a user
    Get-MailboxStatistics "User2" | Format-List StorageLimitStatus,TotalItemSize,TotalDeletedItemSize,ItemCount,DeletedItemCount

    Get-Mailboxstatistics user1@example.com |FL TotalItemSize ; Get-Mailbox -Identity user1@example.com | FL *quota


    Sets the warning, prohibit send, and prohibit send and receive limits for John Smith's mailbox to 200 megabytes (MB), 250 MB, and 280 MB respectively Click here:

    Set-Mailbox -Identity jsmith@contoso.com -IssueWarningQuota 209715200 -ProhibitSendQuota 262144000 -ProhibitSendReceiveQuota 293601280 -UseDatabaseQuotaDefaults $false 



    Get-Mailbox *mail* | fl *recip*

    Get-TransportConfig | fl *env*

    Federation and Hybrid Configuration Cmdlets Click Here


     

    Test-FederationTrustCertificate

    Set-FederationTrust

    Test-FederationTrust

    Set-FederatedOrganizationIdentifier

    Remove-FederatedDomain

    Remove-FederationTrust

    New-FederationTrust

    Get-FederationTrust

    Get-FederationInformation

    Get-FederatedOrganizationIdentifier

    Get-FederatedDomainProof

    Add-FederatedDomain

    Get-HybridConfiguration

    New-HybridConfiguration

    Set-HybridConfiguration

    Update-HybridConfiguration

    New-HybridConfiguration

    Set-HybridConfiguration

    Get-HybridConfiguration

    Update-HybridConfiguration



     

    Enable-OrganizationCustomization: Windows PowerShell Error in Exchange Online

    http://help.outlook.com/en-us/140/hh299030.aspx?sl=1

    Enable-OrganizationCustomization


     










    Install and Configure Windows PowerShell
    http://help.outlook.com/en-us/140/cc952756.aspx



    Change a User's Primary E-mail Address
    http://help.outlook.com/en-us/140/dd251224.aspx



    Use Windows PowerShell in Exchange Online
    http://help.outlook.com/en-us/140/cc546278.aspx



    Reference to Available PowerShell Cmdlets
    http://help.outlook.com/en-us/140/dd575549.aspx



    Troubleshooting the Exchange Management Shell
    http://technet.microsoft.com/en-us/library/dd351136.aspx



    How to manage security groups in Office 365 by using PowerShell



    Cmdlets currently available to Exchange Online administrators



    Give an Administrator the Ability to Open and View the Contents of a User's Mailbox



    Open Another Mailbox



    Connect the regular Windows PowerShell to ExchangeOffice 365



    Give Users Send As Permission
    v-dash@ccs-ehs.com

    ===================================================

    Windows PowerShell for Office 365

    To install the Microsoft Online Services Sign-in Assistant:


     

    Microsoft Online Services Sign-In Assistant for IT Professionals BETA 

    http://www.microsoft.com/en-us/download/details.aspx?id=39267


     

    To install the Azure Active Directory for Windows PowerShell: 


     

    Install the Windows Azure AD Module for Windows PowerShell: You must install the appropriate version of the Windows Azure AD Module for Windows PowerShell for your operating system from the Microsoft Download Center:

    Windows Azure Active Directory for Windows PowerShell (32-bit version) http://go.microsoft.com/fwlink/p/?linkid=236298

    Windows Azure Active Directory for Windows PowerShell (64-bit version) http://go.microsoft.com/fwlink/p/?linkid=236297 


     

    For more information regarding this article, see the information within the link below: 

    Use Windows PowerShell to manage Office 365

    http://technet.microsoft.com/library/jj151815.aspx#BKMK_Requirements

    http://onlinehelp.microsoft.com/en-us/office365-enterprises/hh124998.aspx


     

    Download and Install the Microsoft Online Services Module for Windows PowerShell for Single Sign on.

    http://onlinehelp.microsoft.com/en-us/office365-enterprises/ff652560.aspx#BKMK_CreateOrConvertADomain


     

    Click Start > All Programs > Microsoft Cloud Services and then start as ADMINISTRATOR select Windows Azure Active Directory for Windows PowerShell


     

    Method 1: 

    How to connect BOTH PowerShell (Windows Azure Active Directory for Windows PowerShell) and (Exchange online PowerShell) in one session.

    Copy and paste the commands below: 


     

    $LiveCred = Get-Credential
    Connect-MSOLservice –Credential $livecred
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUrihttps://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
    Import-PSSession $Session


    Method 2:

    Connect-MsolService -Credential $cred 


     

    How to connect BOTH commands in one session using Regular Windows PowerShell PS (Blue): 


    Import-module msonline
    Connect-MSOLservice
    $LiveCred = Get-Credential
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUrihttps://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
    Import-PSSession $Session 


     


     

    To connect to regular Windows PowerShell 2.0 run the command bellow:


    $LiveCred = Get-Credential
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUrihttps://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
    Import-PSSession $Session

    To record all the PowerShell during the session to send it as attachment, run the command: 

    Start-Transcript

    To Stop the session:
    Stop-Transcript


     


     

    Additional troubleshooting information:

    To Verify the version application, run the command below:

    Get-PSSnapin 


     

    To Verify that WinRMto connect with O365, run the following commands together:

    net start winrm
    winrm get winrm/config/client/auth 


     

    To Configure WinRM to support basic authentication:
    winrm set winrm/config/client/auth @{Basic="true"} 


     

    If The customer was getting some sorts of restriction, the customer enter the following command " 

    To fix this issue use Run the command bellow:

    Set-ExecutionPolicy RemoteSigned -Force 

    Set-ExecutionPolicy Unrestricted –Force 


     

    If the organization has a GPO that has restricted policy, run ther command below:

    Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy unrestricted -Force 


    Additional commands: 


    Set-ExecutionPolicy -Scope LocalMachine -ExecutionPolicy unrestricted -Force 

    Set-ExecutionPolicy -Scope MachinePolicy -ExecutionPolicy unrestricted -Force 

    Set-ExecutionPolicy -Scope UserPolicy -ExecutionPolicy unrestricted -Force 

    Set-ExecutionPolicy -Scope Process -ExecutionPolicy unrestricted -Force 

    Assign the administrator in the "Organization Management" 


     

    How to create a new user 

    New-MsolUser -UserPrincipalName user1@domain.com -Password pass@word1 -ForceChangePassword $false -DisplayName "user 1" 

    How to assign Global Admin Permission from MOP via PowerShell 

    Add-MsolRoleMember -RoleName "Company Administrator" -RoleMemberEmailAddress user1@domain.com

    Resolution 1: Network connectivity is limited

    Use a browser and try to visit http://www.msn.com

    (http://www.msn.com)

    . If you cannot access this website, troubleshoot network connectivity issues. 

    1. At a command prompt, use the ipconfig and ping tools to troubleshoot IP connectivity. For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:

    169790

    (http://support.microsoft.com/kb/169790/ )

    How to troubleshoot basic TCP/IP problems

    1. At a command prompt, run nslookup www.msn.com to determine whether DNS is resolving Internet server names.
    2. Make sure that the proxy server settings in Internet Options reflect the appropriate proxy server, if a proxy server is used in the local network.
    3. If a Forefront Threat Management Gateway (TMG) firewall is installed on the boundary of the network and the firewall requires client authentication, you might have to install and configure the Forefront TMG client program on the client device for Internet access. Contact your Office 365 administrator for help.

    Resolution 2: Firewall or proxy servers require additional authentication

    To resolve this issue, configure an exception for Microsoft Online Services URLs and applications from the authentication proxy. For example, if you are running Microsoft Internet Security and Acceleration Server (ISA) 2006, create an "allow" rule that meets the following criteria: 

    • Allow outbound connections to the following destination: *.microsoftonline.com
    • Allow outbound connections to the following destination: *.microsoftonline-p.com
    • Allow outbound connections to the following destination: *.sharepoint.com
    • Allow outbound connections to the following destination: *.outlook.com
    • Allow outbound connections to the following destination: *.lync.com
    • Allow outbound connections to the following destination: osub.microsoft.com
    • Ports 80/443
    • Protocols TCP and HTTPS
    • Rule must apply to all users.
    • HTTPS/SSL time-out set to 8 hours
    How to troubleshoot computer issues that limit Office 365 rich client authentication KB 2637629 Click here

    Disconnect Windows PowerShell from the cloud-based service: 

    Remove-PSSession $Session 

    To obtain a complete list of cmdlets that are available 

    Get-Command *MSOl* 

    Find commands (MSOL) 

    Get-Command –Module msonline 

    Check if you still are connected at MOS 

    Get-Pssession 


    Windows PowerShell: FAQs for Administrators

    Control Users' Access to Windows Remote Management


    Messages in the Office 365 portal: "Setting up... this may take a few minutes" provisioning issues Click Here

    To verify the Provisioning Status in all services ECP Exchange Online / SharePoint Online (SPO)/Lync Online / Microsoft Office Desktop Apps service (Setting up... this may take a few minutes). Connect to MOSMWP using O365 admin credentials and then run the command below:

    Get-MsolAccountSku | % { $_.ServiceStatus }

    Get-MsolAccountSku | FL

    Get-OrganizationConfig | fl rbac*,orig*


    Get-User user@contoso.com | Select *server*

    Get-MSOLuser -UserPrincipalName user@domain.com |Ft IsLicensed, OverallProvisioningStatus, ValidationStatus

    Get-MSOLuser –All | FL UserPrincipalName ,IsLicensed, OverallProvisioningStatus, ValidationStatus > UsersInformation.txt 


    Start > type: UsersInformation.txt

    How to get Mailbox / User / Distribution Group/Distribution List /Security Group INFORMATION Public article Click Here

    Get-MsolUser -UserPrincipalName usuario@domain.com |FL 

    Get-Mailbox user@example.com | FL 

    Get-User user@example.com | FL 

    Test-MapiConnectivity user@example.com |FL 

    Get-Recipient -ResultSize Unlimited| Where {$_.EmailAddresses -Match "user@example.com"} | FL 

    Get-CASMAilbox user@domain.com |FL 

    Get-MailboxStatistics user@example.com | FL 

    Get-Mailbox -identity user@example.com | Select -Expand EmailAddresses Alias 

    Get-CASMAilbox -Identity user@domain.com |FL DisplayName,*MAPI*,*Pop*, *ActiveSync*,*Imap*, *Ews*, *OWA*

    To find every alias for each user or DG/DL run the command below: 

    Get-Recipient | FL name, @{name="count";expression={[array]($_.EmailAddresses).Count}},EmailAddresses 

    Get-MSOLuser -User user@domain.com |Select -Expand Proxyaddresses 

    Get-MSOLuser -All |Select -Expand Proxyaddresses 

    To find a specific alias for each mailbox, or DG/DL run the command below: 

    To search a user / aliases /mailbox groups using email address, run the command below: 

    To search an existing user using Display Name. 

    Get-Recipient | where {$_.DisplayName -match "Alain Lopez"} | FL Name, DisplayName, WindowsLiveID, EmailAddresses 

    Get-Recipient | where {$_.DisplayName -match "Alain Lopez"} | FL 

    To search an existing user using the windows Live Id and check if is a federated user: 

    Get-Recipient | where {$_.WindowsLiveID -match "user@example.com"} | FL 

    To search Mail Enable Users (MailUser) in the organization: 

    Get-Recipient | Where {$_.RecipientType -Match "MailUser"} | FT
    Get-Recipient | Where {$_.RecipientTypeDetails -Match "MailUser"} | FT 

    Proxy Addesses from MOP 

    Get-Msoluser -All| FL DisplayName,ProxyAddresses 

    Security Group Addresses 

    Get-Msolgroup -All| FL DisplayName,ProxyAddresses 


     


     


     


     


     


     


     


     


     


     


     


     


     


     


     


     


     

    Get-MailDetailMalwareReport 

    This cmdlet is available only in the cloud-based service. 

    Use the Get-MailDetailMalwareReport cmdlet to view the details of messages that contained malware. 

    Get-MailDetailMalwareReport -StartDate 06/25/2013 -EndDate 07/25/2013 -SenderAddressuser1@tenant.onmicrosoft.com


     


     


     

    Get-MailDetailDlpPolicyReport 

    This cmdlet is available only in the cloud-based service. 

    Use the Get-MailDetailDlpPolicyReport cmdlet to view the details of messages that matched the conditions defined by any data loss prevention (DLP) policies. 

    Get-MailDetailDlpPolicyReport -StartDate 06/25/2013 -EndDate 07/25/2013 -SenderAddressuser1@tenant.onmicrosoft.com


     


     


     


     


     

    Get-MessageTrace -SenderAddress user1@tenant.onmicrosoft.com -RecipientAddress Mailboxtomove2@cloudfast.co-StartDate 06/17/2013 -EndDate "07/17/2013 4:00PM" |FL 

    Message Trace ID : 9d3b50e3-c75f-4e98-26c7-08d04bb920f2 

    Message ID : <F725C0AD-711A-41E1-999C-65E5C2EE6DB4@AlainLopez.onmicrosoft.com

    Received : 7/10/2013 7:16:35 PM 

    Sender Address : admin@AlainLopez.onmicrosoft.com

    Recipient Address : Mailboxtomove2@cloudfast.co

    From IP : 166.205.51.21 

    To IP : 65.15.59.198 

    Subject : Declined: Test2 

    Status : Delivered 

    Size : 11108 

    Exchange Online Cmdlets 

    http://technet.microsoft.com/en-us/library/jj200780(v=exchg.150).aspx

    Get-Help Get-GroupActivityReport –Examples 

    Get-HostedContentFilterPolicy 

    Get-HostedContentFilterPolicy 

    Name SpamAction HighConfidenceSpamA IsDefault ction 

    ---- ---------- ------------------- --------- 

    Default MoveToJmf MoveToJmf True 

    Get-GroupActivityReport 

    http://technet.microsoft.com/en-us/library/jj200778(v=exchg.150).aspx

    Get-Help Get-GroupActivityReport –Examples 

    This example shows the number of distribution groups created and deleted for the month of June and July, 2013 

    Get-GroupActivityReport -ReportType Monthly -StartDate 0/01/2013 -EndDate 07/17/2013 

    TenantName Date GroupCreated GroupDeleted 

    ---------- ---- ------------ ------------ 

    AlainLopez.onmicrosoft.com 6/30/2013... 4 0 

    AlainLopez.onmicrosoft.com 5/31/2013... 4 2 

    Format list:

    Message Trace ID : db79cb92-7c7b-48e0-2b90-08d050851026 

    Message ID : <e8b67abd3b214fb7a842809fb451e3cc@BN1PR04MB089.namprd04.prod.outlook.com 

    Received : 7/16/2013 9:46:29 PM 

    Sender Address : admin@AlainLopez.onmicrosoft.com

    Recipient Address : v-alalop@microsoft.com

    From IP : 64.132.154.18 

    To IP : 207.46.163.215 

    Subject : FW: meeting request test 

    Status : Delivered 

    Size : 13829 

    Message Trace ID : c7c1b169-df5c-4f9b-1710-08d050850f25 

    Message ID : <e8b67abd3b214fb7a842809fb451e3cc@BN1PR04MB089.namprd04.prod.outlook.com

    Received : 7/16/2013 9:46:27 PM 

    Sender Address : admin@AlainLopez.onmicrosoft.com

    Recipient Address : v-jomedi@cloudfast.co

    From IP : 10.255.199.139 

    To IP : 

    Subject : Meeting Forward Notification: meeting request test 

    Status : Delivered 

    Size : 6799 

    Get-MessageTrace (No more than 30 days)

    Get-Help Get-MessageTrace -Examples 

    http://technet.microsoft.com/en-us/library/jj200704(v=exchg.150).aspx

    This example retrieves message trace information for messages sent by admin@alainlopez.onmicrosoft.combetween June 17, 2013 and July 15, 2013. 

    Get-MessageTrace -SenderAddress admin@alainlopez.onmicrosoft.com-StartDate 06/17/2013 -EndDate 07/17/2013 | FT 

    Received Sender Address Recipient Subject Status 

    Address 

    -------- -------------- --------------- ------- ------ 

    7/16/2013 9:... admin@AlainL... v-alalop@mic... FW: meeting ... Delivered 

    7/16/2013 9:... admin@AlainL... v-jomedi@clo... Meeting Forw... Delivered 

    7/16/2013 9:... admin@AlainL... Move10@cloud... FW: meeting ... Delivered 

    7/16/2013 9:... admin@AlainL... v-alalop@Ala... FW: meeting ... Delivered 

    7/16/2013 9:... admin@AlainL... v-jomedi@clo... Accepted: me... Delivered 

    7/10/2013 7:... admin@AlainL... Mailboxtomov... Declined: Test2 Delivered 

    Results in Format List: FL

    Message Trace ID : db79cb92-7c7b-48e0-2b90-08d050851026 

    Message ID : <e8b67abd3b214fb7a842809fb451e3cc@BN1PR04MB089.namprd04.pro d.outlook.com

    Received : 7/16/2013 9:46:29 PM 

    Sender Address : admin@AlainLopez.onmicrosoft.com

    Recipient Address : v-alalop@microsoft.com

    From IP : 64.132.154.18 

    To IP : 207.46.163.215 

    Subject : FW: meeting request test 

    Status : Delivered 

    Size : 13829 

    Get-MessageTraceDetail 

    Get-Help Get-MessageTraceDetail -Examples 

    http://technet.microsoft.com/en-us/library/jj200681(v=exchg.150).aspx

    This example uses the Get-MessageTrace cmdlet to retrieve message trace 

    Information for messages with the Exchange Network Message ID value 

    2bbad36aa4674c7ba82f4b307fff549f send by admin@AlainLopez.onmicrosoft.combetween June 17, 

    2013 and July 17, 2013, and pipelines the results to the 

    Get-MessageTraceDetail cmdlet. 

    Get-MessageTrace -MessageTraceId db79cb92-7c7b-48e0-2b90-08d050851026 -SenderAddressadmin@AlainLopez.onmicrosoft.com-StartDate 06/17/2013-EndDate 07/17/2013 | Get-MessageTraceDetail 

    Message ID 

    ---------- 

    <e8b67abd3b214fb7a842809fb451e3cc@BN1PR04MB089.namprd04.prod.outlook.com

    <e8b67abd3b214fb7a842809fb451e3cc@BN1PR04MB089.namprd04.prod.outlook.com

    <e8b67abd3b214fb7a842809fb451e3cc@BN1PR04MB089.namprd04.prod.outlook.com

    <e8b67abd3b214fb7a842809fb451e3cc@BN1PR04MB089.namprd04.prod.outlook.com

    <e8b67abd3b214fb7a842809fb451e3cc@BN1PR04MB089.namprd04.prod.outlook.com

    Get-MailboxActivityReport 

    Get-Help Get-MailboxActivityReport -Examples 

    http://technet.microsoft.com/en-us/library/jj200716(v=exchg.150).aspx

    This example shows the number of mailboxes created and deleted for the month of May, 2012 

    Get-MailboxActivityReport -ReportType Monthly -StartDate 06/17/2013-EndDate 07/17/2013 |FL 

    RunspaceId : eda7a5b1-e511-4680-bf6e-4c150fcd4ba8 

    TenantGuid : b33bf27d-d6ca-40d7-ad3d-4d860793bdd4 

    TenantName : AlainLopez.onmicrosoft.com 

    Date : 6/30/2013 12:00:00 AM 

    TotalNumberOfActiveMailboxes : 18 

    AccountCreated : 15 

    AccountDeleted : 0 

    Get-StaleMailboxReport 

    http://technet.microsoft.com/en-us/library/jj200763(v=exchg.150).aspx

    This example retrieves the number of mailboxes that haven't been accessed for at least 30 days. 

    Get-StaleMailboxReport |FL 

    RunspaceId : eda7a5b1-e511-4680-bf6e-4c150fcd4ba8 

    TenantGuid : b33bf27d-d6ca-40d7-ad3d-4d860793bdd4 

    TenantName : AlainLopez.onmicrosoft.com 

    Date : 5/16/2013 12:00:00 AM 

    ActiveMailboxes : 21 

    InactiveMailboxes31To60Days : 5 

    InactiveMailboxes61To90Days : 1 

    InactiveMailboxes91To1460Days : 0 

    RunspaceId : eda7a5b1-e511-4680-bf6e-4c150fcd4ba8 

    TenantGuid : b33bf27d-d6ca-40d7-ad3d-4d860793bdd4 

    TenantName : AlainLopez.onmicrosoft.com 

    Date : 5/15/2013 12:00:00 AM 

    ActiveMailboxes : 20 

    InactiveMailboxes31To60Days : 4 

    InactiveMailboxes61To90Days : 1 

    InactiveMailboxes91To1460Days : 0 

    Get-StaleMailboxDetailReport 

    Get-Help Get-StaleMailboxDetailReport -Examples 

    http://technet.microsoft.com/en-us/library/jj200715(v=exchg.150).aspx

    This example retrieves all the mailboxes that haven't been accessed for at least 30 days. 

    Get-StaleMailboxDetailReport |FL 

    Get-RecipientStatisticsReport 

    http://technet.microsoft.com/en-us/library/dd638089(v=exchg.150).aspx

    Get-Help Get-RecipientStatisticsReport –Examples 

    This example displays the recipient statistics report for the organization. 

    Get-RecipientStatisticsReport |FL 

    RunspaceId : eda7a5b1-e511-4680-bf6e-4c150fcd4ba8 

    Identity : AlainLopez.onmicrosoft.com 

    TotalNumberOfMailboxes : 58 

    TotalNumberOfActiveMailboxes : 21 

    NumberOfContacts : 6 

    NumberOfDistributionLists : 22 

    LastUpdated : 7/15/2013 12:00:00 AM 

    LastUpdatedFormatted : 7/15/2013 

    IsValid : True 

    ObjectState : New 

    Reporting Cmdlets 

    Get-ConnectionByClientTypeDetailReport

    Get-ConnectionByClientTypeReport

    Get-CsActiveUserReport

    Get-CsConferenceReport

    Get-CsAVConferenceTimeReport

    Get-CsP2PSessionReport

    Get-CsP2PAVTimeReport

    Get-GroupActivityReport

    Get-MailboxUsageDetailReport

    Get-MailboxUsageReport

    Get-MailDetailDlpPolicyReport

    Get-MailDetailMalwareReport

    Get-MailDetailReport

    Get-MailDetailSpamReport

    Get-MailDetailTransportRuleReport

    Get-MailFilterListReport

    Get-MailTrafficPolicyReport

    Get-MailTrafficReport

    Get-MailTrafficSummaryReport

    Get-MailTrafficTopReport

    Get-MessageTrace

    Get-MessageTraceDetail

    Get-MailboxActivityReport

    Get-MxRecordReport

    Get-OutboundConnectorReport

    Get-StaleMailboxDetailReport

    Get-StaleMailboxReport

    Get-ServiceDeliveryReport

    Get-RecipientStatisticsReport

    Get-HostedConnectionFilterPolicy

    New-HostedConnectionFilterPolicy

    Remove-HostedConnectionFilterPolicy

    Set-HostedConnectionFilterPolicy

    Get-HostedContentFilterPolicy

    New-HostedContentFilterPolicy

    Remove-HostedContentFilterPolicy

    Set-HostedContentFilterPolicy

    Disable-HostedContentFilterRule

    Enable-HostedContentFilterRule

    Get-HostedContentFilterRule

    New-HostedContentFilterRule

    Remove-HostedContentFilterRule

    Set-HostedContentFilterRule

    Get-HostedOutboundSpamFilterPolicy

    Set-HostedOutboundSpamFilterPolicy

    Get-QuarantineMessage

    Release-QuarantineMessage

    Messaging Policy and Compliance cmdlets 

    Get-DataClassificationConfig

    Get-RMSTrustedPublishingDomain

    Import-RMSTrustedPublishingDomain

    Remove-RMSTrustedPublishingDomain

    Set-RMSTrustedPublishingDomain

    Add-SupervisionListEntry

    Get-SupervisionListEntry

    Remove-SupervisionListEntry

    Get-SupervisionPolicy

    Set-SupervisionPolicy

    Recipient cmdlets 

    Get-LinkedUser

    Set-LinkedUser

    Undo-SoftDeletedMailbox

    Get-RemovedMailbox

    Add-RecipientPermission

    Get-RecipientPermission

    Remove-RecipientPermission

    Import-ContactList

    Get-SendAddress

    Miscellaneous cmdlets 

    Enable-OrganizationCustomization

    Get-PerimeterConfig

    Set-PerimeterConfig

    Add-SecondaryDomain

    Get-ToolInformation

    Connected accounts cmdlets 

    Get-PopSubscription

    New-PopSubscription

    Set-PopSubscription

    Get-HotmailSubscription

    New-HotmailSubscription

    Set-HotmailSubscription

    Get-ImapSubscription

    New-ImapSubscription

    Set-ImapSubscription

    Get-Subscription

    New-Subscription

    Remove-Subscription

    Get-ConnectSubscription

    New-ConnectSubscription

    Remove-ConnectSubscription

    Set-ConnectSubscription


     

    CHANGE THE USER'S UPN 

    Set-MsolUserPrincipalName -UserPrincipalName user@example.com-NewUserPrincipalName user@example.com

    In exchange Online server 

    Set-Mailbox -Upn User1 -windowsemailaddressuser1@example.com

    To change the UPN for all users in the organization for specific domain: 

    (The "Admin@" is the only one that will not change the domain) 

    Get-MsolUser -All | Where { -Not $_.UserPrincipalName.ToLower().StartsWith("Admin@") } | ForEach { Set-MsolUserPrincipalName -ObjectId $_.ObjectId -NewUserPrincipalName ($_.UserPrincipalName.Split("@")[0] + "@example.com") } 



     

    If you have 1 or more Global Admins in your company, and you will like to change the domain of all your users but the Admins; Add the username inside the (Admin@) like this: 

    Get-MsolUser|Where { 

    -Not ($_.UserPrincipalName.ToLower().StartsWith("admin1@") -or$_.UserPrincipalName.ToLower().StartsWith("admin2@") -or$_.UserPrincipalName.ToLower().StartsWith("admin3@") ) 

    } |ForEach { 

    Set-MsolUserPrincipalName-ObjectId$_.ObjectId -NewUserPrincipalName ($_.UserPrincipalName.Split("@")[0]+"@domain.onmicrosoft.com") 

    To search if any other account associated with the same UPN, from local AD run the command below:

    Where "UserUPN" is the UPN/Alias for the affected user.

    Live1 is the local domain controller.

    To search UPN in local AD 

    ldifde -f result.txt -d "DC=live1,DC=local" -r "UserPrincipalName=*UserUPN*" -p subtree 


     

    To search the local AD attributes usi AD PowrShell: 


     

    Get-ADUser -Filter * | FL UserPrincipalName,UserPrincipalName,distinguishedName,name 

    TO CREATE, CHECK VERIFY AND REMOVE DOMAIN FROM MOP O365 2293400



     

    To create the domain from MOP (MOSMWPS):

    New-MsolDomain -Name constoso.com (to add the new domain in MOP

    To create a sub domain in MOP: 

    New-MsolDomain -Name service.contoso.com 

    To check the new domain status from MOP 

    Get-MsolDomain -domain contoso.com (To check the domain's status

    Run the following command to obtain and TXT Record entry used for domain verification:

    Get-MSOLDomainVerificationDNS -DomainName contoso.com -Mode DNSTXTRecord 


    Run the following command to obtain and MX Record entry used for domain verification: 

    Get-MSOLDomainVerificationDNS -DomainName contoso.com -Mode DNSMXRecord 

    After you create the records in the domain registrar portal run the command bellow to verify the domain: 

    Confirm-MSOLDomain -DomainName example.com (To confirm the domain verification

    Remove Doamin from MOP using PowerShell run the cmdlet below: 

    Remove-MSolDomain -DomainName example.com 

    To view the list of the domain from MOP 

    Get-AcceptedDomain 

    Aceepted Domain 

    Get-AcceptedDomain |FL name,domaintype, default 

    To set a domain as default domain 

    Set-MsolDomain -Name example.com -IsDefault 

    To verify if the domain is the default domain: 

    Get-MsolDomain -All |FL Name,IsDefault 

    Determine if the Domain is duplicated from FOPE or Exchange Online: 

    Get-AcceptedDomain | select Indentiy, PerimeterCDuplicateDetected 

    To remove the local autodiscover where exist a local server 

    Remove-AutodiscoverVirtualDirectory -Identity "MyServer\autodiscover(autodiscover.contoso.com)" 

    Usually when Dir Sync is enabled, you cannot run the PowerShell command for hide or Unhide a Mailbox: 

    Hide a User from the Shared Address Book in Office 365 

    Set-Mailbox -Identity mailbox@domain.com -HiddenFromAddressListsEnabled $False 

    Set-Mailbox "Usuario Pruebas" -HiddenFromAddressListsEnabled $true 

    Hide a external contact from the Global Address Book in Office 365 

    Set-MailContact email@dominio.com -HiddenFromAddressListsEnabled $true 


     

    Hide all external contacts from the Global Address Book in Office 365 

    Get-MailContact -ResultSize unlimited | Set-MailContact -HiddenFromAddressListsEnabled $true 


     

    DNS Troubleshooting for Exchange Online


    Log on to a client computer. 

    Click Start, and then click Run. 

    In the Open box, type cmd, Windows PowerShell or (MOSMWP) and then click OK. (Doesn't require connection to O365) 

    At the "command prompt", Type the following commands togehter and change for your domain name: 

    Nslookup -type=MX contoso.com 

    Nslookup -type=CNAME autodiscover.contoso.com 

    Nslookup -type=TXT contoso.com 

    Nslookup -type=SRV _sipfederationtls._tcp.contoso.com 

    Nslookup -type=SRV _sip._tls.example.com 

    Nslookup -type=CNAME Sip.contoso.com 

    Nslookup -type=CNAME lyncdiscover.contoso.com 


     

    Nslookup -type=NS contoso.com 

    Nslookup -type=A contoso.com 


     

    Nslookup -type=CNAME www.contoso.com (SharePoint Public Web) 

    Nslookup -type=CNAME MS=ms111111.contoso.com (Domain Verifications) 


     


     

    Check user Mailbox Size / Total Items size / MailGuid / DeletedItemsSize / ServerName / Quarentined / 

    MapyIdentity / Storage limit status / Object class / Logon Time and date / 

    Get-Mailboxstatistics user@example.com | fl 

    Exchange Online View Logon StatisticsClick Here More Information

    Last Log on and Log off 

    Get-MailboxStatistics -Identity user@example.com | Select Identity, LastLogOnTime, LastLogOffTime 

    If the organization has more than 1000 users, has to import the information to a CSV file: 

    Get-Mailbox -Resultsize Unlimited | Get-MailboxStatistics | FL displayname, LastLogonTime | FL | Out-file "C:\Users\UserDesktopName\Desktop\Logon1.txt" 

    Get-LogonStatistics -Identity user@example.com

    Get-LogonStatistics -Identity user@example.com |FL (Full information) 

    Get-LogonStatistics -Identity user@example.com |FL UserName,LogonTime,LastAccessTime,ServerName 

    To view the last logon for all organization run the command below:

    Get-mailbox -ResultSize Unlimited| Get-MailboxStatistics | fl displayname, LastLogonTime 

    To see the last DirSync, run the command below: 

    Get-MsolCompanyInformation |FL LastDirSyncTime 

    How to add an additional Alias or smtp email address to an existing user in Exchange OnlineClick Here:

    Set-Mailbox john@contoso.com -EmailAddresses @{add="john@northamerica.contoso.com"} 

    If you need to remove a single alias from a mailbox via PowerShell you can do it by running: 

    Set-Mailbox user@domain.com -EmailAddresses @{remove="alias@domain2.com"} 

    If you need to remove a few aliases, not all, just add a coma and the other ones: 

    Set-Mailbox user@domain.com -EmailAddresses @{remove="alias@domain2.com","alias2@domain3.com"} 

    Get-Recipient | Where {$_.EmailAddresses -Match alias@domain.com} | Set-Mailbox -EmailAddresses @{Remove=alias@domain.com}

    If need to remove ALL aliases and just leave primary: 

    Set-Mailbox user@domain.com -EmailAddresses $null 

    Get Display Name (when an admin try to add a new user and receive error that already exist run the command to identify which mailbox has the user as an alias: 

    Get-Mailbox -Identity user@example.com | Fl *DisplayName 

    Get Address List Membership 

    Get-Mailbox -Identity user@example.com | Select -Expand AddressListMembership 

    Get the Aliases, SMTP, SIP, smtp for all mailbox in the organization: 

    Get-Mailbox -ResultSize Unlimited| Select -Expand EmailAddresses Alias 

    To find every alias for each user, run the command below: 

    Get-Mailbox -ResultSize Unlimited | FL name, @{name="count";expression={[array]($_.EmailAddresses).Count}},EmailAddresses 

    To find all mailboxes that is associated with specific domain: 

    Get-Mailbox -ResultSize Unlimited | where {$_.EmailAddresses -match "example.com"} | fl Name, RecipientType, EmailAddresses 

    To find all distribution groups that is associated with specific domain: 

    Get-DistributionGroup | where {$_.EmailAddresses -match "example.com "} | fl Name, EmailAddresses 

    To find all Universal Distribution groups in the organization: 

    Get-recipient | where {$_.RecipientType -match "MailUniversalDistributionGroup"} | FT
    Get-recipient | where {$_.GroupType -match "Universal"} | FT 

    To check External Contact information in the GAL 

    Get-MailContact "ContacName" | fl *emailaddress* 

    To assign Ownership for a DG: 

    Set-DistributionGroup "GroupName" -ManagedBy "Admin@example.com" -BypassSecurityGroupManagerCheck 

    To add Member into distribution group: 

    Add-DistributionGroupMember –Identity "GroupName" –Member user@example.com 


     


     


     

    SEND AS PERMISSIONS2461791Public Article

    To configure a mailbox so that a user other than the mailbox owner can use that mailbox to send messages: 

    Add-RecipientPermission user1@example.onmicrosoft.com -AccessRights sendAs -Trusteeuser2@example.onmicrosoft.com

    To check Send As permissions for one user: 

    Get-RecipientPermission user@example.com | Select Trustee, AccessControlType, AccessRights 

    To remove Send As settings from a mailbox, use the following command: 

    Remove-RecipientPermission user@example.com -AccessRights SendAs -Trustee Admin@example.com 

    To view all Send As permissions you've configured in your organization: 

    Get-RecipientPermission | where {($_.Trustee -ne 'nt authority\self') -and ($_.Trustee -ne 'null sid')} 

    View Send As permission on a specific recipient 

    Get-RecipientPermission user@example.com 


     


     

    VERIFY SEND ON BEHALF 2461791

    To grant a user the ability to send mail on behalf of another user: 

    Set-Mailbox -Identity user@example.com -GrantSendOnBehalfTo admin@example.com 

    To verify that the permissions send mail on behalf of another user: 

    Get-Mailboxuser1@ejemplo.com |Select -Expand GrantSendOnBehalfTo 

    To remove Send On Behalf permission from a mailbox, use the following command: 

    Set-Mailbox user@example.com -GrantSendOnBehalfTo $NULL 

    To export the commands or results use the following: 

    Get-MailboxPermission user@example.com | Select User, AccessRights, Deny | FL| Out-file "C:\Users\UserExample\Desktop\FileName.txt" 


     

    Grant Read Permissions to a user mailbox 

    To grants "User3" read permission to read User1's mailbox.
    Add-MailboxPermission "user1" -User "usuario3" -AccessRights ReadPermission 

    This example sets Tony Smith as the owner of the resource mailbox Room 222. 

    Add-MailboxPermission "Room 222" -Owner "Tony Smith" 

    GRANT FULL MAILBOX PERMISSIONS 2461791Public Article

    Assign permissions to one Exchange Online administrator 

    Add-MailboxPermission -Identity user@example.com -user admin@example.com –AccessRights FullAccess -Automapping $false 

    Grant full mailbox access

    Add-MailboxPermission -Identity user@example.com -User admin@example.com -AccessRights FullAccess -InheritanceType All -Automapping $false 

    This example grants the user Mark Steele full access permission to Alain Lopez mailbox and disables the auto-mapping feature. Don't see Mailbox in Outlook and OWA 

    Add-MailboxPermission -Identity User1 -User 'Alain Lopez' -AccessRight FullAccess -InheritanceType All -Automapping $false 

    Remove mailbox permissions Mailbox Permission 

    Remove-MailboxPermission -Identity user@example.com -User Admin@example.com -AccessRights FullAccess 

    Assign Full permission to access one user to see all users' mailboxesPublic Article

    Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox') -and (Alias -ne 'Admin')} | Add-MailboxPermission -User Admin -AccessRights fullaccess -InheritanceType all -Automapping $false 

    Assign Full permission to access one user to specific domain in the organization 

    Get-Mailbox -ResultSize Unlimited | where-Object {$_.EmailAddresses -match "example.com"} | Add-MailboxPermission -user admin@example.com -AccessRights FullAccess -Automapping $false 

    Assign permissions to the "Organization Management" role group: 

    Add-MailboxPermission user@example.com -User "Organization Management" -AccessRights FullAccess -InheritanceType All 

    Add-MsolRoleMember -RoleName "Organization Management" -RoleMemberEmailAddress user@example.com 

    Assign Role Member in Small Business 

    Add-MsolRoleMember -RoleName "Company Administrator" -RoleMemberEmailAddress user2@example.com 



     

    Verify Grant full mailbox access 

    Get-MailboxPermission -Identity user@example.com | Select User, AccessRights, Deny 



     

    Disable Outlook Auto-Mapping with Full Access Mailboxes Click Here

    How to modify / edit / enable / disable Conference room properties or configuration: 

    Get-CalendarProcessing -ID user@domain.com |FL 

    Properties to modify: If the customer needs to enable ($True) or Disable ($False). 

    ****************************** 

    OrganizerInfo: 

    Set-CalendarProcessing -ID user@domain.com -OrganizerInfo $False 

    AutomateProcessing 

    Set-CalendarProcessing -ID user@domain.com -AutomateProcessing $AutoUpdate 

    AllowConflicts 

    Set-CalendarProcessing -ID user@domain.com -AllowConflicts $True 


     

    Assign Folder permissions Calendar permissions (if the folder is in different language "calendario" 

    To gather the correct name of the folder, run the command below: 

    Get-MailboxFolderStatistics User | select folderpath

    Add-MailboxFolderPermission -Identity user@example.com:\calendar -user Admin@example.com -AccessRights owner 

    Add-MailboxFolderPermission Cloud2@example.com:\calendar -user User@domain.com -AccessRights PublishingAuthor 

    Add-MailboxFolderPermission -Identity user@example.com:\calendar -user Default -AccessRights owner 


    Add-MailboxFolderPermission jesus@example.com:\calendar -user Kiosk@example.com -AccessRightsPublishingAuthor 

    Spanish Mailbox Configuration use the command below: 

    Add-MailboxFolderPermission Cloud2@example.com:\calendario -user Usuario5@example.com -AccessRights Editor 

    Cannot share conference room calenders 

    As for the second concern, do you want to let all members in your Office 365 tenant can see details in the room mailbox calendar?
    If so, please run the following command in PowerShell to achieve the goal. 

    For more informacion Click Here


    Set-MailboxFolderPermission -Identity "room mailbox:\calendar" -User Default -AccessRights Reviewer
    After that the default permission level of the room mailbox calendar is changed to "Reviewer". 

    For tips, if you want specific user don't have the Reviewer permission, please run the following command to assign him a specific permission:
    Add-MailboxFolderPermission -Identity "room mailbox:\calendar" -User "specific user" -AccessRights AvailabilityOnly

    Mailbox Folder Permission Click Here

    Editor 

    PublishingAuthor 

    AvailabilityOnly 

    PublishingEditor
    Owner 

    • ReadItems The user has the right to read items within the specified folder.
    • CreateItems The user has the right to create items within the specified folder.
    • EditOwnedItems The user has the right to edit the items that the user owns in the specified folder.
    • DeleteOwnedItems The user has the right to delete items that the user owns in the specified folder.
    • EditAllItems The user has the right to edit all items in the specified folder.
    • DeleteAllItems The user has the right to delete all items in the specified folder.
    • CreateSubfolders The user has the right to create subfolders in the specified folder.
    • FolderOwner The user is the owner of the specified folder. The user has the right to view and move the folder and create subfolders. The user can't read items, edit items, delete items, or create items.
    • FolderContact The user is the contact for the specified folder.
    • FolderVisible The user can view the specified folder, but can't read or edit items within the specified folder.

    The AccessRights parameter also specifies the permissions for the user with the following roles, which are a combination of the rights listed previously: 

    • None FolderVisible
    • Owner CreateItems, ReadItems, CreateSubfolders, FolderOwner, FolderContact, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems
    • PublishingEditor CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems
    • Editor CreateItems, ReadItems, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems
    • PublishingAuthor CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, DeleteOwnedItems
    • Author CreateItems, ReadItems, FolderVisible, EditOwnedItems, DeleteOwnedItems
    • NonEditingAuthor CreateItems, ReadItems, FolderVisible
    • Reviewer ReadItems, FolderVisible
    • Contributor CreateItems, FolderVisible

    The following roles apply specifically to calendar folders: 

    • AvailabilityOnly View only availability data
    • LimitedDetails View availability data with subject and location

    Do you want to send emails as the room mailbox address?
    If so, please run the following command in PowerShell to achieve the goal. 


    Add-RecipientPermission -Identity "room mailbox" -Trustee "user" -AccessRights Sendas

    To assign Full Access permissions to all Roomailbox in the Organization for one user, run the command below: 

    Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'RoomMailbox') -and (Alias -ne 'Admin')} | Add-MailboxPermission -User User@domain.com -AccessRights fullaccess -InheritanceType all -Automapping $false 

    To assign Full Access permissions to all RooMailbox in the Organization for all users using Microsoft Outlook Client, run the command below: 

    Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'RoomMailbox') -and (Alias -ne 'Admin')} | Add-MailboxPermission -User Default -AccessRights fullaccess -InheritanceType all -Automapping $false 

    To see the each folder size for a specific mailbox, run the command below: 

    Get-MailboxFolderStatistics –Identity user@domain.com | Select Name,FolderSize 

    To see the list of all folders with a count of the number of items and its size for one user: 

    Get-MailboxFolderStatistics -Identity user@domain.com | Select Name,ItemsInFolder,FolderSize | FL 

    To see the list of all folders with a count of the number of items and its size for all users in the organization: 

    Get-Mailbox -ResultSize Unlimited | Get-MailboxFolderStatistics | Select Identity,Name,ItemsInFolder,FolderSize | FL > Folder.txt 

    To locate the results search the folder in your PC START > type Folder.txt 


     


     


     


     


     


     


     


     


     


     


     

    Email Forwarding Manage Message Forwarding with Remote Domains 2461791Public Article 

    Set forwarding 

    Set-Mailbox -Identity user@example.com -ForwardingSmtpAddress external@domain.com -DeliverToMailboxAndForward:$true 

    Get Forwarding information 

    Get-Mailbox user@example.com | Select DeliverToMailboxAndForward, ForwardingSMTPAddress 

    Get-Mailbox -identity user@example.com | fl displayname, forwardingsmtpaddress 

    Get-Mailbox user@example.com | Select DeliverToMailboxAndForward 

    Verify Forwarding's permissions 

    Get-Mailbox -Identity user@example.com | Select ForwardingSmtpAddress 

    To check Forwarding for one user 

    Get-Mailbox -Identity user@example.com | Select ForwardingSmtpAddress 

    To check forwarding for all users in the organization: 

    Get-Mailbox -ResultSize Unlimited | Select ForwardingSmtpAddress,displayname 

    To remove email forwarding for one user: 

    Set-Mailbox -Identity user@example.com -ForwardingSmtpAddress $NULL 

    Powershell commands to remove forwarding from the desired mailbox.
    Set-Mailbox -Identity -DeliverToMailboxAndForward $false -ForwardingSMTPAddress $null 

    Disable automatic message forwarding to all domains outside your organization 

    Set-RemoteDomain Default -AutoForwardEnabled $false 

    Disable automatic message forwarding to a specific domain outside your organization 

    New-RemoteDomain -Name Example -DomainName Example.com 

    Enable automatic message forwarding 

    Set-RemoteDomain Example.com -AutoForwardEnabled $true 

    Enable automatic message forwarding to all domains outside your organization 

    Set-RemoteDomain Default -AutoForwardEnabled $true 


    You can use this little script if you need to get the list of users who have forwarding set up and the address it is sending to, instead of getting a full list and then sorting: 

    Get-Mailbox –ResultSize unlimited | where {($_.emailaddresses -match "tenant.onmicrosoft.com") -and -not ($_.ForwardingSmtpAddress -like $null)} | select Identity,UserPrincipalName,ForwardingSmtpAddress 


     

    How to view Inbox Rules created in the organization Click Here

    Get-InboxRule -Mailbox user1@tenant.onmicrosoft.com |FL 

    To check all Inbox Rule in the organization 

    Get-InboxRule |fl Name,Enabled,Description,*Box* 

    Full information run the command below: 

    Get-InboxRule 


    How to get Transport Rules in the organization Click Here

    To get the transport rule list 

    Get-TransportRule | FT 

    To get more detail of the existing transport rule: 

    Get-TransportRule |FL Name,Identity,WhenChanged,Description,IsValid,State 

    Get-TransportRule "Block e-mail messages between Sales and Brokerage Groups" | Format-List 

    Get-TransportRule [-Identity <RuleIdParameter>] [-DomainController <Fqdn>] [-Organization <OrganizationIdParameter>] [-State <Enabled | Disabled>]

    How to set up safe senders and blocked senders in Office 365 Click Here

    additional information

    When you set up safe senders and blocked senders for mailboxes in Microsoft Exchange Online in Microsoft Office 365, mailboxes store the safe senders and blocked senders for each user independently. This resembles the behavior in earlier versions of Microsoft Outlook. 

    After the settings are set up, they are persistent in Outlook and in Outlook Web App. Admins who have a hybrid deployment can set up the safe senders and blocked senders to match the settings that are applied by using Group Policy settings in Active Directory. Office 365 admins have to use Windows PowerShell in Exchange Online to set up these settings for user mailboxes. 

    How to set up safe senders and blocked senders for a single user 

    Set-MailboxJunkEmailConfiguration -Identity <user@example.com> -BlockedSendersAndDomains"<spamA>.com" -TrustedSendersAndDomains john@<spamB>.com

    How to set up safe senders and blocked senders in bulk 

    Get-Mailbox -ResultSize Unlimited| Set-MailboxJunkEmailConfiguration -BlockedSendersAndDomains "<domainA>.com","user@<domainB>.com","..." -TrustedSendersAndDomains "<domainC>.com","user@<domainD>.com","..." 

    How to check safe senders and blocked senders 

    Get-MailboxJunkEmailConfiguration -Identity user@example.com


     

    How to update an existing safe sender and blocked sender liste 

    1. Connect to Exchange Online by using remote PowerShell. For more info about how to do this, go to the following Microsoft website: 

    Connect to Exchange Online Using Remote PowerShell

    (http://technet.microsoft.com/en-us/library/jj984289(v=exchg.150).aspx)

    2. Store the configuration in the $Temp variable. To do this, type the following PowerShell command at the prompt, and then press Enter:

    $Temp = Get-MailboxJunkEmailConfiguration <user@contoso.com> 

    Note The <user@contoso.com> placeholder represents the user whom you want to change.

    1. Update the list in $Temp. To do this, use the "+=" operator to update BlockedSendersandDomains or the TrustedSendersAndDomains attributes. To do this, follow these steps:

    b. Type the following PowerShell command, and then press Enter to update the Blocked Senders list:

    $Temp.BlockedSendersAndDomains += "<domainC>.com","<user>@<domainD>.com","..." 

    c. Type the following PowerShell command, and then press Enter to update the Safe Senders list:

    $Temp.TrustedSendersAndDomains += "<domainC>.com","<user>@<domainD>.com","..." 

    d. To commit the updates that were made to the variable $Temp, type the following PowerShell command, and then press Enter:

    Set-MailboxJunkEmailConfiguration -Identity <user@contoso.com> -BlockedSendersAndDomains $Temp.BlockedSendersAndDomains -TrustedSendersAndDomains $Temp.TrustedSendersAndDomains 


     


     

    CHANGE PRIMARY EMAIL ADDRESS2615519 Public Article


     

    Set-Mailbox "Mailbox'sDisplayName" –EmailAddresses SMTP:userprincipal@contoso.com,alias2@contoso.com,alias3@fabrikan.com 


     

    Change Primary email Address using SIP 

    Set-Mailbox "DisplayName" -EmailAddresses SMTP:user@contoso.com,alias1@ Coffeebeans.onmicrosoft.com,alias2@ Fabrikam.com; Set-Mailbox "user2" -EmailAddresses SIP:user@contoso.com 


     


     


     


     


     


     


     

    Out of Office Assistant not working 

    Out of office not working 

    Troubleshoot the Out of Office Assistant http://office.microsoft.com/en-us/outlook-help/troubleshoot-the-out-of-office-assistant-HP005242235.aspx

    • To turn on the external auto reply:

    1), In Outlook 2010 client, click File on the top; click Automatic Replies; click send out automatic replies; click Outside my organization; customize the settings; click OK. 

    2), In OWA (Outlook Web App), click Options on the top right; select See all options; click Tell people you are on vacation; select Send automatic reply messages to senders outside my organization; customize the settings; click Save. 


     

    ObjectState : Unchanged 

    Notice on my sample 


     


     

    Example that is working well: 

    Get-MailboxAutoReplyConfiguration -Identity user1@tenant.onmicrosoft.com

    RunspaceId : 775615fb-ac0d-4ffe-8025-8cb99bf897d7 

    AutoReplyState : Scheduled 


     


     


     

    Auto Replay 

    Set-MailboxAutoReplyConfiguration user2@example.com –AutoReplyState Enabled –ExternalMessage "Please reach me after December 31, 2012" –InternalMessage "Autoreplay Test

    More information when Autoreply or Transport and Mailbox rules in Exchange Online don't work as expected

    http://support.microsoft.com/kb/2829319

    Get-TransportConfig |FL JournalingReportNdrTo

    Set-TransportConfig -JournalingReportNdrTo admiN@tenant.onmicrosoft.com


     

    Get-MailboxAutoReplyConfiguration -Identity user@domain.com


     


     


     


     

    Take a look at the result, notice how the Autoreplystate is set to disabled? 

    That means that when the command was executed, this mailbox did not have the OOF setting ON so the tests performed are not valid the OOF was not properly configured 

    So either the command was executed out of the configured time frame or the value did not change, this is what we need to validate 


     

    RunspaceId : 0fc07067-3206-443d-b25a-76c51b4572ae 

    AutoReplyState : Disabled 

    EndTime : 25/07/2013 14:00:00 

    ExternalAudience : All 

    ></div></body></html> 

    StartTime : 24/07/2013 14:00:00 

    MailboxOwnerId : Raúl Yépez 

    Identity : Raúl Yépez 

    IsValid : True 

    EndTime : 7/24/2013 2:00:00 PM 

    ExternalAudience : All 

    ExternalMessage : <html> 

    <body> 

    <div name="divtagdefaultwrapper" style="margin:0px; font-family:Calibri,Arial,Helvetica,sans-serif"> 

    <p>OOF 2</p> 

    </div> 

    </body> 

    </html> 


     


     


     


     


     


     


     


     


     


     


     


     


     


     


     


     


     

    Migration 

    Get-MigrationBatch -Diagnostic 


     


     

    SET PASSWORD NEVER EXPIRE 2471104Public Article

    Set password never expire for one user 

    Set-MsolUser -UserPrincipalName user@example.com -PasswordNeverExpires $true 

    Set password never expire for all user 

    Get-MSOLUser -All | set-msoluser -PasswordNeverExpires $true 

    Check what users have the password never expire 

    Get-MSOLUser -All| select user*, password* 

    Alternatively, to see all users and their "Password never expires setting", you can run the following PowerShell command: 

    Get-MSOLUser -All | Select UserPrincipalName, PasswordNeverExpires 

    To check if one user has enabled, run the command below: 

    Get-MSOLUser -UserPrincipalName user@domain.com | select user*, password* 


     

    Office 365 - Password Expiration Notifications in Outlook Click HereBlog article

    Set-MSOLPasswordPolicy –DomainName example.com –NotificationDays 10 -ValidityPeriod 180 

    To verify the Password Policy, run the command below: 

    Get-MSOLPasswordPolicy -DomainNameexample.com | FL 


     

    TO CREATE NEW PASSWORD FOR USERS VK# 2642174 

    To create a new Password for one user: 

    Set-MsolUserPassword -UserPrincipalName user@example.com -NewPassword Password1 -ForceChangePassword $false 

    To create new password for all users in the organization: 

    Get-MsolUser -All | Set-MsolUserPassword -NewPassword Password1 -ForceChangePassword $True 

    Disable or Enable strong Password for User 

    Set-MsolUser -UserPrincipalName user@example.com -StrongPasswordRequired $False 

    To Disable the strong password for all users in the organization: 

    Get-MsolUser -All | Set-MsolUser -StrongPasswordRequired $False 

    To check if the Password require strong password when password is changed 

    Get-MsolUser -UserPrincipalName user@example.com | FL *StrongPasswordRequired 

    To check if the password require strong password when password is changed for all users: 

    Get-MsolUser -All | FL UserPrincipalName,*StrongPasswordRequired 

    Caveats when the strong passwords are disabled

    • 
    Administrators must set users' passwords by using the following Windows PowerShell command if passwords will not meet strong password requirements.

    Set-MsolUserPassword –UserPrincipalName [UserPrincipalName]–NewPassword [NewPassword]

    For example:

    Set-MsolUserPassword–UserPrincipalName john@contoso.com –NewPassword abc 
    • 
    Passwords that are changed in the Office 365 portal are still checked for whether the passwords meet strong password requirements. 



     

    LITIGATION HOLD Click Here

    Put a Mailbox on Litigation Hold 

    To enable the litigation on hold for one mailbox: 

    Set-Mailbox user@domain.com -LitigationHoldEnabled $True -Force 

    To verfiy the litigation on hold for a mailbox: 

    Get-Mailbox -identity user1@example.com | FL DisplayName,WindowsLiveID,*Litigation* 

    To enable the litigation on hold for all mailbox in the organization: 

    Get-Mailbox -ResultSize Unlimited | Set-Mailbox -LitigationHoldEnabled $True -Force 

    To verfiy the litigation on hold for all mailbox in the organization: 

    Get-Mailbox -ResultSize Unlimited | FL DisplayName,WindowsLiveID,*Litigation* 


    The following command sets the duration of the litigation hold on Ann Beebe's mailbox to one year.
    Set-Mailbox user@domain.com -LitigationHoldEnabled $true -LitigtionHoldDuration 365


    The following command sets the duration of the litigation hold on Ann Beebe's mailbox unlimited.
    Set-Mailbox user@domain.com -LitigationHoldEnabled $true -LitigtionHoldDuration Unlimited


    The following command puts Pilar Pinilla's mailbox on litigation hold, and sets the litigation-hold duration for 7 years.
    Set-Mailbox user@domain.com -LitigationHoldEnabled $true -LitigationHoldDuration 2555

    After litigation hold activation, over 20.000 items would be lost and send to the exchange server: 

    To Recover the items into one single folder run the following CMD: 


     

    Search-Mailbox UserOnHold@domain.com -TargetMailbox admin@domain.com -TargetFolder recoveryfolder -SearchDumpsterOnly 

    UserOnHold@domain.com is the mailbox to be recovered 

    admin@domain.com is the target. 


     

    To check litigationHold for specific user: 

    Get-Mailbox -identity user1@example.com | fl *LitigationHoldEnabled


     


     

    Recover a mailbox:

    Get-RemovedMailbox John1@@tenant.onmicrosoft.com | FL >c:\John1.txt

    Open this file (John1.txt) add the MicrosoftOnlineServicesID

    e8be4faf-5ae9-4d21-8f3a-5de64ec80b66 is the GUID.

    John1 is the attribute -Name for the removed mailbox.

    New-Mailbox -Name John1 -RemovedMailbox e8be4faf-5ae9-4d21-8f3a-5de64ec80b66 –MicrosoftOnlineServicesID John1@@tenant.onmicrosoft.com -Password (ConvertTo-SecureString -String 'passw0rd' -AsPlainText -Force)

    New-Mailbox -Name John1 -RemovedMailbox e8be4faf-5ae9-4d21-8f3a-5de64ec80b66 (Old GUID) -MicrosoftOnlineServicesID user@tenant.onmicrosoft.com -Password (ConvertTo-SecureString -String 'Welcome1' -AsPlainText -Force)


     


     


     

    RETENTION POLICY http://technet.microsoft.com/en-us/exchangelabshelp/gg271153#policycmdlets

    To obtain retention policy 

    Get-RetentionPolicy 


     

    To obtain the retention policy for all mailbox 

    Get-Mailbox -ResultSize Unlimited | ft identity, RetentionPolicy 


     

    To delete the MRM or retention policy for one user: 

    Set-Mailbox -Identity username -RetentionPolicy $null 

    To delete the MRM or retention policy for the organization: 

    Get-Mailbox -ResultSize Unlimited| Set-Mailbox -RetentionPolicy $null 


     

    Display a list of the retention policies available in your organization. 

    Get-RetentionPolicy | fl Name 

    Get Detail information for all user in the organization any domain Archiving 

    Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox')} | fl 

    Get-RetentionPolicy -Identity user@example.com | FL Name,RetentionPolicy 

    If receive error deleting retention policies: 

    This operation is not allowed for the organization with disabled customizations. To enable this operation, you need to execute Enable-OrganizationCustomization task first. 

    Enable-OrganizationCustomization 

    http://help.outlook.com/en-us/140/hh299030.aspx?sl=1

    To search all policy tags in the organization run:
    Get-RetentionPolicyTag | fl Name,Type,AgeLimitForRetention,RetentionAction 


     

    ENABLE OR DISABLE (BLOCK) A USER'S CREDENTIAL IN OFFICE 365 

    This command Enable (TRUE) and Disable (FALSE) to block OWA, MOP, SharePoint and every services in O365 (which will block them from being able to sign in). This cannot be set for a synced user. 

    Set-MsolUser -UserPrincipalName user@example.com -blockcredential $true 

    Disable or remove feture "Change Password's" option from OWA/ECP. Click Here

    Create a New Role: 

    New-ManagementRole –Name MyBaseOptions-NoPSD –Parent MyBaseOptions 

    Remove el parameter "Password" from ECP 

    Set-ManagementRoleEntry "MyBaseOptions-NoPSD\Set-Mailbox" -Parameters Password –RemoveParameter 


     

    Assign or sets user's location (country) of this user. The country must be a two-letter ISO code. This can be set for synced users as well as managed 

    Set-MsolUser -UserPrincipalName user@example.com -UsageLocation "US" 



     



     

    GET INFORMATION Public article

    Find commands (MSOL) 

    Get-Command –Module msonline* 

    Check if you still are connected at MOS 

    Get-Pssession 



     


     

    To check External contacts information in the GAL 

    Get-MailContact | FL *EmailAddress* 

    TO CHECK EXTERNAL CONTACT INFORMATION IN THE GAL FOR ONE USER 

    Get-MailContact ContactName | FL *EmailAddress* 

    GROUPS 2230765 / 2519362 / Public Article

    To assign Ownership of the distribution group: 

    Set-DistributionGroup "GroupName" -ManagedBy "Admin@contoso.com" –BypassSecurityGroupManagerCheck 

    To assign Ownership permissions of all Distribution Group that are using specific domain: 

    Get-DistributionGroup | where-Object {$_.EmailAddresses -match "example.com"} | Set-DistributionGroup -ManagedBy Admin@example.com –BypassSecurityGroupManagerCheck 

    To assign Ownership permissions of all Distribution Group in the organization: 

    Get-DistributionGroup | Set-DistributionGroup -ManagedBy Admin@domain.com -BypassSecurityGroupManagerCheck

    To add members in the distribution group: 

    Add-DistributionGroupMember –Identity "GroupName" –Member user@contoso.com

    To remove a member from the distribution group: 

    Remove-DistributionGroupMember -Identity "GroupName" -Member user@contoso.com

    To check the members list from the distribution group:

    Get-DistributionGroupMember -identity "GroupName" |FL DisplayName,WindowsLiveID,RecipientType,EmailAddresses,PrimarySmtpAddress 

    To export the data to a CSV file in your PC, run the command below: 

    Get-DistributionGroupMember ExchangeServers |FL DisplayName,WindowsLiveID,RecipientType,EmailAddresses,PrimarySmtpAddress | FL | Out-file "C:\Users\UserExample\Desktop\DGroup.txt" 

    To Change the primary email address and delete the existing proxy addresses o aliases. 

    Set-DistributionGroup -Identity "GroupName" -EmailAddresses shared@contoso.com 

    Check the Aliases, Primary email addresses 

    Get-DistributionGroup -Identity "GroupName" |FL *PrimarySmtpAddress,*emailaddress* 

    Remove DG or the administrator does not have the appropriate permissions applied. 

    Remove-DistributionGroup "GroupName" -BypassSecurityGroupManagerCheck 

    The following example shows how to configure delivery reports to be sent to the message originators: 

    Set-DistributionGroup -Identity "GroupName" -ReportToOriginatorEnabled $True 

    Run the following cmdlet to hide a distribution group2413286

    Set-DistributionGroup -Identity "GroupName" -HiddenFromAddressListsEnabled $true 

    Create a Distribution Group: 

    New-DistributionGroup -Name Support2 

    To Send As emails as a (DL) (DG) Distribution Group run the command below: 

    Add-RecipientPermission -Identity user@example.com -Trustee Admin@example.com -AccessRights SendAs 


     

    Security Groups 

    Manage Manage Security Groups using MOSMWP 

    To search all security groups in the organization: 

    Get-Recipient | Where {$_.RecipientType -Match "MailUniversalSecurityGroup"} | FT
    Get-Recipient | Where {$_.RecipientTypeDetails -Match "MailUniversalSecurityGroup"} | FT 

    The Object Id can be obtained by using the following command: 

    Get-MsolUser -UserPrincipalName <user ID> | Select ObjectId 

    After you obtain the Object Id, you can add the value when you create security group: 

    New-MsolGroup -DisplayName user@example.com-Managedby <Object Id>

    Creating Security Groups 

    New-MsolGroup -DisplayName <Display Name> -Desciption <Description of the Security Group> 

    Remove securitygroups 

    Remove-MsolGroupMember -ObjectId <Guid1> -GroupMemberObjectId <Guid2> 

    To remove all Distribution Groups from MOP: 

    Get-MsolGroup -ALL | Remove-MsolGroup -Force

    Add new group members 

    Add-MsolGroupMember -ObjectId <Guid1> -GroupMemberObjectId <Guid2> -GroupMemberType Group 

    Remove group members 

    Remove-MsolGroupMember -ObjectId <Guid1> -GroupMemberObjectId <Guid2> 


    Update the properties of a group 

    Set-MsolGroup -ObjectID <ObjectId> -description "Test security group" 

    Verify group members 

    Get-MsolGroupMember -GroupObjectId <Object Id> -All 

    Example: 

    Get-MsolGroup 

    ObjectId DisplayName GroupType Description
    -------- ----------- --------- -----------
    dcbd02ad-9552-4ce9-96c3-46ae97335f29 Mailbox Us... Security Mailbox U... 

    Get-MsolGroupMember -groupObjectid dcbd02ad-9552-4ce9-96c3-46ae97335f29 -All 

    GroupMemberType EmailAddress DisplayName
    --------------- ------------ -----------
    User jesus@example.com Jesus Santaella
    User panita@example.com Alfredo Saavedra
    User brian@example.onmicros... Brian Scott 

    Add a domain or user into safe sender (White list) list: 

    Set-MailboxJunkEmailConfiguration -Identity admin@example.onmicrosoft.com -TrustedSendersAndDomains "contoso.com","fabrikam.com","user1@contoso.com","user2@fabrikam.com" 


     

    CREATE USERS Public Article


     

    Create a user 

    New-MSOLUser -UserPrincipalName user@example.com -DisplayName "user11" 


    Remove User from MOP 

    Remove-MsolUser -UserPrincipalName user@contoso.com -force 


     


     

    LICENSES 

    Assing a license (2584964) 

    Set location first 

    Set-MsolUser -UserPrincipalName user@example.com -UsageLocation co -BlockCredential $false 

    Get skuid 

    Get-MsolAccountSku | Select AccountSkuId 

    Assing all licenses 

    Set-MsolUserLicense -UserPrincipalName user@example.com -AddLicenses "jsnetwork:enterprisepack" 

    Convert License: 

    Set-MsolUserLicense -UserPrincipalName user@contoso.com -RemoveLicenses "contoso:standardpack" -AddLicenses "contoso:enterprisepack" 


    To get the detail for each user in the organization 

    Get-Msoluser -all | ForEach-Object { "============="; $_.DisplayName; $_.licenses[0].servicestatus }


     


     


     


     

    Managing Exchange ActiveSync Devices 

    http://technet.microsoft.com/en-us/library/aa998933(v=exchg.141).aspx

    Exchange ActiveSync Mobile Phones and Compatible Features

    Configure a Mobile Phone for Synchronization

    Disable a Mobile Phone for Exchange ActiveSync

    Enable a Device for Exchange ActiveSync

    View a List of Devices for a User

    Configure Device Password Locking

    Recover a Device Password

    Perform a Remote Wipe on a Mobile Phone

    Install SSL Certificates on a Windows Mobile Phone

    Configure Mobile Phones to Synchronize with Exchange Server

    Manage a Mobile Device


     

    Get-ActiveSyncDeviceStatistics -Mailbox user@example.com 


     

    To determine who in the organization has a Microsoft Exchange ActiveSync device. For each device, the Exchange ActiveSync device statistics are retrieved:To check mobile phone configured to synchronize with the mailbox that belongs to the user 

    $UserList = Get-CASMailbox -Filter {hasactivesyncdevicepartnership -eq $true -and -not displayname -like "CAS_{*"} | Get-Mailbox 

    $UserList | foreach { Get-ActiveSyncDeviceStatistics -Mailbox $_} 

    To disable specific mobile device/ Active sync object 

    Disable a Mobile Phone for Exchange ActiveSync 

    http://technet.microsoft.com/en-us/library/bb232080(v=exchg.141).aspx

    This example retrieves the device ID after the user has synchronized the device with the Exchange server. 

    Get-ActiveSyncDeviceStatistics -Mailbox:"<EmailAlias>" | FL DeviceID

    This example adds the device ID to the ActiveSyncBlockedDeviceIDs parameter list to prevent the device from synchronizing with Microsoft Exchange. 

    Set-CASMailbox -Identity: "EmailAlias" -ActiveSyncBlockedDeviceIDs: "<DeviceID_1>","<DeviceID_2>"


     

    Hot to change the regional settings languages in office 365 

    Set-MailboxRegionalConfiguration -Identity user@domain.com -Language EN-US -DateFormat dd/MM/yyyy -TimeFormat HH:mm -TimeZone "Eastern Standard Time" 


     


     


     

    Time Zones: 

    "Eastern Standard Time" 

    "Central Standard Time" 

    "Pacific Standard Time" 


     

    Languages: 

    En-Us 

    Es-Es 

    Es-Co 


     

    More Information: 


     

    Time zone settings are incorrect or missing for multiple mailboxes in Office 365

    http://support.microsoft.com/kb/2718817

    http://technet.microsoft.com/it-it/library/dd351103(v=exchg.141).aspx


     


     


     


     


     

    How to change the languages for a user mailbox in Exchange online Click here:

    Set-Mailbox -Identity "Katarina Larsson" -Languages "Es-Es"


     


     

    To check the external contacts in the GAL: 

    Get-MailContact ContacName |FL *EmailAddress* 


     


     


     

    To verify the UPN user 

    Get-Mailbox -Identity 'block' | fl *DisplayName,PrimarySmtpAddress 


     


     

    How to Enable Archiving Archive using O365 powerShell for Cloud based or (Directory Synchronization) DirSync or users: 

    Enable-Mailbox -Archive -IdentityUserAlias 


    To verify the Archive mailbox: 

    Get-Mailbox -Archive 


     

    Mailbox Quota Archive mailbox 

    Get-Mailbox -Identity user1@example.com | FL *quota 


     

    Get Max Size Sending and Receiving Send Receive 

    Get-Mailbox -Identity user@example.com | FL *Size 

    Get-Mailboxstatistics user1@example.com |fl TotalItemSize ; Get-Mailbox -Identity user1@example.com | FL *quota 


     

    Check Office 365 Plan 
    Get-MailboxPlan -AllMailboxPlanReleases |fl name,PersistedCapabilities,Identity,Displayname 


     


     


     


     

    Get-CASMailboxPlan 


     

    To Verify CAS services if are Enabled or Disable OWA, IMAP, POP, MAPI, Active Sync Enabled 

    Get-CASMAilbox -identity user@example.com 


     

    To check Full CAS information 

    Get-CASMAilbox -identity user@example.com |FL 

    To Disable OWA for specific user 

    Set-CASMailbox -Identity user@example.com -OWAEnabled:$false 

    To Disable OWA for all users in the organization, run the command below: 

    Get-Mailbox -ResultSize Unlimited | Set-CASMailbox -OWAEnabled:$False 

    To Disable OWA for specific Domain, run the command below: 

    Get-Mailbox -ResultSize Unlimited | where-Object {$_.EmailAddresses -match "example.com"} | Set-CASMailbox -OWAEnabled:$false 

    To Disable MAPI 

    Set-CASMailbox -Identity user@example.com -MapiEnabled:$false 


     

    To Disable IMAP 

    Set-CASMailbox -Identity user@example.com -IMAPEnabled:$false 


     

    To Disable POP 

    Set-CASMailbox -Identity user@example.com -POPEnabled:$false 

    To Disable EWS 

    Set-CASMailbox -Identity user@example.com -EWSEnabled:$false 


     

    To verify the CAS in Online MAPI, IMAP, ActiveSync, POP, EWS for all mailbox in the organization: 

    Get-CASMAilbox |FL DisplayName,MAPIEnabled, PopEnabled, ActiveSyncEnabled,ImapEnabled, EwsEnabled, OWAEnabled 


    To verify the CAS in Online MAPI, IMAP, ActiveSync, POP, EWS for one user: 

    Get-CASMAilbox -Identity user@example.com |FL DisplayName,MAPIEnabled, PopEnabled, ActiveSyncEnabled,ImapEnabled, EwsEnabled, OWAEnabled 

    To enable EWS for an entire Tenant in Exchange Online:

    Get-Mailbox -ResultSize Unlimited | Set-CASMailbox -EwsAllowOutlook $true

    This will enable EWS to function properly in Exchange Online.

    -EwsAllowOutlook

    -EwsAllowMacOutlook 

    -EwsAllowEntourage 

    To gather EWS information run the command below:

    Get-CASMailbox -Identity "user2@example.com" |FL *Ews* 

    To enable the CAS for MAC and Entorurage for one user run the command below: 

    Set-CASMailbox -EwsAllowOutlook $true -Identity "user2@domain.com" 

    Set-CASMailbox -EwsAllowMacOutlook $true -Identity "user2@domain.com" 

    Set-CASMailbox -EwsAllowEntourage $true -Identity "user2@domain.com" 

    To Enable for all users in the organization run the command below: 

    Get-mailbox -ResultSize Unlimited | Set-CASmailbox -EwsAllowOutlook $true 

    Get Exchange Guid 

    Get-Mailbox -identity user1@example.com | FL *ExchangeGuid 


     


     


     


     

    Check all User's information (E-mail fordward, PasswodNevExp, UserPrincipalName, BlackBerryUser, Using License 

    Get-mailbox -ResultSize Unlimited | FL 

    Get-MSOLUser -all | FT 

    Get-MSOLUser -all | FL * 


     


     

    Check one User information (Email/ License / Company information / PassNevExp / 

    Get-MSOLUser -user user@example.com | FL 


     


     


     


    To check the mailbox server name, run the command below: 

    Get-Mailbox User@example.com | Select DisplayName, ServerName

    DISABLE CONNECTED ACCOUNT FROM ECP Click Here

    We accomplished this by customizing the RBAC roles in O365 using a remote PowerShell session. 

    1. Export MyBaseOptions management role entries for reference: 
      Get-ManagementRoleEntry MyBaseOptions\* | ConvertTo-Html > C:\MyBaseOptions.htm
    2. Copy the existing MyBaseOptions management role as new MyMailForwarding Role: 
      New-ManagementRole –Parent MyBaseOptions –Name MyMailForwarding
    3. Copy the existing MyBaseOptions management role as a new MyMailbox role: 
      New-ManagementRole –Parent MyBaseOptions –Name MyMailbox
    4. Remove all Set-Mailbox parameters (which include mail forwarding permissions) from the new MyMailbox role: 
      Remove-ManagementRoleEntry MyMailbox\Set-Mailbox
    5. Add Set-Mailbox parameters back to MyMailbox role except those associated with mail forwarding: 
      Add-ManagementRoleEntry MyMailbox\Set-Mailbox –Parameters AcceptMessagesOnlyFrom, AcceptMessagesOnlyFromDLMembers, AcceptMessagesOnlyFromSendersOrMembers, ErrorAction, ErrorVariable, ExternalOofOptions, GrantSendOnBehalfTo, Identity, Languages, MailTip, MailTipTranslations, OutBuffer, OutVariable, Password, RejectMessagesFrom, RejectMessagesFromDLMembers, RejectMessagesFromSendersOrMembers, RequireSenderAuthenticationEnabled, UserCertificate, UserSMimeCertificate, WarningAction, WarningVariable

    To enable Audit for an administrator to Search Mailbox in ECP: 

    Set-Mailbox -Identity user@domain.com -AuditEnabled $true

    To enable mailboxes to audit search from ECP 

    $UserMailboxes = Get-mailbox -ResultSize Unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox')} 

    $UserMailboxes | ForEach {Set-Mailbox $_.Identity -AuditEnabled $true}

    To create multiple alias via PowerShell 

    After the SMTP (Primary email address) can add multiple alias adding the comma 

    Set-Mailbox "DisplayName" –EmailAddresses SMTP:user@contoso.com,alias1@Coffeebeans.com,alias2@Fabrikam.com,alias3@Coffeebeans.com,alias4@contoso.onmicrosoft.com 

    Get Display Name (when an admin try to add a new user and receive error that already exist run the command to identify which mailbox has the user as an alias: 

    Get-Mailbox -Identity user1@contoso.com | FL *DisplayName 

    Get Address List Membership 

    Get-Mailbox -Identity user1@ contoso.com | Select -Expand AddressListMembership 

    Get the Aliases, SMTP, SIP, smtp for all mailbox in the organization: 

    Get-Mailbox -ResultSize Unlimited | Select -Expand EmailAddresses Alias 

    Get the Aliases, SMTP, SIP, smtp for One user 

    Get-Mailbox -Identity user1@ contoso.com | Select -Expand EmailAddresses Alias 

    To check the full information for an alias or mailbox use the command bellow: 

    Get-Mailbox -Identity user1@contoso.com | FL 

    To find all mailboxes that is associated with specific domain: 

    Get-Mailbox -ResultSize Unlimited | where {$_.EmailAddresses -match "contoso.com"} | fl Name, RecipientType, EmailAddresses 

    To find all distribution groups that is associated with specific domain: 

    Get-DistributionGroup | where {$_.EmailAddresses -match "contoso.com"} | FL Name, EmailAddresses 

    To find information for specific distribution group 

    Get-DistributionGroup -identity "Team Group" |FL Name,PrimarySmtpAddress,GroupType,EmailAddresses,GroupType,MemberJoinRestriction 

    Change Primary email Address using SIP 

    Set-Mailbox " DisplayName" -EmailAddresses SMTP:user@contoso.com,alias1@ Coffeebeans.onmicrosoft.com,alias2@ Fabrikam.com; Set-Mailbox "user2" -EmailAddresses SIP:user@contoso.com 


     

    To find a specific alias for each mailbox, or DG/DL run the command below: 

    Get-Recipient | where {$_.EmailAddresses -match "cloud1@example.com"} | Select -Expand EmailAddresses Aliases 

    To find every alias for each user or DG/DL run the command below: 

    Get-Recipient | FL name, @{name="count";expression={[array]($_.EmailAddresses).Count}},EmailAddresses 


     

    Get-Msoluser | FL DisplayName,ProxyAddresses 

    Get-Msolgroup | FL DisplayName,ProxyAddresses 


     


     


     


     


     

    Connected Account Removed Connected Account

    New-POPsubscription 

    New-IMAPsubscription 

    New-Hotmailsubscription 

    To remove connected account: 

    Remove-Subscription "user@domain.com" 


     


     

    A D F S 

    This example enables the organization identifier. This enables federation for the Exchange organization. 

    Set-FederatedOrganizationIdentifier -Enabled $true 

    Set-FederatedOrganizationIdentifier -DelegationFederationTrust "MicrosoftOnline" -AccountNamespace "example.com" -Enabled $true 

    Get-FederatedOrganizationIdentifier 

    http://technet.microsoft.com/en-us/library/dd351037.aspx


     

    Federation Commands Use the Get-SharingPolicy cmdlet to view the settings of sharing policies. Free/Busy Information

    http://technet.microsoft.com/en-us/library/dd335081.aspx

    Get-SharingPolicy | fl 

    Get-FederationInformation -Domain example​.onmicrosoft.com 

    Get-OrganizationRelationShip | fl 


     


     


     


     


     


     

    Shared Mailbox Public Article

    For instance, the _real_ parameters of Set-Mailbox can be retreived by running the following: 

    (Get-Command -Name "Set-Mailbox").Parameters 


     


     

    2638122 Shared Mailbox is being checked for whether it has an Office 365 license after the 30-day grace period even though shared mailboxes do not require a license 

    Set-Mailbox -Identity <MailboxIdParameter> -SKUAssigned:$True 


     

    How to Create Equipment MailboxesClick Here

    New-Mailbox -Name "Notebook Computer 1" -Equipment 

    Configure the mailbox to automatically process meeting requests 

    Set-CalendarProcessing "Notebook Computer 1" -AutomateProcessing AutoAccept 

    How to Create a New Room MailboxClick Here 

    To search all mailbox in the organization: 

    Get-Mailbox -ResultSize Unlimited | Where {$_.RecipientTypeDetails -match "SharedMailbox"} 

    Get-Recipient | where {$_.RecipientTypeDetails -match "SharedMailbox"} | FL Name, DisplayName, WindowsLiveID, EmailAddresses 

    Specify resource delegates for equipment mailboxes 


     

    Set-CalendarProcessing 

    To Create a Shared Mailbox 

    This PowerShell is to create the SharedMailbox, run the following PowerShell command: 

    New-Mailbox –Name "Mailbox Shared" –Alias MShared –Shared 

    MailboxShared This is the display name of the SharedMailbox. 

    Mshared This is the Alias 


     


     


     


     

    To Assign Mailbox Full Access permissions to a group This PowerShell let the members access to the Mailbox Shared and Calendars. 

    Add-MailboxPermission "Mshared" -user "MSharedGroup" –AccessRights FullAccess -InheritanceType All 

    Mshared This is the Alias of the Shared Mailbox. 

    MsharedGroup This is the username of the Distribution Group. 


     


     


     


     

    To Assign the security group the SendAs permission to the shared mailbox To enable members of the Printing Services Staff security group to send e-mail from the shared mailbox, run the following command:

    Add-RecipientPermission "MShared" -Trustee "MSharedGroup" -AccessRights SendAs 

    Mshared This is the Alias of the Shared Mailbox. 

    MsharedGroup This is the username of the Distribution Group. 


     


     


     

    Convert a Mailbox in Exchange Online Click Here:

    Set-Mailbox ConfRoom1 -Type Room 

    You can use the following values for the Type parameter:

    • Regular
    • Room
    • Equipment
    • Shared


     

    Restrict the Number of Recipients per Message in Exchange Online Click Here:

    Set-TransportConfig -MaxRecipientEnvelopeLimit 1000 

    Restricts the number of recipients per message to 300 for messages received through the Receive connector Contoso Receive Connector. 

    Set-ReceiveConnector -Identity "Contoso Receive Connector" -MaxRecipientsPerMessage 300 


     


     

    Mailbox Sixe VKB#2490230 / Public Article / Outlook Help


     

    Get-Mailbox -ResultSize Unlimited | Get-MailboxStatistics | DisplayName,StorageLimitStatus,@{name="Select TotalItemSize (MB)";expression={[math]::Round(($_.TotalItemSize.Split("(")[1].Split(" ")[0].Replace(",","")/1MB),2)}},@{name="TotalDeletedItemSize (MB)";expression={[math]::Round(($_.TotalDeletedItemSize.Split("(")[1].Split(" ")[0].Replace(",","")/1MB),2)}},ItemCount,DeletedItemCount | Sort "TotalItemSize (MB)" -Descending | Export-CSV "C:\My Documents\All Mailboxes.csv" -NoTypeInformation 


     


    View the size and quota status of a specific mailbox 

    Get-MailboxStatistics "user1" | Format-List StorageLimitStatus,TotalItemSize,TotalDeletedItemSize,ItemCount,DeletedItemCount


    To view the current size and quotas status the mailbox belonging to a user 

    Get-MailboxStatistics "User2" | Format-List StorageLimitStatus,TotalItemSize,TotalDeletedItemSize,ItemCount,DeletedItemCount 

    Get-Mailboxstatistics user1@example.com |FL TotalItemSize ; Get-Mailbox -Identity user1@example.com | FL *quota

    Sets the warning, prohibit send, and prohibit send and receive limits for John Smith's mailbox to 200 megabytes (MB), 250 MB, and 280 MB respectively Click here:

    Set-Mailbox -Identity jsmith@contoso.com -IssueWarningQuota 209715200 -ProhibitSendQuota 262144000 -ProhibitSendReceiveQuota 293601280 -UseDatabaseQuotaDefaults $false 


     

    Get-Mailbox *mail* | fl *recip* 

    Get-TransportConfig | fl *env* 

    Federation and Hybrid Configuration Cmdlets Click Here

    Windows PowerShell in Office 365


     


    Test-FederationTrustCertificate

    Set-FederationTrust

    Test-FederationTrust

    Set-FederatedOrganizationIdentifier

    Remove-FederatedDomain

    Remove-FederationTrust

    New-FederationTrust

    Get-FederationTrust

    Get-FederationInformation

    Get-FederatedOrganizationIdentifier

    Get-FederatedDomainProof

    Add-FederatedDomain

    Get-HybridConfiguration

    New-HybridConfiguration

    Set-HybridConfiguration

    Update-HybridConfiguration

    New-HybridConfiguration

    Set-HybridConfiguration

    Get-HybridConfiguration

    Update-HybridConfiguration

    Enable-OrganizationCustomization: Windows PowerShell Error in Exchange Online

    http://help.outlook.com/en-us/140/hh299030.aspx?sl=1

    Enable-OrganizationCustomization


     


     


     


     

    Install and Configure Windows PowerShell 

    http://help.outlook.com/en-us/140/cc952756.aspx


     

    Change a User's Primary E-mail Address 

    http://help.outlook.com/en-us/140/dd251224.aspx


     

    Use Windows PowerShell in Exchange Online 

    http://help.outlook.com/en-us/140/cc546278.aspx


     

    Reference to Available PowerShell Cmdlets 

    http://help.outlook.com/en-us/140/dd575549.aspx


     

    Troubleshooting the Exchange Management Shell 

    http://technet.microsoft.com/en-us/library/dd351136.aspx

    How to manage security groups in Office 365 by using PowerShell

    Cmdlets currently available to Exchange Online administrators

    Give an Administrator the Ability to Open and View the Contents of a User's Mailbox

    Open Another Mailbox

    Connect the regular Windows PowerShell to ExchangeOffice 365

    Give Users Send As Permission​​