With Windows Server 2016, Microsoft integrated the Microsoft Defender service into the operating system. This built-in antivirus is now running constantly but it does not have the Defender GUI installed by default. If you want to activate the graphical user interface on the server, this can be done using Windows Server Manager or Powershell cmdlet.
Windows Defender GUI
Let’s see how to activate or disable the Windows Defender Graphical interface:
During an Office 365 migration from an Exchange on-premises, it can be usefull to migrate contacts information. For some reasons, if you can not do a Active Directory synchronization, contacts information needs to be imported manually.
You can easily do that by running two scripts, one in your Exchange environnement which creates an csv file, and the other into the Office 365 Powershell.
Sometimes, it can be usefull to disable access to the Exchange server for a specific mailbox. For exemple, in order to forbid Outlook Web App (Outlook on the Web for Exchange 2016) but you do not want to disable the user account. Or you can prestage the mailbox and only allow access to a specific date/ time.
This can also be used during a migration to another mail system: when the user is migrated, you can disable all access to force the user on the new messaging system. And prevent any email sent by the old Exchange.
Exchange Disable access
Let’s see how to disable all access for a mailbox using ECP or Exchange Powershell:
Since Windows 8.1 and Windows Server 2012 R2, Microsoft released Powershell 4. A new cmdlet can be use to troubleshoot network connections issues : Test-NetConnection.
With Windows version older than Windows 8.1, you must install the Telnet client to test if a specific port is open on a remote host. Now, we have a built-in tool!
Test-NetConnection with google
Let’s see how to use this cmdlet:
During an Office 365 migration, it can be useful to set the regional configuration before the user logon the first time.
Specify the regional setting prevents the user to register the language and time zone again. Moreover, when you want to import PST files into the new office 365 Mailbox, default folders must have the same name. Otherwise you will get two folders for each default folder, like inbox, Sent, Drafts…
This modification can be done using the Office 365 Exchange cmdlet or we can use a powershell script. Let’s see how to do that.
In order to reorganize an Active Directory forest, with multiple child domains into a single domain, I used the ADMT (Active Directory Migration Tool) 3.2 from Microsoft. This modification is an intraforest migration because all domains are in the same forest.
While ADMT supports an intraforest migration, I encountered a specific issue for migrated computers from a child domain to the parent domain: “The security database on the server does not have a computer account for this workstation trust relationship“
Security database trust relationship
Well, I was very perplex by this error, because the ADMT agent reported an successfully operation, and the computer account existed in the new Active Directory domain.
In fact, you will get this error each time you want to migrate a computer with an intraforest and the target operating system is Windows Server 2012 R2. Let’s see why and how to resolve this issue.
Sometimes, you may need to check the information stored in the Active Directory Global Catalog. This can happen if you want to check that the replication between GC located in separate site is done.
We can easily view the information in GC with ADSI Edit:
Let’s see how to connect to a GC using ADSI Edit.
During an Active Directory migration, I needed to do an inventory of the computers to migrate. Because some computers do not exist anymore but not removed from Active Directory. I created a Powershell script based on the Last Logon Timestamp property.
CSV file from the script
This powershell script creates a CSV file with the computer name, the last logon property and the operating system. Some domains were based on Windows Server 2003 or 2008, I could not use Active Directory commandlets, so I used the LDAP Search.
Microsoft released the Cumulative Update 11 for Exchange 2013 and Exchange 2016 CU1 in December 2015. With these new packages, they changed the behavior of Exchange Management Shell, (Exchange Powershell).
Prior to 2013 CU11 and 2016 CU1, when you start the EMS, it will connect by default to the local Exchange Server. But with CU11, Exchange Powershell will be proxy to the server where the user’s mailbox is located. It means that when you start the EMS console, it will probably try to connect to another server.
When all your servers are up to date, in some circonstances, you can get an error when launching the EMS: “No mapping for the Unicode character exists in the target”:
Mapping Unicode error
If you get this error, do not panic and stay calm :). You can find some posts where you need to rebuild the powershell virtual directory, but do not do this! Let’s see how to resolve this issue easily.
With an Office 365 business subscription, Microsoft provides a new service in order to make the migration easier: Import File. This service allows us to import PST files into Office 365 mailboxes with a web interface. For the moment, you can use it for free, but it will be available for purchase later in 2016.
However, if you try this function without prerequisites, you will get an error for each mailbox. On the status page, you will see this error: Please add Mailbox Import Export role for user running Import and check back in 60 minutes.
Status page import export error
Let’s see how to correct this error: