by --Anand--

Exchange: Distribution Group is rejecting emails from external email address


You set the distribution group to receive emails only from specific senders in the delivery management section of the DL properties. Now an email from external source sent to this DL and it fails with the NDR with the following error message:

#550 5.7.1 RESOLVER.RST.NotAuthorized; not authorized ##

DL-Properteis

Error message says it can not resolve the external email address. The solution is very simple.

Create an Exchange mail contact for the external email address that sends emails to the distribution group.

And, add the Exchange contact to the allowed senders list in delivery management section. That’s all.

Advertisements
by --Anand--

Windows: How to change the network from Public to Private?


On my Windows 10, I found the network is set to Public network. That means you can’t share anything to/from other computers. When you connect to a new network, Windows gives you an option to share files with another computer on the network. If you check that box, the network is flagged as Private. If you missed it, the network is flagged as Public. It looks like this:

PublicNetwork

I tried to change that network back to the Private network. For some reason, Windows 10 didn’t give me any to option to change the network type anywhere in GUI settings.

But I found how to do it in PowerShell. If you want to change the network type, open the PowerShell with Administrative Privileges (Right click on PowerShell, Run as Administrator) and run these commands:

Run this command and note down “InterfaceAlias” of the network you want to change.

Get-NetConnectionProfile

Store the Network connection profile of the network to a variable (enter the interface alias you noted down from the previous command) :

$netprofile = Get-NetConnectionProfile -InterfaceAlias <Interface Alias name>

Change the Network Category to “Private” or “Public” in the object stored in $netprofile:

$netprofile.NetworkCategory = "Private"

Set the network profile with the modified object:

Set-NetConnectionProfile -InputObject $netprofile

You can close the PowerShell now. Check your network, it should be changed now.

PrivateNetwork

by --Anand--

Exchange: Delete Meetings of terminated users’ in conference room calendars


How to free up the conference room calendar from terminated employees’ meetings? Here are the base line PowerShell commands for you to write a script.

To check if any meetings booked by employees in any of the conference rooms who no longer works in your office:

Get-Mailbox -RecipientTypeDetails RoomMailbox |  Search-Mailbox -Searchquery "kind:meetings from:<DisplayName>" -EstimateResultOnly | Select Identity,ResultItemsCount | ft -AutoSize

Note: Replace <DisplayName> in the command above with terminated user’s display name.

To Delete the meetings booked by the terminated employees:

Get-Mailbox -RecipientTypeDetails RoomMailbox |  Search-Mailbox -Searchquery "kind:meetings from:<DisplayName>" -DeleteContent -Force

Anybody interested in a script to run in schedule to delete the meetings of terminated users? drop me a comment..

 

 

 

by --Anand--

Get-MailboxFolderPermission – The security principal specified is already on the permission set


Are you getting this error when running Get-MailboxFolderPermission?

PS E:\> Get-MailboxFolderPermission deptcalendar@company.com:\calendar
The security principal specified is already on the permission set.
    + CategoryInfo          : NotSpecified: (:) [Get-MailboxFolderPermission], CorruptDataException
    + FullyQualifiedErrorId : [Server=ZN1UR12MB0288,RequestId=b4f155be-a238-4a98-8b3f-f3d9258e22d2,TimeStamp=6/19/2018 10:10:41 PM] [FailureCategory=Cmdlet-CorruptDataException] F8D77EE2,Microsoft.Exchange.Management.StoreTasks.GetMailboxFolderPermission
    + PSComputerName        : outlook.office365.com

The error message seems cryptic, right? But it is not. It means there is a DUPLICATE entry for the same user (security principal) is in the permission set for the calendar folder permissions.

So how do we fix it?

The ONLY way is to use Outlook to remove the duplicate entry.

Yes, that means

  1. give yourself full access permission to the mailbox,
  2. create an Outlook profile (or just a calendar),
  3. go to Calendar, right click and go to properties, & then Permissions
  4. remove the duplicate user entry

Enjoy. 🙂

by --Anand--

Exchange: list mailbox folders size and items count


As Exchange Administrator, if you want to find out any user’s mailbox size information by folder and number of items in each folder, you can to the right place. Here is the PowerShell Command to list the folders, number of items in the folder and size of the folders.

Replace the username@domain.com with user’s primarySMTPAddress.

(Get-MailboxFolderStatistics -Identity Username@Domain.com) |sort itemsinfolder -descending |ft folderpath,itemsinfolder,FolderSize

 

The results will look like this:

FolderPath                                       ItemsInFolder FolderSize
----------                                       ------------- ----------
/Inbox/Important_email                                 1907851 2.661 GB (2,857,213,378 bytes)
/Junk E-Mail                                            461173 1.801 GB (1,933,977,887 bytes)
/Inbox/S - Archived/KIRA                                 15085 539.8 MB (566,024,075 bytes)
/Deleted Items                                           12202 418.3 MB (438,663,132 bytes)
/Recoverable Items                                        9109 56.48 MB (59,219,680 bytes)
/Calendar                                                 3276 127.2 MB (133,343,630 bytes)
/Inbox/1 - Archived/Munchkins                             2558 48.49 MB (50,848,487 bytes)
/Sent Items                                               1355 45.74 MB (47,961,704 bytes)
/Inbox/0 - YOps Mist                                      1339 389.1 MB (408,029,942 bytes)
/Inbox/1 - Archive                                          1147 118 MB (123,761,904 bytes)
/Inbox/5 - Alerts                                          929 33.92 MB (35,571,617 bytes)
/Inbox/1 - Archive2                                        920 142.1 MB (149,002,073 bytes)

 

by --Anand--

Group Policy is failed to update on Windows 10 computer


On my Windows 10 computer, I found Group Policy is not being applied anymore. If I ran group policy update on a administrative command shell, I get this:

PS C:\WINDOWS\system32> gpupdate /force
Updating policy…
Computer Policy update has completed successfully.
User Policy could not be updated successfully. The following errors were encountered:

The processing of Group Policy failed. Windows could not determine if the user and computer accounts are in the same forest. Ensure the user domain name matches the name of a trusted domain that resides in the same forest as the computer account.

To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.

So after some research I found the issue and fixed it. The solution is

Make the freaking NETLOGON service to start automatically and start the service.

Did this solution helped you? leave me a reply here.

by --Anand--

Firefox: Website Certificate Warning–“This website does not supply ownership information”


Are you seeing this error on Firefox (which is common for intranet websites)?

image

There is two reasons for this warning. 

1. You may have meddled with OCSP settings. Firefox checks Certificate validity by checking “Certificate Revocation List” (CRL) using OCSP. Firefox couldn’t get the CRL info, thus this error.

2. Your internal Certificate Authority (CA) doesn’t have OCSP installed and/or Firefox doesn’t have Root and Sub-ordinate CA Certificate in the store (Freaking Firefox has it’s own Certificate Store).

For the first issue (OCSP), you can reset the settings and fix the issue.

  1. In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.
  2. In the search box above the list, type or paste ocsp and pause while the list is filtered
  3. If the security.OCSP.require preference is bolded and “modified” or “user set” to true, double-click it to restore the default value of false
  4. Close Firefox and reopen it. Try browsing the same website.

For the second issue (no CA certificate in Firefox Cert Store), you need to add the Internal CA certificates to the store.

  1. Get the Certificate Authority (CA) certificate chain in P7B format. e.g., CAChain.p7b
  2. Open Firefox
  3. Open the Firefox menu from the far right side of the Firefox toolbar
  4. Select “Options” from menu
  5. Select “Privacy & Security”
  6. Scroll to the bottom of the page and click on “View Certificates”
  7. Click “Import…”
  8. select the certificate to add click Open and navigate to the directory you know contains the p7b certificate chain file, select the file and click “Open”
  9. Scroll down within the Certificate Manager window that is open and verify the certificate you imported is listed.
  10. click “Ok” and now you can navigate to the page you want to browse.

If this fixed it for you, leave me a reply.