You set the distribution group to receive emails only from specific senders in the delivery management section of the DL properties. Now an email from external source sent to this DL and it fails with the NDR with the following error message:
#550 5.7.1 RESOLVER.RST.NotAuthorized; not authorized ##
Error message says it can not resolve the external email address. The solution is very simple.
Create an Exchange mail contact for the external email address that sends emails to the distribution group.
And, add the Exchange contact to the allowed senders list in delivery management section. That’s all.
On my Windows 10, I found the network is set to Public network. That means you can’t share anything to/from other computers. When you connect to a new network, Windows gives you an option to share files with another computer on the network. If you check that box, the network is flagged as Private. If you missed it, the network is flagged as Public. It looks like this:
I tried to change that network back to the Private network. For some reason, Windows 10 didn’t give me any to option to change the network type anywhere in GUI settings.
But I found how to do it in PowerShell. If you want to change the network type, open the PowerShell with Administrative Privileges (Right click on PowerShell, Run as Administrator) and run these commands:
Run this command and note down “InterfaceAlias” of the network you want to change.
Store the Network connection profile of the network to a variable (enter the interface alias you noted down from the previous command) :
$netprofile = Get-NetConnectionProfile -InterfaceAlias <Interface Alias name>
Change the Network Category to “Private” or “Public” in the object stored in $netprofile:
$netprofile.NetworkCategory = "Private"
Set the network profile with the modified object:
Set-NetConnectionProfile -InputObject $netprofile
You can close the PowerShell now. Check your network, it should be changed now.
How to free up the conference room calendar from terminated employees’ meetings? Here are the base line PowerShell commands for you to write a script.
To check if any meetings booked by employees in any of the conference rooms who no longer works in your office:
Get-Mailbox -RecipientTypeDetails RoomMailbox | Search-Mailbox -Searchquery "kind:meetings from:<DisplayName>" -EstimateResultOnly | Select Identity,ResultItemsCount | ft -AutoSize
Note: Replace <DisplayName> in the command above with terminated user’s display name.
To Delete the meetings booked by the terminated employees:
Get-Mailbox -RecipientTypeDetails RoomMailbox | Search-Mailbox -Searchquery "kind:meetings from:<DisplayName>" -DeleteContent -Force
Now the script to purge all meeting booked by terminated users.
Note: Change the SEARCHBASE options according to your AD environment. If you remove -SEARCHBASE option from Search-ADAccount command in the script, it will list all disabled accounts from entire domain.
* * * * * Purge Meetings Booked by Terminated Users * * * * *
Delete meetings from conference rooms booked by employees terminated last 7 days.
Written by: Anand, the Awesome
Created on: 12/21/2018
$dt = date_time
$logfile = ".\PurgeMeetings-of-termed-users" + $dt + ".log"
Start-Transcript -Path $logfile
#Get the terminiated user list
REPLACE THE SEARCH BASE - BASED ON YOUR AD ENVIRONMENT HERE BELOW
$TermedUsers = Search-ADAccount -AccountDisabled -SearchBase 'OU=Users,DC=corp,DC=company,DC=com'
#List all conference rooms
$ConferenceRooms = Get-Mailbox -RecipientTypeDetails RoomMailbox
foreach($TermedUser in $TermedUsers)
Write-Host "Processing $($Termeduser.Name).."
#Delete tehe meeting booked by terminated user
$ConferenceRooms | Search-Mailbox -Searchquery "kind:meetings from:$($TermedUser.Name)" -DeleteContent -Confirm:$false -Force
# * * * End of the Script * * *
Are you getting this error when running Get-MailboxFolderPermission?
PS E:\> Get-MailboxFolderPermission email@example.com:\calendar
The security principal specified is already on the permission set.
+ CategoryInfo : NotSpecified: (:) [Get-MailboxFolderPermission], CorruptDataException
+ FullyQualifiedErrorId : [Server=ZN1UR12MB0288,RequestId=b4f155be-a238-4a98-8b3f-f3d9258e22d2,TimeStamp=6/19/2018 10:10:41 PM] [FailureCategory=Cmdlet-CorruptDataException] F8D77EE2,Microsoft.Exchange.Management.StoreTasks.GetMailboxFolderPermission
+ PSComputerName : outlook.office365.com
The error message seems cryptic, right? But it is not. It means there is a DUPLICATE entry for the same user (security principal) is in the permission set for the calendar folder permissions.
So how do we fix it?
The ONLY way is to use Outlook to remove the duplicate entry.
Yes, that means
- give yourself full access permission to the mailbox,
- create an Outlook profile (or just a calendar),
- go to Calendar, right click and go to properties, & then Permissions
- remove the duplicate user entry
As Exchange Administrator, if you want to find out any user’s mailbox size information by folder and number of items in each folder, you can to the right place. Here is the PowerShell Command to list the folders, number of items in the folder and size of the folders.
Replace the firstname.lastname@example.org with user’s primarySMTPAddress.
(Get-MailboxFolderStatistics -Identity Username@Domain.com) |sort itemsinfolder -descending |ft folderpath,itemsinfolder,FolderSize
The results will look like this:
FolderPath ItemsInFolder FolderSize
---------- ------------- ----------
/Inbox/Important_email 1907851 2.661 GB (2,857,213,378 bytes)
/Junk E-Mail 461173 1.801 GB (1,933,977,887 bytes)
/Inbox/S - Archived/KIRA 15085 539.8 MB (566,024,075 bytes)
/Deleted Items 12202 418.3 MB (438,663,132 bytes)
/Recoverable Items 9109 56.48 MB (59,219,680 bytes)
/Calendar 3276 127.2 MB (133,343,630 bytes)
/Inbox/1 - Archived/Munchkins 2558 48.49 MB (50,848,487 bytes)
/Sent Items 1355 45.74 MB (47,961,704 bytes)
/Inbox/0 - YOps Mist 1339 389.1 MB (408,029,942 bytes)
/Inbox/1 - Archive 1147 118 MB (123,761,904 bytes)
/Inbox/5 - Alerts 929 33.92 MB (35,571,617 bytes)
/Inbox/1 - Archive2 920 142.1 MB (149,002,073 bytes)
On my Windows 10 computer, I found Group Policy is not being applied anymore. If I ran group policy update on a administrative command shell, I get this:
PS C:\WINDOWS\system32> gpupdate /force
Computer Policy update has completed successfully.
User Policy could not be updated successfully. The following errors were encountered:
The processing of Group Policy failed. Windows could not determine if the user and computer accounts are in the same forest. Ensure the user domain name matches the name of a trusted domain that resides in the same forest as the computer account.
To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.
So after some research I found the issue and fixed it. The solution is
Make the freaking NETLOGON service to start automatically and start the service.
Did this solution helped you? leave me a reply here.
Are you seeing this error on Firefox (which is common for intranet websites)?
There is two reasons for this warning.
1. You may have meddled with OCSP settings. Firefox checks Certificate validity by checking “Certificate Revocation List” (CRL) using OCSP. Firefox couldn’t get the CRL info, thus this error.
2. Your internal Certificate Authority (CA) doesn’t have OCSP installed and/or Firefox doesn’t have Root and Sub-ordinate CA Certificate in the store (Freaking Firefox has it’s own Certificate Store).
For the first issue (OCSP), you can reset the settings and fix the issue.
- In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.
- In the search box above the list, type or paste ocsp and pause while the list is filtered
- If the security.OCSP.require preference is bolded and “modified” or “user set” to true, double-click it to restore the default value of false
- Close Firefox and reopen it. Try browsing the same website.
For the second issue (no CA certificate in Firefox Cert Store), you need to add the Internal CA certificates to the store.
- Get the Certificate Authority (CA) certificate chain in P7B format. e.g., CAChain.p7b
- Open Firefox
- Open the Firefox menu from the far right side of the Firefox toolbar
- Select “Options” from menu
- Select “Privacy & Security”
- Scroll to the bottom of the page and click on “View Certificates”
- Click “Import…”
- select the certificate to add click Open and navigate to the directory you know contains the p7b certificate chain file, select the file and click “Open”
- Scroll down within the Certificate Manager window that is open and verify the certificate you imported is listed.
- click “Ok” and now you can navigate to the page you want to browse.
If this fixed it for you, leave me a reply.