I’m leaving the blog life for Twitter

It’s been quite a few months, years, since my last post. I will start posting again, but only on Twitter. Blogs like this are getting “kinda old school”.


PST to Office 365 Migration

I have a customer that is using a POP3/IMAP hosted server and Outlook as their client.
Outlook stores all the data in PST files when you attach it to a service like this. OST files are only for Outlook to Exchange. So I need to collect all the PST files from the desktops and send them to Office 365.
There are a variety of tools available to do this.
SysTools Outlook PST Locator
This tool finds the PST files on all the workstations in the domain by hitting the administrative share (\\computername\c$) and scanning it, for free.
For $29 it will also copy them.
I found out after paying for the tool that it wants to copy all of the files to ONE directory. So if there are two files of the same name in various locations on various machines, one wins. Which one, I don’t know. If the pst file is in use by Outlook, the tool will not copy the file, no surprise there, but there is no reporting that the tool was unable to copy the file.
So, as a free tool, it’s pretty good to perform a scan of what pst tools exist and where they are. As a paid tool, it’s not worth it.
Microsoft Exchange PST Capture 2.0
This tool is Microsoft’s tool that will do it all. Find all the PST files and dump them to a location of your choosing. The tool has a workstation agent that needs to get installed which also requires dot net 4.5 to be installed as a prerequisit. Since my customer does not have any software deployment tools, using group policy to push this out seemed very unsuccessful.
I am using the tool to push the PST files up to Office 365. The one “catch” is that the tool requires a 64 bit version of outlook to be installed on the workstation/server that the tool is running from. So I am using a windows 7 x64 virtual machines where I installed the 64 bit version of outlook, dot net 4.5, powershell 3.0 and finally the tool.
I can tell you that the tool works fine for pushing PST files to the target mailboxes in Office 365, but I can’t tell you about the agents.
I came up with my own soulution to get those PST files. The first tool told me that some people have multiple profiles on their pc, as in c:\users\John and c:\users\john.001, where one of those profiles is old and stale.
Also, I need to copy the PST file before the user starts Outlook and locks that file.
My solution was to use AutoIT and make an exe file out of the following code.

$datapath = @HomeDrive & @HomePath & "\Documents\Outlook Files\*.*"
$copyto="\\SRV-FILE01\MDrive\pstlog\" & @UserName & "\*.*"
FileCopy ($datapath , $copyto, 8)

The number 8 means to create the destination directory if it does not exist. So under the \pstlog\ folder, it will create the user’s name and then copy all the folders.
I put this the command

Start findpst.exe

as the last line in the logon script batch file that everyone is already using. The “start” command doesn’t keep the command prompt open
Without the “start” command, the command prompt box stays open.
Since this homemade tool runs at logon time, Outlook is not open yet.

If I change the number 8 to a number 9, it will copy OVER the existing file, that way I get the latest file.
When I get close to cutover date, I will change the 8 to a 9 and get the latest pst files.

I found through testing that when I import the PST file multiple times using the Microsoft tool, it does NOT create duplicate messages, whew!!

Now, the only problem with this solution at this point is that if the outlook pst data file was created in a different location than the default, I will need to manually get that one.
Since the free tool found all instances of pst files, I’m pretty sure that everyone has them in the default location.
Overall, a pretty easy migration.

Third Party Hosted Exchange (like Rackspace and InterMedia) compared to Office 365

Here is the pickle that hosted exchange providers find themselves in: They are using Exchange 2010 or 2013 that is limited to updates and add ons that Microsoft rolls out. Each major version of messaging has been around 3 years… Exchange 2007, 2010, 2013. While these hosted providers provide a nice interface for you to manage accounts and settings, ultimately they are using the same version of Exchange as you would on premises.

Let’s first talk about exactly what Microsoft’s Office 365 and all the features you get with it.

Office 365 is Exchange email services, Skype for business (Lync), SharePoint, OneDrive storage, “Office Online” (Word, Excel, PowerPoint, OneNote), Yammer, and a few more.

Wow, that’s a mouthful…. and all these services are very seamlessly integrated together.

What exactly is it and how that differs from Exchange 2013 on premises?

Office 365 Exchange Online contains all the features that you would expect from Exchange messaging system. While mailboxes are limited to 50GB (that’s huge), the user gets a second mailbox called an “online archive” mailbox. This mailbox is unlimited. So why two? Technically, the first mailbox is cached to the OST file on the workstation, whereas the online archive mailbox is not cached. BTW, you should always run Outlook in cache mode, not online mode.

Exchange Online is a version of Exchange that is beyond Exchange 2013. It offers more functionality and is constantly being updated. Major revisions come out every quarter. So that’s every 3 months rather than 3 years as for traditional Exchange. Some of the added features and benefits of Exchange Online include

  • End to end encryption for sending email. This negates the need to install a third party applicance such as Zixmail. Office 365 has built in portal for your recipients to access your customized portal to retrieve their encrypted message. No need for outlook plugins. Works with Webmail.
  • Users are allowed to create groups and invite people to them. This allows for end users to collaborate with people that share a common interest; maybe a bid proposal, maybe a new product development. The groups also show on the left hand side of the webmail interface and display all mail sent / received to that group. More can be found here:
  • Two factor authentication. This is more of a feature of Office 365 itself, and it allows for a more secure authentication method to your mail.
  • In place hold. This is better than Journaling. With Journaling you only get a copy of the message, with in place hold, there is information about where the message is. Was it deleted? Was it forwarded? Was it placed in a folder. Yes, Exchange Online supports traditional Journaling, but in place hold is much better.
  • Exchange Online Protection, or EOP. This is the rich and fully featured anti-spam, anti-malware, anti-virus protection for incoming and outgoing mail.
  • Data Loss Prevention, or DLP. Outgoing mail and attachments can be scanned for things like Social Security Numbers that you may not want sent to external recipients. This can work in conjunction with end to end email encryption.
  • Integration with all the other components of Office 365, such as sharing documents using OneDrive rather than normal attachments.


Microsoft has some various license plans for Office 365. Currently they offer E1, E3, and E4.

E1 contains all the bells and whistles and costs $8.00 per user.

  • Exchange email services, Skype for business (Lync), SharePoint, OneDrive storage, “Office Online” (Word, Excel, PowerPoint, OneNote), Yammer, and a few more.
  • OneDrive – Unlimited Storage (used to be 1 TB) for each user
  • Exchange mailboxes – 50 GB mailbox and an unlimited online archive mailbox for each user

E3 has all the features of E1 plus it includes Office Desktop 2013 for each user and costs $20.00 per user.

  • Each user can install Office Desktop (Word, Excel, PowerPoint, OneNote, Access) on up to 5 devices. So for an additional $12 dollars over E1, the user can install office on their desktop, their laptop, and their home pc.
  • Included is the recently released Office for iPad, Android tablet, and mobile devices. You can install this version on up to 5 phones and 5 tablets, 10 in all.

Third party hosted Exchange providers can’t complete when you look at all the features and the cost involved.

NEWS: Extended email retention for deleted items in Office 365

Normally when I setup Office 365 for my customers, I remove this tag from the default policy…. because you always have that one special user that uses two folders.. the “inbox” folder and the “deleted items” folder…. and they often go back to the “deleted items” folder looking for something weeks later. (Uggg)

Microsoft says now:
We are instructing the system to ignore the 30 day delete tag on the Deleted Items folder if the retention policy’s name is “Default MRM Policy.” This is why changing the policy name will ensure that the tag continues to work. We are not removing or disabling the tag.

Kurt Shintaku's Blog

imageThe Office 365 team just announced that or according to the duration set by your administrator.

Previously deleted items would disappear after being in that folder for 30 days.

Read more about this change here:

View original post

Resolving DirSync user permission errors (another cool script)

Let’s start with this image. DirSync is unable to perform the appropriate reads and write backs to these users.


This is because the “Inheritance is blocked” on these users. This is normal for users that belong to Domain Admins. In the event that someone does something stupid and applies the wrong permissions to the domain or OU, it won’t apply to users that are members of Domain Admins. For example, what if we applied Deny all rights to the Everyone group at the domain level? It would basically break all access to active directory. So there is a built in service on domain controllers that un-checks this box on users that are members of the Domain Admins group… and keeps them from being completely locked out… but I’m getting off topic…

What we need to do to fix these DirSync issues is hunt down each of these users using active directory users and computers and perform a series of steps.

I labeled each of these steps with a number.

  1. Find the user, check the box to enable inheritance
  2. Click apply
  3. Un-check the box
  4. Choose Add, this will add the DirSync permissions onto the user
  5. Take a sip of coffee
  6. Click Apply
  7. Click Yes
  8. Click Ok






Wow, that’s a lot of clicking.

Here is a script to make it easy.

Step 1) Right click on the error in DirSync and click Save to file…
It will be in XML format… call it whatever you want, like DirSyncErrors.xml


The XML file will look like this


Step 2) Run these two PowerShell commands from the directory where the xml file is located. This will extract the users distinguished names.

$xmlFile = [xml] (Get-Content ./DirSyncErrors.xml)
$xmlFile.SelectNodes('//export-error')|select -expand dn > UsersToFix.txt

The output will look like this text file. I called mine UsersToFix.txt


Now download the Quest ActiveRoles Managment Shell tools from here: http://tinyurl.com/oukq26q

Step 3) Create a script, I called it FixInheritance.ps1 that has the following code. Start the Quest ActiveRoles Shell and run this script in the shell.

$File = Get-Content './UsersToFix.txt'
Foreach ($user in $File) {
Set-QADObjectSecurity $user -UnlockInheritance
Set-QADObjectSecurity $user -LockInheritance

This will perform the same 8 steps shown above and it’s a whole let less clicking, and keep those scripts in your toolbox folder for future Office 365 deployments.

Easily add Hybrid email address to users that don’t follow e-mail address policy

When attempting to move a mailbox to Office 365 one of most common failures is due to the user not containing the hybrid email address. This is because this check box is unchecked and this is done because the user has a custom email address that does not follow the conventions of the email policy.

In other words, because the check box with the green arrow is unchecked, the email address with the red arrow is not created. The email address with the red arrow is the hybrid address. It’s form is mail alias@<tenant name>.mail.onmicrosoft.com An example would be bjones@xyz.mail.onmicrosoft.com


This first powershell one liner will find all the mailbox users with this box unchecked and dump the results into a csv file.

Get-Mailbox -ResultSize Unlimited | Where {$_.EmailAddressPolicyEnabled -eq $False} |select Alias,PrimarySmtpAddress |export-csv -NoTypeInformation MailboxesPolicyUnchecked.csv

The second one I called “AddTenantHybridSMTP.ps1” and the contents of that script is below. Without this script you woudl have to hunt down each of these users and check the box, select apply, then un-check the box and then designating the non standard email as the default email address, then click apply again.(Whew, that’s a lot of clicking !)

This script just adds the hybrid address to the user.
You will want to change the tenant name to the appropriate value; I have it as XYZ.

$CSV = Import-CSV ./MailboxesPolicyUnchecked.csv
foreach ($entry in $CSV) {
$TenantEmail = $entry.alias + "@XYZ.mail.onmicrosoft.com"
set-mailbox $entry.PrimarySMTPAddress -EmailAddresses @{Add=$TenantEmail}



I had an issue that some users didn’t have the hybrid address even though the “apply policy” was indeed checked.

Not sure why that happened and I don’t care (LOL)

The script below will find the users that do not have a hybrid email address; you would need to modify the red “bvhs” part to the customer’s tenant name

Get-Mailbox -ResultSize Unlimited -Filter "emailaddresses -notlike '*@xyz.mail.onmicrosoft.com'" |select alias,primarysmtpaddress |export-csv -NoTypeInformation UsersWithOUTHybrid.csv

In some ways, it’s better than my first script, which is…

Get-Mailbox -ResultSize Unlimited | Where {$_.EmailAddressPolicyEnabled -eq $False} |select Alias,PrimarySmtpAddress |export-csv -NoTypeInformation MailboxesPolicyUnchecked.csv

Because that only lists the users where the email policy is not applied…. But for some strange reason… there are users without the hybrid address but the policy is indeed checked.

The Future of clothing stores

Although Amazon Prime membership in the US grew by 50 percent last year, there is still a need to try things on (TOUCH & FEEL) and clothing is the obvious product. I’m sure that most of us are fine with buying a crock pot based on pictures and reviews, a dress shirt and pants are another issue. Imagine a clothing store that has one of everything in every size, but no inventory to walk out with. All shirts and pants are pressed and ready to try on allowing you to see exactly what that shirt really looks like (not the shirt that has all those wrinkles from being folded, pinned, plastic collar stays, etc.). While the store does not have any inventory for you to walk out with, it does however have a smartphone app, or an iPad mini the store assistant uses to help you make choices. When you are done finding what meets your fancy, the purchase process is just like amazon, you make the payment at the checkout counter (or on your phone) and by the time you drive home you get an email informing you that your items are being shipped. Within 2 days your purchases they arrive via UPS. If you change your mind, you can drop the items back at the store or have UPS pick them up.

The reduction in inventory and floor space saved at each store would reduce it’s operating costs, allow each store to offer more items to customer, and guarantee that they have the size that fits you. These stores are coined “touchy-feely” stores by my spouse Alicia. We both believe this is the future of clothing shopping. Are you listening JCP with your failed efforts by former CEO Ron Johnson and financial failure? Sears is in the same financial sinking boat, just look at these images at Business Insider showing what’s happening using their 20th century mentality? Even Aeropostale is closing stores.

In order to make it financially in the 21st century these stores need adapt to the new market place where customers don’t want to hear “we are out of your size, but I can check another store”. Who wants to drive across town for one shirt? The last time I went into Dick’s sporting goods to buy a pair of shoes, they didn’t have my size. I liked what they looked like, so I went home and bought them on Amazon.com (Dick’s online didn’t even have my size!).

One of everything in every size ready to try on in the “touch-feely” stores. More options, more choices, zero inventory in the back room. Purchases are done online and shipped to you.

JCP/Sears/etc still can’t wrap your head around the customer walking out of the store with nothing in hand? Send them a customized web link with all the things they purchased on beautiful models with the ability to share these images on Facebook and Twitter. Trust me, the young women of today will go wild over it. Welcome to the 21st century, now pay me the 1.5 million you paid Ron Johnson.