NEWS: Extended email retention for deleted items in Office 365

Normally when I setup Office 365 for my customers, I remove this tag from the default policy…. because you always have that one special user that uses two folders.. the “inbox” folder and the “deleted items” folder…. and they often go back to the “deleted items” folder looking for something weeks later. (Uggg)

Microsoft says now:
We are instructing the system to ignore the 30 day delete tag on the Deleted Items folder if the retention policy’s name is “Default MRM Policy.” This is why changing the policy name will ensure that the tag continues to work. We are not removing or disabling the tag.

Kurt Shintaku's Blog

imageThe Office 365 team just announced that or according to the duration set by your administrator.

Previously deleted items would disappear after being in that folder for 30 days.

Read more about this change here:

View original post


Resolving DirSync user permission errors (another cool script)

Let’s start with this image. DirSync is unable to perform the appropriate reads and write backs to these users.


This is because the “Inheritance is blocked” on these users. This is normal for users that belong to Domain Admins. In the event that someone does something stupid and applies the wrong permissions to the domain or OU, it won’t apply to users that are members of Domain Admins. For example, what if we applied Deny all rights to the Everyone group at the domain level? It would basically break all access to active directory. So there is a built in service on domain controllers that un-checks this box on users that are members of the Domain Admins group… and keeps them from being completely locked out… but I’m getting off topic…

What we need to do to fix these DirSync issues is hunt down each of these users using active directory users and computers and perform a series of steps.

I labeled each of these steps with a number.

  1. Find the user, check the box to enable inheritance
  2. Click apply
  3. Un-check the box
  4. Choose Add, this will add the DirSync permissions onto the user
  5. Take a sip of coffee
  6. Click Apply
  7. Click Yes
  8. Click Ok






Wow, that’s a lot of clicking.

Here is a script to make it easy.

Step 1) Right click on the error in DirSync and click Save to file…
It will be in XML format… call it whatever you want, like DirSyncErrors.xml


The XML file will look like this


Step 2) Run these two PowerShell commands from the directory where the xml file is located. This will extract the users distinguished names.

$xmlFile = [xml] (Get-Content ./DirSyncErrors.xml)
$xmlFile.SelectNodes('//export-error')|select -expand dn > UsersToFix.txt

The output will look like this text file. I called mine UsersToFix.txt


Now download the Quest ActiveRoles Managment Shell tools from here:

Step 3) Create a script, I called it FixInheritance.ps1 that has the following code. Start the Quest ActiveRoles Shell and run this script in the shell.

$File = Get-Content './UsersToFix.txt'
Foreach ($user in $File) {
Set-QADObjectSecurity $user -UnlockInheritance
Set-QADObjectSecurity $user -LockInheritance

This will perform the same 8 steps shown above and it’s a whole let less clicking, and keep those scripts in your toolbox folder for future Office 365 deployments.

Easily add Hybrid email address to users that don’t follow e-mail address policy

When attempting to move a mailbox to Office 365 one of most common failures is due to the user not containing the hybrid email address. This is because this check box is unchecked and this is done because the user has a custom email address that does not follow the conventions of the email policy.

In other words, because the check box with the green arrow is unchecked, the email address with the red arrow is not created. The email address with the red arrow is the hybrid address. It’s form is mail alias@<tenant name> An example would be


This first powershell one liner will find all the mailbox users with this box unchecked and dump the results into a csv file.

Get-Mailbox -ResultSize Unlimited | Where {$_.EmailAddressPolicyEnabled -eq $False} |select Alias,PrimarySmtpAddress |export-csv -NoTypeInformation MailboxesPolicyUnchecked.csv

The second one I called “AddTenantHybridSMTP.ps1” and the contents of that script is below. Without this script you woudl have to hunt down each of these users and check the box, select apply, then un-check the box and then designating the non standard email as the default email address, then click apply again.(Whew, that’s a lot of clicking !)

This script just adds the hybrid address to the user.
You will want to change the tenant name to the appropriate value; I have it as XYZ.

$CSV = Import-CSV ./MailboxesPolicyUnchecked.csv
foreach ($entry in $CSV) {
$TenantEmail = $entry.alias + ""
set-mailbox $entry.PrimarySMTPAddress -EmailAddresses @{Add=$TenantEmail}



I had an issue that some users didn’t have the hybrid address even though the “apply policy” was indeed checked.

Not sure why that happened and I don’t care (LOL)

The script below will find the users that do not have a hybrid email address; you would need to modify the red “bvhs” part to the customer’s tenant name

Get-Mailbox -ResultSize Unlimited -Filter "emailaddresses -notlike '*'" |select alias,primarysmtpaddress |export-csv -NoTypeInformation UsersWithOUTHybrid.csv

In some ways, it’s better than my first script, which is…

Get-Mailbox -ResultSize Unlimited | Where {$_.EmailAddressPolicyEnabled -eq $False} |select Alias,PrimarySmtpAddress |export-csv -NoTypeInformation MailboxesPolicyUnchecked.csv

Because that only lists the users where the email policy is not applied…. But for some strange reason… there are users without the hybrid address but the policy is indeed checked.

The Future of clothing stores

Although Amazon Prime membership in the US grew by 50 percent last year, there is still a need to try things on (TOUCH & FEEL) and clothing is the obvious product. I’m sure that most of us are fine with buying a crock pot based on pictures and reviews, a dress shirt and pants are another issue. Imagine a clothing store that has one of everything in every size, but no inventory to walk out with. All shirts and pants are pressed and ready to try on allowing you to see exactly what that shirt really looks like (not the shirt that has all those wrinkles from being folded, pinned, plastic collar stays, etc.). While the store does not have any inventory for you to walk out with, it does however have a smartphone app, or an iPad mini the store assistant uses to help you make choices. When you are done finding what meets your fancy, the purchase process is just like amazon, you make the payment at the checkout counter (or on your phone) and by the time you drive home you get an email informing you that your items are being shipped. Within 2 days your purchases they arrive via UPS. If you change your mind, you can drop the items back at the store or have UPS pick them up.

The reduction in inventory and floor space saved at each store would reduce it’s operating costs, allow each store to offer more items to customer, and guarantee that they have the size that fits you. These stores are coined “touchy-feely” stores by my spouse Alicia. We both believe this is the future of clothing shopping. Are you listening JCP with your failed efforts by former CEO Ron Johnson and financial failure? Sears is in the same financial sinking boat, just look at these images at Business Insider showing what’s happening using their 20th century mentality? Even Aeropostale is closing stores.

In order to make it financially in the 21st century these stores need adapt to the new market place where customers don’t want to hear “we are out of your size, but I can check another store”. Who wants to drive across town for one shirt? The last time I went into Dick’s sporting goods to buy a pair of shoes, they didn’t have my size. I liked what they looked like, so I went home and bought them on (Dick’s online didn’t even have my size!).

One of everything in every size ready to try on in the “touch-feely” stores. More options, more choices, zero inventory in the back room. Purchases are done online and shipped to you.

JCP/Sears/etc still can’t wrap your head around the customer walking out of the store with nothing in hand? Send them a customized web link with all the things they purchased on beautiful models with the ability to share these images on Facebook and Twitter. Trust me, the young women of today will go wild over it. Welcome to the 21st century, now pay me the 1.5 million you paid Ron Johnson.

OneDrive sharing replaces traditional attachments in OWA

Using the Office 365 Outlook Web App, you can attach files directly from your OneDrive as Links.


Adding a file automatically takes you to your OneDrive folder.


But what if the file is still on your computer and NOT on your OneDrive… No problem, just click “Computer”


After you select the file, it gives you the option to upload it to your OneDrive and Share a link.


It looks like an attachment from here….2015-02-05_20-41-35

You can also decide if the recipients can modify the document in real time or view only


When the recipient gets the message, it’s a link to OneDrive. In this example, I mailed it to my (hotmail) account.


But what if you sent it a non-Microsoft system, such as Gmail? The user will actually get two messages, and the second one looks like this.


Clicking on the “sign in” word in blue takes you to this page where the user needs to create a Microsoft Account, or logon as one they have.


Now you can send those really big PowerPoint files as links rather than attachments. Typically, companies set limits on how big your messages can be. I typically see message size limits set anywhere between 10 megabyte and 35 megabyte. OneDrive is built into Office 365 and is a subset of SharePoint Online. Oh, and it’s awesome !!

Office 365 Advantages (not found in your typical ads)

I am going to outline some advantages available to current Exchange users that migrate to Office 365.

  • If you have Exchange on premise, it is fairly easy to setup a hybrid environment. This means you can have some users with mailboxes on premise and some mailboxes in Office 365 and your end uses experience seamless communication.
  • Users in the cloud see the same address book as users on premise.
  • Users logon to Office 365 using their email address as their logon name and the SAME password as they do on premise.
  • Hybrid configuration allows mail flow between on premise and cloud users to be seen as internal (SCL = -1) if you understand that.
  • Hybrid allows free/busy lookups between on premise and Office 365 to work when creating a meeting.
  • When mailboxes are moved to the cloud, the Outlook client re-configures itself using the autodiscover service and the same profile is used. This means the Outlook OST file does not need to be rebuilt.
  • Mailbox moves can be ramped up to 99% and held there. When you, the admin clicks “finish migration”, the mailbox move is completed within 10 mins or less and the Outlook client is prompted to restart. This allows you control over when the mailbox is migrated. Very important for those “high touch” end users.
  • Phones experience the same automatic reconfiguration as the Outlook client.

Other advantages in going to Office 365 with the E3 or E4 licenses.

  • 50 GB mailboxes with Unlimited Archive mailboxes.
  • An extremely fast installation of Office 2013 (Word, Excel, Powerpoint, etc) that is branded Office 365. We call this a click to run install.
  • Up to 5 installations per user of this version of Office. The license is tied to the user’s Office 365 credentials, so the end user can install Office at home, and when they are no longer with the company, their license expires. No more handing out CDs with the product key written on it with a sharpie (Hoping their kids won’t get a hold of it.)
  • OneDrive with UNLIMITED storage; OneDrive is built into Windows 8.1 and Windows 10
  • Continuous updates to Office 365 online portal (you may know this as OWA) allowing you to take advantage of the latest features without any effort from you, the administrator.
  • High Availability that would cost way more if you tried to implement on premise.
  • The administrator will never have to worry about backups again.
  • End to end encryption is available without having to install an additional appliance such as ZixGateway or Entrust appliance.
  • Ability to keep all mail with “in place hold” feature for a desired duration (such as 7 years), including deleted mail which does NOT affect the 50 GB mailbox quota.
  • The ability to link URLs (Web addresses) that point to large files stored in your OneDrive rather than using traditional attachments. Can’t attach that 100 megabyte powerpoint or visio document? No problem with OneDrive linking.

I haven’t touched on ALL the advantages, but hopefully this will give you some technical insight to the advantages of migrating to Office 365. In future posts, I will go deeper into these advantages.