Exchange 2013 Multi-tenant contact administration
Hi everybody!
Searched high and low, but couldn't find an answer.
I have deployed multi-tenancy Exchange as a service provider, and will look into self service portals later.
I'm currently developing all the powershell scripts needed to manage the multi tenant environment.
Question arrises:
How do you handle contacts in a multi-tenant environment?
Since a SMTP address can only be used once in an Exchange Organization, what if 2 tenants need the same contact?
- Use customattributes and filter on that? Than what if I want to use the multi-tenant AD for different purposes later?
- Use custom DACLs on the OU or contacts?
- Any other ideas?
Of course I started with
http://blogs.technet.com/b/exchange/archive/2013/02/20/hosting-and-multi-tenancy-guidance-for-exchange-server-2013-now-available.aspx but there's no mention of this issue.
Thank you for any input regarding this issue.
There's a new blog in town: http://msfreaks.wordpress.com
I would advise against "sharing" contacts, as each tenants requirements may be different. Meaning each may want to see different values for various attributes. You may want to stand up an ADLDS instance for each tenant which will hold their contacts independently
of your current Active Directory Forest that houses Exchange. This way, your Exchange Organization remains pristine, no never-ending queues/NDRs for ambiguous SMTP addresses, and each tenant can manage their own contacts without interfering with each
other. Also, I would look into Forefront Identity Manager (FIM).
Woody Colling, MCITP Exchange 2010 --The incentive for the experts to answer posts is to get their replies marked as helpful, or as the answer to our questions, help them help us, mark posts accordingly--
Similar Messages
-
SMTP Authentication in Exchange 2013 multi tenant
I have configure a multi tenant environment. local domain is scurenet.local and i have host 3 different email domains like
abcd.com efg.com and xyz.com. now how its possible to create 3 mailboxes of same login in 3 different domains like [email protected] [email protected] [email protected] also
want to authenticate with there emailIDs and that is main issue. i can create 3 different logins like john1 john2 and john3 in AD and manually add smtp like [email protected] etc.
but issue is how i authenticate users with SMTP IDs so john1 can login using [email protected] and
password john2 use [email protected] as
login id and so on.Hi,
I think you can try creating mailboxes for the three users and assign the full access permissions to each other.
Thanks,
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Simon Wu
TechNet Community Support -
Hi,
Who are all the third party vendors that can integrate with Lync 2013 Multi-tenant hosting pack V2 features that are supported Via 3rd party.
1) Call park
2) Outgoing DID manipulation
3) E-911
3) Dialplans & Policies
4) Support for Analog devices (e.g. FAX)
5) Response groups
6) Network QoS - DSCP
7) Phone number management
8) IM/P & Voice with Skype.
9)Inteoperability with on-premises video conferencing systems
Regards,
SRHi,
Base on my understanding, as it is the Mutli-Tenant environment, in internal DNS server, there is no need to add the DNS A record
lyncdiscoverinternal. However, you can try to add the DNS record in internal DNS server to test the issue as well.
Also, please make sure you have updated both Lync Server 2013 and Exchange 2013 to the latest version. If not, update it and then test again.
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support -
Lync 2013 Multi Tenant - SIP/2.0 401 Unauthorized
New Lync 2013 Multi Tenant install. Can provision users in the Primary OU. Users in primary OU login without error.
Users provisioned in a sub OU can not login to Lync. Provisioning process completes successfully.
Client prompts for password. Attempts login and fails with:
You didn't get signed in. It might be your sign-in address or logon credentials. (SIP address and UPN are identical)
FE logging:
SIP/2.0 401 Unauthorized
TL_INFO(TF_PROTOCOL) [0]128C.2E1C::04/15/2014-22:28:42.421.00004ea3 (SIPStack,SIPAdminLog::ProtocolRecord::Flush:ProtocolRecord.cpp(265))[212989229] $$begin_recordTrace-Correlation-Id: 212989229
Instance-Id:
3A4
Direction:
outgoing;source="local"
Peer:
edge1.domain.corp:56094
Message-Type:
response
Start-Line:
SIP/2.0 401 Unauthorized
From:
<sip:[email protected]>;tag=57e75cd85f;epid=f7a8f50c07
To:
<sip:[email protected]>;tag=10A7EC7396D5F1EDCEA8D35A0C49F3CB
Call-ID:
8654248b0dd64d519f42617b862e75bc
CSeq:
2 REGISTER
Via:
SIP/2.0/TLS 10.200.10.210:56094;branch=z9hG4bK4B6654F6.FADCC8B2E74B96BA;branched=FALSE;ms-received-port=56094;ms-received-cid=20C00
Via:
SIP/2.0/TLS 172.16.232.59:60361;received=10.200.250.206;ms-received-port=43233;ms-received-cid=1E9D00
Content-Length:
0
Failed to validate user credentials
$$end_record
TL_ERROR(TF_SECURITY) [0]128C.2E1C::04/15/2014-22:28:42.468.0000542a (SIPStack,SIPAdminLog::WriteSecurityEvent:SIPAdminLog.cpp(319))[212989229] $$begin_recordText: Failed to validate user credentials
Result-Code:
0x8009030c SEC_E_LOGON_DENIED
Source:
edge1.domain.internal:56094
SIP-Start-Line:
REGISTER sip:domain.com SIP/2.0
SIP-Call-ID:
8654248b0dd64d519f42617b862e75bc
SIP-CSeq:
3 REGISTER
Data:
gssapi-data="NTLMSSP\x00\x03\x00\x00\x00\x18\x00\x18\x00\xB4\x00\x00\x00D\x01D\x01\xCC\x00\x00\x00 \x00 \x00X\x00\x00\x000\x000\x00x\x00\x00\x00\x0C\x00\x0C\x00\xA8\x00\x00\x00\x10\x00\x10\x00\x10\x02\x00\x00U\x82\x90b\x06\x03\x80%\x00\x00\x00\x0FQ\xC8@\x1E\x1F\xD2\xF9w\x0C!\xF8Y\x84\x84\x06PM\x00i\x00c\x00r\x00o\x00s\x00o\x00f\x00t\x00A\x00c\x00c\x00o\x00u\x00n\x00t\x00r\x00i\x00c\x00h\x00.\x00l\x00i\x00b\x00e\x00r\x00t\x00y\x00@\x00h\x00o\x00t\x00m\x00a\x00i\x00l\x00.\x00c\x00o\x00m\x00L\x00A\x00P\x00T\x00O\x00P\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00+\xD8\x1CE\xFB\\x9E7\xACbc\x17e\xDE\xAC\xFD\x01\x01\x00\x00\x00\x00\x00\x00R\n\x0E\xFAX\xCF\x01\xF2h\xA4\xBE\x8B\xC3w=\x00\x00\x00\x00\x02\x00\x06\x00P\x00P\x00C\x00\x01\x00\x1A\x00P\x00P\x00C\x001\x00L\x00Y\x00N\x00C\x00F\x00E\x000\x000\x001\x00\x04\x00\x10\x00p\x00p\x00c\x00.\x00c\x00o\x00r\x00p\x00\x03\x00,\x00P\x00P\x00C\x001\x00L\x00Y\x00N\x00C\x00F\x00E\x000\x000\x001\x00.\x00p\x00p\x00"
$$end_recordHi,
Please double check the port between FE server and Edge server.
Please also check if you add the SAN of sub domain in the Edge external certificate with the help of the link below:
http://technet.microsoft.com/en-us/library/gg398409.aspx
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support -
Exchange 2013 Multi Site Not SR/HA
This is the first time we have deployed a multi site Exchange organization. Here is the scenario and I am wondering if it is the correct one or if I should have done it a different way.
We have a VPN setup between our corporate location and a satellite campus. The satellite campus has it's own namespace and is a tree in our forest. We have Exchange 2013 SP1 setup at the corp location. We installed two Exchange 2013 SP1 servers
at the satellite location in that domain in the same Exchange organization. I was able to create a few linked users mailboxes (newly acquired and in process of user migration into our forest) and mail delivers between the two without issue. But
lately every new user will not receive email and they will be in the queue. Does not matter if the email is from a corp user or a local user on the same mailbox server.
We decided to do this because we want them to have all of their Exchange resources, email, CAS services and UM local to them, but they are still part of our system. I am having a hard time finding why this is happening. I also noticed that the emails
sent from one satellite user to another is actually going through the corp hub transport server and not their local. Sites and Services is setup with the correct subnets for each site. I have verified the send and receive connectors.
Is this scenario the best way to configure our organization or should we simply have created a second organization of their own and tried to share calendars, etc between the two? All of our other services are centrally located so it only made sense that
this should also work but before going live I wanted to see if this was the optimal way. This is not a high availability or site resiliency plan. No DAGs are used. We are just one company with two separate very remote disjoint locations and
even though we have a small VPN for services we would like to keep as much as possible local to that site.
I have not been able to find information on this scenario. Everything seems to point to SR/HA scenarios. Any advice would be greatly appreciated.You can't create a second organization when the domain is in the same forest, so you shouldn't have done that.
You're saying that SMTP messages are stuck in the queue? That can be caused by any number of problems, but my experience is that it is most likely one of the following. Look at the SMTP queue and see if any error code is listed, and post that
here.
1. In the main site, the site to which the messages are being sent, someone has modified the Default receive connector(s) in a way that the Exchange server can't connect. The most likely issues would be modifying the PermissionGroups or RemoteIPRanges
properties. Best practice is to not modify the Default receive connector (except maybe to add AnonymousUsers to the PermissionGroups to allow inbound mail), and instead create a new connector for the special purpose with the connection limitations supplied.
2. You have a firewall or relay device between the servers that's "helping" your SMTP connections (Cisco PIX firewalls are notorious for this, disable "SMTP Fixup") or breaking authentication. The servers must be able to connect on port 25 without
any molestation of the transactions.
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems." -
Exchange 2010SP1 Multi-Tenant Issue with Multiple Domains
I have an installation of Exchange 2010 SP1 with multi-tenant support enabled via the install time /hosting switch.
Everything works well for my smaller clients. I now have a bigger client that has about 300 users and 3 domains. The users are divided roughly equally amongst the domains - ie, 3 domains each with 100 users. I've added the first domain as normal:
$c = get-credential
New-organization -name "Pretend Company" -DomainName domain1.com -ProgramId HostingSample -OfferId 2 -location en-US -AdministratorPassword $c.password
After that I logged into the ECP control panel and created all the users. The migration went smoothly and has been working well for the last week. Now, it's time to add the next domain. Since the client wants all 300 users visible in the same GAL, I just
added a domain to the organization:
New-AcceptedDomain -Name domain2.com -DomainName domain2.com -Organization "Pretend Company"
This is where I run into problems. When I try to create the users for domain2.com via ECP, I am able to create the user successfully, and select domain2.com from the drop down. Once the user is created however, I am able to see that although their UPN
is [email protected], it created their email address as [email protected].
I tried creating the users manually via EMS:
$password = Read-Host "Enter password" -AsSecureString
New-MailUser -UserPrincipalName [email protected] -Password $password -Name "Test User" -Organization "Pretent Company" -PrimarySmtpAddress [email protected]
The user creates successfully and I can see the user created in the proper OU in AD. Unfortunately I can not see them in ECP nor can I see them if I do:
get-mailbox -Organization "Pretend Company"
This makes the management of the users very difficult to delegate, and I'm not sure that the users at domain2.com will even work.
This brings me to my questions:
(1) Is is possible create accounts that have different domain names in their default email addresses within the same Organization in /hosting mode?
(2) Is this something I need to do with an EmailAddressPolicy? I read the documentation but it didn't seem /hosting friendly.Hi Earonk,
Please post your issue on below forum, you will get more help from there:
http://social.technet.microsoft.com/Forums/en-us/exchange2010hosters/threads
Regards!
Gavin -
SharePoint 2013 Multi-tenant Feature Packs
I have not seen any information in regards to multi-tenancy feature packs for SharePoint 2013. Currently it seems, with the new end user licencing, when you install the Enterprise bits you can license a user for either Standard or Enterprise but not
Foundation. In SharePoint 2010 you could use the Enterprise bits then create defined feature packs to give a site collection Foundation, Standard or Enterprise features. Do updated defined feature packs exist for 2013?
There is mention of them here http://www.harbar.net/articles/sp2013mt.aspx
"Feature Packs provide the ability to constrain the Features available for a given tenant. The fundamental capability
isn’t changed in any way here, but of course the Features in the product have. Thus the old Feature Pack definitions for SKUs are no longer valid. A new set of feature pack definitions are required encompassing all of the new Features in SharePoint 2013."
But nothing else anywhere on the net, anyone have any ideas?Hi all,
I thought I'd give an update. I too have worked through official channels and I believe I'm making progress but not a solution unfortunately. When you run Get-SPFeature, you get 409 different features. One thing I noticed, was the features
ending with Stapler that Spence didn't add to his foundation features suggests that adding these could be erroneous. This led me to believe that my ignorance in the above message was bliss and that my idea was not going to fly. Take for example
this:
AutohostedAppLicensing
AutohostedAppLicensingStapling
So is AutohostedAppLicensingStapling a Standard or Enterprise Feature, or something internal that should not be added as it gives bad results? What about the others I don't find?
Then I posed the question - what do the ID's with EDU* in them mean? They don't exist in product info - perhaps it's education specific SKU's? Does that expose customers to use SharePoint for Internet Sites without the SKU as we assume Enterprise
would be the baseline for all 409 features and we work our way back?
Or even this - MS Access Services is a feature, yet there are 10 Feature ID's associated with it. With Exchange, there are PS commands that refer to MS Internal only and for O365 use only. What
if the 209 features Microsoft sent me as a descriptor for onprem cannot correlate to the 409 Get-SPFeature ID's I have in my bag that render my farm useless?
I've also done research around the net and it looks like everyone went the inefficient, non-multitenant way - that is, either do foundation and try to compete with O365, or offer dedicated VM farms for clients with Standard or Enterprise installs and centralise
the SQL back-end.
Surely noone has done true multitenant... Have they?
Question. If i provision a client with no -Featurepack ID, do they get nothing or the default which is Enterprise Edition? I'd presume I will get nothing or an error for not specifying a switch but I would have to build another environment to
test.... which brings me to my last point. Based on the way Std and Ent can be enabled for on-prem customers on an individual basis and I installed Standard edition on its own VM then enumerated the Get-SPFeature cmdlet, surely I'd see all the features,
not just the standard edition install features. right? If not then I'll build it, enumerate the list and my 2013 Feature pack is sorted.
The biggest fear I have on this is going it alone and if I stuff up, having a non-compliant licensing solution for every user on the system and MS banging down my door for noncompliance on something they didn't provide guidance on in the first place.
Jason.
Consultant | Nerd | Visionary. http://www.ethertech.com.au/ | http://www.deeperstates.com.au -
SharePoint Foundation 2013 - Multi-tenant Install and OneDrive for Business with Yammer i
Hello,
After installing SP Foundation 2013 (SP1) with Partitioned service applications we have noticed that while clicking on the "yammer and oneDrive" link the below error message comes up:
_admin/yammerconfiguration.aspx
any ideas??
http://technet.microsoft.com/en-us/library/dn659286%28v=office.15%29.aspx
we have also noticed that MS mentioned "OneDrive for Business with Yammer integration doesn’t work for multi-tenancy or partitioned service applications for on-premises deployments"
jaULS
Application error when access /_admin/cloudconfiguration.aspx, Error=Object reference not set to an instance of an object. at Microsoft.SharePoint.WebControls.SPPinnedSiteTile.OnInit(EventArgs e) at System.Web.UI.Control.InitRecursive(Control
namingContainer) at System.Web.UI.Control.InitRecursive(Control namingContainer) at System.Web.UI.Control.InitRecursive(Control namingContainer) at System.Web.UI.Control.InitRecursive(Control
namingContainer) at System.Web.UI.Control.InitRecursive(Control namingContainer) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
=====
To me it seems SharePoint social networking features require the full SharePoint Server product AND are not available with the free SharePoint Foundation, If correct then why MS punching it here in Foundation without a friendly error message..
ja -
Hi
I have Active directory 2012 R2 with sites ( A ,B)
Site A
I have 2 cas servers
I have 2 MBX servers with DAG
ALL users in site B has issue from slow outlook profiles , we suggest to create a CAS server there in B site and memeber of DAG
SO in site B we will have cas server + MBX member DAG
Regarding users in B site how can i enforce the to connect the exchange throw the cas server located in B site ?
How can i confirm that all smtp trafic will go from B site throw cas server located there then to the cas server located in A site then to the firewall ?
is this scenario provide performance wise?
all users for site B will have a DB and will be mounted on MX in B site .
Please need suggestions .
I need to have high performance for outlook profiles located in B site
we have wan link between site A and site B but it is slow .
Do I need to create another DAG ?
when shall we have multiple DAG in our exchange organization ?
Thanks
MCP MCSA MCSE MCT MCTS CCNAHi,
Based on your description, CAS servers in site A are Internet-facing, CAS server in Site B are non-internet facing.
In this case, all outbound mail for site B users will go from CAS in site B to CAS in site A and then to firewall and Internet.
All inbound mails will go from CAS in site A to CAS in site B and then go to Mailbox server.
Here is an article which may help you for your reference.
http://technet.microsoft.com/en-gb/library/aa996349(v=exchg.150).aspx
Best regards,
If you have feedback for TechNet Subscriber Support, contact
[email protected]
Belinda Ma
TechNet Community Support
Thanks for you reply Belinda ,
Is it need any configuration from my side ?
MCP MCSA MCSE MCT MCTS CCNA -
Unable to send to external email recipients - Multi Tenant Exchange 2013 - MultiRole servers in DAG
Greetings all, I hope someone can help.
I have created a Exchange 2013 multi-tenant organization, with two servers, both multi-role - CAS and Mailbox roles.
Internal mail flow is fine (external email addresses can send to the domain).
External firewall port forwards ports 443 and 25 to the Internal DAG IP address.
There are two multi-role Exchange servers that are members of the DAG.
I am able to connect to OWA and ECP via https://externalIP/OWA and https://alias.domain.com/OWA
No SSL certificates have been purchased or installed yet.
Exchange URLs have not been changed since default configuration at install.
OWA and ECP works both internal and external.
External DNS works with SPF and PTR records correctly configured
Exchange RCA - Send test only fails with one Spam Listing (this Blacklist provider now flags all domains and you cannot ask to be removed)
Send Connectors are the default ones created during install. Receive connector is standard configuration with - * -
When sending email to an external address, I receive a failure notice
ServerName.test.corp.int gave this error:
Unable to relay
Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept email from certain senders, or another restriction may be preventing delivery.
More Info -
ServerName.test.corp.int
Remote Server returned '550 5.7.1 Unable to relay'
I have been troubleshooting this for many hours with no progress.
I have created new Send Connectors for the server that is advising that it is unable to relay, but they have all failed.
I have tried setting the Internal IP address for Exhange Server 1 (Exchange Server 2 reports failure), with most combinations of Security (Anonymous, Exchange Users, etc).
I have also tried with the IP range 192.168.11.0/24 to allow the whole the subnet, I still receive the unable to relay failure notice.
I have tried this guide - hxxps://glazenbakje.wordpress.com/2012/12/30/exchange-2013-how-to-configure-an-internal-relay-connector/ - with different combinations, still no resolution.
I am at a loss as to why I can't send out with the default configuration. I would assume that email would flow out without any changes, but this does not happen.
Can someone please assist before I lose my sanity.
Thanks in advance,
TerryGreetings all, I hope someone can help.
I have created a Exchange 2013 multi-tenant organization, with two servers, both multi-role - CAS and Mailbox roles.
Internal mail flow is fine.
Incoming mail from external senders is also fine. -
external email addresses can send to the domain).
External firewall port forwards ports 443 and 25 to the Internal DAG IP address.
There are two multi-role Exchange servers that are members of the DAG.
I am able to connect to OWA and ECP via https://externalIP/OWA and https://alias.domain.com/OWA
No SSL certificates have been purchased or installed yet.
Exchange URLs have not been changed since default configuration at install.
OWA and ECP works both internal and external.
External DNS works with SPF and PTR records correctly configured
Exchange RCA - Send test only fails with one Spam Listing (this Blacklist provider now flags all domains and you cannot ask to be removed)
Receive Connectors are the default ones created during install. Send connector is standard configuration with - * -
When sending email to an external address, I receive a failure notice
ServerName.test.corp.int gave this error:
Unable to relay
Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept email from certain senders, or another restriction may be preventing delivery.
More Info -
ServerName.test.corp.int
Remote Server returned '550 5.7.1 Unable to relay'
I have been troubleshooting this for several days with no progress.
I have created new Receive Connectors for the server that is advising that it is unable to relay, but they have all failed.
I have tried setting the Internal IP address for Exhange Server 1 (Exchange Server 2 reports failure), with most combinations of Security (Anonymous, Exchange Users, etc).
I have also tried with the IP range 192.168.11.0/24 to allow the whole the subnet, I still receive the unable to relay failure notice.
I have tried this guide - hxxps://glazenbakje.wordpress.com/2012/12/30/exchange-2013-how-to-configure-an-internal-relay-connector/ - with different combinations, still no resolution.
Even more info - Further troubleshooting -
I found my one of my Exchange servers had an extra NIC. I have since added a second NIC to the other server, so now both Exchange servers have dual NICs. I removed the DAG cleanly and recreated the DAG from scratch, using this link -
hxxp://careexchange.in/how-to-create-a-database-availability-group-in-exchange-2013/
The issue still exists, even with a newly created DAG. I also found that the Tenant Address Books were not 'applied'. I applied them but still no resolution
I think the issue is related to multi-tenant configuration even though the error says that it can't relay. The unable to relay message can appear when sending from a domain that the Organization does not support. Like trying to email as [email protected]
when you domain name is apple.com - But through extensive research I still can't resolve the issue.
Can someone please assist before I lose my sanity.
Thanks in advance,
Terry -
Creating a New Email address policy for users in another Domain with Exchange 2013 powershell?
Hi
Everyone
Is it possible to create a new-emailaddress policy with Exchange
2013 Powershell, for users within OU´s located on another different
domain/forest than where Exchange 2013 is installed?
There
is a Transitive, two way trust between the domain/forest where the users are
located - and the Exchange 2013, multi tenant domain.
Further
more, and if possible, I need to create linked mailboxes to all these users as
well.
Í have been struckling with this issue for weeks, so please anyone -
advice - and comment.
Best
Regards
Peter
A-ONE SolutionsHi Siddharth
I want to create a new e-mailaaddress policy - and after that create linked mailboxes/users in my account domain with powershell.
Can you help me achieve that ?
I have a powershell CMDlet, but i doesn´t work. (Cannot fint user OU in my account domain)
CMDlet is as follows:
New-EmailAddressPolicy -Name $CustomerName -RecipientContainer "OU=$CustomerName, OU=kunder, DC=Domain, DC=local" -IncludedRecipients 'AllRecipients' -ConditionalCustomAttribute1 $CustomerName -Priority '1' -EnabledEmailAddressTemplates SMTP:%2g%1s@$AcceptedEmailDomain
Where $Customername = test.dk
and Account domain is = OU=kunder, DC=Domain, DC=local
But the command fails with:
New-EmailAddressPolicy : Couldn't find organizational unit "OU=Test.dk, OU=kunder, DC=Domain, DC=local". Make sure you have typed the name correctly.
At line:52 char:1
+ New-EmailAddressPolicy -Name $CustomerName -RecipientContainer "OU=$CustomerNa
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-EmailAddressPolicy], ManagementObjectNotFoundException
+ FullyQualifiedErrorId : [Server=HE-MBX03,RequestId=2cbe1b51-4af2-4c04-9f7e-e440000975e6,TimeStamp=24-03-2014 12:58:19] 2D00FD2A,Mi
crosoft.Exchange.Management.SystemConfigurationTasks.NewEmailAddressPolicy
So, I cannot find the OU on the Account forest/Domain, even though the OU do exists in the Account domain.
Verifying with this:
Get-ADOrganizationalUnit -Identity "OU=$CustomerName,OU=kunder,DC=Domain,DC=local" –Server ‘DC01.domain.local’| FL
This works fine, Can you please help/assist?
Peter -
Public folders in hosted Exchange 2013
Hi,
Is it possible to setup public folders for a tenant i Exchange 2013, eg. with custom id 0 set or something like that?
Thanks!Hi,
If you want to deploy public folders in an Exchange 2013 multi-tenant environment, you can create a public folder mailbox per tenant.
Here is a related thread for your reference.
Public Folder Hierarchy and PF Mailboxes for Hosted setup?
http://social.technet.microsoft.com/Forums/exchange/en-US/e9062abe-f484-462b-bc5e-ebdcb0862760/public-folder-hierarchy-and-pf-mailboxes-for-hosted-setup?forum=exchangesvradmin
More information about public folder in Exchange 2013 here:
http://technet.microsoft.com/en-us/library/jj552408.aspx
Best regards,
Belinda
Belinda Ma
TechNet Community Support -
Exchange 2013 2 Node Multi role Servers with DAG issues connecting OWA users
Hi
I am on a job at the moment whereby I have 2 exchange 2013 multi role servers. Both are CAS and Mailbox servers. I have 2 databases, 1 called MBXDB01 and the other MBXDB02. MBXDBX01 is on Server 1 and 02 on Server 2.
I have created a DAG and included both databases. Active copy of MBXDB01 is on Server 1 and MBXDB02 on Server 2
I have configured the external and internal URLS of all virtual directories on both servers to be the same publically accessible FQDN. I have assigned the trusted cert to IIS and all other services on both servers. I have modified internal split brain DNS
to point the FQDN used to both Server 1 and Server 2 IP addresses with a TTL of 30 seconds. And also for autodiscover.
All test exchange connectivity comes back green and good from external and from outlook Test-Autoconfiguration autodiscover information is displayed correctly.
The problem I am having is that when a user access the FQDN from a web browser i.e owa.domain.com/owa they get the login screen. This could be from either server 1 or 2 depending on DNS round robin. In this example lets say the user is accessing OWA on SERVER
1 and their mailbox lives on SERVER 2.
In this scenario when they login they get a page :( OOps Something Went Wrong and the exception is this
A problem occurred while you were trying to use your mailbox.
X-OWA-Error: Microsoft.Exchange.Data.Storage.UserHasNoMailboxException
X-OWA-Version: 15.0.847.32
X-FEServer: SERVER1
X-BEServer: SERVER2
The URL provides a little more info
/auth/errorfe.aspx?httpCode=500&msg=861904327&owaError=Microsoft.Exchange.Data.Storage.UserHasNoMailboxException&owaVer=15.0.847.32&be=SERVER2&ts=130398071193518373
However, if the user accesses OWA via the private FQDN of SERVER 2 i.e https://SERVER2/owa they are able to access their mailbox.
It is driving me nuts.
Has anyone got any suggestions? I am tearing my hair out here
Thanks
One very frustrated field engineer :)Hi,
To narrow down the cause, I recommend the following troubleshooting:
1. Please double check the DNS entries about the host name used in the OWA URL.
2. Add A record that the host name used in the OWA URL points to server 2 IP address in a user local host file. Then try to login OWA again.
3. Check your event log and find if there is any error about OWA.
If you have any question, please feel free to let me know.
Thanks,
Angela Shi
TechNet Community Support -
Migration exchange 2010 to hosted exchange 2013
Hello,
Tried to search for a good solution for what I need but always redirected to places of office365.
I will explain what i need and maybe you could find me a good solution.
I have several offices that i give IT support. Some of them with exchange 2003 and some with 2007-2010.
I want to migrate their servers to my new hosted exchange 2013 (multi-tenancy).
Is there a way to do CutOver migration?
What are my options?
P.s. All offices are working with calendars so PSTing their mailboxes is out of the question.
Hope you understand what i wanted to do.
Thanks for the help.
Lior.For what you're planning, a cutover migration would be best. For that I would recommend a tool like Migrationwiz (http://www.migrationwiz.com). You can start the migration in advance, get the data copied
and then do a final incremental move on the cutover date. In addition to the mailbox move, you will want to synchronize the directories and ensure that the legacyExchangeDN property of the source mailboxes appear as proxy addresses of type
X500 on the target mailboxes or else they won't be able to reply to old mail or use Outlook contacts or cached addresses. I don't recall whether MigrationWiz can take care of that for you or not.
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems." -
KeepAlive settings for Exchange 2013 environment
Hello All,
We have very weired problem in our environment. Our environment consists of 10 Exchange 2013 multi-role servers in Primary DC with Wind 2012 OS and 5 servers in Secondary DC with Wind 2012. We have F5 LB & Cisco f/w
Sometime back users reported the outlook disconnection issue and we've implemented following settings in the environment based on MS support team recommendation
1) Configure the Idle session time out on the Network devices to 2 hours.
2) Add the registry key “MinimumConnectionTimeout” with value as 120
seconds as per below article on all the Exchange 2013 Servers. Once this registry key is added, we need to restart the Server for the changes to take effect..
Path: HKLM\Software\Policies\Microsoft\Windows NT\RPC
Type: REG_DWORD
Name: MinimumConnectionTimeout
Value: 120 (Decimal)
3) Add the KeepAliveTime registry key on all the Exchange 2013 Servers
to reduce the Keep alive from default 2 hours to 5 minutes. Once this registry key is added, we need to restart the Server for the changes to take effect.
Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters
Value name: KeepAliveTime
Type: REG_DWORD
Value: 300000 (Decimal)
This value controls how frequently TCP tries to verify that an idle
connection is still intact by sending a keep-alive packet. If the remote computer is still reachable, it acknowledges the keep-alive packet. The recommended value setting is 300,000 (5 minutes).
After applying these settings we've started facing the ACTIVESYNC issue in the environment. We've changed the keep alive setting in exchange server to 29 mins and now activesync issue is solved but outlook disconnect issue started
IS THERE ANYONE who can recommend what is the correct KEEP ALIVE value should be kept in such environment
Our environment has 27K mailboxes totally spread across 50 DBs apprx
Appreciate experts help here !!!
Vinoth Kumar. M
Vinoth Kumar. MJust to add one more point here
All our network devices including F5 LB has 30 mins as the idle time out value.
We've added below registry values also in all AD DC & Exchange servers
MaxConcurrentAPI
http://support.microsoft.com/kb/2688798
5 in DC
10 in Exchange servers
Vinoth Kumar. M
Maybe you are looking for
-
Handle Runtime error: TSV_TNEW_PAGE_ALLOC_FAILED
Hi, In my programme, some times I end up with handling of lots of data in internal table. And this results in a dump. Category ABAP Server Resource Shortage Runtime Errors TSV_TNEW_PAGE_ALLOC_FAILED Short text No more memory
-
Length of AVI file is different in FCE
I am importing AVI files that were created on a PC into FCE 3.5 The time length of the file is cut off in FCE. That same AVI file is full length when played in Quicktime. Any reason why FCE won't play the entire length?
-
SAP Namespace registration: is it free?
Hi all, I would like to obtain some informations about SAP Namespace registration. I have already read all related SAP notes, and I have seen that the registration is free of charge. Do you confirm that? In fact, I would like to know if namespace reg
-
Please show me an example of how to get three tables join results
For example: I have table students,books,book_issue_detail student table : student_id primary key,student_email books table: book_id primary key, book_title,author_name books_issue_details: book_id,student_id,isssue_id primary key, issue_date I would
-
IPhone 5c, using PC....usb won't read iTunes or charge phone
I am using a pc and I have an iPhone 5c...when connecting to my usb to sync/charge, nothing happens. No beep, no iTunes, nothing. I have 3 usb ports and all are working, I have tried a mouse and a printer and they all read. Any ideas?