Search for users start with particular letters in the display name


To search your Office 365 users with particular initial characters

First connect to Microsoft Online Service




To Search for users whom their display names contain “Top” you can use the following powershell

get-msoluser -all | where-object {$_.displayname -like “top*”} | ft displayname,userprincipalname,proxyaddresses




Search for users whom their UPN contains “TOP” in the start

get-msoluser -all | where-object {$_.userprincipalname -like “top*”} | ft displayname,userprincipalname,proxyaddresses



Hope this helps Smile 


Export users licenses and information O365

In order to Export users licenses and information from Office 365 you will have to use the following script.


First you will need to connect to MS Online service with a Global admin account




Get-MsolUser -All |Where {$_.IsLicensed -eq $true } |Select DisplayName,UsageLocation,@{n=”Licenses Type”;e={$_.Licenses.AccountSKUid}},SignInName,UserPrincipalName,@{n=”ProxyAddresses”;e={$_.ProxyAddresses}}| Export-csv -Path C:ExportlicenseUsage.csv –notype




This will export a file called “ExportLicenseUsage.csv” to your C root drive. you can open this file with Microsoft Excel and find out all the useful information that you’re looking for.

Hope this helps Smile 


Testing Office 365 SMTP relay

In order to test Office 365 SMTP relay you will have to create a user with an Exchange online license. After the email is activated for this user you can test this user for relay with the following powershell.


First connect to Microsoft Online service with this user that you’ll be using for relaying.

$msolcred = Get-Credential


Next edit the following powershell with the user’s e-mail and the recipient’s too

Send-MailMessage –From –To –Subject “Test Email” –Body “Test SMTP Relay Service” -Credential $msolcred -UseSsl -Port 587






This test is known as Client SMTP submission you can also use a different method for multiple devices where you can configure them all to point to a single server (IIS) in a method known as IIS for relay with Office 365 however, all the methods what involve office 365 (Only) for relay will require a user with Exchange online license assigned to it.{308b10a016e19a1cd6a208cbc3961927e16fc6766a4020d3c4ef54ea17925f0f}28v=exchg.150{308b10a016e19a1cd6a208cbc3961927e16fc6766a4020d3c4ef54ea17925f0f}29.aspx


Hope this helps Winking smile


Domain Controller Cross Forest migration Part 2

Current environment on the DC

  1. Additional DC2
  2. SCVMM
  4. Exchange
  5. SCMM




Migration plan

AD 2012 R2 ( to ( 2012 R2.





In the second part of this series (DC cross forest migration) I will demonstrate some major required steps for the migration from the old DC ( to the new DC (


SQL Servers and their applications can’t be migrated due to SQL permissions and Schema mismatch.


Requirements are :

Destination DC Forest Function and domain function level must be set to at least 2008 R2 for ADMT3.2 to work




And a health check must be performed on the FSMO roles to make sure everything is functioning properly on the Source DC..  PDC, SchemaMaster..etc

The checks I will perform are

  1. Check replication (In case there’s more than one DC In the source forest).
  2. DC health (DCDiag tool)
  3. Check the reachability of the PDC.


Netdom query FSMO ( this command will show you which DC in the source forest holds the roles exactly)




1- For Checking replication you can use the repadmin command line which checks replication between sites, DCS and reports any errors in between. in case you have one server in pace the following outcome should be printed for you.

Repadmin.exe helps administrators diagnose Active Directory replication problems between domain controllers running Microsoft Windows operating systems.




2- Check DC health using DCDIAG tool

Analyzes the state of domain controllers in a forest or enterprise and reports any problems to help in troubleshooting

as they are multiple types of tests that can be applied with dcdiag depending on the parameter used. I will start with the DNS.



If the DNS is healthy then it should show as following. and we can continue to the next test.


For an extensive test, you can use the parameter /v along with this sign >c:dcdiag.txt to export the test to a file and look at it line by line.



If everything sounds good and healthy we shall move on to the next step which is DNS configuration

DNS Configuration


  1. DNS replication between both domains
  2. Installing Windows 2008 R2 for ADMT 3.2
  3. Setting up domain trust between forests.



  1. DNS replication between the source and target domain

In order for the trust to be created between both forests, you either have to create a conditional forwarders that will copy the source zones to the destination DNS server and vice versa or you can create a secondary forwarder zone in destination DC for the source DC and vice versa.

In my case I will go for creating a secondary zone and to do this I will go to each DNS server and allow Zone to be transferred.


You can include only the IPs of the Source and Destination servers in the zone transfer and any additional DNS servers.



Now I a have created a secondary zone DNS and trying to resolve FQDNs from the source server as in the below snapshot.




Same will be done on the destination server.




Checking Name Resolution for both domains:




Once the nslookup works as expected from both servers then we’ll ahead with creating forest trust between both DCs.

Creating Forest trust between Source and Destination Domain.


In order for the trust to be created between both source and destination domains the PDC on the Destination Domain must be available.


1. Open the Active Directory Domains and Trusts, right click on the domain and click properties.

















We will have to validate trust after creating it to make sure that trust in both ways are validated.








Now since trust is created and already validated both ways, we’ll have to add a GPO policy to update all clients with the new Domain name in the DNS suffix search list to resolve netbios names.

Updating DNS Suffix Search list:


DNS suffix search list:

In order to add the source and destination domains suffix to the dns suffix search list we will have to open GPO on the destination Domain (




On the target domain ( we’ll have to open GPO .

Right Click on default domain policy / Edit



Go to (Computer Configuration Policies Administrative Templates Network DNS client

Double click on the DNS Suffix Search list to open it and enable it.



Click ok and apply the police and see how it should show in the report.



Once this is done and policy is applied among all clients you should have no problem and it should show first on the DC where you applied the policy.




Hope you find this helpful and stay tuned for the next part. Winking smile Tags: ,,

Domain Controller Cross Forest migration Part 1

In this series of articles I will demonstrate the Cross forest migration for Microsoft Windows Active directory 2012 R2.


Before starting any step, I will have to do a revision for the current environment and check what is there, what can be migrated and what can not be.



  1. Check if the environment is using an old cryptographic algorithms that’s not supported during the migration .e.g. (SHA-1 1024bit Certification authorities).
  2. Notice that Group Policy user profile folder redirection might have a bug from SCCM. To fix this the SCCM needs to be checked for one option needs to be disabled

Under the SCCM Configuration manager,

– Select Administration

– Select Client Settings

– Pull up PROPERTIES of Default Client Settings configuration and click on Compliance Settings


From <>


– Enable User Data and Profiles mentioned above is the setting which drives the control of Folder Redirection and Remote User Profiles.
The above configuration by Default is set to NO. Once enabled (set to YES), it passes the control of Folder Redirection, Offline Files, and Remote User Profiles to WMI and stores this configuration under the registry path: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUserStateUserStateTechnologiesConfigurationControls

  1. TCP/IP crashes and errors: Hotfix released to correct a crash in TCP/IP.




Hardware Requirements

  1. Windows 2008 R2 DC on the destination forest.
  2. Windows 2012 R2 ADMT and SQL express 2008 R2 or 2012 R2 express or full.



Software Requirements

1- Rights Management Services Analyzer Tool


From <>

RMS Analyzer provides the following features:

• Support for Azure RMS and AD RMS diagnostics

• Prerequisite checks for Azure RMS integration (such as any required hotfixes, registry key settings, Microsoft Online Sign-In Assistant)

• Ability to collect trace logs to capture real-time problems

• Diagnostics and remediation for Office 2013 and Office 2010

• Basic diagnostics for federation services

• Group membership check, based on groups and policy templates

• Display of your RMS configuration settings and verification tests to validate service health for RMS

• Ability to monitor multiple servers and find all RMS servers in trusted forests

By installing and using the software you accept the License terms which are located in the zip folder download. If you do not accept the terms, do not install or use the software.

2- Password Export Server (PES) – x64


3- Active Directory Migration Tool (ADMT) QFE – x86>


I will publish the next parts as soon as I am done with them. stay tuned Winking smile  





There may be times when it is useful to use an existing Group Policy Object (GPO) as a template for a GPO on another server, or perhaps you just need to perform a GPO backup and restore. Here is how to export and import GPOs from the command line.

Starting the Group Policy Cmdlet in Powershell

Firstly, from the command line start powershell and import the Group Policy Cmdlet:



Exporting a GPO

Check that the backup directory you wish to use exists. If not, create it.

Powershell command:


Example: to backup a GPO called “Example GPO” to the directory “C:GPOBackup”

&quot;Example GPO&quot;

Importing a GPO

Keeping the same GPO Name

Powershell command:


Example: to import a GPO called “Example GPO” from the directory “C:GPOBackup”

&quot;Example GPO&quot;

Renaming the GPO

Powershell command:


Example: to import a GPO called “Example GPO”, renaming it to “New GPO”, from the directory “C:GPOBackup”

&quot;Example GPO&quot;

Copy Immutable ID and Proxy Addresses from Azure to AD

Reuse DirSync in a new server after removing DirSync or in case DirSync server has crashed or no longer working.

In order to do so you will have to launch Azure powershell in admin mode and connect to MSOL service as in the following snapshot

$cred = get-credential
After connecting then type/copy the following
Get-MsolUser -ReturnDeletedUsers -All | Out-GridView


Once you type enter a GUI will come up showing you all the deleted users list, you should delete any old non-usable account that has similar attributes to the ones that you’re about to Sync from the AD to O365.


Once you’re sure about what do you want to delete you can go ahead with the following Command to delete the users

You must be sure that when you run this command, you will no longer be able to restore any deleted item or object later on.

Get-MsolUser -ReturnDeletedUsers -All | Remove-MsolUser -RemoveFromRecycleBin -Force –Verbose


Now you should run the following Script on the same open powershell in order to start the copying process.

Import-Module Msonline
Import-Module ActiveDirectory
$cred = Get-Credential
Connect-MsolService -Credential $cred
$onlineusers = Get-MsolUser -All
$adusers = Get-ADUser -Filter *

Press enter and when you want you get prompted to select an option choose 1 and enter


After the copy is finished you can match for yourself the list of ImmutableID along with the GUID
Ldifde -f dump.txt




Hope you find this useful coz I did Winking smile 

Step by Step Installating Exchange server 2013 from scratch (Part 1)

Step by Step Installing Exchange server 2013 from scratch (Part 1)

In this part, I will be demonstrate how to Install exchange 2013 and prepare new Databases along with preparing the servers for high availability (DAG).



– Two Microsoft Windows 2012 R2 servers with 16 GB ram and 200GB disk divided unto two partitions.

– Two NIC, one for MAPI and one for replication.

– Exchange 2013 CU8 setup to directly go to the latest available update.


Installing Prerequisites on all exchange servers

Launch Powershell as administrator and copy then paste the following.


Install-WindowsFeature RSAT-ADDS

From <>

When finished continue with the following Cmdlet on each Exchange server.


  • Install only the Mailbox server role on a computer.
  • Install only the Client Access server role on a computer.
  • Install both the Mailbox and Client Access server roles on the same computer.

Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation


From <>


First thing we extract the setup file and then from command line as administrator we run Setup as below


Setup /PrepareSchema /IAcceptExchangeServerLicenseTerms


setup /PrepareAd /IacceptExchangeServerLicenseTerms /OrganizationName: Organization Name


Setup /Preparedomain /IAcceptExchangeServerLicenseTerms


Setup /PrepareAllDomains /IAcceptExchangeServerLicenseTerms


You should download and install the following software prerequisites as per Microsoft’s TechNet article regarding the installation. the software is available the link I posted earlier above or through this link Exchange_Prerequesties




After running all the prerequisites , we can start installation of Exchange 2013









Here I am going to change Exchange’s default installation path and place it on a different partition to avoid any data loss in case of Windows server crash or booting issues.






Now we install the second Exchange server, that will hold the same roles on it as the first one (Mailbox and CAS).

The steps are going to be exactly the same except that you won’t have to prepare the schema or AD since it’s already prepared.

Installation has finished for both servers




It’s better to mount the database upon creation and not restart the IS instantly after that.

Now it’s time to create new Databases and replace them with the default ones that come with the Installation

First we’ll have to start off by creating our targeted databases which we want to use them. Note that for the standard version of Exchange 2013 you can only create up to 5 databases per mailbox server.

In order to demonstrate all benefits of Exchange 2013 and its features including DAG. I will create 2 databases. One database on each server.

The first database will be called DB1SRV1


As soon as we have created the Database, we faced the following error with event ID 106


Then another warnıng from MSExchangeFastSearch wıth event id 1006


This indicates that a database should not be mounted upon creation, you should untick the mount DB option when you create one.

After waiting a bit the following logs should appear and show a healthy indexing start.



Once the DB has been created, Exchange AC will require that you restart the IS (Information store Service) in order for replication to happen without an issue.


Database is showing healthy and no issues so far.


Now we’ll create a new DB on the second server without ticking the mount DB option.



Microsoft Exchange Server Locator Service failed to find active server for database ‘de5f3051-c202-4976-b8e4-65bbbe0c2395’. Error: The database with ID de5f3051-c202-4976-b8e4-65bbbe0c2395 couldn’t be found.


The same exact errors came after creating the Database without mounting it.


Now let’s restart the IS service and mount our database then see what happens..


Upon restarting the service, we get the following error which is related to the MS Exchange replication service . It noticed that the database that we have created has never been mounted in order to start the indexing.


Let’s mount the database and see the changes


Mounting the database have got the AM to report successfully and after couple of seconds the MSExchangeFastSearch will check out if the database have any indexing files.


No indexing state have been found and so the FastSearch service will give you a 1013 warning report. This is a good warning because it reports that the service is working properly and that it will create the indexing folder after couple of minutes as we’ll see later.

It takes approximately 3-5 minutes for the database to start the indexing.


Now on the EAC, the DB should report healthy. Let’s see


Removing Default databases

First step before deleting the default databases is to move any system mailboxes or arbitrary mailboxes in them to the newly created databases…

Paul Cunningham wrote a great article on how to do this using Powershell … in the following link

Get-Mailbox -Database "Mailbox Database 2" | New-MoveRequest -TargetDatabase "Mailbox Database 1"

First we’ll have to copy the default databases’ names in notepad to run the command properly.

Get-Mailbox -Database "Mailbox Database 0043173996" | New-MoveRequest -TargetDatabase "DB1SRV1"


Time to remove arbitrary mailboxes from the default DB to the new DBs

The command is going to look like this

Get-Mailbox -Database "Mailbox Database 0043173996" -Arbitration | New-MoveRequest -TargetDatabase "DB1SRV1"


All mailboxes have already been moved to the new DB, now let’s check if there’s anything left in the Old DB.


To remove the DB, you will have to type the following command in EMC:

Remove-MailboxDatabase -Identity "Mailbox Database 0043173996"


The warning above is apparently due to Exchange permission on AD. It has been described in detail on how to solve this warning by  Nuno Mota in the following Link.

From <>

For the second server, You will have to repeat the same steps as on the first deleted MB Database.



Hope you like this, Stay tuned for the second part Winking smile 



The mailbox of user Migration that is located on a server that is running version 14 can’t be opened on a server that is running version 15.

In some scenarios when you have configured Exchange 2013 with Exchange 2010 or 2007, you may get this errors:



The mailbox of user that is located on a server that is running version 14 can’t be opened on a server that is running version 15.



On Exchange 2013 Server run the following cmdlet :

New-MoveRequest -Identity "" -TargetDatabase "Mailbox Database 1414468119"




After the move of this particular mailbox completes then you will not see the error again






Adding second copy of a database on Exchange 2013 SP1 CU7 results in the Error Event ID 1010

Adding second copy of a database on Exchange 2013 SP1 CU7 results in the   Error Event ID 1010

After you create a DAG and add mailbox members to it, you try to add a copy of a certain database but you receive the following error:

Seeding of content index catalog for database DB2 failed. Please verify that the Microsoft Search (Exchange ) and the Host Controller service for Exchange services are running and try the operation again. Error :Could not connect to net.tcp://localhost3863/Management/Seedingagent-XXXXX/Single. The connection attempt lasted for a time span of xx:xx:xx. Tcp error code 10061: No connection could be made because the target machine actively refused it

Update-mailboxdatabasecopy -identity EKMBX2Personel -sourceserver ekmbx1 -catalogonly

An operation attempted against a FAST endpoint exprienced an exception. This operation may be retried. Error details: Microsoft.Exchange.Search.Fast.PerformingFastOperationException: An Exception was received during a FAST operation. —> System.ServiceModel.EndpointNotFoundException: There was no endpoint listening at net.tcp://localhost:3863/Management/SeedingAgent-19A34885-5F8D-4953-898C-D654FEE6EBA112/Single that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.
Server stack trace:
at System.ServiceModel.Channels.ConnectionUpgradeHelper.DecodeFramingFault(ClientFramingDecoder decoder, IConnection connection, Uri via, String contentType, TimeoutHelper& timeoutHelper)
at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.SendPreamble(IConnection connection, ArraySegment`1 preamble, TimeoutHelper& timeoutHelper)
at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.DuplexConnectionPoolHelper.AcceptPooledConnection(IConnection connection, TimeoutHelper& timeoutHelper)
at System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan timeout)
at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)
at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Microsoft.Ceres.SearchCore.Admin.ISeedingManagementAgent.GetSeedingEndPoint()
at Microsoft.Exchange.Search.Fast.FastManagementClient.PerformFastOperation[T](Func`1 function, String eventLogKey)
— End of inner exception stack trace —
Node not listening on the required port.

Stop the following Services

– Microsoft Exchange Search
– Microsoft Exchange Search Host Controller


Navigate to the following path:


and run the following script to reinstall the search foundation for Exchange

.installconfig.ps1 -action u -dataFolder ‘ExchangePATHBinSearchCeresHostControllerData’

.installconfig.ps1 -action u -dataFolder ‘E:MicrosoftExchangeServer2013BinSearchCeresHostControllerData’


The first step will uninstall the services:

[PS] E:MicrosoftExchangeServer2013BinSearchCeresInstaller>.installconfig.ps1 -action u -dataFolder ‘E:MicrosoftExchangeServer2013BinSearchCeresHostControllerData’

Uninstalling configuration of Search Foundation for Exchange…
Uninstallation complete

The second step will be reinstalling the service foundation again. the only difference in the cmdlet is the parameter -i

.installconfig.ps1 -action i -dataFolder ‘E:MicrosoftExchangeServer2013BinSearchCeresHostControllerData’

Configuring Search Foundation for Exchange….
Successfully configured Search Foundation for Exchange

After doing this you should delete the copy database’s index folder, and then start the services again.

After restarting the services, it could take 10-15 minutes for the database indexing to start and for it to report healthy.


Just another IT Website