How to Manage Distribution Groups from Office 365 in a Hybrid Environment

Wednesday, November 30, 2016
When on-premises distribution groups are synced to an Office 365 tenant via Azure Active Directory Connect, migrated users who are owners of the distribution group can't manage them in Outlook. Depending on the version of Outlook used, the user will receive an error message that resembles the following:
The action 'Update-DistributionGroupMember', 'Identity.Members', can't be performed on the object '<name>' because the object is being synchronized from your on-premises organization. This action should be performed on the object in your on-premises organization.

-or-
Changes to the public group membership cannot be saved. You do not have sufficient permission to perform this operation on this object.


This happens because Outlook tries to update the same directory where the user's mailbox exists. If the mailbox is in Exchange Online this is the Exchange Online Directory Service (EXODS) directory, which syncs with Azure AD. Since EXODS is read-only in a hybrid environment using AAD Connect, the user receives the error.


Read more ...
by at No comments:
Tags , , , , , ,

Fix for Performance Counter Updating Error (Event 106) on Exchange Servers

Tuesday, November 29, 2016
You may see multiple warnings or errors in the Application event log on Exchange servers for event 106, indicating that performance counters could not be updated.

Multiple Event ID 106 - Perf Counter Events
An example event 106 reads,
Log Name:      Application
Source:        MSExchange Common
Date:          11/29/2016 12:24:28 PM
Event ID:      106
Task Category: General
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      EX16B.contoso.com
Description:
Performance counter updating error. Counter name is Percentage of Failed Offline GLS Requests in Last Minute, category name is MSExchange Global Locator OfflineGLS Processes. Optional code: 3. Exception: System.InvalidOperationException: The requested Performance Counter is not a custom counter, it has to be initialized as ReadOnly.
   at System.Diagnostics.PerformanceCounter.InitializeImpl()
   at System.Diagnostics.PerformanceCounter.get_RawValue()
   at Microsoft.Exchange.Diagnostics.ExPerformanceCounter.set_RawValue(Int64 value)
The TechNet article, "'Performance counter updating error' after you install an Exchange Server 2013 cumulative update", indicates this is a problem on Exchange 2013 after applying a CU, but I've seen this happen after applying an update rollup, cumulative update, or .NET Framework update on Exchange 2010, Exchange 2013, or Exchange 2016 servers.

I wrote the following PowerShell script to reload the Exchange performance counters. You run it directly on the affected Exchange server from an elevated PowerShell or EMS prompt. The script will reload all the performance counters in the %ExchangeInstallPath%\setup\perf directory.
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Setup
$perfcounters = Get-ChildItem "$env:ExchangeInstallPath\Setup\Perf\" *.xml | Where-Object {!($_.psiscontainer)}
$perfcount = $perfcounters.Count

foreach ($perfcounter in $perfcounters) {
New-PerfCounters -DefinitionFileName $perfcounter.FullName -ErrorAction SilentlyContinue
Write-Progress -Activity "Reloading $perfcount Exchange Performance Counters" -PercentComplete (($i++ / $perfcount) * 100)}
The script may take a few minutes to run and will reload all the Exchange performance counters. Once complete, the event 106 warnings or errors should stop.


Read more ...
by at No comments:
Tags , , , , , , , ,

Azure AD Connect Adds Support for Windows Server 2016 and SQL 2016

Friday, November 18, 2016
If you're a customer who uses Azure Active Directory Connect, you'll want to know that Microsoft just released version 1.1.343.0, which adds support for Windows Server 2016 and SQL Server 2016 and fixes some bugs.

Improvements:
  • Added support for installing Azure AD Connect on Windows Server 2016 standard or better.
  • Added support for using SQL Server 2016 as the remote database for Azure AD Connect.
  • Added support for managing AD FS 2016 using Azure AD Connect.
Fixed issues:
  • Sometimes, installing Azure AD Connect fails because it is unable to create a local service account whose password meets the level of complexity specified by the organization's password policy.
  • Fixed an issue where join rules are not re-evaluated when an object in the connector space simultaneously becomes out-of-scope for one join rule and become in-scope for another. This can happen if you have two or more join rules whose join conditions are mutually exclusive.
  • Fixed an issue where inbound synchronization rules (from Azure AD) which do not contain join rules are not processed if they have lower precedence values than those containing join rules.

You can download the latest version HERE.

Read more ...
by at No comments:
Tags , ,
Subscribe to: Posts (Atom)