How to update Microsoft Azure Active Directory Connect

Upgrade-Azure-Active-Directory-Connect

If you have your AD sync to Microsoft Azure and have installed the Active Directory connect, you may need to update, and here is how to do that

To see the status of sync, you can log in to the Microsoft admin portal at https://admin.microsoft.com

on the home page, you should see Sync Status, click on the Sync staus to get to the details page

You should see something like this: Click on Microsoft Download Center or this link: https://www.microsoft.com/en-us/download/details.aspx?id=47594

It will bring you to the Download page, read the requirements, and download to your software

When you run the setup you may get an error message if you don’t have the TLS enabled
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-tls-enforcement

PowerShell command to enable TLS 1.2: got it from the link above, copy from Microsoft so you don’t have typo or if you know how to enable yourself do so

New-Item 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -Force | Out-Null

New-ItemProperty -path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -name 'SystemDefaultTlsVersions' -value '1' -PropertyType 'DWord' -Force | Out-Null

New-ItemProperty -path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -name 'SchUseStrongCrypto' -value '1' -PropertyType 'DWord' -Force | Out-Null

New-Item 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -Force | Out-Null

New-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -name 'SystemDefaultTlsVersions' -value '1' -PropertyType 'DWord' -Force | Out-Null

New-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -name 'SchUseStrongCrypto' -value '1' -PropertyType 'DWord' -Force | Out-Null

New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'Enabled' -value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'DisabledByDefault' -value 0 -PropertyType 'DWord' -Force | Out-Null
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Force | Out-Null

New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'Enabled' -value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'DisabledByDefault' -value 0 -PropertyType 'DWord' -Force | Out-Null
	Write-Host 'TLS 1.2 has been enabled.'

Then re-run the AD Connect setup:

Note, if you have a big network, this may take some time, so do off-hours, because it will stop the sync of your AD until the upgrade is completed

You should see the upgrade process and synchronization

Then it will ask you for admin credentials:

If everything goes well you should see, Ready to configure, click Upgrade

Then, the configuration complete

now you can check the status on the admin page

That’s it, hope this helps someone



How to delete Active Directory user with privilege issue

There may be a number of reasons you can’t delete some users from Active Directory, one of them could be domain admin or enterprise admin privileges. Another could be some objects are still in use or not sync up with an exchange, they both have some many references, so can’t delete active directory user with exchange ActiveSync

I had come across one after migration to Office 365, some user account that may have old Exchange attributes that cannot be deleted and you will have to manually give your self full access. here is how to delete those account that has privilege issues.

First you need to change the view to: use the “view -> users, Contacts, Groups, and Computers as containers”

Then go to the user you are having issue deleting, give you self full permission to object then you should be able to delete it



Increase allowed maximum attachment size

On exchange 2010 or may be applied to other versions of on-premise exchange. You have maximum attachment size setting to allow people to send to other users and there are many causes based on settings of, database, mailbox, email spam system, firewall, etc… Also, there is one more on Active sync, which is by default is 10 MB, so it does not matter, if you have allowed bigger attachment. When using the smartphone you will see the server rejected message when your attachment is larger than 10 MB.

You can Open the web.config settings of the Microsoft Active Sync

Then edit the httpRuntime maxRequestLength to whatever you like

After the change is been made, you will need to restart the IIS service to take effect of your new settings. Then you should be able to send bigger attachments from your smartphone. Some other things to be noted, if your mail server allowing bigger attachment that does not mean other mail server will accept bigger attachment. Most spam system scanner inside your attachments and can block if something inside attachment have strange type of content.



Recover Deleted mailbox on exchange 2010

In case you have deleted mailbox my mistake, you may still be able to recover if your backup has not run yet.  You can recover mailbox as the same user or attach to a new user. If you have deleted the Active Directory account when you had delete Mailbox, you need to re-create it first then you will be able to attach the disconnected mailbox to a user. If you don’t see anything under Disconnected mailbox, then you will not be able to reconnect without restoring from your backup first. If you want to remove mailbox check post How to remove Mailbox only on exchange 2010

Reconnect disconnected Mailbox

Open Exchange Management Console
Expand Recipient Configuration>Disconnected Mailbox
On the right side select user mailbox, you want to reconnect.

You will need to choose mailbox type, if it’s User Mailbox, Room Mailbox, Equipment Mailbox or Linked Mailbox, based on your selection you will see different options to choose from, here I am selecting User Mailbox

You will have option to choose Matching user or Existing User

  • Matching: you will not get option to select user, it will automatically connect Matching user
  • Existing user: Then you will get option to search same or another user, if user does not exist, create it first then try reconnecting.

How to Remove Mailbox via Power shell

Open Exchange Management Shell

Remove-Mailbox –Identity “NameOfUser”

Then it will give you message “Are you sure you want to perform this action?” once you are sure type y and press Enter

If you don’t want to get confirmation:

Remove-Mailbox –Identity “NameOfUser” -Confirm:$false



How to remove Mailbox only on exchange 2010

Exchange 2010 is very old and its extended supports ends in 2020, so you should have already migrated over to a newer version of Exchange or to cloud Microsoft office 365.  In case you have not and wanting to do clean up, before your migration, there are cases that mailbox no longer needed but Windows login needed.  Here is how to remove mailbox only, without removing Active Directory login for the user. You can see Microsft Lifecycle at https://support.microsoft.com/en-us/lifecycle

How to Disable Mailbox

  • Open Exchange Management Console
  • Expand Recipient Configuration>Mailbox
  • On the right side select the user mailbox you want to remove
  • Right Click on the user and select Disable

You will get a message to confirm, that you want to Disable, which will remove the Exchange properties from the Windows user object and mark the mailbox in the database for removal. Select Yes

Then that mailbox goes in Disconnected Mailbox and will be kept based on setting set for settings under:

  • Organization Configuration>Database Management>
  • Look at properties of mailbox then click on Limits tab
  • You will see “Deletion settings
  • Keep deleted items for (days): x
  • Keep deleted mailboxes for (days): x

Also, if you have checked the box “Don’t permanently delete items until the database has been backed up.” then it will not delete until it’s been backed up. This way if you deleted by mistake wrong user mailbox you can re-connected.

How to Disable Mailbox via Power shell

Open Exchange Management Shell:
Disable-Mailbox –Identity “NameOfUser”
Then it will give you message “Are you sure you want to perform this action?” once you are sure type y and press Enter

Or

If you don’t want to get confirmation:
Disable-Mailbox –Identity “NameOfUser” -Confirm:$false

That’s it, if the name does not match it will give you error

As you can see Exchange 2010 Service Pack 3 is ending it’s extended support by 1/14/2020