Exchange has the ability to limit sending permissions on Distribution Groups. Finding which Distribution Groups have user sending permissions assigned to them can be very time consuming using the portal.
To make it quicker, you can list the accounts that have the ability to send to a specific distribution group using PowerShell.
$FormatEnumerationLimit=-1 # This allows the property to be expanded in format-table
Get-DistributionGroup -Identity XXX | Format-table -Wrap -AutoSize -property name,acceptmessagesonlyfrom # Change XXX to the Distribution Group SAM account name
I company I work for just completed an O365 tenant migration. After email had been moved to a new Exchange tenant, we noticed that users continued to use their Outlook apps on their phones. They were also continuing to chat on the old tenant's Teams and were using all of the Office apps on the web using their cached logins.
This caused a headache. Some users were in the new environment with the correct domain—others didn't notice the “@onmicrosoft.com” and were having issues with SSO apps that had been migrated.
We needed to revoke all of the cached login tokens force log out all users. This quick Powershell command did the trick:
Once that's complete, you will need to upload the file to a publicly accessible file share. I used Azure Files to create a storage container and provide direct access to the file. This URI will be pointed to in the script, so you cannot use something like OneDrive or SharePoint without special configuration.
Before running this script, you will need to change the following XXX values:
$QuestODMMSIURI – This will be the publicly accessible MSI that you uploaded to your file share.
While most organizations are moving files to cloud-based solutions, I'm working for a client who wants to keep everything in-house. In this environment, some users had a private folder under a previous drive letter mapping, others didn't have anything at all.
I created this quick and dirty Powershell script to automate the cleanup process for existing users.
This script gets all users from AD, sets their HomeDirectory attribute in AD to a fileshare and mounts it on the U: drive, and creates private folders with the correct ACL permissions.