Upload S/MIME user certificate with outlook to the GAL
Hi @all in the Exchange Hub, I have some questions regarding the possibility to allow users uploading S/MIME certificates to the global adress list. We get the certificates from a third-party supplier (no self-generation via AD) At the moment we are using an on-premise mail server (no Exchange) and want to migrate to Exchange Online. We built a test-environment with a local Active Directory and a Microsoft 365 Tenant. I´ve done a test with my account in Outlook 365. All works. I was able to import the certificate and publish it in the GAL. A pop-up confirmed the successfull upload to the GAL On another account we tried the same and got following message: "There are no valid security settings to publish. Do you want to remove the previously published settings?" (sorry, translated it from german). If I press no --> nothing happens If I press yes --> following message appears: "Your certificates were successfully removed" --> and nothing happens (no confirmation of successfull uploading) Where is the error? What I have to configurate that it works? And another essential question: If I search in the microsoft docs how users can publish certificates I can only find the path: Outlook --> local Active Directory --> AD Connect --> Exchange Online Is this the only way of publishing? Background of this question: I mentioned above that the GAL publishing of my certificate worked. I can't find the certificate in the local Active Directory in the userCertificate attribute. But I can find a certificate (via PowerShell) in ExchangeOnline. Hope you understand my questions. Thanks in advance for answering 🙂
Exchange 2013 with 2019 domain controller
Hi Current environment: Exchange 2013 CU23 2008r2 Domain - Running at 2008r2 domain & forest functional level I know from the Exchange server matrix that Ex2013 is not supported in a full 2019 Active Directory environment, but my question is; can I add a 2019 domain controller into a 2008r2 domain (keeping the forest & domain functional level at 2008r2) keeping the Exchange server pointed at the 2008r2 DCs without any issues? I ask because I know that once you promote a 2019 server to a DC the Schema version goes from 47 (2008r2) to 88 (2019) and I do not know if this affects 2013 Exchange even if still pointed at writeable DC + GC on 2008r2. Thanks for any adviceChild domain lost - How best to disconnect/disable mailboxes with no writable AD
The root AD forest has multiple sub domains, for example contoso.com is root, child domains, sub1.contoso.com, sub2.contoso.com etc. Exchange 2016 servers is installed into the root domain, contoso.com with prepearealldomains, so allows mailboxes to be associated AD user objects in the child domains. There was a issue encountered resulting in no writable DC for child domain sub1.contoso.com. In addition the mailbox database which holds the mailboxes for these child domain is not recoverable. At the moment, the rest of Exchange is functioning okay. I want to run Disable-Mailbox, Remove-Mailbox to delete mailbox for the sub1.contoso.com mailbox accounts, or run Set-Mailbox with a -ForwardingSMTPAddress, in order to route emails destined for the child domain users elsewhere. Unfortunately each of these options require the ability to access the mailbox database in question or a child dc in sub1.contoso.com. Does anyone know how I can set the ForwardingSMTPAddress for these child user accounts mailboxes, or disable/disconnect the mailbox for these users in this scenario?
AD User Migration Exchange Mailbox last
Hi, one Question, we have a multidomain environment, with an Exchange 2016 DAG. Our company consists of several companies, and I have to separate them into several separated AD Domains. We want to migrate Users with ADMT to the new domain per SID-History, and they should use their old Mailbox (per linked Mailbox) until we are able to migrate Exchange completely. I read just About Migrate Exchange first, so my Question is, is our solution a valid way?What is the MAPI property for the 'info' AD attribute?
Question What is the MAPI property for the 'info' AD attribute? I'm configuring two group policy settings that require the MAPI property and the AD attribute of the 'Notes' field on a user account's properties. The 'info' AD attribute corresponds to the 'Notes' field on a user's properties. Things I've Tried Looking for the corresponding MAPI property here: Mail User Properties Message Recipient Properties Haven't been able to find it. Appendix I'm trying to display the 'Notes' field (from a user account's properties) in Outlook contact cards instead of the 'Location' field. The relevant GPO path for the policies I'm configuring is here: User Configuration\Policies\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab The help text for these policies state: "It is recommended that you specify a Messaging Application Programming Interface (MAPI) property and a corresponding Active Directory attribute (AD attribute). The MAPI property should always be specified..." Any help would be much appreciated.
