Thursday, November 21, 2019

How to disable Office 365 self-service purchase

I am sure by now you have heard or read about Microsoft plans to allow Office 365 users to make self-service purchases for the Power Platform. This created such a storm of critics and complaints that Microsoft postponed the introduction of this feature to January 14, 2020. Additionally, it has finally released a way for admins to block such feature.

“Beginning January 14, 2020, self-service purchase, subscription, and license management capabilities for Power Platform products (Power BI, Power Apps, and Power Automate) will be available for commercial cloud customers in the United States. Self-service purchase gives users a chance to try out new technologies and lets them develop solutions that will ultimately benefit their larger organizations. This capability will not be available to tenants in the US that are government, nonprofit, or education, at this time. Central procurement and IT teams will have visibility to all users buying and deploying self-service purchase solutions through the Microsoft 365 admin center, and will be able to turn off self-service purchasing on a per product basis via PowerShell.”

On November 19, Microsoft updated their self-service FAQ and stated that “Admins can also control whether users in their organization can make self-service purchases. For more information see Use AllowSelfServicePurchase for the MSCommerce PowerShell module.”

The MSCommerce PowerShell module is now available on PowerShell Gallery. The module includes a PolicyID parameter value for AllowSelfServicePurchase that lets you control whether users in your organization can make self-service purchases.

You can use the MSCommerce PowerShell module to:
• View the default state of the AllowSelfServicePurchase parameter value — whether it's enabled or disabled;
• View a list of applicable products and whether self-service purchase is enabled or disabled;
• View or modify the current setting for a specific product to either enable or disable it.

To use the MSCommerce PowerShell module, you need:
• A Windows 10 device;
• Administrator permission for the device;
• Global or Billing Admin role for your tenant.

Install the MSCommerce PowerShell module
Download the MSCommerce PowerShell module from the PowerShell Gallery. To install the MSCommerce PowerShell module with PowerShellGet, run the following command:
Install-Module -Name MSCommerce

Import MSCommerce into the PowerShell session
After you install the module, import it into the PowerShell session by running the following command:
Import-Module -Name MSCommerce

Connect to MSCommerce
Finally, connect to the PowerShell module with your credentials. This command connects the current PowerShell session to an Azure Active Directory tenant. The command prompts you for a username and password for the tenant you want to connect to. If multi-factor authentication is enabled for your credentials, you use the interactive option to log in.

View details for AllowSelfServicePurchase
To view a description of the AllowSelfServicePurchase parameter value and the default status, based on your organization, run the following command:
Get-MSCommercePolicy -PolicyId AllowSelfServicePurchase | FL

View a list of self-service purchase products and their status
To view a list of all available self-service purchase products and the status of each, run the following command:
Get-MSCommerceProductPolicies -PolicyId AllowSelfServicePurchase

View or set the status for AllowSelfServicePurchase
After you view the list of products available for self-service purchase, you can view or modify the setting for a specific product. To get the policy setting for a specific product, run the following command:
Get-MSCommerceProductPolicy -PolicyId AllowSelfServicePurchase -ProductId CFQ7TTC0KP0N

To enable the policy setting for a specific product, run the following command:
Update-MSCommerceProductPolicy -PolicyId AllowSelfServicePurchase -ProductId CFQ7TTC0KP0N -Enabled $True

To disable the policy setting for a specific product, basically preventing users from purchasing licenses themselves, run the following command:
Update-MSCommerceProductPolicy -PolicyId AllowSelfServicePurchase -ProductId CFQ7TTC0KP0N -Enabled $False

To disable all three at the same time, you can use the following command:
Get-MSCommerceProductPolicies -PolicyId AllowSelfServicePurchase | ForEach {Update-MSCommerceProductPolicy -PolicyId $_.PolicyID -ProductId $_.ProductID -Enabled $False}

Sunday, September 15, 2019


The other day during a mailbox migration of an on-prem Exchange 2013 mailbox to Exchange Online, I came across the following error:
Error: QuotaExceededException/MapiExceptionMessagePerFolderCountQuotaExceeded: Error: Cannot save changes made to an item to store. --> MapiExceptionMessagePerFolderCountQuotaExceeded: Unable to save changes.

The message was due to a folder in the user’s mailbox which had almost 1,500,000 items in it. The problem is that Exchange Online enforces a maximum number of 1M messages per mailbox folder limit (across all Exchange Online plans). New messages can’t be delivered or saved in a folder when this limit is reached.

There is also a warning for number of messages per mailbox folder. Once a folder in Exchange Online reaches 900,000 items, Exchange Online sends a warning message to the mailbox owner. When this quota is reached, warning messages are sent once a day.

To check which folder(s) in a user’s mailbox is causing this, you can use the Get-MailboxFolderStatistics cmdlet:
Get-MailboxFolderStatistics "user" | % {If ($_.ItemsInFolder -ge 1000000) {Write-Host "Folder with $("{0:N0}" -f $($_.ItemsInFolder)) items: '$($_.FolderPath)'" -ForegroundColor Red}}

It is also crucial to check other limits before starting to sync mailboxes, like mailbox size limit, folder limit, and so on.

Hope it helps!

Sunday, March 31, 2019

The onboarding move could not be created because user ‎is already being moved

When migrating mailboxes to Exchange Online in a Hybrid environment, you might encounter the following error:
PS C:\> Get-MigrationUser | FL

Identity            :
BatchId             : Pilot Migration 1
MailboxEmailAddress :
RecipientType       : MailboxOrMailuser
Status              : Failed
StatusSummary       : Failed
MigrationType       : ExchangeRemoteMove
State               : Failed
WorkflowStep        : DataMigration
WorkflowStage       : Injection
ErrorSummary        : The onboarding move could not be created because user 'User' is already being moved.

If you have already checked all your migration batches (Get-MigrationBatch) and/or all your individual move requests (Get-MoveRequest “user”) and there is absolutely no move request associated with this user, then it is very likely you still have a move request for the user in your on-premises Exchange environment.

So, go to your on-premises environment and remove the local move request for that particular user. This should clear the msExchMailboxMoveRemoteHostName AD attribute. Other attributes related to move requests that you can also check are:
  • msExchMailboxMoveBatchName
  • msExchMailboxMoveFlags
  • msExchMailboxMoveRemoteHostName
  • msExchMailboxMoveSourceMDBLink
  • msExchMailboxMoveStatus
  • msExchMailboxMoveTargetMDBLink

Wednesday, February 6, 2019

How to Update Office 365 Groups Primary Email Address

The other day I got asked if it was possible to update the primary SMTP address of multiple Office 365 Groups in one go. It turns out that, for this particular tenant, the default domain was still the one, meaning all the groups created until then had an email address of instead of

To do this, we have to use PowerShell as it is not possible to change the email address of such group using the EAC.

First, we connect to Exchange Online PowerShell, and then we need to use the *-UnifiedGroup cmdlet.

To retrieve the list of groups that need to be updated, we use the following code:
Get-UnifiedGroup -ResultSize Unlimited | Where {$_.PrimarySmtpAddress -like "*"}

To update the primary SMTP address of an Office 365 Group, we use the Set-UnifiedGroup cmdlet with the PrimarySmtpAddress parameter:
Set-UnifiedGroup “Test Group” -PrimarySmtpAddress “”

Below you can see that the existing primary email address becomes an alias of the group, so no alias/email addresses are lost:

To do this is a large scale, we can use a script like the following:
Get-UnifiedGroup -ResultSize Unlimited | ? {$_.PrimarySmtpAddress -like "*"} | % {
  $smtp = $_.PrimarySmtpAddress
  $newSmtp = $smtp.Split("@")[0] + ""
  # If all the groups’ email addresses are in the alias@ format, then we can simply use the following instead
  # $newSmtp = "$($_.Alias)"

  Write-Host "Updating ""$($_.DisplayName)"" from $smtp to $newSmtp"
  Set-UnifiedGroup $_.Identity -PrimarySmtpAddress $newSmtp

Saturday, August 4, 2018

Installing Exchange Server 2019 Preview on Windows Server 2019 (Core and GUI)

Amongst other big changes, such as the lack of the Unified Messaging role from Exchange Server 2019, the biggest announcement has to be the fact that this is the first version of Exchange that can be installed on a Windows Server Core (either 2016 or 2019)!

So, without further ado, let’s look at how we install the Preview version of Exchange 2019 on a Windows Server 2019 Core as well as on a Windows Server 2019 with a GUI (Desktop Experience).

Preparing Windows for Exchange
After downloading the ISO or Hyper-V image from the Windows Insider Preview website, install the OS as you would normally. In this case, I am using Hyper-V server on a Windows 10 machine. After the OS is installed, the first step is to change the default Administrator’s account password:

Once this is done, we can either use SConfig.cmd or PowerShell to configure the server’s name, domain, network and other settings:

To use PowerShell instead, run start powershell from the command line, which will open a PowerShell window:

Using PowerShell, we can use the Get-NetIPAddress cmdlet to retrieve the network adapters on the server, and then New-NetIPAddress and Set-DNSClientServerAddress to configure it. For example:
New-NetIPAddress -InterfaceIndex 5 -IPAddress -PrefixLength 24 -DefaultGateway
Set-DNSClientServerAddress -InterfaceIndex 5 -ServerAddress “”

To rename and join the server to the domain, we could use the following cmdlet:
Add-Computer -DomainName -NewName EX1 -DomainCredential nunomota\admin

Note that these PowerShell cmdlets can be used to configure both the Core and on the Desktop Experience versions of Windows Server.

Windows Features and Additional Software
We will let Exchange Setup configure the required Windows Features it needs, but there are two we have to install beforehand as they are required for Microsoft UCMA 4.0 and to prepare Active Directory:
Install-WindowsFeature Server-Media-Foundation, RSAT-ADDS

Next, we need to enable file sharing on our Core server, so we can copy some required files to the server. This can be done using the following cmdlet:
netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=yes

Next, from another workstation, download the following software and copy it over to the server:

To install Visual C++, navigate to the location where you copied the file to, and simply run vcredist_x64.exe:

Now we need to install UCMA (Microsoft Unified Communications Managed API 4.0), which comes in the Exchange 2019 media itself. On the Core server, start by mounting the Exchange ISO file:
Mount-DiskImage C:\full_path\ExchangeServer2019.iso

Once this is done, go to the UCMARedist folder, and run Setup.exe to start the installation:

Finally, restart the server:
Restart-Computer -Force

Exchange Installation (Core)
After restarting the server, re-mount the Exchange ISO image and run an unattended installation as you normally would. We can either prepare Active Directory and the Domains separately or let the Setup do everything. In this case, let’s do everything separately.

First we use the /PrepareSchema switch to extend the Active Directory schema:

Next, the /PrepareAD switch to prepare Active Directory:

Then we use /PrepareAllDomains to prepare all the Active Directory domains:

Finally, we can install Exchange, and all the required OS components, using the same method we are used to with previous versions:
.\Setup.exe /Mode:Install /Roles:Mailbox /IAcceptExchangeServerLicenseTerms /InstallWindowsComponents

Once the installation completes, we can launch the Exchange Management Shell using LaunchEMS command from the command line:

Done! From here, we can manage this server using a variety of methods such as the Exchange Management Shell, Exchange Admin Center, remote PowerShell, and all the Windows management tools.

Exchange Installation (GUI)
As for the Desktop Experience version of Windows, we can obviously install Exchange unattended, or follow the installation wizard, which is pretty much identical to Exchange 2016:

Once installation has complete, we have the usual links in the Start menu:

We have our Exchange Management Shell:

And the Exchange Admin Center:

From a user perspective, they get the “new” Outlook in the Web :)

Wednesday, July 18, 2018

Kernel for Exchange Server Recovery - Product Review

In this product review, we will have a look at version 18.2 of Kernel for Exchange Server from Lepide Software’s sister company, Kernel Data Recovery.

Lepide Software is known company in the IT arena. Its Kernel range of products include popular solutions for data recovery, database recovery, file repair, email migrations, email recovery, and more. Kernel for Exchange Server is primarily an Exchange mailbox database recovery tool. It helps admins easily recover mailbox content (emails, attachments, contacts, calendars, and tasks) after any event of Exchange disruption or corruption. Besides being able to convert an EDB file to PST, it can migrate mailboxes from offline EDB files to a live Exchange environment or even to Office 365 mailboxes (including archive mailboxes and public folders). Some of its features include:
  • Extraction of mailbox data from inaccessible EDB files to PST;
  • Extraction of data to MSG, EML, TXT, RTF, or HTML formats;
  • Migration of mailboxes from offline or online databases to Exchange and Office 365;
  • Migration from IMAP servers (like Gmail, Yahoo, Hotmail, and GroupWise) to PST, live Exchange Server, or Office 365 mailbox;
  • Export Office 365 mailboxes to Office 365 mailboxes or PST;
  • Fully compatible with Microsoft Outlook 2016 & Exchange Server 2016, as well as all prior versions;
  • In-built backup extractor to recovery EDB files from NT Backup and VERITAS backups.

So let’s start by looking at how we install this tool.

Installing Kernel for Exchange Server
Before downloading and installing Kernel for Exchange Server, make sure your system fulfils the following prerequisites:
  • Processor: minimum dual-core processor (quad-core recommended);
  • RAM: minimum 4 GB (8 GB recommended);
  • Disk: minimum 200 MB free disk space;
  • Windows Operating System: either 32 or 64-bit of Windows 7 or above, or Windows Server 2003 or above;
  • Outlook: Outlook 2000 or above;
  • Exchange: Exchange Server 2000 or above;
  • Supported Virtual Environments: VMware Server 1.0x (or above), VMware Workstation v6.0x (or above), VMware ESX 4.0 (or above), Hyper-V, and Microsoft Virtual PC 2007.

Start by downloading Kernel for Exchange Server software from this webpage and save it locally. Once you have the installer file, follow these steps:
1.       Double-click the Kernel for Exchange Server’s installer file. It will initiate the installation process with the following setup wizard:

2.       Click Next to proceed. Read the license agreement carefully and then select I accept the agreement:

3.       Click Next to continue to the next dialog box. This will display the wizard to change the destination location:

4.       The default installation location is %ProgramFiles%\Kernel for Exchange Server for 32-bit and %ProgramFiles(x86)%\Kernel for Exchange Server for 64-bit Windows OS. You can click Browse to change the location if desired. Once you’re done, click Next;
5.       If required, change the location of the shortcuts folder in the Start Menu:

6.       Click Next to proceed to the next steps, where you have the option of creating icons in the desktop and Quick Launch bar for easy access:

7.       Click Next to proceed;
8.       Setup is now ready to start the installation process. Click Install:

9.       Once the installation is complete, click Finish to complete the installation process:

10.    If you have checked the Launch Kernel for Exchange Server option, then the software’s main screen will appear:

Here we can see that this product has a very clean, modern and easy to use user interface.

Using Kernel for Exchange Server
The first step to use the software, is to select a source from which we want to retrieve/recover data from. This can be any of the following:
·       An offline Exchange EDB file;
·       A live Exchange environment, from which we can select:
o   A single mailbox;
o   Public Folders;
o   Archive mailbox;
o   Multiple mailboxes;
o   An Outlook profile to add a single mailbox as a source.
·       Gmail, Yahoo, Novell GroupWise, or other email accounts using an existing Outlook Profile;
·       Office 365:
o   A single mailbox;
o   Public Folders;
o   Archive mailbox;
o   Multiple mailboxes,
o   An Outlook profile to add a single mailbox of Office 365 as a source.

Let’s start with a corrupted EDB file and then have a look at Office 365.

EDB Files as a Source
An unmounted and offline EDB file can be added as a source. Kernel for Exchange Server scans the EDB file for possible errors, fixes them, retrieves its data, and then allows us to export it to a PST file or transfer it to another Exchange mailbox for example.

For this test, I have an EDB file in a Dirty Shutdown state:

So, let’s see how Kernel for Exchange Server deals with it. To add it as a source:
1.       We start by clicking on Add Source... or on Offline EDB;
2.       We select the Offline EDB File option and click Next:

3.       There are two ways of adding one or more EDB files: we can select the EDB file manually by clicking on ... and select the location where the EDB file is stored, or we can search for EDB files using the Search button. While scanning EDB files, the temporary scanning data and logs are stored in the Temp Path directory.

4.       Next, we must choose between the two types of EDB scanning:
a.       Standard Scan should be used when the EDB file is not severely corrupted or if we just want to migrate the data from a working offline EDB file to any destination. If the EDB cannot be recovered using this method, then the software will switch to Deep Scan;
b.      Deep Scan is for severely corrupted EDB files, or those very large sized. This scan will take longer but should retrieve most data from the EDB file.
5.       In some cases, where the EDB file is severely corrupted, the From field of emails either shows an ambiguous value or are blank. Therefore, it is advised to check the box titled Use message table to get "From" field:

6.       Click Next to start the scanning. Once complete, the following dialog box is displayed:

7.       Click Finish button to complete the process;
8.       After completing the process, the selected offline EDB file(s) is displayed under Source List, together with all the mailboxes it holds:

From here, we can explore the mailboxes in the EDB file and, if Outlook is installed, preview their content, such as calendar entries, contacts, emails, and so on:

Extracting one or more items is straightforward. We simply select the one(s) we want to extract, right-click on them and select one of the desired options:

If we are exporting emails, we can select the location where to export them to, in which format we want those emails saved as, and if we want to keep their folder hierarchy:

Once the process is complete, we are notified:

Exporting to PST
Now that we have access to the data inside the EDB file, we can extract to PST file(s) using two different methods. One way is to click on PST File in order to create a blank PST file as a destination, which we can use to drag-and-drop items into. We select Create New PST File:

Chose a location and a name for it:

And click Next to create it and add it as a Destination:

We now have the EDB file as a Source and our newly created PST as a Destination. As the tip in the main screen suggests, we can now simply drag-and-drop items (be that emails, calendar items, contacts, and so on) from our EDB to our PST file:

The second method allows us to easily export one or more mailboxes to PST. To use this method, we right-click on our source and select Export Mailboxes to PST...:

From here, we can select which mailboxes we want to export, and all of them will have their own PST file:

We can also manually select which folders we want to export for each mailbox. A downside is that, by default, it also extracts all the system folders that are typically hidden from users, and those are generally not needed... We can use the Custom Selected option, which allows us to filter out all the system folders we don’t want to extract and apply that filter to all mailboxes:

Using the Set Filter option, we can easily decide which item types we want to extract, and which ones we want to ignore. We can also filter items based on their creation time. A really good feature indeed.

Once we are happy with our selection(s) and filters, we click Export and the process begins:

Once complete, we get a report stating how many items were exported per folder, if any duplicates were found, and some more details:

Office 365
Office 365 can be used both as a source or as a target. As a requirement, we need an account with the following rights in Office 365/Exchange Online:
·       A Global Administrator;
·       Full Access permission over all the Office 365 mailboxes we want to work on.

After establishing the connection, we can use Single Mailbox, Multiple Mailboxes, Public Folders, and Archive Folders as sources or targets. We can then export/import data from/to mailboxes in Exchange Online. For example, we can connect to a mailbox on-premises using the Live Exchange option (source), connect to a mailbox in Exchange Online using the Office 365 option, and then migrate the mailbox’s content from on-premises to the cloud. It is also possible to export Office 365 mailbox items to EML, DBX, and PST files.

After selecting Office 365 (Exchange Online) option, click Next:

Select an option to specify what you want to connect to. Either:
1.       Connect Single Mailbox;
2.       Connect Public Folder;
3.       Connect Archive Mailbox;
4.       Connect Multiple Mailboxes.

Enter the user name and password of a user account that has full rights over the selected mailbox(s) or public folder(s). The strange thing here, is that we need an Outlook profile (at least when using Outlook 2016) created with the user that has full access to the mailboxe(s) we want to import data into. This means the Use existing outlook profiles option must be selected as Kernel for Exchange Server will use Outlook and a MAPI connection to import data. Since Outlook is used, why do we need to specify credentials and a server name? After all, Outlook will take care of all of that with the profile we must create...

Click OK after you have created the required profile and entered all the mandatory details:

If the tenant has multiple mailboxes, then the wizard shows the list of all mailboxes:

Check the mailbox(s) you want to add as a source or target, and click Next;
All the selected mailboxes are then added (in this case to the target/destination pane):

From here, it’s easy to import data into the mailbox by dragging items from a source like an offline EDB file, a live Exchange mailbox, or even from another Office 365 mailbox.

Although it’s possible to use Kernel for Exchange Server to perform mailbox migrations from an on-premises live Exchange environment to Office 365, for example, it is important to keep in mind that this tool has been primarily designed as an Exchange mailbox database recovery tool. With that in mind, it performs great in that field. It can easily recover data from inaccessible EDB files, and export that data to PSTs or to a myriad of other formats or targets. As a bonus, it is also capable of performing basic migrations, which can come in handy in some situations.