33 C
Dubai
Tuesday, April 29, 2025
Home Blog Page 37

Configuring Mimecast with Office 365

Satheshwaran Manoharan
-
2
Configuring Mimecast with Office 365

Lets see how to synchronize azure active directory users by providing Azure Active Directory API Permissions with mimecast directory synchronization and configure inbound and outbound mail flow with mimecast. Currently On-Premise Exchange server Configured in Hybrid Mode and Azure AD Connect is Configured with Password hash Synchronization. We will move Mail flow to mimecast and start moving mailboxes to the cloud.This Configuration is suitable for Office 365 Cloud users and Hybrid users.

Log into the mimecast console

First Add the TXT Record and verify the domain.

image

Once the domain is Validated. Choose Next.

image

Now we need to Configure the Azure Active Directory Synchronization.

Now we need three things.

  • Application/Client ID
  • Key
  • Tenant Domain

lets see how to configure them in the Azure Active Directory .

image

Log into Azure Active Directory Admin Center

image

Azure Active Directory – App Registrations – New Registration

image

Enter a friendly Name _

Choose – Accounts in this organizational directory only (Azure365pro – Single tenant)

image

  • Copy the Application (client) ID for Mimecast Console

image

Click on Certificates and Secrets

Create Client Secret _ Copy the new Client Secret value. You won’t be able to retrieve it after you perform another operation or leave this blade.

So store the value in a safe place so that we can use (KEY) it in the mimecast console.

image

image

Get the default domain which is the tenant domain in mimecast console.

image

Now Add below permissions  _

Microsoft Graph – Application Permissions – User.Read.All Read all users’ full profiles

image

Azure Active Directory Graph – Application Permissions – Directory.Read.All Read directory data

Azure Active Directory Graph –  Delegated Permissions – User.Read.All Read all users’ full profiles

image

Samples _

image

image

In the End it should look like below. it will prepare for consent and Click on “Grant Admin Consent”

image

Once the permission is granted . Wait for few minutes

Now  _ Get to the mimecast Admin Console fill in the details which we collected earlier and click on synchronize.

image

Now Synchronization is configured.

image

Choose Next Task to allow authentication for mimecast apps .

image

Now lets whitelist mimecast IPs in Connection Filter.

Login to Exchange Admin Center _ Protection _ Connection Filter

Choose Default _ Edit (Pen Icon)

image

Now Choose Default Filter and Edit the filter to allow IP ranges . you can get from the mimecast console.

or you refer below link for updated IP ranges for whitelisting inbound mail flow.

and Check Enable Safe list.

https://community.mimecast.com/s/article/Adding-Network-Ranges-to-Office-365

image

Get the mx value of the domain

Microsoft 365 Admin Center _ Domains _ MX value

image

Now you can test the inbound mail flow.

image

Now inbound to Office 365 works fine.

image

Lets do the outbound email now.

image

Configuring SPF.

In my case its a hybrid. So mails are going out via on-premise servers as well

So I added only include line in my existing SPF Record.as per the screenshot.

my spf looks like v=spf1 include:eu._netblocks.mimecast.com  a:mail.azure365pro.com ip4:148.50.16.90 ~all

image

Lets create a connector to force all outbound emails from Office 365 to Mimecast

At this point we will create connector only . Only the transport rule will make the connector active.

image

Outbound to Mimecast

image

Choose  – Only when i have a transport rule set up that redirects messages to this connector

Choose – Next

image

  • Route email through these smart hosts

Get the smart hosts via mimecast administration console.

image

image

Leave it default.

Choose “Always use Transport Layer Security (TLS) to secure the connection (recommended)

Issued by a trusted certificate authority (CA)

image

Now create a transport rule to utilize this connector.

Once you turn on this transport rule . your mail flow will start flowing through mimecast. Its recommended to move your outbound mail flow first for a week so that it can do the learning then move your mx to mimecast to have very few false positives. Still its going to work great if you move your mx on the first day.

image

image

Now you are good to move your MX record.

image

Now Secure your inbound email

image

image

Use the Sender’s domain

image

image

image

Add the listed IP ranges

image

 

image

Whenever you wish to sync Azure Active Director Data

image

Adding DNS Servers in All DHCP Scopes using PowerShell

Satheshwaran Manoharan
-
1
Adding DNS Servers in All DHCP Scopes using PowerShell

To Get all Scopes – Open PowerShell – Run as Administrator

Get-DhcpServerv4Scope

To Check DNS Servers Option 006

Get-DhcpServerv4Scope | Get-DhcpServerv4OptionValue | Where-Object {$_.OptionID -like 6} | FT Value

image

To Check – Whatif

Get-DhcpServerv4Scope | Set-DhcpServerv4OptionValue -DnsServer 172.21.10.20,172.21.10.21,10.10.11.10,10.10.11.11 –Whatif

To Apply

Get-DhcpServerv4Scope | Set-DhcpServerv4OptionValue -DnsServer 172.21.10.20,172.21.10.21,10.10.11.10,10.10.11.11

To Check if its Applied or Not

Get-DhcpServerv4Scope | Get-DhcpServerv4OptionValue | Where-Object {$_.OptionID -like 6} | FT Value

You can see 006 DNS Servers Updated for all scopes

image

NDR Full access and Send on Behalf permissions over Shared Mailboxes

Satheshwaran Manoharan
-
0
NDR Full access and Send on Behalf permissions over Shared Mailboxes

Suddenly some of our users who have shared mailboxes configured in their Primary Outlook Profile created outlook rules and removed the shared mailbox from their profile. Started receiving Non Delivery reports while using shared mailboxes using their Outlook rule on shared mailboxes to forward emails. After looking into it. It happened over the newly updated machines.

Looks like these mailboxes have send on behalf and full access over shared mailboxes but shared mailbox is not opened by the user on the primary profile.  Once we provided send as permission over the shared mailboxes. it resolved the same.

Consider the following scenario:

  • You have Full Access and Send On Behalf Of permissions to a shared mailbox in an Exchange Server environment.
  • You configure a Microsoft Outlook profile for the shared mailbox and enter your own credentials to access it.
  • You send an email message from this Outlook profile.

Similar error in Outlook Online mode as well

image

NDR Reference _ 1


From: System Administrator
Sent: Tuesday, November 19, 2019 11:07 AM

Subject: Undeliverable: xxxx

Your message did not reach some or all of the intended recipients.

Subject:  xxxxx
Sent:     19/Nov/2019 11:06 AM

The following recipient(s) cannot be reached:

Tam on 19/Nov/2019 11:07 AM
This message could not be sent. Try sending the message again later, or contact your network administrator. You do not have the permission to send the message on behalf of the specified
user. Error is [0x80070005-0x0004dc-0x000524].

Frank on 19/Nov/2019 11:07 AM
This message could not be sent. Try sending the message again later, or contact your network administrator. You do not have the permission to send the message on behalf of the specified
user. Error is [0x80070005-0x0004dc-0x000524].

Salem on 19/Nov/2019 11:07 AM
This message could not be sent. Try sending the message again later, or contact your network administrator. You do not have the permission to send the message on behalf of the specified
user. Error is [0x80070005-0x0004dc-0x000524].

Sath on 19/Nov/2019 11:07 AM
This message could not be sent. Try sending the message again later, or contact your network administrator. You do not have the permission to send the message on behalf of the specified
user. Error is [0x80070005-0x0004dc-0x000524].

NDR Reference _ 2


Subject: Undeliverable:

Your message did not reach some or all of the intended recipients.

The following recipient(s) cannot be reached: Sath on This message could not be sent. Try sending the message again later, or contact your network administrator. Error is [0x80070005-00000000-00000000].

Reference –

https://docs.microsoft.com/en-us/exchange/troubleshoot/shared-mailboxes/cannot-send-email-with-full-access

Creating two way Transitive Trust in Windows Server

Satheshwaran Manoharan
-
4
Creating two way Transitive Trust in Windows Server

Let’s see how to build a “Two way Transitive Trust” . You need to have a proper DNS resolution working two way.

There are different types of trusts, “Two way Transitive Trust“ is the most used and less complicated trust where both the organizations will have all the permissions over the organizations. It doesn’t fit all the scenarios. But most of them.

This will be the Initial Step if your going to do a cross forest migration between two messaging environments or migrate your Active Directory into single domain or coexist to share permissions between two forest.

Source domain – sourceazure365pro.com

Target Domain – targetazure365pro.com

Open Active Directory Domains and Trusts.

Start – Administrative Tools – Active Directory Domains and Trusts

image

Click on “New Trust”

image

Am Typing the “Netbios” or root the domain name name of the Target forest

image

Click on Forest Trust

image

Click on “Two-way” as we are going to setup – Two way Transitive Trust

image

Click on “Both this domain and the Specified domain”

image

Type the Target domain Administrator Credentials

domainname\username

password

image

Click on “Forest-Wide Authentication”

Outgoing Trust Authentication Level – Local Forest

image

Outgoing Trust Authentication Level – Specified Forest

image

image

In the confirm outgoing trust, choose Yes, Confirm the outgoing trust option. Click Next.

In the confirm incoming trust, choose Yes, Confirm the incoming trust option. Click Next.

Choose Yes

The trust relationship has been created successfully in this domain controller. Click Finish.

You can now view the trust relationship from the trusts tab as shown above

You can test by sharing the folder from source domain to target domain or vice versa. Assigning permission to users located from the other side of the forest.

You can see the trusts has been created

image

After Creation “ Click on Validate to verify the Trusts”

image

Enter the Target domain Credentials

image

Its always good to validate the trusts , as a confirmation , that we did the right thing

image

Choose Yes

image

Now you can see the Trusts populated in the target domain

image

Two way transitive Trusts between domains is valid and active now.

DNS Prerequisites for Cross Forest Migration

Satheshwaran Manoharan
-
0
DNS Prerequisites for Cross Forest Migration

Lets see how to create a conditional Forwarder in Microsoft DNS and inflobox to Create Two way transitive Trust prior to the migration.

Open Microsoft DNS Manager – Right Click on Conditional Forwarder – New Conditional forwarder

image

Enter the Other Forest Domain Name

image

Choose OK.

So any request to Azure365pro.com

ad.azure365pro.com will resolve from 172.21.1.100

Am doing this from Forest A to Forest B (Azure365pro.com)

Lets see how to create the same forwarder if you have a custom DNS Solution like inflobox

Adding Forwarding zone in Inflobox for Azure365Pro.com

Step 1 – Add Forward Zone

 

clip_image001

Step 2 – Add and authoritative forward-mapping zone

clip_image003

Step 3 – name – azure365pro.com

image

Add Name Servers

azure365pro.com Name Servers / Domain Controllers (AD Integrated DNS Servers)

azure365pro.com 10.10.10.10

azure365pro.com 10.10.10.11

image

Step 4 – Leave members empty

clip_image011

Step 5 – Leave Extensible Attributes empty

Choose Next

clip_image013

Step 6 – Choose Save and Close

clip_image015

Creating a Dropdown F5 APM

Satheshwaran Manoharan
-
0
Creating a Dropdown F5 APM

Lets see how to Create a Dropdown Menu in F5 APM Access Profile

image

Choose the third option select

image

Create Input Field as below.

image

1...363738...113Page 37 of 113

EDITOR PICKS

POPULAR POSTS

POPULAR CATEGORY

ABOUT ME

Satheshwaran Manoharan - Microsoft MVP - Award-winning Technology Leader with a wealth of experience running large teams and diversified industry exposure in cloud computing. From shipping lines to rolling stocks.In-depth expertise in driving cloud adoption strategies and modernizing systems to cloud native. Specialized in Microsoft Cloud, DevOps, and Microsoft 365 Stack and conducted numerous successful projects worldwide. Also, Acting as a Technical Advisor for various start-ups.

Contact : Info@Azure365Pro.com

FOLLOW US

© Azure365Pro.com

× How can I help you?