SourcePrincipalMappingException: Tombstoned AccessRights

Recently we stumbled across some issues, while migrating mailboxes to Exchange Online. Not sure whether the kind of RecipientTypeDetails matters, but we see that permissions for mailboxes get completely stripped off. Of course this causes major trouble as users won’t be able accessing the mailbox.

We currently have a case open and trying to identify the root cause, but for now we are trying to avoid invalid entries as it seems to be related to.

Continue reading

Why LDAP policies can bother you

End of last year I run into this issue along with another one related to LSA protection and code integrity check (which will be covered in another post).

This issue might be rarely, but you can run into even your environment is not large and even you followed the Preferred Architecture (PA) for Exchange and used the calculator. If you have this issue, it can have serious and unforeseen consequences and impact your setup.

If you want to read more about: I wrote about this on a guest post on the ENow blog.

Severe Outlook for Mac issue

Sometimes things going wrong. So this time with Outlook for Mac. Starting with version 16.22 from Insider Slow we started seen some strange behavior as suddenly additional entries in the calendar view occurred. But with version 16.23 things got even worse.

When your mailbox is in Exchange Online and you are using Outlook for Mac with this version, you should continue reading. I f not you can relax and stop reading.


There is now a new version available, which has a fix for this:

Make sure you install version 16.23.326.1!

Continue reading

OAuth: Get-AccessToken

Since everything is shifting towards cloud, folks are looking more and more into possibilities and how cloud features can be incorporated into products.

One crucial topic is all around Authentication and Authorization. OAuth is the most used word in the past month,when I was approached by developers and they wanted to access somehow Exchange related data. I realized that many people having problems writing their code and usually we get blamed that we haven’t registered an application correctly in Azure AD.

Thus it’s on us to prove everything is okay and therefore I wrote a simple script for testing several scenarios in an easy way to make sure everything is configured correctly and you’re able to retrieve tokens.

Continue reading

Collecting event logs

In the past month I had several times the need for collecting event logs across multiple servers or parsing exported ones from *.evtx files. Get-WinEvent is the perfect Cmdlet for doing this as you can use it for querying both with.

But of course the out-of-the-box experience, usage and output didn’t fit others and my own requirements. Therefore I ended-up in writing a new script.

Continue reading

Formatting output of Admin- and UnifiedAuditLog

I often have to perform searches in the Exchange AdminAuditLogs on-premises and in EXO or in the UnifiedAuditLogs, which are only in EXO available. Depending on the need I either analyse them using Out-GridView or export them to CSV file.

Challenge is always proper formatting. There are thousands way of doing, but here are my.

Continue reading

Why X500 addresses are so important

There are many posts and a few KB articles related to legacyExchangeDN and X500 addresses. Here some a few examples:

These are only a few examples. But there is even more: Calendar items and especially recurring meetings are highly depending on legacyExchangeDN.

In a recent M&A scenario the decision was made to perform a cleanup of X500 addresses, which definitely caused quiet a number of tickets.

Continue reading