Decommissioning flaw in Exchange

This post is lingering around for a while as I thought it would be fixed some days. Unfortunately it wasn’t fixed as of today, so be aware in case you’re going to decommision your Exchange servers. In particular:

Removing databases.

The need of removing databases can have multiple reasons. In my case it was the next logical step in our journey to Exchange Online.

Continue reading

SourcePrincipalMappingException: Tombstoned AccessRights

Recently we stumbled across some issues, while migrating mailboxes to Exchange Online. Not sure whether the kind of RecipientTypeDetails matters, but we see that permissions for mailboxes get completely stripped off. Of course this causes major trouble as users won’t be able accessing the mailbox.

We currently have a case open and trying to identify the root cause, but for now we are trying to avoid invalid entries as it seems to be related to.

Continue reading

Why X500 addresses are so important

There are many posts and a few KB articles related to legacyExchangeDN and X500 addresses. Here some a few examples:

These are only a few examples. But there is even more: Calendar items and especially recurring meetings are highly depending on legacyExchangeDN.

In a recent M&A scenario the decision was made to perform a cleanup of X500 addresses, which definitely caused quiet a number of tickets.

Continue reading

Exchange Online migration and TooManyBadItemsPermanetException

I’m sure that a lot of people have seen this issue before when migrating to Exchange Online:

The BadItemLimit was exceeded and therefore the move request failed.

A while a go Ben Winzenz wrote an excellent post on the You Had Me At EHLO blog, where he mentioned that there was a change in Exchange Online and now failed mapping of SIDs will count towards the BadItemLimit.

So far so good, but how do we solve such issues when increasing of bad item limit is not an option and you have to migrate approx. 130.000 mailboxes?

Update 28.08.2018

Due to some issues while removing invalid permissions with Exchange Cmdlets, I enhanced the script. Read more about it here

Update 03.01.2020

Joshua Bines has also a great script with reporting capabilities(thanks for sharing!). You can find his on GitHub:


Continue reading

Office 365 Exchange Hybrid: When Autodiscover and legacy PF impacting Outlook performance

I spent last weeks quite some time with Outlook performance issues in an Exchange Hybrid scenario. In addition this is not a normal Hybrid as here multiple Exchange Organizations from different AD Forests without any Trust Relationships are involved.

Thus I’m not talking about the scenario described in TechNet Multi-forest hybrid deployment scenario. It looks more like this:

Continue reading

Outlook for Mac in Coexistence Environment

Currently I’m upgrading an Exchange 2013 environment to Exchange 2016. In general this upgrade runs very smoothly and is almost seemless for user. It’s a complete different story when you’re coming from Exchange 2010.

So far I got only positive feedback and no issue were reported. Until a bunch of shared mailbox have been migrated.

Users complained they cannot access these mailbox anymore. First I couldn’t reproduce the issue, until I got another important detail:

All these user are using Outlook for Mac and indeed I could reproduce the behavior.

Update 04.09.2017

This issue is fixed in version 15.38 (170815) of the Insider Fast Build as of August, 16:

Continue reading

What is uploadReadAheadSize?

During a migration to Exchange 2013 several users started complaining about intermediate connectivity issues.

After some investigation I still had no clear picture of the issue. The users had in general no connectivity problems, but they got sometimes errors (e.g.: failed authentication, request could not be completed). And this not in a consistent way.

Some reported issues in Outlook and some on a mobile device using an app. When I heard about the mobile apps, my first thought was maybe an Exchange ActiveSync issue. But the apps on the mobile devices were using EWS.

Continue reading

Get mailbox folder permissions using EWS multithreading

A few weeks ago I was involved in a migration project. At one point in time we needed a script to retrieve permissions on mailboxes on folder-level. Besides this we needed to read the property PR_NT_SECURITY_DESCRIPTOR for folders.

Why we needed to read the property PR_NT_SECURITY_DESCRIPTOR?

Read more about in this article here!

Now back to the script. I know there are many scripts out there, which are doing this job. But we needed something to get the data real quick and a way to retrieve SIDs. I started looking for all options and ended in .NET mutlithreading for the first and MrMAPI for the second need.

Continue reading

The good, the bad and sIDHistory

This post is about my personal journey with a cross-forest migration.

When it comes to account migration there is no way to do so without sIDHistory. It would be really hard to have a smooth migration without.

By using this attribute a end-user most likely won’t experience any impact…..unless you start doing a cleanup of this attribute.

In terms of Exchange users might see something like this


or this


But what’s behind those issues and how could you mitigate this? I was part of a migration, where those issues popped up and I’m going to describe how you could determine possible impact for end-users before it happens.

Continue reading