Exchange 2013 RMS Shared Identity user FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042 not found

Today I was re-installing Exchange 2013 into an Active Directory forest The schema was already extended with the Exchange 2013 schema extensions.

When installing Exchange 2013, installation of the Mailbox Transport role failed with the following error:

Error:
The following error was generated when “$error.Clear();
if ( ($server -eq $null) -and ($RoleIsDatacenter -ne $true) )
{
Update-RmsSharedIdentity -ServerName $RoleNetBIOSName
}
” was run: “RMS Shared Identity user FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042 not found.”.

FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042 is a Exchange 2013 built in arbitration user account which must exist in every Exchange 2013 environment. The GUID never changes, it is always “4c1f4d8b-8179-4148-93bf-00a95fa1e042”.

The setup failed because someone deleted this user account from Active Directory!

How can we get it back?

You have two ways to get this mailbox back. If you have a computer on your network with the Exchange 2010 management tools installed, you can create the user account using powershell with the following command:

New-Mailbox -Arbitration -Name FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042 -UserPrincipalName FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042@default_accepted_domain

For more information on this see Microsoft KB978776

What happens if you do not have exchange management shell installed on any computers? Well there is another way to get this account back. This account is originally created when you prepare the domain/schema. If you run setup.com /PrepareAD on your domain it will re-create this account for you. See below:

Exchange Server Active Directory Supportability Matrix

Operating system environment

Exchange 2013 SP1

Exchange 2013 CU2 and CU3

Exchange 2010 SP3 RU5 or later

Exchange 2010 SP2

Exchange 2007 SP3 RU13 or later

Windows Server 2008 R2 SP1 Active Directory servers

X

X

X

X

X

Windows Server 2012 Active Directory servers

X

X

X

X

X

Windows Server 2012 R2 Active Directory servers

X

X

X

 

X

Domain and forest functional level

Exchange 2013 SP1

Exchange 2013 CU2 and CU3

Exchange 2010 SP3 RU5 or later

Exchange 2010 SP2

Exchange 2007 SP3 RU13 or later

Windows Server 2008 R2 SP1 domain functional level

X

X

X

X

X

Windows Server 2012 domain functional level

X

X

X

X

X

Windows Server 2012 R2 domain functional level

X

 

X

   

Windows Server 2008 R2 SP1 forest functional level

X

X

X

X

X

Windows Server 2012 forest functional level

X

X

X

X

X

Windows Server 2012 R2 forest functional level

X

 

X

   

Cumulative Update 3 for Microsoft Exchange Server 2013

Issues that the cumulative update resolves

Cumulative Update 3 for Microsoft Exchange Server 2013 contains the fix for the security issue that is described in Security Bulletin MS13-061

(http://technet.microsoft.com/en-us/security/bulletin/MS13-061)

and resolves the issues that are described in the following Microsoft Knowledge Base (KB) articles:

  • 2865161 “Errors: Failed exporting item id: from source id” when you try to copy search results in an Exchange Server 2013 environment

  • 2866064 Can’t load OWA Premium by using Internet Explorer 11 in an Exchange Server environment

  • 2871980 Child domains are not displayed for selection when you create a mailbox by using EAC in an Exchange Server 2013 environment

  • 2874216 Security issue that is described in Security Bulletin MS13-061 is resolved by an Exchange Server update

  • 2878160 “The Active Directory user wasn’t found” error when you create or update an In-Place eDiscovery search in an Exchange Server 2013 environment

  • 2882608 Exchange Server 2013 does not share the inproxy.dll file

  • 2886115 Retention policies are not applied to Exchange Server 2013 mailboxes when user accounts are on different domains

  • 2888274 WebClientReadFormQueryString string and WebClientEditFormQueryString string return incorrect URLs in an Exchange Server 2013 environment

  • 2888315 Event 2112 or 2180 is logged when you try to back up a database in an Exchange Server 2013 environment

  • 2888612 Retention policy does not work after you run a cmdlet in an Exchange Server 2013 environment

  • 2889786 Sign-in format for Outlook Web App on mobile devices is not adjusted according to the Set-OwaVirtualDerictory cmdlet in an Exchange Server 2013 environment

  • 2890650 Items in the Drafts folder are not stamped with the retention policy tag in an Exchange Server 2010 or 2013 environment

  • 2895487 “Copy Search Results” option does not work in an Exchange server 2013 environment

  • 2895500 DBCS characters appear garbled when you run some PowerShell scripts in EMS in an Exchange Server 2013 environment

  • 2895678 “Nombre de usuario\dominio” is displayed unexpectedly on the Spanish version of the OWA and EAC logon pages in an Exchange Server 2013 environment

  • 2902929 You cannot forward an external meeting request in an Exchange Server 2013 environment

  • 2902933 “Generate incident report” does not display the “Bcc” field in an Exchange Server 2013 environment

  • 2902934 Korean language localization issue in Exchange 2013 OWA user interface

  • 2902936 You cannot change SMTP addresses for distribution groups by using EAC in an Exchange Server 2013 environment

  • 2902938 You cannot preview Office documents in shared folders by using Outlook Web App in an Exchange Server 2013 environment

  • 2902939 EMS connection error when you separately install an Exchange Server 2013 Mailbox server and a Client Access server

  • 2883203 Exchange Server 2013 restarts frequently after Cumulative Update 2 is installed

  • 2890814 No redirection to the Outlook Web App URL for Exchange Online users in an Exchange hybrid deployment

Download

Rollup 4 for Forefront Threat Management Gateway 2010 Service Pack 2

Issues that are fixed in this rollup package

2889345 FIX: Accounts are locked out beyond the AccountLockoutResetTime period in Forefront Threat Management Gateway 2010 SP2

2890549 FIX: Incorrect Performance Monitor values when queried from a .NET Framework app in Forefront Threat Management Gateway 2010

2890563 FIX: “URL” and “Destination Host Name” values are unreadable in the web proxy log of Forefront Threat Management Gateway 2010

2891026 FIX: Firewall Service leaks memory if Malware Inspection is enabled in Forefront Threat Management Gateway 2010

2888619 FIX: A password change is unsuccessful if a user’s DN attribute contains a forward slash and an Active Directory LDAP-defined special character in Forefront Threat Management Gateway 2010

2863383 FIX: “Query stopped because an error occurred while it was running” when you run a non-live query in Forefront Threat Management Gateway 2010 SP2

2899720 FIX: Threat Management Gateway 2010 incorrectly sends “Keep-Alive” headers when it replies to Media Player WPAD file requests

2899716 FIX: Firewall service (Wspsrv.exe) crashes when a web publishing request is handled in Forefront Threat Management Gateway 2010

2899713 FIX: Access to certain SSL websites may be unavailable when HTTPS Inspection is enabled in Forefront Threat Management Gateway 2010

Exchange Server 2013 Service Pack 1 Coming in Early 2014

Today on the Office blog Exchange Team announced that service pack 1 for the 2013 set of products including Office, SharePoint and Exchange will be released early next year. We know our Exchange customers have been looking for confirmation of the release but also have a desire for an early look at what’s coming with Exchange Server 2013 Service Pack 1 (SP1). So let’s have a first look a few things you can expect to see in SP1. But wait… we haven’t released CU3 – well, news about CU3 is imminent – stay tuned for more information about CU3 coming very soon.

In this post we are highlighting a few of the notable improvements to be included in SP1. This isn’t an all-inclusive list, so stay tuned for additional details as we approach release.

  • Windows Server 2012 R2 Support First answering one the most common questions since the release of Windows Server 2012 R2. Exchange 2013 SP1 will add Windows Server 2012 R2 as a supported operating system for Exchange Server 2013 with SP1. Let your planning begin.
  • S/MIME support for OWA Support for S/MIME in OWA will be brought back in SP1. With SP1 customers will have S/MIME support across Outlook, Exchange ActiveSync clients, and OWA.
  • Edge Transport Server Role The Edge Transport server role for Exchange Server 2013 will be available with SP1.
  • Fixes and Improvements Of course, SP1 will include fixes and improvements in areas you’ve helped us identity. SP1 is the first service pack issued in the new Exchange Server cumulative update release model – thus SP1 is essentially CU4. The installation of SP1 will follow the same process as the prior Exchange 2013 CU releases. SP1 will include all fixes included in previously released cumulative updates for Exchange 2013.

SP1 will require customers to update their Active Directory schema – customers should assume this requirement for all Exchange Server 2013 updates. Plan for this required update to quickly take advantage SP1 updates. Active Directory Schema updates for Exchange are additive and always backwards compatible with previous releases and versions.

Creating a Home Drive with Windows PowerShell

With the following script I will do 3 things:

1. Set the user his home folder with drive letter
2. Create a folder on your home folders file share
3. Giving users full control on there folder.

 

The Script:

Get-ADUser -Filter * -SearchBase “OU=wardusers,DC=wardvissers,DC=local” | Foreach-Object {
$sam = $_.SamAccountName
$sid = $_.Sid
$HomeDrive=’J:’
$Domain=wardvissers.local’
$UserRoot=’\\wardvissers.local\dfs\home\’
$HomeDir=$UserRoot+$sam

# Assign the Drive letter and Home Drive for the user in Active Directory

SET-ADUSER $sam –HomeDrive $HomeDrive –HomeDirectory $HomeDir

# Create the folder on the root of the common Users Share

NEW-ITEM –path $HomeDir -type directory -force

$account=$Domain+’\’+$Accountname

# Set parameters for Access rule

$rights=[System.Security.AccessControl.FileSystemRights]::FullControl
$inheritance=[System.Security.AccessControl.InheritanceFlags]”ContainerInherit,ObjectInherit”
$propagation=[System.Security.AccessControl.PropagationFlags]::None
$allowdeny=[System.Security.AccessControl.AccessControlType]::Allow
$dirACE=New-Object System.Security.AccessControl.FileSystemAccessRule ($sid,$rights,$inheritance,$propagation,$allowdeny)
$dirACL=Get-Acl $HomeDir

$dirACL.AddAccessRule($dirACE)

Set-Acl -path $HomeDir -AclObject $dirACL

Write-Host $HomeDir access rights assigned

}

Z-Hire Active Directory User Creation Tool

I want you to inform about a great tool.

Z-Hire automates the IT user account creation process for Exchange mailbox, and Active Directory and Lync accounts. With just a click of the button, your Exchange mailbox, and Active directory user, Lync account and SalesForce User account will be created simultaneousy. Z-Hire serves as the platform for new hire accounts by allowing auto-creation of major IT accounts with the option for custom scripts. Z-hire will decrease your account deployment time by 600%, without the need for complicated and expensive identity management solutions. This tool makes creating Active Directory users a breeze. Some of the features include:

– Environment Auto discovery (AD/Exchange/Lync/SalesForce)
– Support for Active Directory user, Exchange, Lync 2010 and SalesForce user accounts
– Template based deployment (allows consistency for all user accounts)
– Active Directory user creation with major attributes
– Active Directory group selection
– Active Directory user duplicate SamAccountName detection – Lync 2010 / 2013 user account creation supporting all policies
– SalesForce user account creation supporting all attributes
– Faster performance (compared to previous version)

Supported Environments / IT systems
– Active Directory (all versions)
– Exchange 2007 (all versions)
– Exchange 2010 / 2013 (all versions)
– Lync 2010 / 2013 (both Standard and Enterprise versions)
– Office 365 Cloud
– SalesForce Cloud

Screenshot #1 – Active Directory
Screenshot #2 – Active Directory
Screenshot #3 – Active Directory
Screenshot #4 – Exchange
Screenshot #5 – Lync
Screenshot #6 – Supported Systems

SYSTEM REQUIREMENTS
– .NET 3.5 and .NET 4.0
– Domain Joined

COMPATIBLE OS
– Windows 7 X64
– Windows Server 2008 X64
– Windows Server 2008 R2 X64
– Windows Server 2012

Please download administration guide:1
http://www.zohno.com/docs/Z-Hire_V4_Administration_Guide.pdf

Download: Z-Hire

Z-Term Active Directory User Termination Tool

I want you to inform a about a great tool Z-Term Active Directory User Termination Tool

This application allows IT administrators to automate common tasks when an employee leaves the company. Usually, IT administrators use multiple consoles and perform variety of tasks to terminate user accounts. This tool allows IT administrator to automate:

Active Directory Tasks
– Disable Active Directory Account
– Reset Active Directory Password
– Move users to dedicated OU
– Remove Active Directory Group membership
– Clear Manager field in AD
– Set Description field
– Set Notes field
– Remove Active Directory Account

Exchange Tasks
– Change Distribution List ownership to
– Set customAttribute5
– Set out of office reply
– Forward Email
– Grant full access permission
– Hide user from Global Adress List
– Remove Calendar items from resources.(remove calendar items where user is an organizer of)
– Cancel meetings from termined user’s mailobx(cancel meetings where user is an organizer of)
– Disable mailbox
– Export mailbox to PST format
– Remove ActiveSync device partnership
– Remote wipe user’s ActiveSync device

Lync
– Disable Lync Account

Office 365
– MSOL User – Reset Password
– MSOL User – Remove Office 365 License
– MSOL User – Remove User
– MSOL Exchange – Clear Out of Office Reply
– MSOL Exchange – Hide User from GAL
– MSOL Exchange – Change Distribution List Ownership
– MSOL Exchange – Set CustomAttribute
– MSOL Exchange – Set Out of Office Reply
– MSOL Exchange – Set Grant FullAccess Permission
– MSOL Exchange – Set email forwarding
– MSOL Exchange – Remove calendar items from resource mailboxes

File Operations
– Move home folder
– Export user settings to XML (dump all user data to xml as backup)
– Run custom script ( for advanced users only, contact support for more info )

Screenshot #1 – Active Directory
Screenshot #2 – Exchange
Screenshot #3- File Operations

SYSTEM REQUIREMENTS
– .NET 3.5 and .NET 4.0
– Domain Joined

COMPATIBLE OS
– Windows 7 X64
– Windows Server 2008 X64
– Windows Server 2008 R2 X64
– Windows Server 2012

Please download administration guide: http://www.zohno.com/docs/Z-Term_V4_Administration_Guide.pdf

Download: Z-Term

Active Directory Replication Status Tool

The Active Directory Replication Status Tool (ADREPLSTATUS) analyzes the replication status for domain controllers in an Active Directory domain or forest. ADREPLSTATUS displays data in a format that is similar to REPADMIN /SHOWREPL * /CSV imported into Excel but with significant enhancements.
Specific capabilities for this tool include:

    • Expose Active Directory replication errors occurring in a domain or forest
    • Prioritize errors that need to be resolved in order to avoid the creation of lingering objects in Active Directory forests
    • Help administrators and support professionals resolve replication errors by linking to Active Directory replication troubleshooting content on Microsoft TechNet
    • Allow replication data to be exported to source or destination domain administrators or support professionals for offline analysis

System Requirements

Supported Operating System

Windows 7, Windows 8, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Vista, Windows XP

      • ADREPLSTATUS does not install on server core installs of Windows
      • Windows 2000 not supported due to lack of support for .NET Framework 4.0

    Domain membership requirements:

      • Must be joined to the Active Directory domain or forest you intend to monitor

    .NET Framework requirements:

      • .NET Framework 4.0 (you may be prompted to install .NET Framework 3.5.1 first on Windows Server 2008)

    Required User Credentials:

      • Target forest/domain user account

    Supported DC OS versions that can be monitored by ADREPLSTATUS:

      • Windows Server 2003
      • Windows Server 2003 R2
      • Windows Server 2008
      • Windows Server 2008 R2
      • Windows Server 2012

      image

Active Directory Accidental Deletion – Prevention

Accidental deletions in active directory can cause havoc and unfortunately. This may have been avoided and secondly could have been fixed in less than 10 % of the actual time spent if the environment was using one of the latest features that we included in Windows 2008 R2 ( Active Directory Recycle Bin ). Most critical situations arise due to accidental human /tool interference or configuration and it is important to be able to come out of such situations within minimal down time, Accidental Deletion in Active Directory is one such situation.

Powershell Enable Protected From Accidenta lDeletion:
Get-ADobject -Filter * -SearchBase “DC=wardvissers,DC=local” | Set-adobject -ProtectedFromAccidentalDeletion $true