Tuesday, October 14, 2014

Office 365 Mail flow Rules/ SPF Failed / Does not designate

SPF record will reduce the likelihood of your domain name getting fraudulently spoofed and keep your messages from getting flagged as spam before they reach your recipients. Email spoofing is the creation of email messages with a forged sender address something that is simple to do because many mail servers do not perform authentication. Spam and phishing emails typically use such spoofing to mislead the recipient about the origin of the message, using the following method you can block such forged senders.

Login in to office 365 Portal (https://login.microsoftonline.com)
Click on “Admin”  >> Exchange from the Exchange admin center
Click on “Mail Flow” >>  Rules >> Click on “+” and select “Create a new rule….”


Edit the Rule

Rule Name : (The purpose of the filter)
*Apply this rule if: The sender if located

Add condition another condition


Type the header includes and words
NOTE:
You could add multiple actions, Also you can specify exceptions

Rule mode should be Enforce

Save the changes and exit.

NOTE:
Headers that you could use for the filers

Header Name
Resent-From
Message-ID
Date
From
User-Agent
MIME-Version
To
Subject
Content-Type
Content-Transfer-Encoding
Return-Path
Received-SPF
X-Auto-Response-Suppress
X-OrganizationHeadersPreserved
X-EOPAttributedMessage
X-MS-Exchange-Organization-MessageDirectionality
X-Forefront-Antispam-Report
X-MS-Exchange-Organization-PRD
X-MS-Exchange-Organization-Antispam-Report
X-MS-Exchange-Organization-SCL
X-MS-Exchange-Organization-SenderIdResult
X-CrossPremisesHeadersPromoted
X-CrossPremisesHeadersFiltered
X-MS-Exchange-Organization-Network-Message-Id
X-Microsoft-Antispam
X-MS-Exchange-Organization-AVStamp-Service
X-Exchange-Antispam-Report-Test
X-MS-Exchange-Organization-AuthSource
X-MS-Exchange-Organization-AuthAs
X-OriginatorOrg

-Thanks
@Roshan

Wednesday, October 1, 2014

Recover Purge Items in Office 365 \ On Cloud \ Retention Policy

If a user purges an e-mail message from the Recoverable Items folder, by what is called a hard delete, the purged message is moved to the Purges subfolder, which isn’t accessible to and can’t be recovered by the user. Only an administrator can recover a purged e-mail message.
Note:   Because items in the Purges subfolder in the Recoverable Items folder are indexed and discoverable, administrators or discovery managers can use Multi-Mailbox Search to search for purged items. Administrators aren't assigned this role by default. To search multiple mailboxes, add yourself as a member of the Discovery Management role group.
After you have installed and configured Windows PowerShell and Windows Remote Management (WinRM) on your computer, you have to connect the Windows PowerShell on your local computer to the cloud-based service to perform tasks in your cloud-based organization.

Step – 1
Click Start, point to All Programs, click Accessories, click Windows PowerShell, and then click Windows PowerShell.

1.    $Cred=Get-Credential (Type cloud admin credentials)
2.    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $Cred -Authentication Basic -AllowRedirection
3.    Import-PSSession $Session

Once you successfully connected to cloud use following Search-Mailbox to Search e-mail messages.

Examples: Recovering,
  1. This example searches the mailbox of User Name and copies the search results to the DiscoverySearchMailbox in the folder RecoveryItems.
Search-Mailbox "User Name" -SearchDumpsterOnly -SearchQuery "Subject:Happy Birthday!" -TargetMailbox "DiscoverySearchMailbox" -TargetFolder "RecoveryItems" -LogLevel Full.

This example searches User Name’s mailbox for messages that contain the phrase "Subject:Happy Birthday!" in the subject and logs the result in the “RecoveryItems” folder in the DiscoverySearchMailbox's mailbox. Messages aren't copied to the target mailbox.

Search-Mailbox "User Name" -SearchDumpsterOnly -SearchQuery "Subject:Happy Birthday!" -TargetMailbox "DiscoverySearchMailbox" -TargetFolder "RecoveryItems" -LogOnly -LogLevel Full

This example searches all mailboxes in your organization for messages that contain the words "Spam", "Email", or "Download". The search results are copied to the Discovery Search Mailbox in the folder AllMailboxes-Election.

Get-Mailbox | Search-Mailbox -SearchQuery 'Spam OR Email OR Download' -TargetMailbox "Discovery Search Mailbox" -TargetFolder "AllMailboxes-Election" -LogLevel Full

Examples: Deletes the Messages,
This example searches April Stewart's mailbox for messages that contain the phrase " Massive Inventory Blowout!" in the subject and deletes the messages from the source mailbox.
Search-Mailbox -Identity "User Name" -SearchQuery 'Subject:"Massive Inventory Blowout!"' -DeleteContent

User Name: Mailbox that you want to search for the purge items
SearchQuery: Searching Critiria "Subject:Happy Birthday!"
TargetMailbox: Mailbox that you want the search items to be listed
TargetFolder: Name of the Folder

   Once the above steps completed use Remove-PSSession $Session to exit from the session.

Step – 2
   Assign yourself full permission to the Mailbox (Discovery Search Mailbox)
Open Emc
Add the user account that you want to assign permission to

Step - 3
Open Outlook and Look for the Purges folder under RecoveryItems. You can copy the purge items to .PST and send them to the user.

More information about Search-Mailbox cmdlet
You can use the Search-Mailbox cmdlet to search messages in a specified mailbox and perform any of the following tasks:
  • Copy messages to a specified target mailbox.
  • Delete messages from the source mailbox.
  • Copy messages from the source mailbox and delete them from the target mailbox.
  • Perform single item recovery to recover items from a user's Recoverable Items folder.
  • Clean up the Recoverable Items folder for a mailbox when it has reached the Recoverable Items hard quota.
Parameter
Required
Description
EstimateResultOnly
Required
The EstimateResultOnly switch specifies that only an estimate of the total number and size of messages returned by the search be provided. Messages aren't copied to the target mailbox. You can't use this switch with the TargetMailbox parameter.
Confirm
Optional
The Confirm switch causes the command to pause processing and requires you to acknowledge what the command will do before processing continues. You don't have to specify a value with the Confirm switch.
DeleteContent
Optional
The DeleteContent switch specifies that the messages returned by the search be permanently deleted from the source mailbox. When used with the TargetMailbox parameter, messages are copied to the target mailbox and removed from the source mailbox. If you set the logging level for the search to Basic or Full, you must specify a target mailbox and a target folder to place the log in. To delete messages from the source mailbox without copying them to the target mailbox, don't specify theTargetMailboxTargetFolder, and LogLevel parameters.
Important:
You need to be assigned the Mailbox Import Export management role to use this switch. By default, this role isn't assigned to any role group. Typically, you assign a role to a built-in or custom role group. Or you can assign a role to a user, or a universal security group.
Before you use the DeleteContent switch to delete content, we recommend that you test search parameters by using the LogOnlyparameter, as shown in Example 2.
DoNotIncludeArchive
Optional
The DoNotIncludeArchive switch specifies that the user's archive mailbox shouldn't be included in the search. You don't need to specify a value for this switch.
Force
Optional
The Force switch overrides the confirmation prompt displayed when your use the DeleteContent switch to permanently delete messages.
IncludeUnsearchableItems
Optional
The IncludeUnsearchableItems switch specifies whether to include items that couldn't be indexed by Exchange Search. When set to $true, theIncludeUnsearchableItems switch specifies that items that couldn't be indexed by Exchange Search should be included in the search results.
LogLevel
Optional
Suppress - No logs are kept.
Basic - Information about the query and who ran it is kept.
Full - In addition to the information kept by the Basic log level,
LogOnly
Optional
The LogOnly switch specifies that a search be performed and only a log be generated. Messages returned by the search aren't copied to the target mailbox. The logging level is specified by using the LogLevel parameter.
SearchDumpster
Optional
The SearchDumpster parameter specifies whether to search the Recoverable Items folder, which is the storage location in which items deleted from the Deleted Items folder or hard-deleted items are stored until they're purged from the mailbox database. By default, the Recoverable Items folder is always searched. To exclude the folder from the search, set the SearchDumpster switch to $false, for example,-SearchDumpster:$false
SearchDumpsterOnly
Optional
The SearchDumpsterOnly switch specifies that only the Recoverable Items folder of the specified mailbox be searched. You can also use this switch with the DeleteContent switch to delete messages from the Recoverable Items folder and reduce the size of the folder.
SearchQuery
Optional
The SearchQuery parameter specifies a search string or a query formatted using Keyword Query Language (KQL). For more details about KQL, see Keyword Query Language syntax reference.
If this parameter is empty, all messages are returned.
WhatIf
Optional
The WhatIf switch instructs the command to simulate the actions that it would take on the object. By using the WhatIf switch, you can view what changes would occur without having to apply any of those changes. You don't have to specify a value with the WhatIf switch.


-Roshan

Wednesday, September 3, 2014

Installing SQL Failover Cluster and Prerequisites / MSDTC Service

Installing SQL Failover Cluster and Prerequisites
Installing MSDTC Service (is required to install before installing the sql server failover cluster)
Installing Application Server @ Distributed Transaction
Add Role and Features >>
Select the Server from the pool
Tick the “Application Server”
Select “Incoming Network Transactions” and “Outgoing Network Transactions”
Install .Net 3.5 using add Roles and Features
You’ll need the windows 2012 installation disk for this task
Click on the “Specify an alternate source patch” and give sources\sxs from your installation media
Installing MSDTC Service
Open Failover Cluster Manager >>
Select “DTC” and next to continue..
Type a name and IP address for DTC service and Next to continue
Select the storage for the msdtc service
Setup Failover Cluster SQL Server
Insert the SQL 2012 Server Installation media >> run the setup
From the setup click on installation >> New SQL Server failover cluster installation
Click show details
Enter the Key or Use Evaluation
Accept the license agreement
Check the Warnings and Errors >> following warnings can be ignored
Click next to continue
Select the SQL features that you want to install,
Click show details
You can use the Default instance or Named Instance and Instance ID:
Click next to continue
Can change the Resource group name if needed:
Select the Disks that you are going to use for sql
Type the cluster IP address
It is good idea to enable mixed mode and if you not required you can disable it later.
Also add “Current User” to the SQL Server Administrators click next to continue
Change the Log Directory a new disk
Click next to continue
Click Install to install the cluster
Click close, you have now installed sql failover cluster successfully
Adding secondary node to the SQL Failover Cluster
Click on Details for more information, if found errors resolve them and continue
Enter the product key or use evaluation
Accept the license agreement
You’ll get following error if you are having internet connectivity issue. You can ignore it
If you are run into critical errors please resolve them before continuing but some warnings can be ignored
Select the cluster Instance and click next
Click next to continue
Specify service accounts that you are going to use
Click next to continue
Click next to continue
Click Close to End the Wizard,

-Roshan