Export mailboxes to a PST with primary email address as filename

Yesterday, I was asked to export all Exchange mailboxes of all employees, whose last name begins with a ‘d’, to PST files.
While this is a very common request, and not difficult at all, an extra requirement was the filename had to be the email address. E.q. john.denver@contoso.com.pst
As a reminder for myself, and anyone who’s interested, here’s what I did:
Firstly, I need to filter all mailboxes of people with last name “D*”. Because get-mailbox doesn’t contain a last name field (it can only give me the alias and displayname), I have to use the get-recipient cmdlet first, and then pipe it to a get-mailbox cmldet

$mailboxes now contains all mailboxes to be exported
Because I want to create a separate PST for every individual mailbox, I use a ForEach loop. In addition, I also need the Primary Email address of each mailbox. A mailbox has an attribute PrimarySMTPAddress, but this can contain multiple values. I can use .ToString() to convert the value to a string.

To comply with a specific time range, I could add the parameter -ContentFilter
For example, to export all emails BEFORE January 1st 2015:

Note that the share must be accesible (Modify rights) for the Exchange Trusted Subsystem account. If this account does not have appropriate rights, you will receive the following error:

Unable to open PST file ‘\\servername\share\PST\john.denver@mail.com.pst’. Error details: Access
to the path ‘\\servername\share\PST\john.denver@mail.com.pst’ is denied.
    + CategoryInfo          : NotSpecified: (0:Int32) [New-MailboxExportRequest], RemotePermanentException
    + FullyQualifiedErrorId : 794F7DC,Microsoft.Exchange.Management.RecipientTasks.NewMailboxExportRequest

Read More

Windows 10 in Bootcamp crashes when enabling External NIC in HyperV

Recently I installed Windows 10 on my MacBook. Not in Parallels or VMWare Fusion, but just in Bootcamp. I like to work on a native OS for day-t-day activities.

During the buildup of a testenvirmonet in HyperV, I quickly faced a blue screen while trying to create an external vSwitch.


  1. Installed Windows 10 in BOOTCAMP environment on MacBook Pro 13″ retina.
  2. Installed HyperV
  3. Added External network switch in HyperV, connected to my wifi adapter in rMBP 13″

As soon as I try to add the external network switch, I got a bluescreen:

System reboots, and the network adapter will be in bridged mode. In HyperV the external switch is configured in Private Mode.
No internet connection is possible as long as the NIC is in bridged mode. It will not get an (DHCP) IP address.
The only solution to get rid of the bridged mode seemed to be to disable the NIC in Device Manager, and then Rescan Hardware Changes. Windows will then find the adapter again. You will have to reconnect to your WiFi manually.
The current driver is (24/7/2015)

(Update) I luckily found a solution: downgrade the driver of your Broadcom NIC to version 6.* for Windows 8.1
Go to https://support.apple.com/kb/DL1721 for example, download the support tools and extract the Bootcamp files.
Open Device Manager, delete the Wireless Network Adapter and tick the “Delete the Driver software for this device” checkbox.
Then install the Windows 8.1 wireless NIC drivers from the (older) Bootcamp support tools.

Read More

How to configure multiple UPN’s for specific users

The larger an IT organization is the more struggling you face when needing changes in Active Directory. An action that technically takes 60 seconds to complete may take a few days if you have to comply with the customer procedures. This is for example the case when you need to add a custom user Principal Name (uPN) suffix to a user. Normally you would add the suffix on domain level in Active Directory Domains and Trusts. But wait, did you know you can also change it on Organization Unit level?

Last week I was visiting a customer. He asked me to set up a Windows Intune pilot environment with SCCM2012 integration. “Sure, no problem”, I told him, “It will take a day, I guess.”
Everything went smoothly until the moment I was about to set up the AD Synchronization with Azure AD. The customers’ uPN suffix was mycompany.local. However if you want to do one-way synchronization from your on-premise Active Directory to Azure AD, the uPN must be resolvable on the internet. For example: the uPN itexperience.net or microsoft.com is resolvable while mycompany.local is not.
The customer didn’t want to add an uPN suffix on domain level without preparation. Some research luckily helped me out: it’s possible to set up a custom uPN for only one Organization Unit.

Below I’ve written down how to add a custom uPN to just one Organizational Unit. The steps are numbered and correspond with the numbers in the screenshots

  1. Open Active Directory Users and Computers
  2.  Click View (1) and tick Advanced Features (2)
  3. Right-click the OU you want to modify for the UPN and click Properties
  4. Go to tab Attribute Editor (3), and scroll down to uPN Suffixes (4)
  5. Double-click uPN Suffixes (4)
  6. In the Multi-valued String Editor window, type your uPN and click Add (5). After you’re done, click OK (6)
  7. Open the Properties of a user located in the OU. Click the tab Account (7)
  8. Note that you can now select a custom defined uPN (8)

Add custom UPN to an OU

Final thoughts

As you can see it still takes 60 seconds to add a custom uPN suffix to a user, albeit only for an Organization Unit, not for the whole domain.
I don’t advise you to use this solution on permanent bases. But for just a pilot it’s a great way to work around your company’s change processes.

Feel free to leave a comment if you have any questions or remarks according to this post. Cheers!

Read More

Find a user causing “A duplicate remote call control device URI already exists

If Office Communcations Server or Lync is used in your company, you may encounter the following error when assigning a telephone number to a user: “A duplicate remote call control device URI already exists”

A duplicate remote call control device URI already exists
A duplicate remote call control device URI already exists

This means another user already has the telephone number assigned in its OCS properties. The easiest way to quickly find out who has the number configured, start a Powershell console with Active Directory snappin: Import-Module ActiveDirectory Get-ADUser -Filter ‘msRTCSIP-Line -like “*4154*”‘ -properties * | Select-Object name,msrtcsip-line In the above example, the cmdlet returns the user and its msrtcsip-line value that is causing the problem. The number 4154 is the telephone number in this case -> replace it with your own number :)

Read More

Error Code 15. Directory Synchronization is not yet activated for this company – in AAD sync tool

You could have missed this passage, if you went for the Azure Active Directory Sync Tool on your own, instead of following the small wizard on the Microsoft Intune account page.

While running the Configuration Wizard of the Azure Active Directory Sync Tool, you may get the error:

An error occurred. Error Code: 15. Error Description: Directory Synchronization is not yet activated for this company. To activate Directory Synchronisationm click the Active button on the Directory Synchronization page in your Admin Portal

Directory Synchronization is not yet activated for this company
Directory Synchronization is not yet activated for this company

No worries; here’s how to enable

  1. Log on to: https://account.manage.microsoft.com/
  2. Navigate to Management – Users. Click Single Sign-on: Set up
    Set Up AD Sync Intune
    Set Up AD Sync Intune



  3. Then click Active at step 3.
    Set Up AD Sync Intune
    Set Up AD Sync Intune


  4. Again, click Activate to confirm.
  5. Done, You should now be able to finish the Configuration Wizard of the AAD Sync tool

Read More