Skip to main content

3 posts tagged with "Exchange Server"

View All Tags

Enable exchange delegates to schedule teams meetings

· 4 min read
Hannes Palmquist
Senior Consultant Cloud

In today's interconnected workplace, seamless collaboration is essential. One common challenge that arises is when a delegate tries to schedule a meeting on behalf of another user (the delegator) and encounters an error when attaching a Teams meeting in Outlook. The error message, "Unable to connect to the server, please try again later," can be both confusing and disruptive.

This issue affects users whose mailboxes are hosted on-premises within an Exchange hybrid environment. While the Exchange hybrid configuration is working and the Teams calendar for on-premises mailboxes is functional, this specific error persists.

Understanding the Root Cause

The underlying reason for this issue is the absence of a necessary PartnerApplication in the on-premises Exchange server for Skype for Business Online. This application is crucial for enabling the Teams service to generate meeting links for users who are scheduling meetings on behalf of others. Without it, the delegate is unable to successfully create a Teams meeting. This PartnerApplication is not configured as part of the Exchange Hybrid setup wizard nor in the procedure to configure a Skype for Business hybrid.

The steps to configure this PartnerApplication are well-documented in official Microsoft resources. However, there have been some errors in the conversion of PowerShell script code from the deprecated MSOnline (MSOL) module to Microsoft Graph (MSGraph). This conversion appears to have been done without proper testing, and is as of now not working.

In this blog post, we will walk you through the correct steps to configure the PartnerApplication using the MSOL module, as it has proven to be more reliable in this scenario.

Important

Before proceeding, it's important to ensure that the delegate has been assigned the "Editor" role. Assigning the "Owner" role may seem like a viable option, but it does not work in this context.

Step 1: Create a New Mail User Account for the Skype for Business Online Partner Application

This initial step involves creating a mail user on the Exchange server and assigning the appropriate management role rights. This account will be used later in the process.

Here’s how you can do it:

$user = New-MailUser -Name SfBOnline-ApplicationAccount -ExternalEmailAddress SfBOnline-ApplicationAccount@domain.com
Set-MailUser -Identity $user.Identity -HiddenFromAddressListsEnabled $True
New-ManagementRoleAssignment -Role UserApplication -User $user.Identity
New-ManagementRoleAssignment -Role ArchiveApplication -User $user.Identity

Step 2: Create and Enable a Partner Application for Skype for Business Online

Next, you need to create a new partner application and link it to the mail user account you just created. Run the following command in Exchange PowerShell within your on-premises Exchange organization:

New-PartnerApplication -Name SfBOnline -ApplicationIdentifier 00000004-0000-0ff1-ce00-000000000000 -Enabled $True -LinkedAccount $user.Identity

Step 3: Export the On-Premises Authorization Certificate

The next step involves exporting the on-premises authorization certificate, which will later be imported into your Skype for Business Online organization:

$thumbprint = (Get-AuthConfig).CurrentCertificateThumbprint
if((test-path $env:SYSTEMDRIVE\OAuthConfig) -eq $false) {
md $env:SYSTEMDRIVE\OAuthConfig
}
cd $env:SYSTEMDRIVE\OAuthConfig
$oAuthCert = (dir Cert:\LocalMachine\My) | where {$_.Thumbprint -match $thumbprint}
$certType = [System.Security.Cryptography.X509Certificates.X509ContentType]::Cert
$certBytes = $oAuthCert.Export($certType)
$CertFile = "$env:SYSTEMDRIVE\OAuthConfig\OAuthCert.cer"
[System.IO.File]::WriteAllBytes($CertFile, $certBytes)

Step 4: Upload the On-Premises Authorization Certificate to Microsoft Entra ACS

This is the critical step where issues have been noted when using the MSGraph module. The following MSOL module code is known to work correctly:

Important

The MSOnline module is only compatible with Windows Powershell. (It is not compatible with Powershell Core)

Install-Module MSOnline -Scope CurrentUser
Connect-MsolService
$CertFile = "$env:SYSTEMDRIVE\OAuthConfig\OAuthCert.cer"
$objFSO = New-Object -ComObject Scripting.FileSystemObject
$CertFile = $objFSO.GetAbsolutePathName($CertFile);
$cer = New-Object System.Security.Cryptography.X509Certificates.X509Certificate
$cer.Import($CertFile)
$binCert = $cer.GetRawCertData();
$credValue = [System.Convert]::ToBase64String($binCert)
$ServiceName = "00000004-0000-0ff1-ce00-000000000000"
$p = Get-MsolServicePrincipal -AppPrincipalId $ServiceName
New-MsolServicePrincipalCredential -ServicePrincipalName $p.AppPrincipalId -Type Asymmetric -Usage Verify -Value $credValue

Step 5: Verify the Certificate Upload

Finally, verify that the certificate has been successfully uploaded to the Skype for Business service principal:

Get-MsolServicePrincipalCredential -AppPrincipalId $p.AppPrincipalId -ReturnKeyValues $true | select *

Conclusion

By carefully following these steps using the MSOL module, you can resolve the delegate scheduling error and ensure smooth integration between on-premises Exchange and Microsoft Teams. While the shift to MSGraph is on the horizon, the MSOL module remains a reliable solution for this particular issue.

Stay tuned for future updates as we continue to explore the best practices for maintaining a seamless hybrid environment.

Exchange RecipientTypes

· 4 min read
Hannes Palmquist
Senior Consultant Cloud

Below are all current recipient types. Please comment below if you miss an entry in any of the tables.

msExchRecipientDisplayType

DisplayNameNameValue
ACL able Mailbox UserACLableMailboxUser1073741824
Security Distribution GroupSecurityDistributionGroup1043741833
Equipment MailboxEquipmentMailbox8
Conference Room MailboxConferenceRoomMailbox7
Remote Mail UserRemoteMailUser6
Private Distribution ListPrivateDistributionList5
OrganizationOrganization4
Dynamic Distribution GroupDynamicDistributionGroup3
Public FolderPublicFolder2
Distribution GroupDistrbutionGroup1
Mailbox UserMailboxUser0
Synced Universal Security Group as Universal Security GroupSyncedUSGasUSG-1073739511
ACL able Synced Universal Secuirty Group as ContactACLableSyncedUSGasContact-1073739514
ACL able Synced Remote Mail UserACLableSyncedRemoteMailUser-1073740282
ACL able Synced Mailbox UserACLableSyncedMailboxUser-1073741818
Synced Universal Security Group as ContactSyncedUSGasContact-2147481338
Synced Universal Security Group as Universal Distribution GroupSyncedUSGasUDG-2147481343
Synced Equipment MailboxSyncedEquipmentMailbox-2147481594
Synced Conference Room MailboxSyncedConferenceRoomMailbox-2147481850
Synced Remote Mail UserSyncedRemoteMailUser-2147482106
Synced Dynamic Distribution GroupSyncedDynamicDistributionGroup-2147482874
Synced Public FolderSyncedPublicFolder-2147483130
Synced Universal Distribution Group as ContactSyncedUDGasContact-2147483386
Synced Universal Distribution Group as Universal Distribution GroupSyncedUDGasUDG-2147483391
Synced Mailbox UserSyncedMailboxUser-2147483642

msExchRecipientTypeDetails

DisplayNameNameValue
Team MailboxTeamMailbox137438953472
Remote Shared MailboxRemoteSharedMailbox34359738368
Remote Equipment MailboxRemoteEquipmentMailbox17179869184
Remote Equipment Mailbox (IncorrectValue)RemoteEquipmentMailbox17173869184
Remote Room MailboxRemoteRoomMailbox8589934592
Remote User Mailbox�����RemoteUserMailbox2147483648
Role GroupRoleGroup1073741824
Discovery MailboxDiscoveryMailbox536870912
Room ListRoomList268435456
Linked UserLinkedUser33554432
Mailbox PlanMailboxPlan16777216
Arbitration MailboxArbitrationMailbox8388608
Microsoft ExchangeMicrosoftExchange4194304
Disabled UserDisabledUser2097152
Non-Universal GroupNonUniversalGroup1048576
Universal Security GroupUniversalSecurityGroup524288
Universal Distribution GroupUniversalDistributionGroup262144
ContactContact131072
UserUser65536
Cross-Forest Mail ContactMailForestContact32768
System MailboxSystemMailbox16384
System Attendant MailboxSystemAttendantMailbox8192
Public FolderPublic Folder4096
Dynamic Distribution GroupDynamicDistributionGroup2048
Mail-Enabled Universal Security GroupMailUniversalSecurityGroup1024
Mail-Enabled Non-Universal Distribution GroupMailNonUniversalGroup512
Mail-Enabled Universal Distribution GroupMailUniversalDistributionGroup256
Mail UserMailUser128
Mail ContactMailContact64
Equipment MailboxEquipmentMailbox32
Room MailboxRoomMailbox16
Legacy MailboxLegacyMailbox8
Shared MailboxSharedMailbox4
Linked MailboxLinkedMailbox2
User MailboxUserMailbox1

msExchRemoteRecipientType

DisplayNameValue
Migrated, SharedMailbox100
SharedMailbox96
Migrated Equipment Mailbox68
Provisioned Equipment Mailbox65
EquipmentMailbox64
Migrated Room Mailbox36
Provisioned Room Mailbox33
RoomMailbox32
DeprovisionArchive, Migrated User Mailbox20
DeprovisionArchive16
DeprovisionMailbox8
Migrated User Mailbox, ProvisionedArchive (Migrated MBX & Cloud Archive)6
Migrated User Mailbox4
Provisioned User Mailbox, Provisioned User Archive (Cloud MBX & Cloud Archive)3
ProvisionedArchive (Cloud Archive)2
Provisioned User Mailbox (Cloud MBX)1

Exchange Versions

· One min read
Hannes Palmquist
Senior Consultant Cloud
Exchange Versions

I’ve summarized a table with all versions released of Exchange Server that shows version numbers, release date, .net requirement, OS requirement, forest functional level etc in a simple to use excel spreadsheet.

I’ll try to keep the file updated as often as I can, but if you got data you want to add please send me a message.

Download this excel file