DKIM

DKIM. No, it’s not a new singer/rapper/influencer/whatever. It’s a DNS controlled Email Authentication mechanism. What does that mean? Well, if you want a technical explanation, go see my article on Authorization vs Authentication, since that is important to understand if you want to understand DKIM. DKIM stands for DomainKeys Identified Mail. It uses a feature of Public Key Authentication to allow receiving mail servers to verify that the message is not modified in transit and that the sender is authentic. 

Continue Reading →

SPF, DKIM, and DMARC

The Old Horse named SMTP

Email is old. The first message sent across a computer network was sent in 1971. The current email protocol, SMTP, was codified under RFC 788 in 1981 and while it has been updated over the past 42 years (Man, I’m old), the core functionality in SMTP hasn’t changed much at all.…

Continue Reading →

Controlling Autodiscover with the Registry or GPO

Depending on your situation, you may want to take control of how Exchange’s Autodiscover lookup process works. Specifically, there are a lot of scenarios where Autodiscover will break because the lookup process isn’t properly controlled. In this article, I’ll go over registry settings that will let you control which steps are used and which ones are skipped.…

Continue Reading →

O365 Hybrid Migration Errors & Fixes

This post will go over some of the many errors that occur when attempting to move a mailbox to Office 365. The error messages you see are discovered when showing the details of a failed migration and then clicking on a failed user in that migration.

Issues

1. “You can‎’t use the domain because it‎’s not an accepted domain for your organization”

Office 365 will not accept migration of a mailbox if that mailbox has an email alias that includes a domain that doesn’t exist in Office 365.…

Continue Reading →

Step by Step: Add a UPN Domain in Windows Server

The Problem

A very common issue when moving an organization from an on-premises Exchange environment to Office 365 is non-usable domain names. The issue happens because a domain name of the Active Directory Domain has one of these issues:

  1. The Domain used by AD is not “owned” by the organization. This issue happens when a company decides to use a specific domain name on their Internal network when they have either lost control of that domain name or never had control of it.

Continue Reading →

PowerShell Script: Delete System Logs

For those of you who are still working with a significant on-prem Exchange environment, you are probably in need of a good script to go through the admin logs (IIS Logs, Exchange Functional Logs) to clear things up on occasion. Those logs can take up a lot of space very quickly, so a regular process that does it for you is a big time-saver, and will keep you from running into those horrible midnight inadequate space notices.…

Continue Reading →

How Does SPF Work?

No, I’m not talking about sunscreen. The SPF I’ll be discussing here is Sender Policy Framework. It’s an email security measure that can prevent unauthorized use of your email domain name. I’ll be going over a few things in this post, but if you just want to know how to craft an SPF record, you can scroll to the “The SPF Puzzle” section below.…

Continue Reading →

IT Concepts – What is Identity Federation

One of the most historically difficult problems to address in IT is usernames and passwords for multiple applications. We all have a multitude of accounts we have to manage. Bank accounts, social media, email, work accounts, cloud storage, and every other system we use relies on usernames and passwords to “authenticate” who we are. There are a number of different solutions for this problem, but the most user friendly method is a technique called “Identity Federation.”…

Continue Reading →

Step by Step: Export Office 365 Email to PST

Microsoft has significantly changed the way admins export email in Office 365 are done by eliminating export tools in each application (Exchange, SharePoint, etc). There is now a single solution for exports, including Exchange PSTs, OneDrive, and SharePoint files. This central solution is the Security and Compliance center. Unfortunately, there isn’t much information on how to properly export data from Exchange Online now that the Compliance center in Exchange Admin is deprecated.…

Continue Reading →

Office 365 Hybrid Agent – An Overview

If you have set up a new Hybrid configuration with Office 365 lately, you will notice a new option in the Hybrid Config Wizard, the Hybrid Agent. Before I go into my personal views on this new option and whether you should use it, let me first explain what this agent does. Note: Before I start, I should state that I have not had an opportunity to test the Hybrid agent’s features yet, so there are still a few questions I have about it.…

Continue Reading →