Friday, January 11, 2019

itrezzo Unified Contact Management (UCM) Prerequisites

By Harpreet Singh Wasu

Ready to install and deploy itrezzo UCM software on a server in your environment ?

Before you install and deploy itrezzo UCM, please go through the prerequisites below for a smooth installation and on-boarding process.

itrezzo Service Account and Permissions:

  • You will need to create a user account in Active Directory (On-Premise) which will be used as a Service Account for itrezzo UCM.
  • The itrezzo Service Account must be Mail-Enabled.
  • The Service Account mailbox should be able to receive emails from internal recipients.
  • All Retention Policies and Archiving MUST be disabled on this mailbox.
    • For Exchange Server 2010, the Service Account created will need "Full Access" to Exchange mailboxes. The easiest way is to grant the permissions at the mailbox database level, so that whenever a new user is added, it will obtain the inherited permission from the Mailbox Databases.
    This permission can be easily applied using Exchange Management Shell from the On-Premise Exchange Server and this command will cover all available Mailbox Databases.

    Get-MailboxDatabase | Add-ADPermission -User "srv-ucm" -AccessRights ExtendedRight -ExtendedRights Receive-As,Send-As

    In the above command, replace "srv-ucm"with the itrezzo Service Account you created.

    Server Requirements:

    We recommend you to create a new VM which is a member server (Server joined to a domain) to run itrezzo UCM. If you wish to use an existing server, avoid one with existing IIS applications.

    Note: We do support itrezzo UCM running on Exchange Server, or Active Directory Domain controllers.

    Below are the server requirements:
    • Member Server (Server joined to your AD domain) running Windows Server 2012/2016 either bare iron, or a Virtual Guest.
    • Minimum RAM - 4 GB for less than 300 target mailboxes and 8 GB RAM if the target mailboxes are more than 300.
    • Minimum two processor cores for less than 300 target mailboxes, 4 CPU's for more than 300 target mailboxes.
    • Minimum free Hard Disk space required - 10 GB.
    • Must have Internet access and Port 80 should be open for inbound & outbound connection.

    Preparing your Server for itrezzo UCM:

    Add the Service Account created for itrezzo to the 'Local Administrators" group on the Member Server where you will install itrezzo UCM using the below steps:

    1. Open Server Manager > Click on Tools on the Top Right 
    2. Select Computer Management
    3. On the left hand navigation, expand Local Users and Groups > Groups
    4. Right Click on Administrators > Properties > Add
    5. Enter the name of the new Service Account that we created > Check Names > OK.
    6. Apply > OK.

    You can also open Local User and Groups on a Member server using Run command.

    • Open Run prompt using Windows + R key on your keyboard.
    • Type LUSRMGR.msc and hit Enter.

    The next step is to set the Service Account to 'Log On as a Service".

    1. Open Run prompt using Windows + R key on your keyboard.
    2. Type secpol.msc to open Local Security Policy MMC console.
    3. Expand Local Policies > Select Users Rights Assignment.
    4. Under list of Policies, double click on Log on as a service.
    5. Click Add User or Group > Type the name of itrezzo Service Account > Check Names > OK.
    6. Apply > OK.
    7. Log Off from the server and login again as the itrezzo Service Account.

    • The itrezzo Web Admin requires Silverlight and Internet Explorer. Turn Off  IE Enhanced Security Configuration on the member server.
    • We have found that network packet inspection software such as Cylance, Symantec Endpoint Protection, Sophos, Cisco AMP cause exceptionally poor performance outcomes. These options should be disabled for the network on this server. Thousands of EWS packets are sent and received to the Exchange environment via port 443 and also multiple internal network ports are used to pass data between modules in the software. Packet inspection software can drastically affect performance and cause mailboxes not to get updated with the latest contact and calendar changes.
    • Also, any REAL TIME antivirus file monitoring should have an exclusion for the \Program Files (x86)\itrezzoAgent\... folders on the server.


    Software Requirements:


    Firewall Requirements:

    • We recommend that the Windows Firewall should be Turned Off on the Server running itrezzo UCM.
    If your organization cannot afford to keep the Firewall off, then the below ports must be open:

    • Port 80 - It is used to run the itrezzo Web Admin locally.
    • Port 443 - Required to make EWS calls to and from the Exchange Servers.
    • Port 389 - itrezzo UCM uses LDAP port at 389 to communicate with AD.
    • In addition to this, all internal high-range ports must be open (like 49241 and up) - these are used to communicate between ECO, UCM, SSU and the Web Admin.

      Download the itrezzo UCM software from the below link:

      Wednesday, January 9, 2019

      itrezzo Unified Contact Management Release Notes - All Versions

      By Harpreet Singh Wasu

      itrezzo Unified Contact Management development team regularly updates the itrezzo UCM with new features and functionality as well as release new versions with Fixes to known issues time by time.

      This article is designed to help you keep track of all the versions of itrezzo UCM that have been released and to understand the changes made in the each newer version.


      6.2.8

      Release Date - 01/08/2019 - Released for Download

      • Fixed issues with Task Schedule in accordance to time changes during daylight savings.
      • Added a feature where UCM will check if the existing UCM incremental task created is still there or not and if it is missing, it will recreate it to prevent accidental deletions.
      • Feature added in UCM to compare contacts based of their case sensitivity and will match them accordingly.

      6.2.7

      Release Date - 01/02/2019 - Released for Download

      • 28206 - SSU: Single Profile Configuration.
      • 28208 - Active Directory: execute LDAP query to particular Domain Controller (Sorting DC by closest).
      • 28215 - Web Admin: optimization ECO web admin loading.
      • 28216 - UCM: don't push photo if it not selected in advanced fields settings.

      6.2.6

      Release Date - 12/19/2018 - Released for Download

      • Enhancement in advanced and incremental schedule.
      • Added the ability to add second credentials under Dynamic Override configuration.
      • Enhancement in the note_formatted field.
      • Incremental update overwrite Category field for mandatory contacts.
      • Enhancement if multiple sync tunnels are targeting the same sub-folder.
      • Fix for reading Predefined Mandatory Notes from public folders.
      • Web Admin enhancement in reloading menu items automatically.
      • Fix for updating email1 field using Exchange2013.
      • Fix for updating fileAs field for custom contacts.

      6.2.4

      Release Date - 12/04/2018 - Released for Download

      • Fixed issues with executing LDAP queries pointing to a specific Domain Controller.
      • Note: Domain Configuration can be accessed by navigating to Web Admin > Global Configuration > Global Address List - under the option "Manage Domain Controllers".
      • Fixed an issue where the UCM Incremental Task and Advanced UCM task running simultaneously would cause issues. Fixed by creating a rule for the tasks to run so that "Advanced UCM" task will wait for the completion of "UCM Incremental". The "UCM Incremental" task will be skipped if "Advanced UCM" task is already running. The fix also applies to manual task.

      6.2.3

      Release Date - 11/28/2018 - Released for Download

      • Fixed issues with XML configuration file to sync additional tables in Salesforce schema.
      • Note: After running the config file for the first time, the following file will get created - ECOPlatform\Data\SalesForceTableSync.XML. If you want to import the table, change the import attribute to true (Import="true). By default, all the tables that are related to contacts table, will get imported.
      • Fixed issues with SalesForce REST API.
      • Fixed issues when creating CCL from SQL. Fixed the errors while executing stored procedure with two parameters.
      • Fixed performance issues with UCM where each UCM run takes more time for completion.

      6.2.2

      Release Date - 11/15/2018 - Released for Download

      • Updated Dynamic Override where it will be presented with "Maximum Thread Count".
      • Updates with SSU where the option to show hidden Contact Data Categories on Edit windows is available.
      • Enhancement with UCM where it would roll source transaction log into target mailboxes (Standard contacts).
      • Added feature with UCM and UCM to trace memory usage.
      • Enhancement with ECO Trace log where long lines will be truncated to 200 characters.
      • Fixed issues for clients getting errors while running UCM incremental tasks.

      6.2.1

      Release Date - 11/13/2018 - Released for Download

      • Option of Maximum Thread Count is available in Dynamic Override.
      • You can now view the Hidden contact data under the Edit window under SSU.
      • Enhancement in UCM to show transaction logs for Target mailboxes (standard contacts through transaction logs.
      • Added a feature to trace memory and usage for UCM and ECO.
      • For ECO transaction logs, the line will be truncated to 200 characters.
      • Note: Be default, all lines are truncated to 500 characters so prevent loss or necessary information needed to read from the log files such as "Exchange Provider Configuration". 

      6.2.0

      Release Date - 11/06/2018 - Released for Download


      • Another fix of CDL where UCM removed user's Calendars from the target mailbox.
      • Fixed issues with errors being encountered while updating the ecodb version.
      • Few changes in the interface changes in the User Statistics option in UCM Web Admin.


      6.1.48

      Release Date - 11/05/2018 - Released for Download


      Monday, December 17, 2018

      Upgrade the itrezzo UCM server (Installer method)

      By Harpreet Singh Wasu

      If you are facing issues with the current version of your itrezzo UCM server or just want to upgrade, here is a step-by-step article.

      1. Open a browser and go to http://support1.itrezzo.com/updates/server/.
          You can also double-click on the Download icon on the desktop of server running itrezzo UCM.

      2. Click on the latest itrezzoAgentX.Y.Z..exe file. To identify if the current version of your server, look at the green bar the bottom of the web admin.

      3. Click on the .exe file with the latest version number to download and Save it to a desired location.

      4. Click on Start and type services.msc to open Services management console.

      5. Stop these two itrezzo services:
      • itrezzo ECO Platform
      • itrezzoAgent Unified Contact Manager

      6. You can leave the itrezzo ECO Watchdog alone. By default it's start up mode is Manual.

      7. Once the itrezzoAgent.exe is downloaded, open File Explorer and navigate to the folder where you downloaded the setup file.

      8. Double click on the itrezzoAgent.exe setup file > Click Install > Select Yes if prompted for User Account Control.

      9. Once the Installation is successfully completed, click on Close on the itrezzoAgent Window.

      10. Close all the File Explorer windows and the itrezzo update server web-page and return to  services.msc management console.

      11. Start the two itrezzo services:
      • itrezzo ECO Platform
      • itrezzoAgent Unified Contact Manager
      12. Double click on the Web Admin from the desktop to open the itrezzoECO Platform Admin Console.

      You are all set and your itrezzo UCM software is up to date now ! 

      If  you face any any issues while performing the steps above, reach out to our support staff.

      How to Patch the itrezzo UCM server (copy and paste method)

      By Harpreet Singh Wasu

      If you are facing issues with the current version of your itrezzo UCM server, or just want to upgrade to the latest build, we have got you covered.

      You can run the full installer. However, it takes a bit longer and we don't always release a full EXE install.  A patch is extremely quick to put in place and has a little less risk.

      Here is a step-by-step article on How to Patch the itrezzo UCM server

      Note: Patching using the File copy and paste method is only preferred when it you requested for a fix or a specific feature on demand to meet your organization requirements. 

      1. Open a browser and go to http://support1.itrezzo.com/updates/server/

      2. Go to Patch folder.

      3. Look for the latest version with .zip file and Click on it to download and Save.

      4. Click the Start menu and run services.msc to open Services management console. (Or open  the Run prompt by pressing Windows+ R key on the keyboard and type services.msc)

      5. Stop these two itrezzo services:
      • itrezzo ECO Platform
      • itrezzoAgent Unified Contact Manager

      6. You can skip the itrezzo ECO Watchdog service. By default it's start up mode is Manual.

      7. Open File Explorer > C:\Program File (x86)\itrezzoAgent\ECOPlatform. Leave this window open and go back to the folder where you saved the patch file which we downloaded above.

      8. Double click on the zipped folder and double click on the patch folder inside it to open it.

      9. Using CTRL+A select all the files. Using CTRL+C, copy all the selected files and folders.

      10. Switch back to the folder C:\Program File (x86)\itrezzoAgent\ECOPlatform and using CTRL+V paste all the contents inside this folder.

      11. Select Replace the files in the destination  and click on Continue if prompted for Administrator permissions.

      Note, if you dont get a message to replace files, you have probably pasted into the wrong location.

      12. Close all the File Explorer and web browser page for the itrezzo support website. 

      13. Return to the services app (already running from step 4). Start the two itrezzo services:
      • itrezzo ECO Platform
      • itrezzoAgent Unified Contact Manager

      14. Double click on the Web Admin from the desktop to open the itrezzoECO Platform Admin Console.

      If  you face any any issues while performing the steps above, reach out to our support staff for help.

      Tuesday, October 16, 2018

      Syncing Calendars and Contacts to Office 365 tenant with large number of mailboxes using CiraSync

      By Harpreet Singh Wasu

      If you are a CiraSync customer and have more than 1000 user mailboxes in Exchange Online, you will notice that when a sync task is run, five mailboxes get updated simultaneously. Normally, a single Service Account is configured for CiraSync and it can take over one day to update 1000 mailboxes.

      This post will help you to take necessary steps to speed up the sync process using Multiple Service accounts.

      Sample Calculations
      We will use an example where it takes five minutes to update an individual mailbox. If five mailboxes are updated at once, that means a mailbox is being synced almost once every one minute.

      With that speed, CiraSync can update 600 mailboxes in 10 hours (Ten hours = 600 minutes) or 20 hours to update 1200 mailboxes.

      If you are syncing a huge contact list to user mailboxes, it may even take 10 minutes to update a single mailbox. With five parallel updates, that would mean completing a sync once every two minutes.

      What would happen if your tenant had 3000 licensed CiraSync users getting synced at the rate of 10 minutes per mailbox ?

      For 3000 users getting synced at 10 minutes per mailbox, a rough calculation is that it takes 30,000 minutes (i.e. 500 hours). With Five threads (simultaneous updates) using one Service Account, the sync task will take about 100 hours or about 4 days to complete.

      So, how can I speed this up?

      By configuring CiraSync with Multiple Service accounts, you increase the number of parallel tasks in  multiples of five.

      This simply means one Service Account is able to run Five EWS threads at the same time.  Thus, if you have four service accounts, a synchronization task will be able to run 20 threads at once.

      Each thread updates one mailbox so you can have 20 simultaneous mailbox updates at one time.

      Using the examples above, this could reduce the overall time of completion from 4 days to just one day.

      Setting up a CiraSync tenant to be able to use Multiple Service accounts

      The multiple service account feature is not enabled by default.

      To enable your CiraSync tenant for multiple service accounts with Office 365, create a support request for this feature by sending an email to support at cirasync.com. 

      You may already have a dedicated service account for CiraSync. Now you will need to create one or more Service Accounts for CiraSync.

      To do this, follow the below steps. After each service account is created, you will use it to login to the CiraSync dashboard and grant consent to the CiraSync Azure Application and acquire token.

      Each new service account will need the role of  'Application Impersonation' and Global Administrator. However, after the fist login, you can change the service account from Global Administrator to Service Administrator in Office 365.

      Here is a step by step guide for it.

      1. Login to your Office 365 portal as a Global Administrator and Navigate to Office 365 Admin Center by clicking on Admin.




      2. Click on Users > Active Users



      3. Click on Add a User. Fill in the required details - First Name, Display Name. We recommend you use a consistent service account Display name to identify each account.

      Set a strong Password and make it a Global Administrator. If  you are syncing Public Folders, assign a License to the Service Account - any License that will have an Exchange Online plan is needed so a mailbox is created for the Service Account.


      4. Once the new account is created, use a different browser. or use an IR/Edge In-Private window. In Google Chrome, use an Incognito window and navigate to https://dashboard.cirasync.com.

      Login to the portal with the newly created Service Account.




      5. In the screen snapshot shown below, you are initially entering as a Personal Edition User. You will need to click on Upgrade to Enterprise Edition to sign-in as Enterprise Edition user.



      6. Give your consent by allowing the CiraSync to access your tenant using the new service account. At the prompt shown below, Permissions requested Accept for organization, click Accept.




      7. Make this new identity a Service account in CiraSync. On the upper right corner, click on the username you are signed-in with and select Settings.



      8. From the navigation pane on the left, select Service Account option as shown below.


      9. Here you can view all the accounts from Office 365 that have been used to sign-in to CiraSync dashboard or have been added to be used as Service Account for CiraSync.


      Check the boxes next to all the accounts you want to use as Service Account for CiraSync and click on Save.


      10. Once you choose the Service accounts for Cirasync and Save the changes the screen will show you the selected service accounts and the Save button will show grayed out.



      After you the service account is locked successfully, logout from CiraSync dashboard portal.

      Following the above steps, you can add and lock multiple service accounts for CiraSync. Once you lock the required number of service accounts for CiraSync, you can change the role of these service accounts from Global Administrator to Service Administrator in Office 365.

      Follow the below steps for it:

      11. Login to your Office 365 portal as a Global Administrator and Navigate to Office 365 Admin Center by clicking on Admin.



      12. Click on Users > Active Users



      13. Select the account that has to be changed from Global Admin to Service Admin. Click on Edit next to Roles.




      14. Click on Customized Administrator radio button and then check mark the box next to Service Administrator and click on Save.




      Now that you have locked the Service accounts for CiraSync, don't forget to give Application Impersonation role to these service account.

      For step by step instructions, check out our blog post for How to Set Impersonation Mode for GAL or Public Folder Sync to User Mailboxes

      If you have any questions or feedback regarding this process and working, feel free to reach our excellent customer support team at support@cirasync.com

      Wednesday, September 5, 2018

      How to Set Impersonation Mode for GAL or Public Folder Sync to User Mailboxes

      By Harpreet Singh Wasu

      There are two types of permissions that you can give to a service account for GAL or Public Folder Sync to User Mailboxes.

      The first way you can give the permissions is by Delegation and second is by Impersonation.

      This Blog Post shows how to setup the Service Account for Impersonation mode in Office 365 (Exchange Online).

      If your organization is Cloud-Only (All mailboxes are in Office 365)  you should use the below steps to grant Application Impersonation role to your mailbox.

      If you are looking to find the steps to give the permissions using mailbox Delegation, navigate to Exchange Service Account Permissions and itrezzo Contact Management

      How to setup App Impersonation for Office 365 and Exchange 2013/2016 


      1. Log in to your Office 365 portal as a Global Administrator and Navigate to Office 365 Admin Center by clicking on Admin.



      2. From the Office 365 Admin Center, expand the navigation bar on the left side and scroll to the bottom and expand Admin and then click on Exchange. You can also navigate to Exchange Admin Centre (EAC) through https://outlook.office365.com/ecp/



      3. From the EAC, either Click on Permissions on the left-hand navigation and make sure you are under Admin Roles Tab at the top or Click on Admin Roles below Permissions on the Home page of EAC



      4. Check if you already have a Role Group created with Application Impersonation Role. If not, create a New Role Group by clicking on the + sign.



      5. In the New Role Group window, give a name for this New Role Group. For easy to remember, you can name is App Impersonation. Give any description of your choice in the Description Box. Click + on Roles. Select Application Impersonation and Click Add and OK.



      6. Now Click on + sign below the Members, add the Service Account as the Member of this Role Group, click on Add and OK.



      7. Once it’s done, click on Save in the New Role Group Window.



      It can sometimes take several minutes (generally 30-60 minutes) or these changes to become active and get replicated across all the directories.


      If you would like to enable App Impersonation via PowerShell, read the blog post How to Configure an Office 365 Hybrid Premise Service Account.


      You can also refer to the Microsoft Article on How to Configure Application Impersonation using PowerShell.


      Tuesday, April 10, 2018

      How to create Dynamic DL's in Azure Active Directory


      Vern Weitzman


      Using On premise Exchange and Active Directory, almost any LDAP query can be turned into a Dynamic Distribution List.

      Ironically, Active Directory on Azure has lobotimized LDAP. A very good substitute is available with Azure AD Premium.

      If you are using itrezzo UCM, this post has a pretty good set of instructions on how to create a Dynamic Group for Office 365 usage.

      The final step shows you how to create a contact collection. If you are a UCM user, you will want to finalize the process with an ECO Collection.


      Tuesday, March 13, 2018

      One Exchange Calendar synced between two different Exchange Servers


      By Vern Weitzman

      A Microsoft partner asked us for a specific Outlook calendar solution for an executive. The exec moved up the ranks to work part time at the HQ for a multinational conglomerate.  For the foreseeable future, she was going to be using a mailbox at both Organizations.

      Her calendar was a different story.  Three people were going to continue managing her calendar. However, dozens needed view access at both organizations.

      When there is literally a team of assistants that manage your calendar, It is likely filled for 12 months in advance with a full days schedule.  There are thousands of appointments and dozens of changes each day.

      We have recently added an Outlook Calendar connector that can reach into remote Exchange Servers.  You create this like you create an ordinary Calendar Distribution List except that the source lives in a different Exchange Organization.


      Create Remote Calendar Distribution List













      Once you choose the Remote Exchange Calendar, you will be able to define the remote Exchange Server.



      Note that the remote organization can be Exchange on-premise, or even an Office 365 tenant.

      For more assistance, please contact itrezzo Support.


      Monday, March 5, 2018

      How to share contacts from two different Exchange Orgs


      By Vern Weitzman

      If you have ever had to share contacts from two different Exchange organizations on short notice, you might have tried something from the Exchange Managers handbook: Bi-nodal interorg PST transplant surgery.

      Yes. I did just make that up.  My apologies if you started googling for the Exchange Managers Handbook.

      However on many occasions I have worked with email administrators that have performed this annoying procedure. They export contacts to a PST. Email a zip file to a subsidiary.  Get told that it’s empty and have to repeat it again. You can email the zip file until Outlook is closed and you can send an email with Outlook closed. 

      On the other side where it’s even more painful. It is a slow and boring procedure to open mailboxes, drag and drop contacts.

      If you have to share contacts both ways, it’s twice as miserable. It is painful enough that it rarely gets done and the contact information gets stale quickly. When you want to do a refresh, you have to wipe everything out and start over. Just deleting several hundred contacts from a mailbox can take quite a few minutes. It also causes quite a bit of exchange server traffic as well smartphone resync traffic.

      With itrezzo UCM on premise, (or Office 365), you can easily automate this procedure.  Updates are done automatically as often as you like and incremental changes at the source are incremental at the target so it’s quick and bandwidth efficient.
      How to Share Outlook Contacts between two Orgs
      In itrezzo UCM, there are two constructs for pushing contacts:

      • MCL’s - Mandatory Contacts Lists
      • CCL’s - Custom Contact Lists
      If you are pushing contacts from the Global Address List, an MCL is the best method.  With an MCL, you can use mail enabled groups from from Active Directory to select the members of the  contact list you want to sync to your users.  If a user already has a contact for a coworker,  UCM will update that contact and start managing it as part of the contact list.  It’s the best way to avoid duplicate contacts.

      However in the example described at the top of the post, the contacts from the remote HQ GAL are presumably not in the local GAL. Thus, the prescription here is for a CCL.

      A CCL can be used in almost all other cases. You can sync Outlook contacts from public folders, mailboxes, a SQL database or even a CSV. The final option (which we will use in this example) is to connect to Public Folder or mailbox contacts on a remote Exchange server.

      To sync a public folder from our parent organization, we will create a Custom Contact List as shown below.

      Navigate to the Unified Contact Manager container. Now select Custom Contact Lists. In the top right corner on the black and white toolbar, choose From Remote Exchange...  

      choosing a contact source for an Outlook contact folder


      The Remote Exchange Dialog box is displayed:
      Choose Mailbox or Public Folder. Than select your contact folder


      We start by entering the name of the contact list (1). This name is used as a category on each target contact so want to keep the name precise and short.

      The username (2) on the remote system does NOT need to have any particular domain or Exchange Server permissions. It is an ordinary mailbox that has REVIEWER permission on the source public folder.  In that way, the parent HQ doesn’t need to create a privileged account for use outside of their immediate IT organization.

      In almost all cases, EWS (Exchange Web Services) is exposed at the same URL as OWA. We will need to put the fully qualified URL (3) with the suffix /EWS/Exchange.ASMX.

      Next we select Public Folder (4) at the bottom.  If our credentials and URL endpoint are correct, we see the public folder hierarchy in the remote organization.  Now we navigate to the desired public folder and select it.

      Next click on the Targets tab (7) and you will see the dialog as shown below.

      Setup the target contact folder in Outlook

      I typically recommend using a subfolder for external contacts (8).  All of the target users have iPhones and they will sync contact subfolders from their Exchange Mailbox.

      A subfolder (9) will automatically be created in every target mailbox. Again, it is important to use a very precise name (9). Users will see this folder on both their desktop and smartphone.

      We always recommend adding a category (10)  to each target contact. This makes it easier for users to see the contacts as a group.

      The last and final step is to choose the target users (11) that will receive the contacts from the remote Exchange Server. We recommend that you use a collection to configure the targets.

      Save the CCL and we now see contacts from remote Exchange Server in the grid.

       

      We will also license all of the target users.

      For a quick test, we will navigate to the User Statistics container and run UCM on a single user. After that completes, there will be a NY HQ subfolder in that user’s mailbox.

      On the next scheduled UCM Task, all users will get the NY HQ contacts.


      Sunday, June 26, 2016

      How I got my head out of my SaaS and into the Azure Cloud


      We have spun out a new company to better service Office 365 tenants that want to sync the GAL and Public Folders to smartphones. Here is the story.


      Thursday, February 18, 2016

      Set Impersonation Mode for GAL or Public Folder Sync to User Mailboxes

      By Vern Weitzman

      There are two types of permissions that you can give to a service account so that it can easily update contacts, appointments and sticky notes inside of users mailboxes. Delegation is the most common permission used for on-premise Exchange Servers. It allows granular permissions

       
      This blog post shows the steps required to enable a user or service account to open mailboxes in impersonation mode on Office 365 Exchange.

      1. Log in to your Office 365 Management Console as a Global Administrator. Under the ADMIN menu, launch Exchange.


      2) Next you will see the Exchange admin center.  Launch the admin roles menu beneath Permissions.


      3) After you click admin roles, click the plus (+) symbol to add a new role. If another role already exists that has impersonation, you can just edit that role.

      After you hit the plus (+) symbol to add a new role (or edit an existing one), the roles dialog appears.  If it’s a new role, type the name App Impersonation.


      Add the service account under Members.   If you are using the cloud service and don’t have a service account yet, you should use grant the App Impersonation role to your mailbox (or to whatever mailbox that you used to set up the cloud service).

      It can sometimes take several minutes for these changes to become active.

      If you would like to enable App Impersonation via Powershell, read the blog post How to Configure an Office 365 Hybrid Premise Service Account.