Restore Active Directory Object Using LDP.EXE

 Restore AD Active Directory User Account using LDAP

 

 

LDAP –

In this example I am going to delete the user account ‘Bill Bob’ and show you how I restored it:

Open LDP.exe as an administrator

Once open click Connection, click Connect, type your servers name and port. LDAP uses port 636 or 389.

Click Connection, click Bind, and type the Administrator account and password.

Click Options menu, click Controls.
On Load Predefined, select Return deleted objects.

This option will show the Deleted Objects container that is hidden by default.

Press OK

Click View, click Tree, and then select the distinguished name of the domain name.

On the left double click, select DC=plebs,DC=local.

Then expand the Deleted Objects container, and find the deleted object (Bill Bob).

Right click on the object, then click Modify.

In the Attribute box, type isDeleted. Under Operation, click Delete, and then click Enter.

Then type distinguishedName in the Attribute field, then type the original distuiguished name of the user in the Values field, CN=Bill Bob,OU=PlebUsers,DC=plebs,DC=local. You can restore to a different DN location.

Under operation, click Replace, and then click Enter.

Select the Extended check box, and then click Run.

Now you restored the object it will be in Active Directory.

If you are getting LDP errors such as –

LOperation failed. Error code: 0x57
DAP: error code 12 – Unavailable Critical Extension

Go back into Options and Controls, double click on one of the Active Controls and check it in. Whilst also making sure Load Predefined is set to ‘Returned deleted objects’ then try again. I have experienced random errors at times when there are more than one active control, that took a little playing around in the Controls area to resolve.

Otherwise if no errors appear – check AD and see if the user is now back in it’s original OU.

However the results aren’t perfect, the account will be stripped of all attributes. The account will need a password and to be re-enabled.

However, NTFS and share permissions will still be intact.

Hope this is helpful!

 

How to Update Office 365 Groups Primary Email Address

How to Update Office 365 Groups Primary

 Email Address

How to Update the primary SMTP address of Office 365 Groups.

To do this, we must use PowerShell as it is not possible to change the email address of such group using the EAC.

First, we connect to Exchange Online PowerShell, and then we need to use the *-UnifiedGroup cmdlet.

To retrieve the list of groups that need to be updated, we use the following code:

Get-UnifiedGroup -ResultSize Unlimited | Where {$_.PrimarySmtpAddress -like "*tenantname.onmicrosoft.com"}

To update the primary SMTP address of an Office 365 Group, we use the Set-UnifiedGroup cmdlet with the PrimarySmtpAddress parameter:

Set-UnifiedGroup “Test Group” -PrimarySmtpAddress “test.group@nunomota.pt”

 

For E.g.

1.  Run the below command to add required SMTP address as an alias.

Set-UnifiedGroup -Identity "X" -EmailAddresses: @{Add ="Y"}

here X is the Display Name of Office 365 group and Y is the required Email ID.

Set-UnifiedGroup -Identity Test o365Group" -EmailAddresses: @{Add ="test.o365group@abcd.com"}

2. Promote alias as a primary SMTP address,

Set-UnifiedGroup -Identity "Test O365Group" -PrimarySmtpAddress "test.o365group@abcd.com"

3. If not required, you can remove first ID using below command.

Set-UnifiedGroup -Identity "Test o365Group" -EmailAddresses: @{Remove="test.o365group@abcd.onmicrosoft.com"}

PowerShell Code: Find Users with Email Address From a Specific Domain

Searching Email addresses with a specific domain name suffix Using PowerShell | Office 365 

Find Users with Email Address From a Specific Domain

Get-Mailbox -ResultSize Unlimited | Where-Object {($_.EmailAddresses -like "*@YourDomain.Com*")}

Command may take long to run as it will run on your Tenant completely. 

Use | Export-CSV Command to extract the output to the CSV File. 

How to use mailbox audit logs in Office 365

Summary

In Microsoft Office 365, you can run mailbox audit logs to determine when a mailbox was updated unexpectedly or whether items are missing from a mailbox. You may have to do this, for example, if items are moved or if they're deleted unexpectedly or incorrectly.

For the vNext environment, please note that mailbox audit logs are not enabled by default and need to be turned on for a user before beginning a search

How to run and check mailbox audit logs

Mailbox audit logging lets users obtain information about actions that are performed by non-owners and administrators. Mailbox audit logging is available to members of the Audit Reporting Mailbox self-service group only by using Windows Remote PowerShell.

Step 1: Run the script

To run the script, follow these steps:

1. Start Notepad, and then copy the following code into the file. The code uses the search-mailboxAuditLog command that is part of Microsoft Exchange Server.

Copy Below: 

param ([PARAMETER(Mandatory=$TRUE,ValueFromPipeline=$FALSE)]

[string]$Mailbox,

[PARAMETER(Mandatory=$TRUE,ValueFromPipeline=$FALSE)]

[string]$StartDate,

[PARAMETER(Mandatory=$TRUE,ValueFromPipeline=$FALSE)]

[string]$EndDate,

[PARAMETER(Mandatory=$FALSE,ValueFromPipeline=$FALSE)]

[string]$Subject,

[PARAMETER(Mandatory=$False,ValueFromPipeline=$FALSE)]

[switch]$IncludeFolderBind,

[PARAMETER(Mandatory=$False,ValueFromPipeline=$FALSE)]

[switch]$ReturnObject)

BEGIN {

  [string[]]$LogParameters = @('Operation', 'LogonUserDisplayName', 'LastAccessed', 'DestFolderPathName', 'FolderPathName', 'ClientInfoString', 'ClientIPAddress', 'ClientMachineName', 'ClientProcessName', 'ClientVersion', 'LogonType', 'MailboxResolvedOwnerName', 'OperationResult')

  }

  END {

    if ($ReturnObject)

    {return $SearchResults}

    elseif ($SearchResults.count -gt 0)

    {

    $Date = get-date -Format yyMMdd_HHmmss

    $OutFileName = "AuditLogResults$Date.csv"

    write-host

    write-host -fore green "Posting results to file: $OutfileName"

    $SearchResults | export-csv $OutFileName -notypeinformation -encoding UTF8

    }

    }

    PROCESS

    {

    write-host -fore green 'Searching Mailbox Audit Logs...'

    $SearchResults = @(search-mailboxAuditLog $Mailbox -StartDate $StartDate -EndDate $EndDate -LogonTypes Owner, Admin, Delegate -ShowDetails -resultsize 50000)

    write-host -fore green '$($SearchREsults.Count) Total entries Found'

    if (-not $IncludeFolderBind)

    {

    write-host -fore green 'Removing FolderBind operations.'

    $SearchResults = @($SearchResults | ? {$_.Operation -notlike 'FolderBind'})

    write-host -fore green 'Filtered to $($SearchREsults.Count) Entries'

    }

    $SearchResults = @($SearchResults | select ($LogParameters + @{Name='Subject';e={if (($_.SourceItems.Count -eq 0) -or ($_.SourceItems.Count -eq $null)){$_.ItemSubject} else {($_.SourceItems[0].SourceItemSubject).TrimStart(' ')}}},

    @{Name='CrossMailboxOp';e={if (@('SendAs','Create','Update') -contains $_.Operation) {'N/A'} else {$_.CrossMailboxOperation}}}))

    $LogParameters = @('Subject') + $LogParameters + @('CrossMailboxOp')

    If ($Subject -ne '' -and $Subject -ne $null)

    {

    write-host -fore green 'Searching for Subject: $Subject'

    $SearchResults = @($SearchResults | ? {$_.Subject -match $Subject -or $_.Subject -eq $Subject})

    write-host -fore green 'Filtered to $($SearchREsults.Count) Entries'

    }

    $SearchResults = @($SearchResults | select $LogParameters)

    }

1. On the File menu, click Save As.

2. In the Save as type box, click All File.

3. In the File name box, type Run-MailboxAuditLogSearcher.ps1, and then click Save.

4. Start Windows PowerShell, and then connect to Windows Remote PowerShell.

5. Locate the directory in which you saved the script, and then run the script.

 Note

• If you run the script without parameters, you will be prompted for the following default parameters:
  • Mailbox
  • StartDate
  • EndDate
• To search for entries from the current day, add one day to the end-date value in the prompt window. For example, if the current date is 3/14/2017, and you want to include the current day in your search, enter 4/15/2017  as the end date.

Remote Server returned '550 5.7.520 Access denied, Your organization does not allow external forwarding

Delivery has failed to these recipients or groups:

Your message wasn't delivered because the recipient's email provider rejected it.

Remote Server returned '550 5.7.520 Access denied, Your organization does not allow external forwarding. Please contact your administrator for further assistance. AS(7555)

If you have received above error recently in an NDR, Check below settings and make changes as suggested to start the mail flow as usual. 

What caused it: Oct 2020: MC221119: Office 365 ATP External email forwarding controls and policy change

Above Policy Changes your Rules for automatic external forwarding in your Outbound Spam Filter Policy.

Which is by default set to AUTOMATIC - That blocks automatic external forwarding

• Automatic: Automatic external forwarding is blocked. Internal automatic forwarding of messages will continue to work. This is the default setting.

• On: Automatic external forwarding is allowed and not restricted.
• Off: Automatic external forwarding is disabled and will result in a non-delivery report (also known as an NDR or bounce message) to the sender.

In order to fix this issue, change your Policy from AUTOMATIC to ON. 

Changing policy setting to ON will allow Automatic External Forwarding that is been set on your Email Addresses inside your O365 Tenant.

Microsoft-Windows-GroupPolicy Event ID 1006 / 49

Microsoft-Windows-GroupPolicy Event ID 1006 .

ErrorCode 49. ... Error code 49 (Invalid credentials)

Sure fix of this issue is to check your HOST File entry in c:\windows\system32\drivers\etc

Cause: cluttered host file & entries of AD DC in it also check for Server IP Entry

Resolution: Remove AD DC Entries from HOST FILE & run GPUPDATE - Issue Fixed

Log Name: System
Source: Microsoft-Windows-GroupPolicy
Date: 12/01/2011 11:51:40 AM
Event ID: 1006
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: server.local
Description:
The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.