Archive for the ‘ Microsoft Online Services ’ Category

Exchange Online’s absurd lack of administrative tools (plus a little PowerShell goodness)

Here’s what I have learned from our horrific experience migrating to Exchange Online: it’s great once you get there, but Microsoft clearly intends the migration process to be a gravy-train for consultants and “channel partners”.  The migration tools provided by Microsoft itself are hilariously weak and simplistic, but third party firms like MessageOps have all these bad-ass utilities for getting past the many (mostly undocumented) pain-points.

Which, you know, is awesome for firms like MessageOps (about which firm I cannot say enough good things, incidentally — Chad Mosman will answer your calls and emails like you’re his old buddy, and the guy has real answers instead of the call center scripts you get when calling MS).  But this also tells me that Microsoft created all the APIs and whatnot necessary to administer your Online Services subscription, and then just decided not to provide any tools that work against those interfaces, and that right there is some seriously weak sauce.  I have done greenfield deployments of Exchange 2003 and 2007, and migrations from 2003 to 2007 and 2007 to 2010, but NOTHING has been as fraught with difficulty as this move from on-premises Exchange 2003 to Microsoft’s Exchange Online.

Anyway, as is usually the case with Microsoft products these days, PowerShell turns out to be the solution to most of my troubles.  Example: there is no clear way in the Administration Center (or anywhere else) to grant one user permissions on another user’s mailbox, something Exchange administrators have been doing since the dawn of time.  And since MAYBE your existing permissions will be migrated by the “Migration Tools” and maybe they won’t, you’ll need to know how to do this:

First, you need to be doing this in PowerShell on a machine that has Microsoft’s sucky BPOS migration tools installed.  Also, you might need to launch PS as an administrator — I always do, anyway.  Add ye olde required snap-ins thusly:

Add-PsSnapIn Microsoft.Exchange.Transporter

Now define some variables to put together a credential that you can securely transmit to gain access to Microsoft Online:

$powerUser = ""
$powerPass = "YourWeakP@ssword"
$password = ConvertTo-SecureString $powerPass -AsPlainText -Force
$cred = New-Object -TypeName System.Management.Automation.PsCredential -ArgumentList $powerUser,$password

Now the $cred variable is populated with an automation object suitable to log you in securely.  Finally, the good stuff:

Add-MsOnlineMailPermission -Identity -Credential $cred -TrustedUser -GrantFullAccess True -GrantSendAs True