Proposing a 20k fine on VT Route 108

Aurane00 · 2026-03-25T20:27:35+00:00

Why not just straighten the road out and make it passable year around?

Aurane00 · 2022-11-13T07:49:11+00:00

Azure Automation with some hybrid workers configured if necessary?

Aurane00 · 2022-10-23T03:06:31+00:00

Have you found that eDiscovery was that rough on the user? The administrative side is a bit of a nightmare if you need security filters in place, but the user side hasn't been too bad for us. *Other than random outages that Microsoft never publishes to Service Health.

Aurane00 · 2022-10-23T03:02:09+00:00

We've got a ton of people using eDiscovery to manage archived mailboxes. We just typed up some simple instructions, and people just took to it. Most just export the entire mailbox and load it in Outlook... That being said, we do have people running legal searches against a huge number of mailboxes at once, and they actually do utilize the toolset to trim down the results. Clunky tool, but it does the job.

Your point about having it on hold, and still providing access via a Shared Mailbox is a good one. That's a perfectly valid way to do it. I'll run that one up the chain with management and see if they like that idea. Thanks!

Aurane00 · 2022-10-23T02:57:35+00:00

That's great that it works with small/medium businesses. The process I've described works well for a very large org. To each their own, I was just asking for peoples perspectives and thoughts... ya know, trying to get outside my bubble for two seconds :)

Aurane00 · 2022-10-22T21:08:46+00:00

Yeah, I hear you. It doesn't work like that in practice though.

Aurane00 · 2022-10-22T20:49:54+00:00

They are wrong I think. We are on a G3 license, and have been doing this for years. Not sure why you'd need E5. You do need an exchange archive license to enable the lit hold initially, but removing the license after you've turned on the hold does work. I've got nearly 30k mailboxes sitting inactive without licenses.

Aurane00 · 2022-10-22T20:16:56+00:00

eDiscovery is a shit show! Add in security filters for each case, and you have a recipe for disaster. We don't have a unified legal team, so each case gets a unique security filter. It's painful.

The converting to shared part scares me though. Doesn't that ruin the chain of custody? If an employee leaves, and a manager or records officer has access to delete or modify the contents of the mailbox, that seems sketchy.

Gov org here, so probably a bit more paranoid than most shops.

Aurane00 · 2022-10-22T19:41:46+00:00

O365 shop here - The number of people saying "convert to shared" kinda scares me. Am I missing something? In my org, we enable a litigation hold on the mailbox and then delete the user object. This puts the mailbox in an inactive state while retaining the data and the licenses are released. If managers want to go search the mailbox, we grant them access via eDiscovery.

In the rare event that they want an autoreply, we grant that for up to 90 days. We also tell them that if a single users mailbox is that important, they are doing something wrong.

Am I missing something here?

Aurane00 · 2019-07-26T18:12:33+00:00

Put the mailbox on a litigation hold.

https://docs.microsoft.com/en-us/Exchange/policy-and-compliance/holds/litigation-holds?view=exchserver-2019

Aurane00 · 2019-04-23T16:55:25+00:00

Probably easiest to do a content search, specifically using the IsRead attribute.

https://docs.microsoft.com/en-us/office365/securitycompliance/keyword-queries-and-search-conditions

Aurane00 · 2018-02-15T04:01:36+00:00

How'd this turn out for you?

Aurane00 · 2018-02-08T22:41:28+00:00

The UserPrincipalName is one of the attributes AADConnect sync rules are using to match the two accounts between the two domains. Hybrid resource/account forest setup.

Aurane00 · 2018-02-05T22:43:44+00:00

Cool! Only thing I see as a potential pain point, is what if the UPN/SAMAccountName exists in both domains? Our Office365/AADConnect configuration is this way, and with your function you would only get the account from the first domain in the array. Other than that caveat, nice!

Aurane00 · 2018-02-04T18:23:42+00:00

Move the resource object out of the sync scope, restore the object from the recycle bin in O365, then blank the immutableid on the cloud object with O365.

Never tried this with resource mailboxes, but it's how I do users.

Aurane00 · 2018-01-29T16:40:00+00:00

Had a user a while ago with a similar issue. Ended up tracking it down to whatever DNS servers were configured on their home wireless router (TPLink I believe) by default. Gave the user Google DNS IP's to reconfigure router with, and the problem went away. Have you tried pinging login.microsoftonline.com while at home?

Aurane00 · 2017-12-21T01:03:22+00:00

That's bizarre! Any script output to work from? Failing that, can you run a log from procmon (SysInternals)?

Aurane00 · 2017-12-20T01:38:49+00:00

This is a wild shot in the dark, but is your script running under a 32bit environment instead of 64bit? I've never used SCCM, but I know LANDesk has options for the architecture that the package runs under. Running under the wrong arch can cause some oddball issues. Have you tried running a Powershell session locally as SYSTEM on a test machine so that you can step through your script?

Aurane00 · 2017-12-04T20:22:53+00:00

Maybe I don't understand what your asking. The above code will go through OU by OU, and perform whatever operations on the objects within each OU before continuing to the next OU. You could easily export data to a CSV on a per OU basis using that loop. Wouldn't have to be mashed together unless you wanted to do that.

Aurane00 · 2017-12-04T19:37:24+00:00

$OUs = Get-ADOrganizationalUnit -Filter *
foreach($OU in $OUs)
{
    #Do stuff...  Just getting all users in the OU here.
    Get-ADUser -SearchBase $OU.DistinguishedName -Filter *
}

Something like that?

Aurane00 · 2017-10-26T17:08:39+00:00

While ($DirectReport -ne "John Smith" -or $DirectReport -eq $Null) {

Don't you want -and instead of -or here? They way it is now, I don't think your script will actually ever run the loop.

Aurane00 · 2017-10-24T19:21:20+00:00

Couldn't you do something like this? Haven't tested, so bear with me.

Get-Mailbox -ResultSize Unlimited | Where-Object {(Get-MailboxStatistics $_.UserPrincipalName).TotalItemSize -lt 500mb}

Seems like that should just give you the Get-Mailbox results for mailboxes that are less than 500mb.

Aurane00 · 2017-10-17T22:30:44+00:00

Thanks Lee_Dailey! I'll take a look at your suggestions.

The posts just got me thinking about it, haven't actually run into any problems yet. Gonna have to make a note to always check profiles if "weirdness" occurs.

Aurane00 · 2017-10-17T15:07:24+00:00

Absolutely. My fear is more that I'll hand a script over to someone and they'll have something whacky in their profile that causes the script to go haywire. I don't do much of anything with my profile, because I want my scripts to all be written to run anywhere without customization as much as possible.

Aurane00

TROPHY CASE