I am trying to move a mailbox from 1 user to another in Office 365.
We have Dirsync set up to keep everything synchronised.
The reason for this is that we occasionally get corrupt AD accounts so we have to set up a new account and copy over the data (this doesn't happen a lot, but it does happen).
I have checked through all the online help from Microsoft and other sources but just can't find a way that works.
I have tried deleting the mailbox, then restoring it:
One guide said to use the GUID's to transfer the account, but a deleted account doesn't have a GUID.
Another guide says to use Restore-MsolUser - but you can't specify a new AD account.
So in a nutshell all I want to achieve is this:
Local AD user "A" has the email "A#xyz.com" needs to change to
Local AD user "B" has the email "A#xyz.com"
At the moment we have to keep both the old and the new AD accounts active to maintain the email, but if the user changes their password on the new account it obviously doesn't sync with their email account as it's on their old AD account.
I have been trawling through internet guides for weeks but to no avail. Any help would be much appreciated.
Thanks
John
Related
Many years ago I set up my domain so Google would manage my domain's email. Today, possibly because I was accessing from another state, Google decides to suspend the service:
Your organization's Google workspace account has been suspended. Please contact your Google workspace organization administrator to re-activate your organization.
So since I'm the administrator, I try to logon with those credentials, which are correct, but they challenge me, and want me to complete an email loop, but the recovery email is in the locked domain!
There seems to be no way to get this fixed. There's some code they can send me that I'm supposed to put my domain's server to prove I'm legit, but Google controls that...I have nothing on the domain except email. I'm paying Hover as the registrar.
Any way out?
I appreciate "Only Google can help", but there's no path forward. No phone number, no button to "open a ticket", no live chat. If you can't log on as administrator, none of that is available. How would a superuser get through on a problem like this?
There is a page that says:
To get phone, chat, or email support for your legacy free account at xxxxxxx.com, you need to upgrade to Google Workspace.
To continue, switch to an administrator account. This will open the Google Admin console.
https://support.google.com/a
But I can't log in as administrator to upgrade my account so I can get support because when I log in with correct credentials, they send a challenge to an email address that's in the locked domain!
I can't be the only one this happened to, so figure they're just hiding the path to victory so they don't have to answer too many phone calls. This page might be as close as I've gotten: https://support.google.com/a/answer/6335621
When I try to open a support case under my non-admin account, it says
You do not have permission to create support cases.
I found a form to fill out: https://support.google.com/accounts/contact/disabled2
The above form accepts any email address, so you enter any email address that you currently have access to (not one that is locked, obviously).
But matter what I do, they want me to prove my identity by adding something to my domain. I've asked Hover how to do this, but have not received a response yet.
Here's the email Google sent
Your action is required in order for us to assist with your request.
We were unable to verify the DNS ownership of Google Workspace Account sengsational.com. Please follow the instructions below to verify domain ownership.
The following instructions outline the DNS record (CNAME or TXT) to add to your domain settings. Learn more
Via CNAME (preferred):
Label/Host: [eight digit number removed]
Destination/Target: google.com
Time to live (TTL): 3600 seconds / 60 minutes / 1 Hour
For more information on how to create a CNAME record, please refer to the article Add a CNAME record to your domain's DNS records. If you need assistance creating the CNAME record, please contact your hosting provider for support.
You can verify your CNAME record here.
Via TXT:
Label/Host: enter # or leave it blank
Value/Destination: google-gws-recovery-domain-verification=[eight digit number]
Time to live (TTL): 3600 seconds / 60 minutes / 1 Hour
For more information on how to create a TXT record, please refer to the article Verify your domain with a TXT record . If you need assistance creating the TXT record, please contact your hosting provider for support.
You can verify your TXT record here.
Note: Updates to DNS records may take 24-48 hours to propagate across the entire internet.
In order for us to help you with the sign-up process, please follow this link and submit your request.
Best regards,
Google Workspace Support
Key Finding:Contact the company where you have your domain registered to have them manage the DNS records.
Hover is who I pay every year to keep my domain name active. I logged on, opened a chat, pasted-in the email from Google, and they were more than happy to update those records, right there on the spot!
Then, I went back to the email that Google sent me. To complete this authentication loop, there is a button on the page to re-check DNS.
After refreshing the page, I was provided the option to change the password. After I did that, I was logged into the gSuite administrator account, finally!"
They also automatically changed the recovery email to the one I was using that was outside the domain that was locked.
We have a Powershell script that creates some guest users using the New-AzureADMSInvitation cmdlet, and its return value has a handy-dandy InviteRedeemUrl property that we include in a nice welcome email to the user to get them started with setting their account up and using our application. This works fine when inviting individual or small numbers of users.
However, we'll need to do this for many users, and carefully control when the emails go out, and I can't see any other way of retrieving this URL after-the-fact... the only option seems to be the "Resend invitation" button on the guest user in AD, which sends a Microsoft-branded email from "Microsoft Invitations" with the redeem URL, which is kind of a problem... For marketing reasons we need to put the invite redeem URL in our own welcome email, so we don't want Microsoft sending out those emails.
Is there any way to retrieve or calculate that invitation URL after the guest user had already been invited? I know I could delete and recreate the invitation itself, but that's still a manual process and I'd like to be able to create guest users in bulk first, and then retrieve those URLs in bulk once we're ready to send out emails. Especially since Azure AD itself seems to be able to fetch the redeem URLs later on via the "Resend invitation" button.
Alternatively , you can think of adding you company branding in the verification and invitation mails in azure AD.
Here is something similar you can find:-
https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-faqs#how-do-i-customize-verification-emails-the-content-and-the-from-field-sent-by-azure-ad-b2c
Basically you need to change the company branding in Azure active directory to have your custom logo and text.
Hope it helps.
We ended up modifying the AD invitation script to store the InviteRedeemUrl value in our CRM as a field on the customer record. Then later on when our Marketing team wants to start their email campaigns, they could include a reference to this field in the email template just like they would any other field. This way, we got all our analytics on click/open rates and retained complete control over the emails, including where each batch was being sent from (so customers could reply to the correct support staff member for their segment).
I'm an administrator of a Google apps domain and we recently reactivated an account which was suspended for around 6 months. Regular emails to this user are working well but emails to a group to which this user belongs does not seem to reach the user.
I tried deleting the user from the group and adding him again, but to no avail.
What might be the problem? And what is the solution to this?
You may refer with this thread. It suggested to check the email delivery setting and the spam folder. Here's another reference which might also help: Not getting a group’s emails
If you’re not getting emails from your group, check your email delivery setting:
Sign in to Google Groups.
Click My Groups.
Choose a group.
At the top right, click My settings.
Select Membership and email settings.
Check "Email delivery preference." Make sure that you haven’t selected "Don’t send email updates."
After making changes, click Save.
I have a cpanel account with multiple addon domains. I am in the process of moving every website to its own cpanel account.
I have email set up on the addon domains and before I go and move the files and the database over to the new account, I want to make sure that their emails move over as well.
I don't want the users to have to change their passwords, lose any email, etc. I have a couple clients that have dozens of email accounts attached to them, and they cannot afford to lose anything or change passwords.
I believe I can assist you. I suggest you create a test/fake domain to test! You can use your hosts file to point to a fake domain at your cpanel server!
Lets get started:
I have a cpanel account with multiple addon domains.
This means each addon domain have a folder in the main user account!
/home/main_user/addon_domain.tld
I am in the process of moving every website to it's own cpanel account.
I guess you will create a new account for each addon addon_domain.tld
and move to /home/New_addon_domain_username/public_html
I have email set up on the addon domains and before I go and move the files and the #database over to the new account, I want to make sure that their emails move over as well.
For the databases there are 2 cases! We can get back to that later.
For the email accounts, the solution may not be as hard as you think, and the users can keep there emails. Better, they will not notice any changes. All you need to know is this:
1- DATA
emails data is stored at /home/main_user/mail, you can copy those folders and sym-links for and in the separated accounts your create
There you can run the command "ls -l" and you will get it. (if not paste the results here)
2- Authentication, user/password
This can be found at /home/main_user/etc , take note they're hidden files (ls -a)
the files are .passwd and .shadow
I believe that in /home/main_user/etc you will find a unique folder for each addon_domain
which will contain both of .passwd and .shadow
I don't want the users to have to change their passwords, lose any email, etc. I have a
couple clients that have dozens of email accounts attached to them, and they cannot afford
to lose anything or change passwords.
I've done this zillions of time, the users keep the same account and password.
As I suggested, before you start, try with a test domain! Or at least create a test mail account to know where the data goes (/home.../mail) and the password auth goes (/home/.../etc)
Careful, you can not have the same mail account in 2 cpanel accounts. If you move it to a new one, you have to delete it from the previous one.
I work for a large company, which uses MS Exchange for Email. We have a distribution list for people to post questions, where anyone can answer. I am looking for a way to maintain a copy of this distribution list so that anyone can search it. Ideally, this would be searchable from within Outlook as well as by going to a webpage, but I will take either one. Someone has proposed to create a dummy email account, which just gets the distribution list traffic. Everyone interested in this distribution list could then attach this account. While this may work, there are several challenges with this approach:
1) It becomes problematic when you have several hundred people attaching a single email Inbox/account.
2). I need this account to be read-only, so someone doesn't accidentally delete an email from this account, thinking that it is in their personal account.
3). Our company has an auto-archive policy. This account would need to be exempt from that policy.
Any ideas?
Thanks
GS
The dummy mailbox is not a bad idea. You can give the people appropiate permissions to the Inbox folder of that mailbox.
To work around the permission issue you could either
1) create a transport agent which monitors the mailflow and dumps all messages to a database or CMS/SharePoint/whatever.
2) Create the dummy mailbox and setup a service which monitors this mailbox using push/pull/streaming notifications and dump the messages to a database/CMS/SharePoint/whatever.
The SharePoint solution would make the search option a piece of cake. But if you don't already have a SharePoint instance up and running this might be overkill.