A New Tool to Manage Exchange-related Attributes Without Exchange Server
Introducing the Exchange Recipient Admin Center
Microsoft released Exchange Server 2019 Cumulative Update 12, which allows you to remove your last Exchange Server so that you can run Active Directory with Azure AD Connect and manage Exchange-related attributes in a supported way.
However, because the user interface, the Exchange Admin Center, is part of Exchange Server, it means that the management tools are PowerShell-only. Knowing that not everyone prefers to manage their Exchange-related attributes with PowerShell scripts, I developed an open source GUI to help you manage your mailboxes.
Called the Exchange Recipient Admin Center (ERAC), it’s a free, open source GUI that uses the new cmdlets under the hood, and is designed to run locally for you on-demand when you need it. For the first release it is primarily designed for companies with less than 200 mailboxes. But first, let me set the stage.
Preparing for your post-Exchange Active Directory
For as long as you run Azure AD Connect to synchronize your AD users to Azure AD, and therefore Microsoft 365 and Exchange Online, you are running in a hybrid identity state. This means that the master of your Exchange Online mailbox attributes is the local Active Directory.
Microsoft requires Exchange-related attributes to be set and managed properly so that they can support you if there are issues. Until recently, this meant that you needed to run an Exchange Server on-premises to manage the Exchange Online mailboxes, distribution groups, contacts and other associated items (like email address policies). The changes you make using the Exchange Server on-premises would be stored in the local AD, then Azure AD Connect synchronizes them to the cloud. Managing the attributes directly using AD tools like ADSIEDIT risks potential issues, and as such, remains unsupported.
Exchange Server 2019, Cumulative Update 12 (and above) allow for the installation of just the Management Tools, and also allow you to permanently remove (not uninstall) your last Exchange Server 2019. And, if you are building out a new greenfield environment that includes Active Directory and Azure AD Connect, you can now extend the schema and prepare the AD forest for Exchange attributes, but then only install the management tooling.
The management tooling itself is only a subset of recipient management tools designed for use after migrating from Exchange your last mailboxes to Exchange Online. The tooling is designed for managing remote mailboxes, distribution groups, mail contacts, accepted domains and email address policies.
Removing the last on-premises Exchange Server isn’t for everyone though. Even if you moved all your mailboxes to Exchange Online, you are likely to keep one or more Exchange Servers for ongoing SMTP mail relay for legacy on-premises application servers, at least for now. If you aren’t sure whether you can remove your last Exchange Server yet, read more about removing the last Exchange Server.
If you are happy to remove the last Exchange Server, but managing recipients solely using PowerShell isn’t for you, and you’d prefer to have a GUI, then I hope you’ll find the Exchange Recipient Admin Center useful.
The ERAC is written in PowerShell, so you can check what it will do, but you don’t have to employ PowerShell to use it.
First, a word of warning: Because the ERAC is local-only, it runs as the user you would run the Exchange recipient management tools as. Once you launch it, it launches a local web browser for access and doesn’t require a login. Therefore, do not run this on a shared VDI environment or leave it running on any multi-user machine. It is not designed as a secure web server, so if you want to run a network-accessible server with a web-based interface for Exchange Management: keep running Exchange Server 2019.
If all this sounds good and you want to test the first version either clone or download the ZIP and extract from the GitHub site:
You must be signed in as a user who’s a member of the Recipient Management EMT security group in AD. Then right-click and run the PowerShell script. Like many PowerShell scripts, you might need to unblock the file first.
When you launch the ERAC, it creates a localhost-only web server on a random high port. It is written in PowerShell, loosely based upon the PowerShell Web Server project and uses the open-source Bootstrap front-end toolkit.
The ERAC is designed with a familiar interface so it will be familiar if you use the new Exchange Admin Center in Microsoft 365:
The ERAC user interface is designed to give you access to the new management cmdlets, with sections for managing remote mailboxes, distribution groups, contacts, email address policies and accepted domains.
For remote mailbox management, the initial version allows you to enable new remote mailboxes for existing AD users, and manage existing remote mailboxes. For new AD users, continue to use Active Directory Users and Computers, then enable the new user as a Remote Mailbox in the ERAC.
The concept is repeated across each section. You have the ability to enable existing AD contacts as mail contacts and manage those; but for other areas you have the capability to add as well as manage groups, accepted domains and email address policies.
Because this is the first release, expect more features in the near future.
You can report issues and make feature requests via my GitHub repo or in the comments below.
On my initial list for upcoming features:
- Moving the web-based UI to a local app, using Electron (like Teams does today) or WebView2 to remove the need to run a web server using PowerShell.
- Adding controls for result size, search/filtering and pagination to Remote Mailbox, Distribution Group and Contact management sections
- Adding the ability to create and delete AD users, if you have permissions to do so.
- Adding a configuration file to store customizations, such as pagination and maximum results or default OUs for object creation.
- Adding the ability to see the “What If” result of an action
- Adding an EAC-style PowerShell cmdlet log to help you learn what cmdlets to use
- Adding in the ability to connect to Exchange Online as part of initialization, so you can see the combined results, manage cloud-side configuration such as permissions and client access settings, and see when a change is replicated to Exchange Online
Feel free to me know which of those you’d find most useful; and add a comment below if you find the Exchange Recipient Admin Center tool useful.
via Practical 365 https://ift.tt/DIS2Vw8
May 18, 2022 at 12:02AM