How to manage Enterprise environments - Part 1 - Filtering Queries

Tutorials in this series - 
How to manage Enterprise environments - Part 1 - Filtering queries - Link
How to manage Enterprise environments - Part 2 - Creating scripts with a filtered query - Link
How to manage Enterprise environments - Part 3 - Bulk management using multiple filters - Link

------------------------------------------------------------------------------------------------

How to manage Enterprise environments
Part 1 - Filtering Queries

Introduction - Enterprise environments and the challenges they pose.

When you start managing Exchange on-premise or Office 365 Enterprise environments, you will quickly become overwhelmed by the sheer size of the Enterprise environment. Government departments will host tens of thousands of mailboxes, and organisations in the Education sector can easily have many hundreds of thousands of mailboxes.

The sheer size of most Enterprise environments pose unique challenges, especially with Identity Management, Office 365 licensing, permissions, delegated access, data sovereignty and government regulation of data retention. To be able to manage the Enterprise environment more easily, it is important to devise a way to manage the different sections.


How to determine the best way to filter all that information

The most important thing to do, is to review your environment to determine how it is already structured for management. This may be something obvious, like the Office attribute that is shared in both Active Directory and Exchange. Your environment may be managed via Active Directory Organizational Units, but that may not translate to how you need to manage Office 365 objects.

When determining the best way to manage your environment, look for Active Directory fields that match in both Active Directory and Exchange Online, like the fields in the Organization section of a mailbox (Department, Company, etc). Anything that can link business teams etc together will help you manage your environment.

In the example below, in a Hybrid Office 365 environment, you can see the the attributes in the user's Organization tab in local Active Directory for cloud.user06
















You can see in the image below, that once dirsync has completed, the attributes match the Exchange Online Mailbox.











You can see below, that as this is a Hybrid environment with local Exchange, those attributes will appear in local Exchange as well. Remember that in a Hybrid environment, mailboxes hosted in the cloud are shown as 'Office 365' under Mailbox Type.













As you can see, many attributes are available across local Active Directory, Exchange on-premise and Exchange Online. The trick is to determine the best way to link all three together. It may be as simple as teams that are broken up by the Department, the Company or even the Title. But sometimes you need to create your own customised way to separate users into manageable units depending on the business needs.


Active Directory - Exchange Custom Attributes to the rescue !!!

Many Enterprises already utilise the AD Custom Attributes that are also available in Exchange Online and Exchange On-premise. If this is already utilised, you can easily create filters that will help when creating reports or managing users via PowerShell.

For the following examples, I have edited Custom Attribute 1 in Active Directory on-premise. This is also available in Exchange on-premise and Exchange Online (seen as Exchange Custom Attributes).

I have added values for Custom Attribute 1 to match the mailbox type in the on-premise Exchange environment. You can have countless variants on what you enter into the Custom Attribute 1 field. This is a great way to add a layer of management to make it much simpler to sort, filter and manage.
Custom Attribute 1 in local Active Directory can be edited via Attribute Editor.












To access Attribute Editor in local Active Directory, you need to perform the following -
In Active Directory Users and Computers - View - Advanced Features - Select to enable.








Next you must browse to the actual object you want to edit. You cannot use the search function.
Browse through your domain and Organizational Units, Select the object - Properties











Once the object properties are displayed, you can now select - Attribute Editor









Scroll down to - extensionAttribute1 -







Double click or click Edit -
Enter the text you want to filter on for extensionAttribute1 (CustomAttribute1)
OK - Apply

Now you have set a custom attribute that can be used in filtered queries.











Now that you have created your first Custom Attribute, you can add them to all the mailboxes to provide an effective filtering option. As you can see in the image below, you can simply add the Custom Attribute 1 column to your Exchange Admin Centre. You can now easily sort your mailboxes via the Custom Attribute 1.
This works in both Exchange on-premise and Exchange Online.













You can now easily export this via the EAC creating your view, then selecting the dots ...
Then export data to a CSV file.












This is fine in most small and medium size businesses, but when dealing with Enterprise environments, you will soon discover that the hard limit in Office 365 EAC is 10,000 results.





Sure you can create a search and filter by that Custom Attribute, but you will still be limited to 10,000 results, even with the filter.

Thankfully, PowerShell comes to the rescue.

PowerShell has no limits and I can easily export a csv file with all 330,000 mailboxes in the file.
Sure it will take a few hours, but it IS an option, and it does work.

And then of course, if I have created my script to include Custom Attribute 1, I can then filter in the csv. This is a great solution, however I can take it even a step further by creating the script to filter the search BEFORE returning the results. This has the added benefit of taking far less time as it is only searching for Custom Attribute 1 with 'VIP User' for example.

Think about how you can manage your environment better BEFORE creating the filtered scripts.
Even an organisation with a few hundred users can be much more easily managed if you can run reports on a filtered batch of twenty users.

Part 1 of this series discussed how you can determine the best way to filter your users into more manageable chunks. Now continue to part 2 where I show you how to create scripts using managed filters.

----------------------------------------------------------------------------------------------------

Basic PowerShell Tutorials
01. How to configure your desktop PC for Office 365 Administration - Link
02. How to connect to Office 365 via PowerShell - Link
03. How to create basic PowerShell scripts - Link
04. How to create basic PowerShell scripts with Export-CSV - Link
05. How to create basic PowerShell scripts with Import-CSV - Link

Series Tutorials -
How to manage Enterprise environments - Part 1 - Filtering queries - Link
How to manage Enterprise environments - Part 2 - Creating scripts with a filtered query - Link
How to manage Enterprise environments - Part 3 - Bulk management using multiple filters - Link

Tips and Tricks
General Tips and Tricks for better Office 365 Administration - Link
How to extend your Office 365 Trial - Link
How to get a 180 day trial tenant in Office 365 for testing - Link

----------------------------------------------------------------------------------------------------

No comments:

Post a Comment