Hybrid Exchange – shared folder

This script help you to add permission (full & sand as) an a shared mailbox in a hybrid exchange configuration.

type this command in you exchange online PS



$SharedMailbox = “sharedmailbox@i-ricci.com”

$UserAccount = “usermailbox@i-ricci.com”

#remove full access permissions for the affected user from the shared mailbox

Remove-MailboxPermission $SharedMailbox -User $UserAccount -AccessRights FullAccess

## Add Full Access permissions back on, but make sure you set AutoMapping to FALSE!

Add-MailboxPermission $SharedMailbox -User $UserAccount -AccessRights FullAccess -InheritanceType all -verbose ### -AutoMapping $false

Add-RecipientPermission $SharedMailbox -AccessRights SendAs -Trustee $UserAccount

## shared mailbox

Get-Mailbox $SharedMailbox | Set-Mailbox -MessageCopyForSentAsEnabled $True

Hybrid Exchange – manage certificates

On Premise, to view installed certificate


On Premise, to link a new certificate in a multiple services:

Enable-ExchangeCertificate -Thumbprint [thumbprint’s new certificate] -Services IMAP,POP,IIS,SMTP

On Premise, to remove the old certificate:

Remove-ExchangeCertificate -Thumbprint [thumbprint’s new certificate]


Certificate linked to the office 365 connector


On Premise, to link the new certificate to the Office365 send connector:

$cert = Get-ExchangeCertificate -Thumbprint [thumbprint’s new certificate]
$tlscertificatename = “$($cert.Issuer)$($cert.Subject)”
Set-SendConnector “Office 365 send connector” -TlsCertificateName $tlscertificatename

On Premise, to link the new certificate to the Office365 receive connector:

$cert = Get-ExchangeCertificate -Thumbprint [thumbprint’s new certificate]
$tlscertificatename = “$($cert.Issuer)$($cert.Subject)”
Set-ReceiveConnector “[exchangeserver\connector name]” -TlsCertificateName $tlscertificatename

On Premise, to view the new certificate linked to receive connector:

Get-ReceiveConnector |ft identity, TlsCertificateName, TlsDomainCapabilities -TlsCertificateName

Exchange 2016 – enable forward by PS

With this command you can enable an automatically forward from internal mailbox to an external mailbox with copy:

Set-Mailbox -Identity “John Travolta” -DeliverToMailboxAndForward $true -ForwardingSMTPAddress “user.one@home.net”

Type this command to check the configuration applied in a mailbox:

Get-Mailbox “user.one@home.net” | Format-List ForwardingSMTPAddress,DeliverToMailboxandForward

Windows 2016 – Delete recovery partition

Windows 2016 – Delete recovery partition


1. Right click the start icon and select the Command prompt(Admin).
2. Type Diskpart in the command prompt – Enter.
3. Type rescan at the prompt. – enter – This operation will take a few seconds.
4. Type list disk and press Enter
5. Select the disk, where the partition is sitting – in your case, probably 0, by typing Select disk 0
6. Type list partitions and enter.
7. Carefully select the partition that you wish to delete, by typing select partition x (substitute x)
8. Type delete partition override and enter.

iGel THIN CLIENT – passthrough authentication

iGel THIN CLIENT – passthrough authentication

If you log on to the client with your AD account the password can be changed and thus the password is already changed when it comes to authentication at the Citrix server. The credentials can be passed automatically to the Citrix session without the need to provide them another time.

Security -> Logon -> Active Directory/Kerberos -> Login to Active Directory Domain (place checkmark)

Security -> Active Directory/Kerberos -> enable (place checkmark)
Security -> Active Directory/Kerberos -> Default Domain (Fully Qualified Domain Name) (fill in)
Security -> Active Directory/Kerberos -> Domain 1 -> Domain Name (fill in domain FQDN)
Security -> Active Directory/Kerberos -> Domain 1 -> Domain Controller list (add FQDN of the domain controller(s))

Sessions -> Citrix XenDesktop/XenApp -> Citrix StoreFront/WebInterface -> Logon -> Use passthrough authentication (place checkmark)

Please be aware that now the client needs to be locked locally instead of in the session to avoid that another person can use the passthrough to get into the session without providing the password.

User Interface -> Screen Lock /Saver -> Use Hotkey -> Modifiers: Win

User Interface -> Screen Lock /Saver -> Use Hotkey -> Hotkey: l

User Interface -> Screen Lock /Saver -> Options -> Screen Lock Password: User Password

Thus the win + L will lock the IGEL Client instead of the session desktop. The AD password needs to be netered to unlock the IGEL Clients.

Exchange 2016 – 5.7.54 SMTP; Unable to relay recipient in non-accepted

Exchagne 2016 error: 5.7.54 SMTP; Unable to relay recipient in non-accepted

Find the receive connector contain ip of smtp client;

to view all send connector use this PS command:




and after you find the receive connector in use try this command:


Get-ReceiveConnector –Identity “your_server\your_receive_connector” | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “Ms-Exch-SMTP-Accept-Any-Recipient”