My researches on Exchange, AD, PowerShell, and more...

I have gone through the bulk mailbox creation for all of the users in AD. The steps included were creation of a CSV file with user atributes and run a PS script which processes the csv file.

1. Crate a CSV with the following fields for all AD user objects: Lastname,Firstname,Name,UserPrincipalName,Password

2. Make the script and save as ps1 and run the script :

Import-CSV C:\users.csv | ForEach-Object -Process {New-Mailbox -Name $_.Name -FirstName $_.FirstName -LastName $_.LastName -OrganizationalUnit $_.OU -UserPrincipalName $_.UPN -Alias $_.alias -Database “Name of database” -Password $Password}

{ 0 comments }

There are two tasks for this:

1. Assign Full access permission to user B on User A’s mailbox

2. Give Send As/Receive As permission to User B on User A’s mailbox.

Full Access Permission:

Run the cmdlet:  Add-MailboxPermission “UserB” -User “UserA” -AccessRights FullAccess -InheritanceType all

Receive As/ Send As permission:

Add-ADPermission “UserB” -User “Domain\UserA” -Extendedrights “Send As”

Add-ADPermission “UserB” -User UserA -Extendedrights “Receive-As”

{ 0 comments }

The following cmdlet will help to generate a list of recipients ‘not hidden’

get-recipient -resultsize unlimited -filter {HiddenFromAddressListsEnabled -eq $false}

If you want to export the result to a csv file,

get-recipient -resultsize unlimited -filter {HiddenFromAddressListsEnabled -eq $false} | Export-CSV c:\recipient.csv

{ 0 comments }

Recently, I have made some research on an issue happened during Exchange Migration (2003 to 2010 or 2007 to 2010)

Issue:

After transitioning from Exchange 2003 (or 2007) to Exchange 2010, you get the following error when trying to create a new e-mail address policy: “You can’t specify the recipient container because legacy servers are detected”.

Resolution:

This happens because there are still traces of the old Exchange server(s) within the orgainisation in Active Directory. If you are certain there are no legacy servers remaining, do the following to remove them:

1. Launch ADSI Edit.
2. Browse to the following location:
3. Configuration [server.domain.local] > CN=Configuration, DC=domain, DC=local > CN=Services > CN=Microsoft Exchange > CN=DOMAIN > CN=Administrative Groups > CN=first administrative group > CN=Servers > CN=server
4. Locate the old server(s) and delete them.
5. You will need to wait for AD replication if you have multiple DC’s.
6. Create the policy.

{ 0 comments }

Information Rights Management (IRM) is enabled by default for internal messages in Exchange 2010. This allows you to create transport protection rules and Microsoft Outlook protection rules to IRM-protect messages in transport and on Microsoft Outlook 2010 clients. Enabling IRM for internal messages is a prerequisite for all other IRM features in Exchange 2010, such as transport decryption, journal rule decryption, IRM in Microsoft Office Outlook Web App, and IRM in Microsoft Exchange ActiveSync.

As the Exchange administrator, it is your responsibility to provide this level of automatic protection to all email messages that pass through the Exchange organization. You need to create a transport rule that complies with this corporate policy.

I have tried to Configure a Transport Rule to Provide RMS Protection to Email Messages Using a Built-in Template in Microsoft virtual lab environment. I have took a note of it to help others to understand it more clearly and to help them to implement it:

The discussion includes the steps like Enabling the IRM Licensing, creation of the transport rule and testing it how it would be using Outlook 2010.

1. Enable IRM licensing for internal messages

Use the cmdlet: Set-IRMConfiguration -InternalLicensingEnabled $true

Note: There is no output after running this command.

Use the cmdlet Get-IRMConfiguration to review the IRM configuration settings and verify that InternalLicensingEnabledis set to true as shown in the given screenshot.

2. Create the transport rule that applies the Do Not Forward RMS template

In Organization Configuration, click Hub Transport. In the Actions pane, click New Transport Rule.

Give a proper rule name and proceed to the Conditions page. Under Step 1: Select condition(s),

when an attachment’s content contains words check box as given below and give the word under observation.

Also select the rights protect message with RMS template check box as below:

Under Step 2: Edit the rule description by clicking an underlined value, click RMS template.

In the Select RMS template window, Select Do Not Forward, and then click OK

No changes are required on the Exceptions page, click Next.

On the Create Rule page, review the rule settings, and then click New as below.

3. Create and send a new email message with an attachment with monitored word

To test the rule, I have sent an email message with an excel document attached with it. The excel has been prepared with the word under monitoring in transport rules.

4: Verify that the transport rule was applied to the message

Open the sent email from the inbox in a new window

Wait while Outlook configures Information Rights Management. You can see the screenshot as below:

You will notice the information along withthe message as in the below screenshot to describe the IRM

In the Ribbon bar, notice that the Forward message option has been disabled.

Click Reply and review the Note in the message body.

Highlight the text Here is the status report, and then right-click the text. Notice how the Copy and Cut options have been disabled.

In the Message, click the File tab. Notice that the Save As, Save Attachment and Print options have been disabled.

In conclusion, we can find that the IRM has been applied successfully. Hope the post will help you out while configuring IRM for your organization.

{ 0 comments }

I will describe small steps to recover a mailbox from Windows Server Backup. It includes steps like restroing the backup file from WSB to an alternate location, creation of recovery database and restoring the mailbox

1. Recovery from backup:

1. Start WSB on the server and select Recover from the Action menu

2. On the Getting Started screen select This server to specify the location of the backups and then I’ll click Next

3. On the Select Backup Date screen select the date and click ‘Next’

4. On the Select Recovery Type screen select Applications and then click Next:

5. On the Select Application screen select ‘Exchange’ for the application to recover, then I’ll click Next

6. On the Specify Recovery Options screen, restore the backup to an alternate location

7. On the Confirmation screen, hit the Recover button to start the recovery

8. When the restore was successful, click Close and navigate to the location to see the files recoverd

2. Check the database state: In order for Exchange to mount a database, it needs to be in a clean shutdown state. Use the following command to view the status: eseutil /mh DB01.edb. If the database state can be seen as Dirty Shutdown, run the following command to do a soft recovery:

eseutil /r e01 /d

The /r specifies that I’m doing a soft recovery. The e01 is the log generation prefix for the database. The /d switch without any arguments to specify the database path, which is in the current directory.

Once the operation has completed successfully, I can run eseutil again with the /mh switch to verify the database is clean shutdown

3. Creating a Recovery Database: Use the New-MailboxDatabase cmdlet with the following syntax:

New-MailboxDatabase -Name RecoveryDB -EdbFilePath E:\RecoveryDB\E_\DB01\DB01.edb -LogFolderPath E:\RecoveryDB\E_\DB01\DB01.edb -LogFolderPath E:\RecoveryDB\E_\DB01 -Recovery -Server mbx1

Mount the database using the following command: Mount-Database RecoveryDB. The Recovery database is now mounted, and ready to restore mailbox data.

4. Finding the mailbox and restore:

To do a complete restore of the mailbox data to the original mailbox that is currently active in the production database use the following command:

New-MailboxRestoreRequest -SourceDatabase RecoveryDB -SourceStoreMailbox ‘user mailbox’ -TargetMailbox recoveredmails

See the progress of the operation by the following cmdlet:

Get-MailboxRestoreRequest | Get-MailboxRestoreRequestStatistics

{ 0 comments }

1. Open the application SCANPST in your computer (If you have outlook pre-installed the application will be the there at your outlook installation folder)

2. Open SCANPST and Browse the required PST or STM file

3. Click ‘Start’ to start repairing the corrupted file

{ 0 comments }

Microsoft has updated its Microsoft Exchange Server 2010, posting a service pack with a number of new features and bug fixes, the company announced Monday.

The new features in Microsoft Exchange Service Pack 2 were developed based on customer feedback, according to the company. They reflect the expanding use of enterprise e-mail, scheduling and associated functions across a wider range of devices and deployment scenarios.

One feature, called Outlook Web Application (OWA) Mini, offers the ability to browse mailboxes and global address lists from low bandwidth and low-resolution devices. This mini-browser can be used as an alternative to synchronizing all Exchange data with the phone itself, which can be prohibitive in certain cases.

Another new feature allows administrators to segment enterprise global address lists (GAL) into smaller segments, in effect allowing them to create virtual groups. Previous versions of Microsoft Exchange offered this ability, though this is the first time Exchange 2010 offers this capability in a way that does not require manual intervention from administrators.

The update also includes the Hybrid Configuration Wizard, designed for those organizations that wish to deploy some mail accounts on Microsoft Office 365, while keeping some mail accounts on their internal systems. The wizard simplifies the process of archiving data as well as sharing calendar entries and secure mail across both the hosted and internal mail accounts.

{ 0 comments }