Adding full access permissions

Add-MailboxPermission -Identity UserBeingGrantedPermission -User UserWhoseMailboxIsBeingConfigured -AccessRights 'FullAccess' 

Add-MailboxPermission -Identity 'CN=Jerry Orman,OU=Engineering,DC=cpandl,DC=com' -User 'CPANDL\boba' -AccessRights 'FullAccess' 
Removing full access permissions
Remove-MailboxPermission -Identity 'UserBeingGrantedPermission' -User 'UserWhoseMailboxIsBeingConfigured' -AccessRights 'FullAccess' 
-InheritanceType 'All' 

Remove-MailboxPermission -Identity 'CN=Jerry Orman, OU=Engineering,DC=cpandl,DC=com' -User 'CPANDL\boba' -AccessRights 'FullAccess' 
-InheritanceType 'All'


Adding Send As permissions

Add-ADPermission -Identity UserBeingGrantedPermission -User UserWhoseMailboxIsBeingConfigured -ExtendedRights 'Send-As' 

Add-ADPermission -Identity 'CN=Jerry Orman,OU=Engineering,DC=cpandl,DC=com' -User 'CPANDL\boba' -ExtendedRights 'Send-As' 
Removing Send As permissions
Remove-ADPermission -Identity UserBeingRevokedPermission -User UserWhoseMailboxIsBeingConfigured -ExtendedRights 'Send-As' 
-InheritanceType 'All' -ChildObjectTypes $null -InheritedObjectType $null -Properties $null 

Remove-ADPermission -Identity 'CN=Jerry Orman,OU=Engineering, DC=cpandl,DC=com' -User 'CPANDL\boba' -ExtendedRights 'Send-As' 
-InheritanceType 'All' -ChildObjectTypes $null -InheritedObjectTypes $null -Properties $null


From Peter Peedu blog : Link

Since message tracking in Exchange 2007/2010 does not have the same intuitive interface as we have in Exchange 2003, performing message tracking can be tricky.

Most people do not need to use message tracking in their everyday work and therefore it’s hard to really get hands-on practice.

I have collected a few samples that might help you in your Message tracking adventure.

Get-Exchangeserver | where {$_.isHubTransportServer -eq $true -or $_.isMailboxServer -eq $true} | Get-Messagetrackinglog -sender -MessageSubject ”Subject of message” -Start ”8/27/2010 7:00 AM” -End ”8/27/2010 11:00 AM” | Select-Object Timestamp,Clienthostname,eventid,source,sender,@{Name=”Recipients”;Expression={$_.recipients}},Recipientcount,serverhostname,SourceContext | Export-Csv c:\temp\Messageinfo.csv

Then we could use Excel to work with the data we just exported.


How to Search Message Tracking Logs

Managing Message Tracking

Working with Command Output


More information:

Process Tracking Log tool for Exchange Server 2007

Tagged with:

Upcoming conference

On 2012-04-12, in Exchange 2007, Exchange 2010, Mailserver, by Mattias Jönsson


Microsoft Exchange Conference 2012 (MEC). The lost conference is back, taking place September 24-26 in Orlando, Florida.

At MEC 2012, you will:

  • Get exclusive Exchange 15 content directly from the engineering team
  • Get hands-on experience with Exchange 15
  • Enjoy unparalleled access to Exchange team members, Masters and MVPs
  • Preview amazing new products from select vendors
  • Build personal relationships throughout the Exchange community



The Experts Conference

TEC 2010 April 29 – May 2, 2012 at Marriott Marquis and Marina, 333 West Harbor Drive, San Diego

TEC 2012 will deliver expert-led, 400-level training on vital Microsoft technologies. In addition to its highly-acclaimed training on Microsoft Directory & Identity technologies,TEC 2012 offers TEC for Exchange, TEC for SharePoint and TEC for Virtualization & Workspace Management.And this year, we are pleased to bring back the popular PowerShell Deep Dive training conference.

  • TEC for Directory & Identity
  • TEC for Exchange
  • TEC for SharePoint
  • TEC for Virtualization
  • PowerShell Deep Dive


and for Europe last year

Tagged with:

If you ever wondered how long it takes for your browser to close after opening OWA ( outlook web App) if there is no activity?  here are the measurements.

  • Public 15 minutes
  • Private 8 hours


For whatever reason you may have if you decide to change these default values here is the link how to get the work done. The simplest way to achieve desired goal is using PS. Let’s say we will increase the Public cookie time out settings from 15 minutes to 25 minutes.


set-ItemProperty ’HKLM:\SYSTEM\CurrentControlSet\Services\MSExchange OWA’ -name PrivateTimeout –value 25 -type dword


copy and paste above PS code into  EMS ( management Shell) , adjust the time as you wish , in this case we are going to set it to “25” minutes….

Cookies to control access

The first time that the user name and password are sent to the Client Access server to authenticate an Outlook Web App session, an encrypted cookie is created that’s used to track user activity. When the user closes the Internet browser or clicks Sign Out to sign out of their Outlook Web App session, the cookie is cleared. The user name and password are sent to the Client Access server only for the initial user sign-in. After the initial sign-in is complete, only the cookie is used for authentication between the client computer and the Client Access server.



Tagged with:

This topic is intended to address a specific issue called out by the Exchange Server Analyzer Tool.

Site folder server deleted
The site-wide public folder database for administrative group ’Exchange Administrative Group (FYDIBOHF23SPDLT)’ has been deleted. Current public folder store: ’CN=Public Folder\0ADEL:7b0fc218-05b2-4eae-9660-bbdd01f7e395,CN=Deleted Objects,CN=Configuration,DC=uw,DC=lu,DC=se’.


The siteFolderServer attribute represents the Distinguished Name (DN) of the Public Folder store that is responsible for hosting the site folders (normally the first server in the site or administrative group).

By default, the Site Folder Server is the first server that is installed in the administrative group. The public folder store on this server is the default location of the free/busy folders and offline address book folders for the administrative group. If you remove or decommission this server without replicating these folders to another server and designating that server as the offline address book server, Microsoft Office Outlook® 2003 users will see problems with the offline address book and with free/busy data.

Aa996485.Caution(en-us,EXCHG.80).gif Caution:
If you incorrectly modify the attributes of Active Directory objects when you use Active Directory Service Interfaces (ADSI) Edit, the LDP (ldp.exe) tool, or another Lightweight Directory Access Protocol (LDAP) version 3 client, you may cause serious problems. These problems may require that you reinstall Microsoft Windows Server™ 2003, Exchange Server 2003, or both. Modify Active Directory object attributes at your own risk.

To correct this error

  1. Open an Active Directory editor, such as ADSI Edit.
  2. Locate the public folder information store that you want to designate as the Site Folder Server. For Exchange Server 2000 through Exchange Server 2007, expand the following nodes in the Configuration container:
    CN=Configuration,DC=<DomainName>,DC=com, CN=Services, CN=Microsoft Exchange, CN=<OrganizationName>, CN=Administrative Groups, CN=<AdministrativeGroupName> CN=Servers, CN=<ServerName>, CN=InformationStore, CN=<StorageGroupName>
    For Exchange Server 2010, expand the following nodes in the Configuration container:
    CN=Configuration,DC=<DomainName>,DC=com, CN=Services, CN=Microsoft Exchange, CN=<OrganizationName>, CN=Administrative Groups, CN=Exchange Administrative Group (FYDIBOHF23SPDLT), CN=Databases
  3. In the right pane, right-click CN=<PublicFolderStoreName>, and then click Properties.
  4. In the Attributes field, scroll down and select the distinguishedName attribute.
  5. Click Edit, and then copy the entire attribute to the Clipboard.
  6. Expand the Configuration container, and then expand CN=Configuration,CN=<DomainName>,CN=com, CN=Services, CN=Microsoft Exchange, CN=<OrganizationName>, CN=Administrative Groups
  7. Right-click the administrative group you want to modify, and then click Properties.
  8. In the Attributes field, scroll down and select the siteFolderServer attribute.
  9. Click Edit, and then paste the value for the distinguishedName attribute into the Value field.
  10. Double-check the contents of the Value field to ensure the paste was performed correctly, and then click OK to save the change.
  11. Click OK to close the Administrative Group properties.
  12. Exit the Active Directory editor and restart the Microsoft Exchange Server Information Store service on all Exchange Server computers in the site for the change to take effect.

For more information about re-creating system folders and resetting the Site
Folder Server, see the following Microsoft Knowledge Base articles:

Tagged with:

Clarify: You want to show mail address instead of display name in the “To”, “From” and “CC” fields

Explanation: When messages arrive to exchange, server will resolve the mail address to those users who exist in the directory, there isn’t a way to change the behavior which is expected by design

Workaround (For Exchange 2003):

Notes: Not recommend [See KB 828770], it also causes all messages through modified SMTP Virtual Server to show mail address instead of display name

  1. Start Registry Editor [Set on server which your mailbox stays]
  2. Locate or create the following key in the registry
    Notes: You might need to create the ”Parameters” key and the <2> key as well, <2> is the SMTP virtual server number
  3. Add the following registry value: Name: ResolveP2 Type: REG_DWORD Value: 0
  4. Also enable ”allow anonymous senders” on the SMTP Virtual Server
    a.  ESM->AG->Server->ServerName->Protocols->SMTP->SMTPVirtualServerName’s Properties
    b. “Access” tab->”Authentication” button->check “allow anonymous senders”

Notes: For Exchange Server 2007, name resolution is forced for MAPI clients, no way to disable

Here’s a 3rd-party tool which can achieve the function you want: WhichAddress

After migrating your Exchange server (I’ve seen this in transition to exchange 2007 and 2010) the PublicFolderDatabase for your OfflineAddressBook is still pointing to the old servers public folder store.

When you run the get-OfflineAddressBook | fl command in a exchange management shell on your new server, you get a result like this:

At Server you see the new servername and the PublicFolderDatabase is still pointing to your old server. Public folder replica’s and offline address book generation server are already moved to the new server.

Solution: I found if you do the following steps you can change the PublicFolderDatabase.
First start adsiedit and browse to CN=Configuration, CN=Services, CN=Microsoft Exchange, CN=First Organization, CN=Address Lists Container, CN=Offline Address Lists and open the properties of CN=Default Offline Address List

Look for the siteFolderServer attribute, here you will see the old public folder store. Choose clear and close with ok, now you may close adsiedit.

Now go to the exchange management console, Organization Configuration, Mailbox, Offline Address Book open the properties of the Default Offline Address List and go to the tab distribution.

Uncheck “Outlook version 2 and 3″ at client support and uncheck “Enable public folder distribution”. Make sure “Web-based distribution” is enabled. Choose apply and ok, then right click on Default Offline Address List and choose update. After that go back to properties and distribution and check “Outlook client support version 2 and 3″ and “Enable public folder distibution”. Again choose apply and ok and right click and choose update.

When you go back to the exchange management shell and repeat get-OfflineAddressBook | fl you now will see the public folder store on your new server.


Tagged with:

In a migration environment with exchange 2007 and exchange 2010 we have client (outlook 2007) that hangs 10 seconds when sending a meeting that books a resource mailbox residing on Exchange 2010 mailbox server.

Microsoft say:
In a support case to microsoft they acknowledge this problem as a feature in exchange 2010 when booking resourcemailboxes. They state that this is a fix (code release) for office 365 (clod exchange) where microsoft is not using public folders. This fix is for Outlook 2003 clients when connection to the clod. Outlook 2003 use public folder for accessing free/busy information and when microsoft closed this door in office 365 they had to get a workaround for outlook 2003 users. This fix is intercepting outlook 2003 calls to public folder on a mailbox server and redirecting them to webservices (EWS) on a CAS on behalf off mailuser.

Outlook 2010 is not affected like outlook 2007.

This is not a correct picture yet. A better one is coming soon.
1. Client try to get free/busy information from it’s mailboxserver holding public folder
2. Mailbox server trying to access for free/busy information behalf off mailuser insted of accessing public folder.
4. CAS answering mailboxservers request for information.

So this is a fix for exchange in clod only!? – Yes and No…
It is a fix release for both clod and on premise. So it is affection or local environment to and that is bad!

We noticed the following event id’s being generated on the Mailbox server
Time:     2011-04-01 10:39:52
ID:       4002
Level:    Error
Source: MSExchange Availability
Message:  Process 2796: ProxyWebRequest CrossSite from S-1-1-0 to failed. Caller SIDs: NetworkCredentials. The exception returned is Microsoft.Exchange.InfoWorker.Common.Availability.ProxyWebRequestProcessingException: System.Net.WebException: Unable to connect to the remote server —> System.Net.Sockets.SocketException:
No connection could be made because the target machine actively refused it

Why do we have a problem?
Our Exchange 2010 mailbox servers could not connect to
Well, we can not access Internal URL for EWS from our mailboxservers.
Is this correct? No!
But our network design is not letting us do this right now.
When we worked around this problem we no longer have a problem with outlook 2007. So thats good!
But this proxy fix for outlook 2003 in the clod is still affecting outlook 2007 even thou we no longer see a problem.

Patch from Microsoft
Microsoft is releasing a option in Exchange 2010 SP1 RU4. You will have a way to disable the Availability intercept by using the following registry value.

DWORD: DisableAvailabilityServiceCalls
Value: 1 ( Disable)

Customizing the quota e-mails

On 2010-12-11, in Exchange 2007, Exchange 2010, by Mattias Jönsson

Some of you might get comments from users about the Exchange quota e-mails. Not just that the mailbox quota limit is ridiculously low in comparison to Google or any other free e-mail provider, but also about the message being unclear. To solve that Microsoft enabled us admins to set custom text for the quota e-mails. It’s not possible to change the sender, quota bar (Exchange 2010) or subject.

To change the message you’ll have to create them with the New-SystemMessage cmdlet. The default texts are not accessible with the Get-SystemMessage, but if you want to reset the message back to the default you can use the Set-SystemMessage cmdlet with the -Original switch set to $True. You can use HTML in the text, however I’m not sure if there are any limits as to what HTML tags are allowed.

New-SystemMessage -QuotaMessageType ProhibitSendMailbox -Language EN -Text "Your mailbox can no longer send messages. Please reduce your mailbox size. Use AutoArchive to archive old messages from your mailbox and empty your Deleted Items folder. Contact Office IT if you need help with this."


The QuotaMessageTypes available are:

  • WarningMailboxUnlimitedSize
  • WarningPublicFolderUnlimitedSize
  • WarningMailbox
  • WarningPublicFolder
  • ProhibitSendMailbox
  • ProhibitPostPublicFolder
  • ProhibitSendReceiveMailBox

Also make sure that you’re using the correct Language (EN for english) switch.

Changing a system message can be done by using the Set-SystemMessage. You’ll have to use the identity switch to select the system message to change. For the quota messages this is done by putting the language first followed by a backslash and the quota message type (EN\ProhibitSendMailbox).

If you want to get rid of the custom system message you can use the Remove-SystemMessage cmdlet.

Here are some links to help you along with any other questions:

Tagged with:
Mailbox Server Role: 

1.Mailbox\Public Folder Database Status – Get-MailboxDatabase –Server “Name of the Server” –Status | ft Name, Mounted
2.Service Health – Test-ServiceHealth –Server “Name of the Server”
3.Storage group copy status – Get-StorageGroupCopyStatus –Server “Name of the Server”
4.Backup Status – Get-MailboxDatabase –Server “Name of the Server” –Status | ft Name, lastfullbackup, lastincrementalbackup
5.MAPI Connectivity – Test-MapiConnectivity
6.Replication status – Test-ReplicationStatus
7.Cluster Mailbox Status – Get-ClusterMailboxServer 

Client Access Server:
1.Service Health – Test-ServiceHealth –Server “Name of the Server”
2.OWA Connectivity – Test-OWACConnectivity
3.Active Sync Connectivity – Test-ActiveSyncConnectivity
4.POP3\IMAP4 Connectivity –Test-POP\IMAPConnectivity

Hub Transport Server:
1.Service Health – Test-ServiceHealth –Server “Name of the Server”
2.Queue Status – Get-Queue –Server “Name of the Server”
3.Mail Flow –Test-Mailflow

Unified Messaging Server:
1.Service Health – Test-ServiceHealth –Server “Name of the Server”
2.UM Connectivity Test – Test-UMConnectivity -ListenPort 5060/2061
3.Active Call Status – Get-UMActiveCalls

Edge Transport Server:
1.Service Health – Test-ServiceHealth –Server “Name of the Server”
2.Queue Status – Get-Queue –Server “Name of the Server”
3.Mail Flow – Test-Mailflow
4.Edge Synchronization –Test-EdgeSynchronization

Additional Note: Event Log info on corresponding server can be found out by: –Get-EventLog Application\System |Where { $_.Type –eq “erro” }

Tagged with: