Archive for the ‘Powershell’ Category

Hi Folks,

today’s challenge was to bulk set calendar rights in a multilingual environment (with powershell).
On the net you can find some articles that address similar problems, but no real solution.

Download the follwing scripts as txt here.

Here my quick an dirty script:

# Set default as LimitedDetails for all calendars.
# Will get the language forch each users calendar Folder
# TEST WITH ONE ORE MORE USERS
# foreach($mbx in Get-Mailbox -identity USER | where-object {$_.displayname -like "*test user*"})


foreach($mbx in Get-Mailbox -ResultSize Unlimited | where-object {$_.displayname -notmatch "discovery"})

{
$Calfolder = $Mbx.Name
$Calfolder += ':\'
$CalFolder += [string](Get-mailboxfolderstatistics $Mbx -folderscope calendar).Name
$mbx = $CalFolder
$test = Get-MailboxFolderPermission -Identity $mbx -erroraction silentlycontinue
if($test -ne $null)
{
Set-MailboxFolderPermission -Identity $mbx -User Default -AccessRights LimitedDetails | out-null
}
}

If you want to create all new mailboxes with special permissions you nee to configure the Cmdlet Extension Agent
To enable the agent this you have to the following steps:

  • Create an XML file named ScriptingAgentConfig.xml  and save it in your Exchange’s Default Directory on EVERY Exchange Server in your organization
    e.g. C:\Program Files\Microsoft\Exchange Server\V15\Bin\CmdletExtensionAgents

    <?xml version=”1.0″ encoding=”utf-8″ ?>
    <Configuration version=”1.0″>

    <Feature Name=”MailboxProvisioning” Cmdlets=”New-Mailbox”>
    <ApiCall Name=”OnComplete”>
    if($succeeded)
    {
    start-sleep -s 10
    $mbx =  (Get-User $provisioningHandler.UserSpecifiedParameters[“Name”]).distinguishedName
    Set-MailboxFolderPermission -Identity $mbx”:\Calendar” -User “Default” -AccessRights LimitedDetails
    }
    </ApiCall>
    </Feature>

    <Feature Name=”MailboxProvisioning” Cmdlets=”Enable-Mailbox”>
    <ApiCall Name=”OnComplete”>
    if($succeeded)
    {
    start-sleep -s 5
    $user = Get-User -Identity $provisioningHandler.UserSpecifiedParameters[“Identity”]
    $mbx = Get-Mailbox -Identity $user.DistinguishedName
    Set-MailboxFolderPermission -Identity $mbx”:\Calendar” -User “Default” -AccessRights LimitedDetails
    }
    </ApiCall>
    </Feature>

    </Configuration>

 

  • Use the Exchange Management Shell and run the following command on EVERY Exchange server in your organization:
    Enable-CmdletExtensionAgent “Scripting Agent”
  • Create new user

Cheers,

Chris

JAMIE MCKILLOP

UPDATE: Version 2.1 is available. For details, click here.

The Exchange tracking logs provide a wealth of information about mail flow through your organization. Unfortunately, the tools that ship with Exchange aren’t very good at leveraging this information in a useful way. You can use the message tracking tool that ships with EMC to search for specific logs but beyond viewing the raw log data, there isn’t much information available. Fortunately, Microsoft has provided us with powershell and powershell can be used in all sorts of interesting ways to gather, aggregate and present data in useful summaries and reports.

One of the great things about powershell and the IT community is that there are plenty of people who have built powershell scripts to solve problems, automate or streamline tasks, and gather and present data. Most people are more than happy to share their scripts with anyone who would like…

View original post 1,095 more words

I am often approached by clients on Exchange’s singel item recovery feature. Without tools you can only configure the single item recovery feature PowerShell. This article will provide an overview of the necessary steps.

Activation in Exchange 2010
Activate single-item-recovery for all users

get-mailbox -RecipientType ‘UserMailbox’ | Set-Mailbox -SingleItemRecoveryEnabled $true

Set the deleted-item retention for all databases to 30 days

Get-MailboxDatabase | Set-MailboxDatabase -DeletedItemRetention 30

Fetch deleted-item retention, database and server

Get-MailboxDatabase | ft name, server, deleteditemretention

Get an overview about mailbox, logon, size, deleted items filtered by city Hamburg

get-recipient  -RecipientType ‘UserMailbox’ -Filter ‘((City -like ”Hamburg”))’ | Get-MailboxStatistics | ft DisplayName,LastLogonTime,LastLogoffTime,TotalItemSize,DeletedItemCount

Recovery
Recover deleted items from user mailboxes

Mailbox export request

New-MailboxExportRequest -Mailbox “Discovery Search Mailbox” -SourceRootFolder “Folder of deleted Mail” -ContentFilter {Subject -eq “Subject of deleted Mail”} -FilePath \\FileServerName\C$\ExchangeRecovery\RecoveredMails.pst

If you got an error message that the command Search-Mailbox does not exist, simply close and reopen the Exchange Management shell

Import the messages to the user’s mailbox, use the following command:

New-MailboxImportRequest -Mailbox “Username” -TargetRootFolder “Recovered by Admin” -FilePath \\FileServerName\C$\ExchangeRecovery\RecoveredMails.pst

In the Exchange Management Shell, enter the following command:

Search-Mailbox “Discovery Search Mailbox” -SearchQuery “from:’Username’ AND Subject of deleted Mail” -TargetMailbox “Username” -TargetFolder “Recovered by Admin” -LogLevel Full -DeleteContent

Switch back to the client workstation and check if the message has disappeared from the Discovery Search Mailbox.

Open Outlook and review the new folders from the recovery processes.

Cheers,

Chris

Hi folks,
for several times I wanted to dismount and re-mount one or more mailbox databases from an Exchange 2010 server. It’s a hard way to do this with the EMC so i  figured out the PowerShell commands to do this quick and easy.
Dismount one database:
Dismount-Database -Identity DBNAME -Confirm:$False
Dismount all databases of a server
Get-MailboxDatabase -Server SERVERNAME | Dismount-Database -Confirm:$False
Mount a single database
Dismount-Database -Identity DBNAME -Confirm:$False
Mount all databases of a server
Get-MailboxDatabase -Server SERVERNAME | Mount-Database -Confirm:$False

Cheers,

Chris

You can remove the internal address and hostname using the “header firewall” which removes certain rights for the builtin user “Anonymous Logon”. So we remove the ExtendedRight for “ms-Exch-Send-Headers-Routing” for external SMTP-Connector.

First check the access rights of your external connector:

Get-SendConnector “EXTERNAL-CONNECTOR-NAME” | Get-ADPermission | Where-Object { $_.extendedrights –like “*routing*” | fl user, *rights

Be aware to use the right spelling for your Exchange servers’ language:

English OS:

Remove-ADPermission –id “EXTERNAL-CONNECTOR-NAME” -AccessRight ExtendedRight -ExtendedRights “ms-Exch-Send-Headers-Routing” -user “NT AUTHORITY\Anonymous Logon”

German OS:

Remove-ADPermission –id “EXTERNAL-CONNECTOR-NAME” -AccessRight ExtendedRight -ExtendedRights “ms-Exch-Send-Headers-Routing” -user “NT-AUTORITÄT\Anonymous-Anmeldung”

Change FQDN:

Set-SendConnector -id “EXTERNAL-CONNECOR-NAME” -FQDN:mail.company.com

Regards,

Chris

If not configured Exchange sets the standard notification schedule to monday, 4 a.m. once a week. To bulk change this, you have to edit all databases properties with the EMC or simply run the following PowerShell command with equals the GUI setting “Daily 2 a.m.” :

Get-MailboxDatabase | Set-MailboxDatabase -QuotaNotificationSchedule ‘So.02:00-So.02:15, Mo.02:00-Mo.02:15, Di.02:00-Di.02:15, Mi.02:00-Mi.02:15, Do.02:00-Do.02:15, Fr.02:00-Fr.02:15, Sa.02:00-Sa.02:15’

To check this settings for all DBs run the following command:

Get-MailboxDatabase | fl Name, QuotaNotificationSchedule

Regards,

Chris

Here’s the PowerShell command to remove the last arbitration mailbox to prepare uninstall of Exchange 2010.

Get-Mailbox -Arbitration | Remove-Mailbox -RemoveLastArbitrationMailboxAllowed

Cheers,

Chris