Archive for the ‘Powershell’ Category

Hi Folks,

today’s challenge was to bulk set calendar rights in a multilingual environment (with powershell).
On the net you can find some articles that address similar problems, but no real solution.

Download the follwing scripts as txt here.

Here my quick an dirty script:

# Set default as LimitedDetails for all calendars.
# Will get the language forch each users calendar Folder
# foreach($mbx in Get-Mailbox -identity USER | where-object {$_.displayname -like "*test user*"})

foreach($mbx in Get-Mailbox -ResultSize Unlimited | where-object {$_.displayname -notmatch "discovery"})

$Calfolder = $Mbx.Name
$Calfolder += ':\'
$CalFolder += [string](Get-mailboxfolderstatistics $Mbx -folderscope calendar).Name
$mbx = $CalFolder
$test = Get-MailboxFolderPermission -Identity $mbx -erroraction silentlycontinue
if($test -ne $null)
Set-MailboxFolderPermission -Identity $mbx -User Default -AccessRights LimitedDetails | out-null

If you want to create all new mailboxes with special permissions you nee to configure the Cmdlet Extension Agent
To enable the agent this you have to the following steps:

  • Create an XML file named ScriptingAgentConfig.xml  and save it in your Exchange’s Default Directory on EVERY Exchange Server in your organization
    e.g. C:\Program Files\Microsoft\Exchange Server\V15\Bin\CmdletExtensionAgents

    <?xml version=”1.0″ encoding=”utf-8″ ?>
    <Configuration version=”1.0″>

    <Feature Name=”MailboxProvisioning” Cmdlets=”New-Mailbox”>
    <ApiCall Name=”OnComplete”>
    start-sleep -s 10
    $mbx =  (Get-User $provisioningHandler.UserSpecifiedParameters[“Name”]).distinguishedName
    Set-MailboxFolderPermission -Identity $mbx”:\Calendar” -User “Default” -AccessRights LimitedDetails

    <Feature Name=”MailboxProvisioning” Cmdlets=”Enable-Mailbox”>
    <ApiCall Name=”OnComplete”>
    start-sleep -s 5
    $user = Get-User -Identity $provisioningHandler.UserSpecifiedParameters[“Identity”]
    $mbx = Get-Mailbox -Identity $user.DistinguishedName
    Set-MailboxFolderPermission -Identity $mbx”:\Calendar” -User “Default” -AccessRights LimitedDetails



  • Use the Exchange Management Shell and run the following command on EVERY Exchange server in your organization:
    Enable-CmdletExtensionAgent “Scripting Agent”
  • Create new user




UPDATE: Version 2.1 is available. For details, click here.

The Exchange tracking logs provide a wealth of information about mail flow through your organization. Unfortunately, the tools that ship with Exchange aren’t very good at leveraging this information in a useful way. You can use the message tracking tool that ships with EMC to search for specific logs but beyond viewing the raw log data, there isn’t much information available. Fortunately, Microsoft has provided us with powershell and powershell can be used in all sorts of interesting ways to gather, aggregate and present data in useful summaries and reports.

One of the great things about powershell and the IT community is that there are plenty of people who have built powershell scripts to solve problems, automate or streamline tasks, and gather and present data. Most people are more than happy to share their scripts with anyone who would like…

View original post 1,095 more words

I am often approached by clients on Exchange’s singel item recovery feature. Without tools you can only configure the single item recovery feature PowerShell. This article will provide an overview of the necessary steps.

Activation in Exchange 2010
Activate single-item-recovery for all users

get-mailbox -RecipientType ‘UserMailbox’ | Set-Mailbox -SingleItemRecoveryEnabled $true

Set the deleted-item retention for all databases to 30 days

Get-MailboxDatabase | Set-MailboxDatabase -DeletedItemRetention 30

Fetch deleted-item retention, database and server

Get-MailboxDatabase | ft name, server, deleteditemretention

Get an overview about mailbox, logon, size, deleted items filtered by city Hamburg

get-recipient  -RecipientType ‘UserMailbox’ -Filter ‘((City -like ”Hamburg”))’ | Get-MailboxStatistics | ft DisplayName,LastLogonTime,LastLogoffTime,TotalItemSize,DeletedItemCount

Recover deleted items from user mailboxes

Mailbox export request

New-MailboxExportRequest -Mailbox “Discovery Search Mailbox” -SourceRootFolder “Folder of deleted Mail” -ContentFilter {Subject -eq “Subject of deleted Mail”} -FilePath \\FileServerName\C$\ExchangeRecovery\RecoveredMails.pst

If you got an error message that the command Search-Mailbox does not exist, simply close and reopen the Exchange Management shell

Import the messages to the user’s mailbox, use the following command:

New-MailboxImportRequest -Mailbox “Username” -TargetRootFolder “Recovered by Admin” -FilePath \\FileServerName\C$\ExchangeRecovery\RecoveredMails.pst

In the Exchange Management Shell, enter the following command:

Search-Mailbox “Discovery Search Mailbox” -SearchQuery “from:’Username’ AND Subject of deleted Mail” -TargetMailbox “Username” -TargetFolder “Recovered by Admin” -LogLevel Full -DeleteContent

Switch back to the client workstation and check if the message has disappeared from the Discovery Search Mailbox.

Open Outlook and review the new folders from the recovery processes.



Hi folks,
for several times I wanted to dismount and re-mount one or more mailbox databases from an Exchange 2010 server. It’s a hard way to do this with the EMC so i  figured out the PowerShell commands to do this quick and easy.
Dismount one database:
Dismount-Database -Identity DBNAME -Confirm:$False
Dismount all databases of a server
Get-MailboxDatabase -Server SERVERNAME | Dismount-Database -Confirm:$False
Mount a single database
Dismount-Database -Identity DBNAME -Confirm:$False
Mount all databases of a server
Get-MailboxDatabase -Server SERVERNAME | Mount-Database -Confirm:$False



You can remove the internal address and hostname using the “header firewall” which removes certain rights for the builtin user “Anonymous Logon”. So we remove the ExtendedRight for “ms-Exch-Send-Headers-Routing” for external SMTP-Connector.

First check the access rights of your external connector:

Get-SendConnector “EXTERNAL-CONNECTOR-NAME” | Get-ADPermission | Where-Object { $_.extendedrights –like “*routing*” | fl user, *rights

Be aware to use the right spelling for your Exchange servers’ language:

English OS:

Remove-ADPermission –id “EXTERNAL-CONNECTOR-NAME” -AccessRight ExtendedRight -ExtendedRights “ms-Exch-Send-Headers-Routing” -user “NT AUTHORITY\Anonymous Logon”

German OS:

Remove-ADPermission –id “EXTERNAL-CONNECTOR-NAME” -AccessRight ExtendedRight -ExtendedRights “ms-Exch-Send-Headers-Routing” -user “NT-AUTORITÄT\Anonymous-Anmeldung”

Change FQDN:

Set-SendConnector -id “EXTERNAL-CONNECOR-NAME”



If not configured Exchange sets the standard notification schedule to monday, 4 a.m. once a week. To bulk change this, you have to edit all databases properties with the EMC or simply run the following PowerShell command with equals the GUI setting “Daily 2 a.m.” :

Get-MailboxDatabase | Set-MailboxDatabase -QuotaNotificationSchedule ‘So.02:00-So.02:15, Mo.02:00-Mo.02:15, Di.02:00-Di.02:15, Mi.02:00-Mi.02:15, Do.02:00-Do.02:15, Fr.02:00-Fr.02:15, Sa.02:00-Sa.02:15’

To check this settings for all DBs run the following command:

Get-MailboxDatabase | fl Name, QuotaNotificationSchedule



Here’s the PowerShell command to remove the last arbitration mailbox to prepare uninstall of Exchange 2010.

Get-Mailbox -Arbitration | Remove-Mailbox -RemoveLastArbitrationMailboxAllowed



Often you need to create some users for test purposes. Here you have a PowerShell script, which will do this procedure for you.

# Get domain and distinguished name
$Domain = (Get-ADDomain).distinguishedname

# Where to place the created users
$TargetOU = “Test”

# distinguished name for OrgUnit
$OUDN = “OU=$TargetOU,$Domain”

# How many users should be created
$NumberUsers= 50

# fill up description field with text and date
$Datetime = get-date -format G
$DField = “TEST ENVIRONMENT USER $datetime”

# OrgUnit check
$OU = Get-ADOrganizationalUnit -Filter { name -eq $TargetOU }
if($OU -eq $null)
{New-ADOrganizationalUnit -Name $TargetOU -Path $Domain}
{write-host “OU” $OU ” already there”}

# User creation

$u = 1
While ($u -le $usercount)
$UserName = “User” + $u
$UserDisplayName = “Testuser ” + $u
New-ADUser –Name $UserName –SamAccountName $UserName –DisplayName $UserDisplayName `
-Path $OUDN –Enabled $true –ChangePasswordAtLogon $true -description $DField `
-AccountPassword (ConvertTo-SecureString “YOUR_PASSWORD” -AsPlainText -force) -PassThru
$u = $u + 1



By default the Exchange 2010 DAG replication port is set to 64327 TCP.

You can change the port with the following command:

Set-DatabaseAvailabilityGroup -Identity YOURDAG -ReplicationPort YOURPORT

Choose a valid value from 1 to 65535 and keep the firewall setup in mind.



Here comes the command to get an overview over recoverable items in a mailbox:

Get-MailboxFolderStatistics -Identity -FolderScope RecoverableItems | Format-Table Name,FolderPath,ItemsInFolder,FolderAndSubfolderSize