Powershell

All posts tagged Powershell

20130821-172919.jpg

A few weeks ago the Exchange 2013 version of the Powershell Cookbook was published by Packt Publishing. This version also introduced a additional writer for the book: Jonas Andersson. A frequent Exchange blogger with quality articles so before I started reading I was convinced the book should be from high quality also. The second writer is the one who was also responsible for the first part Mike Pfeiffer. Those who missed the first part and are working with Exchange 2010, please read the book it contains very usefull info.

Enough about the writers and the first part . Let’s start reviewing the secondary part which is mostly decicated to Exchange 2013. The book starts from the beginning so if you are not familiar with Powershell the book will introduce how Powershell will work and you can benefit from it. And trust me I also found some nice tips for future use my scripts although I use Powershell almost every deployment.

Once the writers discus some basics which you really want to know they describe the abilities Powershell will give your per part of Exchange. For example they discuss which Powdershell cmdlets you can use for managing the Exchange Transport part. Per Exchange part a very clear description is given including some really nice examples.

As last and bonus part the writers describe how you can use EWS via Powershell which extends Powershell again. For those who are familiar with basic Powershell this is a must read chapter.

So what’s my conclusion about the book: a really nice book both for Exchange Powershell starters but also for people that are more experienced with Powershell for Exchange.

You can buy the book via the site below:

Packt Publishing

Starting from Exchange 2010 it is possible to import pst files using the New-MailboxImportRequest cmdlet. By default this cmdlet can’t be executed. This is caused by the fact that the New-MailboxImportRequest cmdlet is not a part of the default RBAC groups.

RBAC
To create a new group you can use the Exchange Management Shell. This to prevent that specific permissions are assigned per user:

New-RoleGroup “Mailbox import and export Rights”

Using the cmdlet above we will create a new RBAC group called Mailbox import and export rights. The next step is to add the cmdlet to the RBAC group:

new-ManagementRoleAssignment -Role “Mailbox Import Export” -SecurityGroup “Mailbox import and export Rights”

Using the above cmdlet we will add the role Mailbox Import Export to the earlier created RBAC group.

Add-RoleGroupMember “Mailbox import and export Rights” -Member Administrator

As last cmdlet we will add the user administrator to the RBAC group Mailbox import and export Rights. When the cmdlet has been executed you will need to restart the Exchange Management Shell.

NewMailboxImportRequest
Before you can import a PST there is one other important prerequisit. The group Exchange Trusted subsystem needs to have permissions to access the share which contains the PST files. When this is not possible you will get the following error Couldn’t connect to target mailbox.

When the last step has been performed we can submit a new import request:

New-MailboxImportRequest -Mailbox Johan -FilePath \\File01\PST\johan.pst

In the example above we will import the PST file called johan.pst from the PST share on the server called File01. The content of the PST will be imported in the mailbox called Johan.

To monitor the process we can use the following cmdlets:

  • Get-MailboxImportRequest
  • Get-MailboxImportRequestStatistics

Get-MailboxImportRequest
This cmdlet will give a default overview of the Mailbox Import Requests which are submitted to Exchange.

For example:

Get-MailboxImportRequest -Identity “Johan\MailboxImport”

In this case the identity exists of two parts: the name of the mailbox combined with the name of the import request. Using the cmdlet above we will retrieve the status of the import request which has as jobname MailboxImport. The data will be imported in the mailbox called johan.

Get-MailboxImportRequestStatistics
Gives a detailed overview of the Mailbox Import Request. This cmdlet can be used in combination with the Get-MailboxImportRequest cmdlet:

Get-MailboxImportRequest | Get-MailboxImportRequestStatistics

When executing the above example you will get a overview of the currently submitted Mailbox Import Requests with additional information. But when needing very detailed information,  for example the item count, percentage etc. then you will need to add|FL to the example above:

Get-MailboxImportRequest | Get-MailboxImportRequestStatistics | FL

Couldn’t connect to target mailbox
As mentioned earlier the error message Couldn’t connect to target mailbox can occur. To troubleshoot this problem you will need to add the -v parameter to the New-MailboxImportRequest cmdlet. In the screenshot below an example can be seen:

In this example both the share permissions and firewall settings where not causing the issue. When searching on the internet you will find several people who are having this issue.

The cause of this issue is: the CAS Array. To solve this problem temporarily you could choose to change the RpcClientAccessServer value temporarily. An other option which might be a easier to use is to create a temporary database and move the mailbox to it. Don’t forget to modify the RpcClientAccessServer value in this case also.

To change the RpcClientAccessServer value we will need to use the following cmdlet:

set-MailboxDatabase MBDBTEMP -RpcClientAccessServer cas01.corp.local

In the example above we will change the RpcClientAccessServer temporarily to one of the CAS Servers.

Don’t forget to restore the old configuration once completed:

set-MailboxDatabase MBDBTEMP -RpcClientAccessServer casarray.corp.local

Remove-MailboxImportRequest
Just like a move request an import request won’t be removed automatically.  An import request needs to be cleaned up manually. This can be done by using the cmdlet Remove-MailboxImportRequest:

remove-MailboxImportRequest -identity johan\MailboxImport

Using the exampel above we will remove the earlier create import request. When you would like to cleanup multiple import requests use the following cmdlet:

get-MailboxImportRequest | where {$_.status -eq “completed”} | remove-MailboxImportRequest

Using the example above we will first retrieve all mailbox import requests that are having the status completed. Once found we will remove all those requests.

Hidden features of Exchange 2010 – part II

 

In the First blog we had a look at the Set-OrganizationConfig cmdlet and specifically at the parameters for distribution groups. In this second blog we will have a look at the parameters for Mailtips and Exchange Recipient.

Mailtips

Using Mailtips it is possible to inform users before they will send a message. A few examples are:

  • the recipiënt has enabled Out-Of-Office;
  • the message send to the person has a large attachment;
  • the mailbox of the recipiënt is full;
  • the recipiënt is external;
  • the distributionlist contains external users;

To use Mailtips you will need to have Outlook 2010 or Outlook Web App (OWA) as client.

To configure the Mailtip functionality on organization level there are 5 parameters available:

  • MailTipAllTipsEnabled
  • MailTipsExternalRecipientsEnabled
  • MailTipsMailboxSourcedTipsEnabled
  • MailTipsGroupMetricsEnabled
  • MailTipsLargeAudienceTreshold

The Mailtip functionality is enabled by default. If you would like to disable this option the parameter MailTipsAllTipsEnabled will need to be set to false:

Set-OrganizationConfig –MailTipsAllTipsEnabled $false

Mailtips won’t be enabled when a message is send to external contacts. In case this is a requirement of the company you will need to configure the MailTipsExternalRecipientsTipsEnabled parameter and change the value to true:

Set-OrganizationConfig –MailTipsExternalRecipientsTipsEnabled $true

The last two parameters MailTipsGroupMetricsEnabled and MailTipsLargeAudienceTreshold need to be used in combination.

On the server which generates the address book a process runs every night to count the amount of members in a Group. The results will be stored in a folder called GroupMetrics. In this folder three files will be created:

  • GroupMetrics-dateTtime.bin, contains the members of all distribution groups in the organization;
  • GroupMetricsservername.xml, contains the configuration information of the mailbox server which is responsible for generating the data;
  • ChangedGroups.txt, contains a list of groups which have changed since the last update;

The content of the folder will be distributed to the Client Access Servers through the File Distribution Service of Exchange. Besides this the data will be distributed every 8 hours to all Mailbox servers which are enabled for generating Group Metric data.

When the MailTipsGroupMetricsEnabled parameter has been configured with the value true, which is the default value, all Mailtips will use the Group Metric data. Depending on the value of the MailTipsLargeAudienceTreshold a Mailtip will be displayed. The default value of this parameter is 25. When a distributiongroup contains more than 25 members a Mailtip will be displayed.

Set-OrganizationConfig –MailTipsLargeAudienceTreshold 50

By using the above parameter we will configure that a Mailtip will only be displayed when mail is sent to a distribution Group which contains more than 50 members.

Microsoft Exchange Recipient

The second parameter we will have a look are the MicrosoftExchangeRecipient parameters. Exchange 2010 contains four parameters:

  • MicrosoftExchangeRecipientEmailAddresses
  • MicrosoftExchangeRecipientPrimarySmtpAddress
  • MicrosoftExchangeRecipientEmailAddressPolicyEnabled
  • MicrosoftExchangeRecipientReplyRecipient

As the name already tells you all these parameters are related to recipients from Exchange.

When having a look at the value of the MicrosoftExchangeRecipientEmailAddresses parameter you will see it´s equal to the e-mail addresses which are applied by the Default E-mail Address Policy. All addresses are split by a “;” if an address is added here the Default E-mail Address Policy will be updated.

But it’s not recommended by doing it this way. When having a look at the addresses you will see every address starts with MicrosoftExchange329e7.

Using the second parameter MicrosoftExchangeRecipientPrimarySmtpAddress we can configure which address needs to be set as the SMTP address. This value can only be used when the parameter MicrosoftExchangeRecipientEmailAddressPolicyEnabled is disabled. Otherwise the value will be ignored. If the value of this parameter will be changed to an address which does not exist in the Default Recipient Policy it will be automatically added.

One important thing to keep in mind is that if the Default E-mail Address Policy is disabled the  MicrosoftExchangeRecipientPrimarySmtpAddress parameter must contain a value. Several services among them the Exchange UM service must have a valid e-mail address. If the Default E-mail Address Policy is disabled and MicrosoftExchangeRecipientPrimarySmtpAddress doesn’t have a value the service will not get an e-mail address. The result will be that Exchange will not accept messages from the service.

Using the last parameter MicrosoftExchangeRecipientReplyRecipient you can configure if the Microsoft Exchange recipiënt can receive e-mail. This account is used to send DSN messages to internal users. When you will allow users to reply to this mailbox make sure this mailbox will be monitored. You can configure the parameter as follows:

Set-OrganizationConfig –MicrosoftExchangeRecipientReplyRecipient dsn@domain.com

Using the above cmdlet we have configured that if a user replies to a message of the Microsoft Exchange recipient mailbox this message will be delivered to the following e-mail address dsn@domain.com.

Here ends part two of the serie of hidden features of Exchange 2010. In  the next log we will have a look at the Set-ExchangeAssistanceConfig cmdlet.

 

Hidden features of Exchange 2010 – part I

When you have worked with Exchange 2010 you might know that some things only can be configured by using the Exchange Management Shell (EMS). A few examples are:

  • configuring relaying on a receive connector
  • enable logging for IMAP and POP3
In some cases a hidden option is available in the Exchange Control Panel. In this serie of blogs we will have a look at these cmdlet’s and especially the parameters.
 
We start with the hidden features of distribution groups. These groups can be used to send a message to multiple people. In Exchange 2010 three parameters are available which can be used to define the name and location of the distribution group.
 
The parameters for this must be used i.c.w. the set-organizationconfig Powershell cmdlet:
 
DistributionGroupDefaultOU
As the name already tells you this parameter can be used to configure the default OU which is used to store the distribution groups. By using this parameter you can prevent that distribution groups will be created in multiple OU’s. For example we had an Active Directory called corp.local and we have created an OU Distribution Groups. To ensure that the new distribution groups will be stored in this OU we will need to use the following cmdlet:\
 
Set-OrganizationConfig -DistributionGroupDefaultOU ” corp.local/Distribution Groups” 
 
Once configured all new distribution groups will be stored in this OU.
 
DistributionGroupNameBlockedWordsList
Using this parameter we can configure words which may not be used in names of distribution groups. This parameter may not work for all organizations. Before using this parameter make a correct inventory which words can’t be used. For example when we want to prevent the use of the words toys and computer as the name of a distribution group we will need to use the following cmdlet:
 
Set-OrganizationConfig -DistributionGroupNameBlockedWordsList toys,computer
 
This parameter can also be configured by using the Exchange Control Panel (ECP).
 
DistributionGroupNamingPolicy
Using this parameter we can configure the naming convention which will be applied when creating a distribution group. In this policy the following variables can be used:
  • Department
  • Company
  • Office
  • StateorProvince
  • CountryorRegion
  • CountryCode
  • Title
  • CustomAttribute1 tot CustomAttribute15
Let’s say we want all the names of distribution groups start with DG_ followed by the groupname en countrycode where we will split the last two by using an underscore:
 
Set-OrganizationConfig -DistributionGroupNamingPolicy “DG_<GroupName><CountryCode>”
 
When a new group is created called support it will be automatically renamed to for example: DG_Support>NL@corp.local. Keep in mind that the e-mail address assigned to the distribution group might not be correct, this of coure depends on you e-mail address policy. In this case the e-mail address will be something like DG_support_NL@corp.local.
 
One remark must be made when using the earlier discussed variables. These values will be determined by copying the values from the user which creates the distribution groups.
 
This parameter can also be configured by using the ECP.
 
Combining parameters
Of course it’s also possible to combine the three parameters. In the following example we will configure the parameters as followed:
  • all distribution groups will be created in an OU groups which is located in the OU demo
  • all names of distribution groups need to start with DG_
  • the word everyone may not be used
To configure this we will need to use the following cmdlet:
 
Set-OrganizationConfig -DistributionGroupDefaultOU “corp.local/demo/groups”  -DistributionGroupNamingPolicy “DG_<GroupName>”  -DistributionGroupNameBlockedWordsList everyone
 
When a new user is created using the EMC called demousers  you will get the following result:
 
When a group is created by using the name everyone the following error will be displayed:
 
Here ends the first blog about the hidden features of Exchange 2010. In the next blog we will continue to have a look at the set-organizationconfig cmdlet and will have a look at which parameters may be very usefull for you.

Remove/disable Transport Agents

Microsoft Exchange couldn’t start transport agents. The Microsoft Exchange Transport service will be stopped. This is one of the errors you may get when you’ve got a corrupted transport agent. This can cause that the transport service won’t start anymore as you can see in the example, which causes that the mail traffic will stall.

There are two solutions for this issue

– remove the transport agent
– disable the transport agent

The first method maybe is the best method because you have a corrupted agent on your system which you don’t want. To remove the agent execute the following Powershell command:

Uninstall-TransportAgent “Name of the Agent”

If you would like to do some more research you may decide to temporarily disable the agent, this can be done by using the following Powershell command:

Disable-TransportAgent -Identity “Name of the Agent”

When you solved the issue you can enable the agent by using this command:

Enable-TransportAgent -Identity “Name of the Agent”

If you would like to have more information then have a look at the site below:

Technet: Transport Agent Cmdlets open

Create a new room and set permissions in one step

A really simple Powershellscript, the script below will make it possible to create a room and will add extra permissions to it:

Param(
[string] $room
)
New-Mailbox -database “MBX-srv\Mailbox Database” -Name $room -OrganizationalUnit “Conference Rooms” -DisplayName $room -UserPrincipalName
$room@domain.local -Room
Add-adpermission $room -User domain\administrator -Extendedrights “Receive-As”

Executing the script:: new-room.ps1 “meetingroom1”

The script will place all rooms in the OU named Conference Rooms.

First the name will be read that is specified after the name of the parameter room$. After this the mailbox will be created as  a mailbox of the type room. The last step is setting the extra permissions, this is done by using the command add-adpermission, in this case the receive-as will be added but also send-as is an option.

Below a few links to the Technet pages of the used commands:

Technet add-adpermission open
Technet new-mailbox open

When you would like to change the log path of a normal storage group it’s not very hard, but when you want to change the log path of a storage group which is CCR enabled then you will need to do a few more things.

In this tutorial I will explain how you can move the logs from the CCR enabled storage group.

For the first step we will need to open the Exchange Management Console, we will need to disable to log replication temporarily. This can be done by going to the mailbox server via server configuration. Then select the storage group and right click on it, the menu below will be displayed.

 Suspend Storage Group Copy

In this menu we select the option Suspend Storage Group Copy, a new screen will be displayed which will let you enter the reason why you suspend the copy, you don’t have to fill it in if you don’t like it.

Administrative suspend

The status of the CCR will be changed from healthy to suspended.

Now the CCR copy has been disabled temporarily we need to open the Exchange Management Shell to perform the reconfiguration of the log path. This can only be done via the Exchange Management Shell.

Move storage group logs via Powershell

By executing the command: move-StorageGroupPath -Identity ‘First Storage Group’ -LogFolderPath ‘E:\Mailbox\SG1’ – ConfigurationOnly we specify that we want to change the log path, files must be moved manually because the Powershell command won’t do it for you. Two confirmations will be asked, one for the reconfiguration of the log path and the other tells you that all databases within the storage group will be dismounted. Please be aware that the storage group will not be available to users at that moment.

When the command has been executed successfully you will need to move the log files and fileswith the jrs extension manually to their new location. When this is done you can enable the mount the storage group again via the Exchange Management Console by right clicking on it and choose the option mount.

Mount database

When the storage group and databases are mounted again you can enable CCR. This can be done by right clicking on the storage group and select the option Restore Storage Group Copy. After several seconds the status will change to healthy again. When you have a look at the properties of the storage group you will see that the log path has been changed to the new location.

Log path changed

OWA doesn’t work after installing Rollup

On several forums you will see that installing a rollup can break down OWA. One of the issues you can have is that a blank screen will be presented with in the url reason 0 as a parameter.

When you have this issue run the Powershell script updateowa.ps1. This script can be found in the Bin directory of Exchange.

After running the script OWA will work again.

In a lot of cases Exchange 2007 wil be installed in the current Exchange 2003 environment. During the setup you will have to choose the Exchange 2003 bridgehead server to use for sending mail to the other organization and the internet. After this a routing group connector will be created which will be used to transport mail.

It can happen that after the installation mail will flow only one way or it won’t flow in both directions. When you will have a look at the mail queue you can see that mails are in it.

Below a few reasons which can cause this issue and if you have an issue how to solve it.

recreate the connector

Before we can recreate the connector we will need to remove the old one. This van be done via the Powershell commands below, in this example the Routing Group Connector is called Ex072Ex03 RGC :

Remove-RoutingGroupConnector -Identity “Exchange Administrative Group (FYDIBOHF23SPDLT)\Exchange Routing Group (DWBGZMFD01QNBJR)\Ex072Ex03 RGC”

As the command above will only delete the connector in the Exchange 2007 environment we will need to execute the remove-routinggroupconnector command again to delete it in the Exchange 2003 environment.

Remove-RoutingGroupConnector -Identity “Ex2003 Administrative Group\Ex2003 Routing Group\Ex072Ex03 RGC”

Next we will create the new connector, this can be done via the Powershell command below:

New-RoutingGroupConnector -Name “Interop RGC” -SourceTransportServers “Ex207.company.local” -TargetTransportServers “Ex03.company.local” -Cost 100 -Bidirectional $true -PublicFolderReferralsEnabled $true

With the command above both the routing group connector in Exchange 2007 and 2003 will be created and Public Folders can be synchronized via this connector

check the default virtual SMTP server settings

In some cases the default virtual SMTP server has been modified. This can cause some issues, check the following items:

  • check if no smarthost has been defined, if this is the case then remove it and create a new connector which is used to send to the internet. If it already exists then specify the smarthost there.
  • check if besides anonymous authentication integrated windows authentication is also enabled

Use Powershell script to disable mailboxes

Why do it the hard way instead of the easy way,  imagine you’ve got several mailboxes which you would like to disable and you’ve got them listed in a CSV file. Why shouldn’t you use Powershell to do this.

Save the script below in the Exchange 2007 scripts directory:

dismb.ps1

Param(
[string] $CSVFile
)
Import-CSV $CSVFile | ForEach-Object -Process {disable-Mailbox $_.Name}

Execute it via Powershell by typing the following .\dismbps1 “c:\csvfile.csv”

The script will open the CSV you will give as a parameter when executing the command and will take read the column Name.

A warning will be displayed which asks you to confirm the changes you want. When acknowleding the alarm the mailboxes will be disabled.