msunified.net

Technical blog about Exchange, OCS and Lync by Ståle Hansen

Posts Tagged ‘PowerShell’

Next Entries »

Deleted Mailbox not appearing in Disconnected mailbox in Exchange 2007

Posted by Ståle Hansen on 13/05/2009

Deleted mailboxes will appear in disconnected mailbox list, but it will not reflect immediately. You have to wait for online maintenance to run and complete.

If you accidentally delete mailbox and if you wanted to reconnect it back then you may not be able to find it Disconnected Mailbox. You have to  run Clean-MailboxDatabase to get the deleted mailbox. Also if you want to disconnect the mailbox to re-add it to an other user or the same user do the following:

  • Disable the mailbox in EMC
  • When you disable a mailbox the user object stays in AD and the mailbox is marked for deletion.
  • The disconnected mailbox should appear in the disconnected mailbox view
  • If it is not appearing in the disconnected mailbox view run one of the following commands from powershell

Clean-MailboxDatabase \servername\SGName\Store
Cleaning Database of Individual Store

Get-Mailboxdatabase | Clean-MailboxDatabase
Cleans all the database in the Organization

Get-Mailboxdatabase | Where{ $_.Server –eq “<servername>”}| clean-MailboxDatabase
Cleans all the database in the specific store

Get-Mailboxdaatabase | Where{ $_.Name –eq “<DatabaseName>”}| clean-MailboxDatabase
Cleans all the Database which matches the specific name given in Databasename

  • After the command completes, check the event viewer for the following  event ID’s
    • Event ID 9531 – the clean mailboxdatabase process has begun
    • Event ID 9533 – a user does not exist in the directory or is not enabled for Exchange mail. This mailbox will be removed from mailbox store  in after the retention time has passed
    • Event ID 9535 – the process completes and lists that the mailbox was retained in the store
  • Finally you should see it in the disconnected mailbox view and you can connect it to the same AD user or an other AD user.

This blog was based on smtpport25′s blog, http://smtpport25.wordpress.com/2009/04/22/deleted-mailbox-not-appearing-in-disconnected-mailbox-in-exchange-2007/


If you need to restore the mailbox because it is not retained in the mailbox store, see these great sites for restore guide using Recovery Storage Groups
http://www.petri.co.il/using_rsg_in_exchange_2007.html
http://www.msexchange.org/tutorials/Working-Recovery-Storage-Groups-Exchange-2007.html

Posted in Exchange 2007 | Tagged: , , , , | 1 Comment »

Request certificate using Exchange Management Shell

Posted by Ståle Hansen on 11/05/2009

If you use the self-signed certificate assigned by the Exchange server itself there is a simple process to renew the certificate. You will typically get a note in the event viewer when the certificate is about to expire. Here’s a great blog that explains the process: http://exchangepedia.com/blog/2008/01/exchange-server-2007-renewing-self.html

To request or renew a 3rd-party (or from internal PKI infrastructure) SAN certificate that resides on your Exchange server using EMS I found this approach being useful. In this example I used an internal PKI infrastructure to assign a certificate to my internal Exchange Servers behind a NLB cluster for the ClientAccess role. I found that if the certificate is requested through an internal PKI infrastructure the certificate is issued for a period of one year and has to be manually renewed.

  • Create a request using EMS with this command
  • New-ExchangeCertificate –GenerateRequest –SubjectName “C=net, O=msunified, CN=webmail.msunified.net” –DomainName webmail.msunified.net, webmail.msunified.local, cashub01.msunified.local, cashub02.msunified.local –FriendlyName “CAS SAN Certificate” –KeySize 1024 –Path c:\CAS_SAN_cert.req –PrivateKeyExportable:$true
  • Open the req file, and copy everything except
  • —–BEGIN NEW CERTIFICATE REQUEST—–
  • —–END NEW CERTIFICATE REQUEST—–
  • Navigate to you CA server using the following url: http://CA-server/certsrv
  • click “request a certificate” and then select “advanced certificate request”
  • click  “Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.”
  • past the content in the “saved request” window
  • hit submit
    •  If you have a 2003 CA and it does not support SAN certificates you need to enable it using this command
    • CERTUTIL -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2
    • Restart the certificate service and IIS
  • click “download certificate chain” and save the file
  • On the exchange server import the certificate
  • Import-ExchangeCertificate -Path c:\2009-2.p7b -FriendlyName “webmail.msunifed.net”
  • Copy the thumbprint and enable the certificate for the selected services
  • Enable-ExchangeCertificate -Thumbprint 8192F31A99E9C89A41F572CC7AC88864551AFC91 -Services pop,imap,smtp,iis
  • Export the certificate for other exchange servers having the same role with certificate chain using IIS or open the local computer personal store
  • On the other servers import using IIS
  • On the other servers rund Enable-ExchangeCertificate -Thumbprint 8192F31A99E9C89A41F572CC7AC88864551AFC91 -Services pop,imap,smtp,iis
  • Remove the old certificate with the following command Remove-ExchangeCertificate -Thumbprint 8192F31A99E9C89A41F572CC7AC88864551AFC91

To renew self-signed certificates on the EDGE servers for the SMPT transport service

  • On the EDGE servers open EMS and do the following
  • Get-ExchangeCertificate | New-ExchangeCertificate (if its the only certificate on the server)
  • Remove-ExchangeCertificate -Thumbprint 1025C608027188FFA4DFAE77089D183DABACD077
  • You then have to re-establish the EDGE syncronizations with the new certificate
  • New-EdgeSubscription -FileName c:\newsub.xml
  • Copy the xml file to the internal servers
  • On the EMC for the HUB role in the organizational view, remove old edge subscription and then do a new one, specify the correct xml file
  • To synchronize the first time run from EMS the following commandlet: Start-EdgeSynchronization
  • To test the synch, run the following commandlet: Test-EdgeSynchronization

To be able to deploy SAN certificates from intern CA, you may have to extend the attributes: http://support.microsoft.com/kb/931351

This blog is loosely based on these sites
http://telnetport25.wordpress.com/2008/07/13/windows-2008-exchange-2007-renewing-an-existing-ssl-certificate-on-your-client-access-server/
http://exchangepedia.com/blog/2008/01/exchange-server-2007-renewing-self.html
http://www.exchangeinbox.com/article.aspx?i=114
http://msexchangeteam.com/archive/2007/07/02/445698.aspx

Posted in Exchange 2007 | Tagged: , , , , , | 2 Comments »

Get-MailboxDatabase oneliner

Posted by Ståle Hansen on 06/05/2009

If you run the Get-MailboxDatabase commandlet with no switches it returns all the Exchange 2007 databases in the organization. If you are looking for a list of when each database had a full backup you need to use the -Status switch.

Get-MailboxDatabase -Status | Sort -Property LastFullBackup |ft Identity,LastFullBackup

This will return the Identity and the time for the last full backup of each database in sorted order. This is a useful list when doing maintenance in an Exchange organization.

If you need  a quick powershell script that dumps each Storage Group and its backup-related information visit the Exchangepedia Blog at: http://exchangepedia.com/blog/2008/09/script-get-storage-group-backup-status.html

Posted in Exchange 2007 | Tagged: , , , | Leave a Comment »

Wrong version number on Exchange 2007 mailbox

Posted by Ståle Hansen on 24/04/2009

I had a problem with a migrated user from Exchange 2003 to Exchange 2007 not showing the correct version number. It was not listed as Legacy Mailbox and it resided on a Exchange 2007 store. Running the get-mailbox command I saw that the version number on the mailbox was 0.0 and not 0.1 for Exchange 2007. Because of the mailbox being in this state the user could not connect to OWA. I got the following message:

Inner Exception
Exception type: Microsoft.Exchange.Data.Directory.InvalidADObjectOperationException
Exception message: Property Languages cannot be set on this object because it requires the object to have version 0.1 (8.0.535.0) or later.
Current version of the object is 0.0 (6.5.6500.0).

To resolve this problem you need to correct the properties of the mailbox. Do this by running  the following commandlet  in Exchange Management Shell:

Set-Mailbox -Identity <user> -ApplyMandatoryProperties

View KB 931747 article over at Microsoft Support, http://support.microsoft.com/kb/931747

Posted in Exchange 2007 | Tagged: , , , | Leave a Comment »

Web Services InternalURL powershell configuration

Posted by Ståle Hansen on 21/04/2009

If you are using a loadbalancer in front of the ClientAccess server or want to reconfigure the internal URL to point to http and not https you need to reconfigure a couple of services with the correct url so that autodiscover functions properly. To do so I have created a simple script to ease the process using powershell. The script does the following:

  • The server path is specified in the variable
  • Then we use -identity * if you have more than one instance you need to specifiy wich instance you want to configure
  • The url is generated using the variable and the default location of the services files
  • After reconfiguring the services we do a test of the connectivity to verify the configuration
  • Note that custom user credentials is used so that default credentials is not nessesary
  • OWA internal url has to be set manually

To run the script do the following:

  • Copy this into a txt file and rename it to a ps1 file
  • Navigate to the location where the file is saved
  • Use tab to get the correct run syntax

NOTE: This script has been updated in a post related to Exchange 2010 here: http://msunified.net/2010/01/13/configure-exchange-2010-internalurl-powershell-script/

$urlpath = "http://exchange-server.yourdomain.com"

Set-AutodiscoverVirtualDirectory -Identity * –internalurl “$urlpath/autodiscover/autodiscover.xml”
Set-ClientAccessServer –Identity * –AutodiscoverServiceInternalUri “$urlpath/autodiscover/autodiscover.xml”
Set-webservicesvirtualdirectory –Identity * –internalurl “$urlpath/ews/exchange.asmx”
Set-oabvirtualdirectory –Identity * –internalurl “$urlpath/oab”
Set-ActiveSyncVirtualDirectory -Identity * -InternalUrl "$urlpath/Microsoft-Server-ActiveSync"

Test-WebServicesConnectivity -MailboxCredential (Get-Credential <Netbios domain name>\<username>) -TrustAnySSLCertificate
Test-activesyncConnectivity -MailboxCredential (Get-Credential <Netbios domain name>\<username>) -TrustAnySSLCertificate

Posted in Exchange 2007 | Tagged: , , , | 3 Comments »

Configuring custom email address policies using powershell

Posted by Ståle Hansen on 20/04/2009

If you want to configure email address policies with custom setting you need to do this by using powershell. Here you see an example where the reply e-mail address is set to a custom address. The template used below changes spaces in given names and surenames to “.”. This gives the user with the name of Martin Steven Williams the email address of Martin.Steven.Williams@msunified.net.

By typing smtp with capital letters the system sets this address as the primary smtp address. Additional addresses should have smtp as shown below

Set-EmailAddressPolicy -Identity “Default Policy” -EnabledEmailAddressTemplates SMTP:”%r .%g.%r .%s@msunified.net”, smtp:%m@msunified.net

 

This can be expanded upon by replacing and converting nordic characters to compatible character like this: “%r .%råa%ræa%røo%rÆA%rÅA%rØO%g.%r .%råa%ræa%røo%rÆA%rÅA%rØO%s@msunified.net”

Posted in Exchange 2007 | Tagged: , , | Leave a Comment »

Next Entries »
 
Follow

Get every new post delivered to your Inbox.