This management pack includes scripts and rules to effectively monitor Exchange 2010 and report on performance, availability, and reliability of its server roles.
Exchange Server 2010 Monitoring Management Pack
Reply
Category Archives: Powershell Exchange
Import-Mailbox – Import mailboxes from PST into Exchange 2007 using powershell cmdlets
In Exchange 2003, one of the simplest ways to move mailboxes from one Exchange organisation to another was using exmerge. It was particularly useful for sites using ‘Small Business Server’ where the level of data and requirements were low.
In Exchange 2007, exmerge is not a supported method for Importing from PST files. The functionality has been naturally replaced with the Import-Mailbox cmdlet.
Prerequisites
1) You need to run a 32bit version of the Exchange Management tools (SP1 or higher, it should not be RTM, although the destination server for the import process can be RTM), and therefore require a 32 bit computer where you can install the management tools for the organisation. Make sure you use 2007 SP1 or higher management tools.
2) You need Outlook 2003 SP2 or higher installed on this PC.
3) You need to have full access rights to the mailbox you are importing to. You also need to be either Exchange Org Admin if mailboxes are across multiple servers, or Exchange Server Admin if the mailboxes are all on one server.
** A note on account permissions **
If you have tried with an account that does not have the correct Exchange administrator role, once you have fixed the issue by assigning either Exchange Org Admin or Exchange Server Admin you will need to Logout of the management station and log back in again for this change to take effect.
4) Update the computer with update rollup 9 (if using SP1) once you have installed the Management Tools.
5) You need to have created the mailbox enabled users first, and the user ‘alias’ (which is usually the users login name) needs to match the name of the pst file.
Step 1 – Install the Exchange 2007 SP1 Management Tools
Log in to the PC which has Exchange 2007 Management Tools SP1 installed and Outlook 2003 SP2 or higher installed with an appropriate account. During testing I was using Windows7, and this already has all the prerequisites for the management tools out the box. You may need to install the Management Tools prerequisites if you are using an older operating system.
Run a Custom install, and install just the management tools. We do not want to install any other roles on this workstation.
After the install, make sure that you run ALL the same update rollups as is on the Exchange server(s) in your organisation.
Step 2 – Add Full Access Permissions to the Mailboxes
Double check the account you are using on the management computer is an Exchange Organisation admin or Exchange server admin. Next is to add FullAccess to all the mailboxes. This is done using the Add-MailboxPermission cmdlet. I will not go into detail on this cmdlet. Suffice to say that running the following will give the user account ‘shaun’ FullAccess permission on all mailboxes for a particular mailbox server (omit the)
Get-ExchangeServer <servername> | Get-Mailbox | Add-MailboxPermission -User Shaun -AccessRights FullAccess -inheritancetype all
(after you are done, you may wish to remove these permissions, to do so, use the Remove-MailboxPermissions -User Shaun -AccessRights FullAccess -inheritancetype all -confirm:$false)
Of course, if you wish, you can perform this using the GUI, just go to EMC –> Recipient Configuration –> Mailbox and select the users –> Managed Full Access Permissions… on the Action pane and add the account there.
Step 3 – Using the Import-Mailbox cmdlet
Now is time for the Import-Mailbox command. The Import-Mailbox command has a couple of parameters that we are especially interested in.
-Identity
As the name suggests, this is where you specify the mailbox you would like to use for the destination of the import routine.
-PSTFolderPath
This will point the Import routine to look in the path for the PST files we are interested in. If you have only ONE PST file to import for a specific user, you can reference the exact PST file here and it will import the PST file. However be careful that you do not specify an explicit PST file and pipe multiple Mailboxes to the command, otherwise it will import the same PST file for all users which could have some embarrassing results!
-MaxThreads
This is the number of mailboxes to move at any one time. Now, this will largely depend on the resources that you have available. The typical value is 4, and this is normally more or less acceptable for this operation unless you have thousands of mailboxes, then you may want to increase this. Just remember ultimately you will have hardware bottlenecks.
-ValidateOnly
Using this switch is similar to the whatif switch in other cmdlets (and this one in fact). It will not move any data, only highlight if the process is likely to be successful and notify you if there are any issues you need to take care of.
So once we have the PST file(s) in the PSTFolderPath of our choosing run the command depending on your situation:
Importing a single PST to a single Mailbox:
Import-Mailbox <MAILBOX ALIAS> -PSTFolderPath <PathToFolderContainingPST>
Importing a bunch of PST files to their associated Mailboxes:
Dir c:PSTFiles*.pst | Import-Mailbox
Go through ALL mailboxes, and find associated PST and import:
Get-Mailbox | Import-Mailbox -PSTFolderPath <PathToFolderContainingPST>
So as you can see, this routine is all in the preparation of the environment. The actual commands you run to do the Import are small, sweet and efficient. The great thing about using Powershell for this task is that it is so scalable, if you have a situation where there are many PST’s you need to import, this will quite happily do the work.
References:
http://msexchangeteam.com/archive/2007/04/13/437745.aspx – You Had Me At EHLO… : How to Export and Import mailboxes to PST files in Exchange 2007 SP1
http://technet.microsoft.com/en-us/library/bb629586.aspx – Import-Mailbox cmdlet Technet reference
http://technet.microsoft.com/en-us/library/bb691363.aspx – How to Import Mailbox Data Technet reference
Managing dedicated Rooms
Here are some commands to use to manage Dedicated Room mailboxes.
Dedicated Rooms can also be scheduled by some restricted people.
Getting delegates list :
$GetDelegates=(Get-MailboxCalendarSettings “$Room”).ResourceDelegates
Setting Delegates :
$Mbx=Get-Mailbox “$Room”$Mbx|Set-MailboxCalendarSettings -ResourceDelegate $Delegates$Delegates is an Array value
Remove a delegate :
$Mbx=Get-Mailbox “$Room”$delDelegate <- SAM of the delegate to remove$NewDelegates=($Mbx|Get-ADPermission |Where-Object {-not $_.isinherited} |Where-Object {$_.user -match “^DOMAIN”}|ForEach-Object {If(($_.User.ToString().split(“/”)[1]) –ne $delDelegate){$_.User.ToString().split(“/”)[1]}})$Mbx|Set-MailboxCalendarSettings -ResourceDelegate $NewDelegates
Add a delegate :
$Mbx=Get-Mailbox “$Room”$DelegateToAdd <- SAM of the delegate to add$NewDelegates=($Mbx|Get-ADPermission |Where-Object {-not $_.isinherited} |Where-Object {$_.user -match “^DOMAIN”}|ForEach-Object {If(($_.User.ToString().split(“/”)[1]) –ne $delDelegate){$_.User.ToString().split(“/”)[1]}})$NewDelegates += $DelegateToAdd$Mbx|Set-MailboxCalendarSettings -ResourceDelegate $NewDelegates
Get a manager of a dedicated room :
$Mbx=Get-Mailbox “$Room”$Manager=(get-user $Mbx).Manager
Modify a Manager :
Function Remove_Old_Mgr ([string]$Upn, [string]$Nom, [string]$Responsible ) {$domainResponsible=$RespDomain + ” + $ResponsibleRemove-MailboxPermission -Identity $UPN `-AccessRights FullAccess `-User $Responsible `-DomainController $ControllerRemove-ADPermission -Identity “$($Nom)” `-AccessRights ReadProperty `-User $DOMAINResponsible `-DomainController $ControllerRemove-ADPermission -Identity “$($Nom)” `-AccessRights WriteProperty `-User $DOMAINResponsible `-DomainController $Controller}
Function Set_New_Mgr ([string]$Upn, [string]$Nom, [string]$Responsible) {$DOMAINResponsible=$RespDomain + ” + $ResponsibleAdd-MailboxPermission -Identity $UPN `-AccessRights FullAccess `-User $Responsible `-DomainController $ControllerAdd-ADPermission -Identity “$($Nom)” `-AccessRights ReadProperty `-User $DOMAINResponsible `-DomainController $ControllerAdd-ADPermission -Identity “$($Nom)” `-AccessRights WriteProperty `-User $DOMAINResponsible `-DomainController $Controller}
$Mbx=Get-Mailbox “$Room”remove_old_mgr $Mbx.UserPrincipalName $Mbx.Name $Manager$Mbx | Set-User -Manager $NewManagerset_new_mgr $Mbx.UserPrincipalName $Mbx.Name $NewManager
WMI PowerShell for Exchange 2003
As a quick follow-up for the Exchange 2000/2003 PowerShell post here are a few additional references.
TechNet Script Center has a good article on WMI classes available:
- Managing Exchange 2003 with WMI, Part 1
- Managing Exchange 2003 with WMI, Part 2
- Managing Exchange 2003 with WMI, Part 3
To use a class in PowerShell use Get-WMIObject. For example, to get queue information run:
Get-WmiObject -ComputerName YourExchangeServer -Class Exchange_Queue
Or if you are running the script locally on Exchange server just:
Get-WmiObject -Class Exchange_Queue
To add a node with Exchange 2003 queues to PowerGUI:
- In PowerGUI, right-click the folder where you want to add it, and click New / Node on the shortcut menu.
- Type in the name you want the node to have (e.g. Exchange Queues)
- Pick Get-WmiObject from the Command drop-down list.
- Type the actual class as the Class parameter (e.g. Exchange_Queue)
- If running remotely, specify the Exchange server name as the Computer Name:
As result you will get a UI like the one Nicolas created for his Exchange 2003 environment.
Here’s a list of WMI classes available (linked to their respective MSDN pages):
Note that they will not work for Exchange 2007. WMI is no longer supported there but the good news that PowerShell provides you much more.
Thanks to Dmitry Sotnikov for his article !
(Source = http://dmitrysotnikov.wordpress.com/2007/09/06/wmi-powershell-for-exchange-2003/ )
Get a list of mobile devices in Exchange 2010 using PowerShell
Hi there! Following my previous blog post about Exchange 2010 and consumerization of mobile devices, I decided to create a little script that might help you find out what mobile devices are actually connecting to your Exchange 2010 environment.
Step-by-Step
First, I define the variables that I’m going to use.
$Date = Get-Date -uformat “%Y%m%d”
$Logfile = “C:LogsActiveSync-all-$date.txt”
$Devices = @()
Secondly, I add headers to the text file. This makes handling easier when you import it into Excel.
Add-Content -path $LogFile “name,devicemodel,devicetype,useragent,lastsynctime”
Then we build a list of all mailboxes that have an ActiveSyncDevice configured (or in use) and we filter on objects that are on an Exchange 2010 server:
$Mailboxes = Get-CASMailbox -ResultSize Unlimited | Where {$_.HasActiveSyncDevicePartnership -eq $True -and $_.ExchangeVersion.ExchangeBuild.Major -ilike “14”}
Next, we loop through the result and per mailbox we’re going to query for devices using the Get-ActiveSyncDeviceStatistics cmdlet. We loop through each device to get some of the details (like the model etc):
ForEach ($mailbox in $mailboxes){
$Devices= Get-ActiveSyncDeviceStatistics -Mailbox $mailbox.name
$name = $mailbox.Name
ForEach ($device in $devices) {
$Model = $Device.DeviceModel
$Type = $Device.DeviceType
$LastSyncTime = $Device.LastSuccessSync
$UserAgent = $Device.DeviceUserAgent
Add-Content -path $Logfile “$name,$Model,$Type,$UserAgent,$LastSyncTime”
}
}
Bringing it all together
If we bring all of the above together, we get the following result:
$Date = Get-Date -uformat “%Y%m%d”
$Logfile = “C:LogsActiveSync-all-$date.txt”
$Devices = @()
Add-Content -path $LogFile “name,devicemodel,devicetype,useragent,lastsynctime”
$Mailboxes = Get-CASMailbox -ResultSize Unlimited | Where {$_.HasActiveSyncDevicePartnership -eq $True -and $_.ExchangeVersion.ExchangeBuild.Major -ilike “14”}
ForEach ($mailbox in $mailboxes){
$Devices= Get-ActiveSyncDeviceStatistics -Mailbox $mailbox.name
$name = $mailbox.Name
ForEach ($device in $devices) {
$Model = $Device.DeviceModel
$Type = $Device.DeviceType
$LastSyncTime = $Device.LastSuccessSync
$UserAgent = $Device.DeviceUserAgent
Add-Content -path $Logfile “$name,$Model,$Type,$UserAgent,$LastSyncTime”
}
}
The output of the file will look something like this:
Michael Van Horenbeeck,Android,Android,Android/3.2-EAS-1.2,09/27/2011 05:55:59,
Michael Van Horenbeeck,Android,Android,Android/3.2-EAS-1.2,,
Michael Van Horenbeeck,htcace,htcace,Android-EAS/3.10.000.083346.405,09/27/2011 20:00:48,
Michael Van Horenbeeck,TestActiveSyncConnectivity,TestActiveSyncConnectivity,Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com),09/16/2011 13:05:41,
As you can see, I’m indeed using an Android-device. If you look closely, you’ll notice that there are 2 different devices.
You’ll also notice that not all devices register their Model/Type correctly (like my Android device). Others do pop out in the logs more clearly:
User X,iPad,iPad,Apple-iPad2C2/812.1,09/27/2011 18:52:48,
User X,HTC Touch Pro,PocketPC,MSFT-PPC/5.2.5310,09/27/2011 20:07:02,
User Y,iPad,iPad,Apple-iPad1C1/803.148,09/27/2011 20:12:39,
User Y,SAMSUNG,WP,MSFT-WP/7.0.7004,09/27/2011 20:19:11,
Note: If you ever used the testexchangeconnectivity.com website to test your ActiveSync deployment, you will notice that it will show up in the logs as well.
EDIT:
Tom Vergauwen, a colleague of me just pointed out there’s an easier way using:
Get-ActiveSyncDevice | Get-ActiveSyncDeviceStatistics
It requires less iterations in the script; making it a lot quicker to process (certainly in large environments).
Note: Get-ActiveSyncDevice is not available on Exchange 2007, so you’ll have to stick with the first script if you want to adapt it to Exchange 2007.
Bringing the best of both worlds together, results into the following script:
$Date = Get-Date -uformat “%Y%m%d”
$file = “C:tempeas-devicelist-$date.csv”
new-item $file -type file -force -value “User;DeviceType;DeviceModel;DeviceID;DeviceUserAgent;LastSyncTime’n”
$devices = Get-ActiveSyncDevice | Get-ActiveSyncDeviceStatistics
ForEach($device in $devices){
$Model = $Device.DeviceModel
$Type = $Device.DeviceType
$id = Device.DeviceID
$LastSyncTime = $Device.LastSuccessSync
$UserAgent = $Device.DeviceUserAgent
$identity = $device.identity|out-string
$identity = $identity.split(“/”)[-2]
Add-Content -Path $file “$identity;$Type;$Model;$id;$UserAgent$LastSyncTime”
}
Enable Exchange ActiveSync on a Mailbox with PowerShell
Exchange 2007 brought some changes to managing mailboxes, most notably, the removal of Exchange tabs from Active Directory. In Exchange 2003, to enable Exchange ActiveSync for a mailbox, you would simply open the ADUC properties for a user, click the Exchange Features tab, click Exchange ActiveSync, and then click Enable.
Today, with Exchange 2007 and Exchange 2010, the function isn’t quite as easily found, but it’s much easier to use. On any machine with the Exchange Management Tools loaded, fire up the Exchange Management Shell (this won’t work in your regular PowerShell terminal) and type the following, replacing “Firstname Lastname” with the user’s first and last name, or their user ID, in quotes.
Get-Mailbox"Firstname Lastname"|Set-CASMailbox-ActiveSyncEnabled$true
Exchange Full-Access and Send-As mailbox permissions with Powershell
All tasks in Exchange Server 2007 or Exchange Server 2010 can be done in the Exchange Management Shell. So you are also able to give the Send-As permission and the Full-access permission via the Exchange Management Shell.
Send-As permissions
If you want to give the user Pete Peterson the Send-As permission for the John Johnson Mailbox you can use the following command line:
get-user -identity “john.johnson@msexchangeblog.nl” | Add-ADPermission -User “pete.peterson@msexchangeblog.nl” -ExtendedRights Send-As
If you want to give the Active Directory group SendAsGroup the Send-As permission for the John Johnson Mailbox you can use the same command line:
get-user -identity “john.johnson@msexchangeblog.nl” | Add-ADPermission -User “SendAsGroup” -ExtendedRights Send-As
Full-Access permission
To be able to give an user or group the Exchange mailbox Full-Access permission, you need to use two separate command lines. First you need to remove the Deny FullAccess permissions on the account. After the deny permission is removed you need to give the user or group the FullAccess permission on the Exchange Mailbox.
If you want to give the user Pete Peterson the Full-Access permission for the John Johnson Mailbox you can use the following command lines:
get-user -identity “john.johnson@msexchangeblog.nl” |Remove-MailboxPermission -User “pete.peterson@msexchangeblog.nl” -Deny -InheritanceType ‘All’ -AccessRights ‘FullAccess’
get-user -identity “john.johnson@msexchangeblog.nl” | Add-MailboxPermission -User ”pete.peterson@msexchangeblog.nl” -AccessRights ‘FullAccess’If you want to give the Active Directory group FullAccessGroup the Send-As permission for the John Johnson Mailbox you can use the same command lines:
get-user -identity “john.johnson@msexchangeblog.nl” |Remove-MailboxPermission -User “FullAccessGroup” -Deny -InheritanceType ‘All’ -AccessRights ‘FullAccess’
get-user -identity “john.johnson@msexchangeblog.nl” | Add-MailboxPermission -User ”FullAccessGroup” -AccessRights ‘FullAccess’
Disable/Enable a Mailbox – Change user account while saving mails
Sometimes you have to change a whole account but transfer the mailbox database.
There are two ways to do that :
1 – Creating the new account, creating an export of the mailbox using pst files, importing this pst file into the new mailbox
Using that method, the person which will do that will have all access to the user’s mails, not really secure..
2 (the best one) :
Using this little script 🙂
#Getting all mandatory informations about the old username
$OlduserDatabase=(Get-mailbox $olduser).Database.ToString()
$OlduserDisplayName=(Get-mailbox $olduser).DisplayName.ToString()#Disabling and cleaning the mailbox/database
Disable-Mailbox $Olduser -confirm:$false
Clean-MailboxDatabase $OlduserDatabase
$domainusername=”$onedomain$newuser”#Getting the mailboxdatabase of the old user
$disconnectedMailbox=Get-DisconnectedMailbox $OlduserDisplayName
$disconnectedMailbox |
Foreach-Object{
Connect-Mailbox -Identity $_.StoreMailboxIdentity -Database $OlduserDatabase -User $domainusername -Alias $newuser
}
#Here we go !
return “New user $newuser has been succesfully made”
Managing calendar permissions in Exchange Server 2010
In legacy versions of Exchange Server we could use PFDAVAdmin to manage calendar permissions, or alternatively the 3rd party tool SetPerm.
With Exchange Server 2010 calendar permissions can be managed using the *-MailboxFolderPermission cmdlets. While these cmdlets can be used to manage permissions on any mailbox folder, we`ll focus on calendar permissions.
In fact we got 4 *-MailboxFolderPermission cmdlets in Exchange Server 2010:
- Add-MailboxFolderPermission
- Get-MailboxFolderPermission
- Remove-MailboxFolderPermission
- Set-MailboxFolderPermission
Since I`ll be focusing on managing default permissions , which is an existing ACL on the calendar folder, we need to use the Set-MailboxFolderPermission cmdlet:
To grant “Reviewer”-permissions for the “Default” user, we would run the following:
Some companies have a policy that everyone must share their calendars with all users. Since it`s now possible to manage calendar permissions using PowerShell, I`ve written a script to accomplish this task; Set-CalendarPermissions.ps1.
While this script could be scheduled to run on a regular basis, a better approach for managing calendar permissions for new mailboxes are the use of the Scripting Agent which is a part of the Cmdlet Extension Agents, a very useful feature introduced in Exchange Server 2010.
(source : http://tinyurl.com/7lg3umf)
Get all permissions on a mailbox
If you want to get all users that have rights on a mailbox, just try this little script :
Get-Mailbox $mailbox | Get-MailboxPermission | where {($_.user.tostring() -ne “NT AUTHORITYSELF”) -and ($_.IsInherited -eq $false)}
Really simple but… really useful !
Exchange, Powershell, AD & Azure Tips 