O-Xchange Notes from the Field!

Wednesday, October 22, 2014

Get all messages from all transport servers by a specific sender, starting on a specific day

Get all messages from all transport servers by a specific sender, starting on a specific day and export to CSV

Use this one-liner:

Get-TransportServer | Get-MessageTrackingLog -sender:test@test.com -start 7/15/2014 -resultsize unlimited | export-csv c:\export.csv

How to modify distribution list in the GAL using Outlook

How to edit/modify a distribution list in the GAL via Outlook



NOTE: In order to edit a distribution list in the Global Address Listing (GAL), you must be the owner of that list.

STEP 1:  In Outlook, hold down the Control, Shift, and B keys. This will open your address book.

Once the address book is open, verify that "Global Address List" is selected in the Show Names from the: field.

Now, search for the name of the list you would like to edit by entering it into the box located under Type Name or Select from List:.

Once you have located the list you would like to edit, double click it to open the Properties window.


STEP 2:  Click on Modify Members button


STEP 3:  You can add a new member to this list by clicking on the Add button on the right side of the window.


STEP 4:  The Add Users window will now open. Type the name of the user you would like to add and then double click on their name. The name should appear in the field at the bottom of the window. Now click OK.


Note: Repeat STEPs 3 and 4 as many times until you have added all the people you would like to this distribution list.


STEP 5:  Any changes that you have made should now appear. Once you are finished, click OK  to return to your address book. You may now close your address book and continue where you left off.


NOTE:  You must be the owner of the distribution list in order to edit it. If you are not the owner and you try to add a member, you will receive the following error message: changes to the distribution list could not be saved. You do not have sufficient permission to perform this operation on this object. 



Recover Deleted items in Outlook or Outlook Web App

Recover deleted items in Outlook or Outlook Web App


Restore deleted items in Outlook 2013


https://support.office.com/en-US/Article/Restore-deleted-items-in-Outlook-49e81f3c-c8f4-4426-a0b9-c0fd751d48ce?ui=en-US&rs=en-US&ad=US


Restore deleted items or email in Outlook Web App

https://support.office.com/en-US/Article/Recover-deleted-messages-or-items-in-Outlook-Web-App-c3d8fc15-eeef-4f1c-81df-e27964b7edd4


Restore Deleted items in Outlook 2010

https://support.office.com/en-US/Article/Restore-deleted-items-in-Outlook-cd9dfe12-8e8c-4a21-bbbf-4bd103a3f1fe


Configuring Message rules for a shared Mailbox

Configuring message rules for a shared mailbox

Scenario: How do I access a shared mailbox and change a rule.  I do have admin rights and full access to this mailbox but when I do a file > open> and try to change the rules, it reverts back to my primary mailbox rules.

Note: Exchange 2010 users cannot modify rules for mailboxes in Exchange 2013, and vice versa

There are several methods to get this to work:



Method 1: Outlook 2010 or Outlook 2013


Configuring Message rules for a shared Mailbox/Service Mailbox


If you are using Outlook 2010 or Outlook 2013 and either have been granted Full Access permissions to the mailbox or have been provided separate credentials for it, then you can also configure this shared mailbox as an additional Exchange account or add it as a secondary mailbox of your own.

How to add an additional mailbox in Outlook 2010:

http://www.groovypost.com/howto/microsoft/add-a-second-additional-mailbox-in-outlook-2010/



How to add an additional mailbox in Outlook 2013

http://www.groovypost.com/howto/add-additional-mailbox-in-outlook-2013/



Once the mailbox has been added, select its Inbox folder and add the rule as you would normally do for your own mailbox.





Method 2: Outlook Web App


When you have been granted Full Access permissions, then you can log on with your own username and password and click on your own name in the top-right corner to get to the option of opening another mailbox.

If you haven’t been granted Full Access permissions but do have separate log on credentials for the additional mailbox, you can use that to log on.

Once logged in, you can create a message rule in the following way:

    For OWA 2013:
    Gears icon (right side of your name)-> Options-> Organize email

    For OWA 2010:
    Options (below your name)-> Create an Inbox Rule…
 

Doing Common and Basic Tasks in Outlook

Common and Basic Tasks in Outlook

Print email, Reply all or forward, Write new mail, spell check, Attach files or photos, see all your email, keyboard shortcuts, font and signature, work with folders, etc

Please launch this Microsoft page for details :

 http://windows.microsoft.com/en-us/windows/outlook/basics

How to Get OutlookAnywhere Configuration Settings from ActiveDirectory

When you type get-outlookanywhere settings, the settings are typically retried from CAS servers. However, those settings can also be retrieved directly from active directory and usually faster than retrieving from CAS servers. To do that, use this PowerShell one liner:

get-outlookanywhere -ADPropertiesOnly | fl identity, *auth*, *hostname

That command will display server name, client authentication method, iisauthentication method and external/internal hostnames

Wednesday, October 15, 2014

Delegate Installation of Exchange 2013

Delegate Installation of Exchange 2013 Server

Exchange Server 2013 lets you delegate the installation of Exchange servers to people who aren't members of the Exchange 2013 Organization Management role group.


Notes: Only a member of organization role group can provision a server. Members of delegated setup can install Cumulative updates. Uninstallation of Exchange requires Org role group membership

step 1: There is a built in group for delegating setup of pre-provisioned servers, named the delegated setup role group. Add the installer to this role group. This allows the installer to install provisioned servers


Step 2: If you're running Setup on the computer that's being provisioned, run the following command:Setup.exe /NewProvisionedServer /IAcceptExchangeServerLicenseTerms


If you're running Setup on another computer, run the following command:Setup.exe /NewProvisionedServer:<ComputerName> /IAcceptExchangeServerLicenseTerms




Delegate Installation of Exchange 2010 Server

Exchange Server 2010 allows an administrator to provision a new Exchange server and then delegate the actual setup of that server to another account


Notes: Only a member of organization role group can provision a server. Members of delegated setup can install Cumulative updates and rollups. Uninstallation of Exchange requires Org role group membership

step 1: There is a built in group for delegating setup of pre-provisioned servers, named the delegated setup role group. Add the installer to this role group. This allows the installer to install provisioned servers


Step 2: If you're running Setup on the computer that's being provisioned, run the following command:Setup.exe /NewProvisionedServer

If you're running Setup on another computer, run the following command:Setup.exe /NewProvisionedServer:<ComputerName>


To make sure the server was properly provisioned for Exchange, you can do the following:

Go to Start > Administrative Tools, and then open Active Directory Users and Computers.

Select Microsoft Exchange Security Groups, double-click Exchange Servers, and then select the Members tab.

On the Members tab, check to see if the server you just provisioned is listed as a member of the security group.

If your server is listed as a member of the Exchange Servers security group, it was properly provisioned. Someone who's a member of the Delegated Setup role group can now install Exchange on that server.

Add a user as the manager of a distribution group without removing existing managers via Exchange PowerShell.

Scenario:  Add a user as the manager of a distribution group without removing existing managers via Exchange PowerShell. If you were to use the Set-DistributionGroup command with the -managedby switch, it would remove the existing managers and set the managers you specified in the switch.  To add the user jdoe1 as a manager and not remove the existing managers from the distribution group 'HQ-All Employees', run the following PowerShell commands below.

$Group = Get-DistributionGroup "HQ-All Employees"
$Managers = $Group.ManagedBy
$User = Get-User  jdoe1
$Managers += $User 
Set-DistributionGroup "HQ-All Employees" -Managedby $Managers -BypassSecurityGroupManagerCheck



Excel Magic: If you have an Excel sheet full of groups in Column A and wish to add jdoe1 as the manager to each of those groups, copy the Excel formula below and drag it down for the entire list of groups. The value of each cell will create the Powershell command that you will need for each group.  Copy the cells (the cell values) and Paste it into Exchange PowerShell.  Each command is separated by a ; so the 5 PowerShell commands needed will fit into one Excel Cell and fit on one PowerShell line for each group.

="$Group= Get-distributiongroup """&A2&"""; $Managers= $grp.managedby; $User=Get-User jdoe1;$Managers+=$User;Set-DistributionGroup """&A2&""" -managedby $Managers -BypassSecurityGroupManagerCheck"

Tuesday, October 14, 2014

A user receives 'Something went wrong Sorry, we can't get that information right now. Please try again later. If the problem continues contact your helpdesk' error message when accessing OWA.

Scenario:  A new mailbox is provisioned and the user is receiving the following error when accessing their mailbox via OWA:

:-(something went wrong

Sorry, we can't get that information right now. Please try again later. If the problem continues, contact your helpdesk.

All normal mail protocols such as OWA and ECP were enabled by default.


Resolution:  I performed a search against the email address for that mailbox and came across two mailboxes that had the same email address  (get-mailbox  jdoe@domain.com). I removed this email alias from the user who was not using it.  The user experiencing the problem could now login to OWA.





Monday, October 13, 2014

Script to Purge IIS Logs on Servers

Scenario:  Some applications, such as IIS, will create daily logs on your server. These IIS logs can be big in size and will not automatically purge off.  The script below will purge all but 7 days worth of IIS logs for each server listed in the $servers variable.


PowerShell Script (PurgeIISLogs.ps1)

$servers = "MBX01","MBX02"

$servers | %{ 

dir \\$_\c$\inetpub\logs\logfiles -recurse |  Where { ((get-date)-$_.LastWriteTime).days -gt 5 } | Remove-Item -Force

}



To schedule this script to run as a daily task, setup a second script (a batch script) that calls the Powershell script and executes it. The batch script is below.

Batch Script (PurgeIISLogs.bat)

%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "& 'c:\TASK\PurgeIISLogs.ps1'"

Manually Purge Log Files from Exchange Database Copies

Purpose:  The purpose of this document is to provide instruction on how to safely purge Exchange Database log files manually after log file buildup on a Exchange Server.  Log files are stored in the logs directly until an Exchange aware Full or Incremental Backup is successfully ran.  Once Exchange is aware that this backup is complete, Exchange will purge the log files.  If a backup has not ran successfully, then log files will continue to be created in the logs directory and the previous log files will still exist, consuming space.  Over time, this will fill up the hard drive where the log files are kept.  This manual purge is done live, meaning the instructions below happen while the Exchange Database remains mounted.  In the instructions below, we are using an Exchange Database DB53 that has 4 Database Copies; 1 Mounted, 3 Healthy.


Overview of the Instructions Below:

1. Capture and isolate the Log Files that will moved and purged into a text file.

2. Using Excel, open that text file and format it. Format meaning remove unwanted rows such as Header/Footer rows and removing log files for dates you wish to not remove.  For Example, I want to remove all the log files EXCEPT the last day or two. **NOTE do not remove the newest log files – give yourself a buffer**.

3. Using Excel, we will formulate the Move-Item and Remove-Item scripts to be ran on each server that holds the database copy.  From one database copy, we will move the log files to another server\storage location.  From the other 3 database copies, we will purge the log files.  Purging log files is quick, moving log files is a little bit slower.

4. Run the appropriate .ps1 script that will be created on each server that holds a database copy.


Instructions:

Capture and Isolate the Log Files:
1. Determine the LogFilePrefix for the database:
get-mailboxdatabase DB53 | FL LogFilePrefix

2. Determine the Database Copies Status to figure out which copy is mounted, healthy, or other status. Of the Mounted/Healthy Database Copies, choose 1 Database Copy to move the logs that wish to be purged to a storage share and purge the logs on the remaining copies. This ensures a copy of the logs exist in the event of a problem.

Get-mailboxdatabasecopystatus DB53

3. In a command prompt, run the following DIR command. It will put the results into the text file specified.  You will be using the LogFilePrefix you have found in Step1.

dir \\MBX01\e$\db53\logs\E01*.log > C:\users\steve\desktop\DB53.txt



In Excel, Open the Text File and Format It

4. Open Excel and then Open that Txt File.  Make sure during the Text Import Wizard (when opening the txt file in Excel), the logs are in their own column. I chose fixed width in the Wizard. Click on Finish.

5. Remove the rows that do not contain a log file (Very Beginning Rows and Very Last Rows).

6. Sort the dates (if not sorted already) and remove the rows of the date range that you do not wish to delete. For Example, I want to purge all log files EXCEPT for the last 2 days’ worth.


In Excel, Create the PowerShell Code used to Move/Purge Log Files

7. In Column F (Or the next Open Column) type this formula in and Copy on down to the last row. Note: Cell E2 is the log file name. You may have to change this value if the log file name exists in a different cell.

="Write-Host "&E2&"; Move-Item E:\DB53\Logs\"&E2&" \\FileSvr1\files\DB53" 

8. In Column G (or the next Open Column) type this formula in and Copy on down to the last row. Note: Cell E2 is the log file name. You may have to change this value if the log file name exists in a different cell.

="Write-Host "&E2&"; Remove-Item E:\DB53\Logs\"&E2&" -force"

 9. Copy the Contents out of the Move-Item Column and paste into notepad. Save that notepad file as DB53_move.ps1.  Copy this and run this on the server that has the database copy for you wish to move the log files.

10. Copy the Contents out of the Remove-Item Column and paste into notepad. Save that notepad file as DB53_remove.ps1.  Run this in PowerShell on the servers that have the remaining database copies.


Now you have carefully Moved/Purged the Log Files of that database. You now have bought yourself enough free space on the hard drives to work out your backup issues.

Friday, October 10, 2014

Install and Configure PowerShell Web Access

Here are the steps I took to configure PowerShell Web Access. These commands are being ran from an elevated PowerShell Prompt on the server WebSvr1.TestDomain.Com.


1. Install the Windows PowerShell Web Access Feature. Run the following command:  Install-WindowsFeature –Name WindowsPowerShellWebAccess –IncludeManagementTools

2. Configure the PSWA Gateway. Run the following command:  Install-PSWAWebApplication.  

If you do not have a certificate for the default site configured, you can use the -UseTestCertificate switch, else it will use the certificate already configured.  You should be able to access the url now: https://WebSvr1.TestDomain.Com/pswa  but you will not be able to login until the next step is completed.

3.Configure the PSWA authorization rules.  Run the following command:      Add-PSWAAuthorizationRule –UserGroupName TestDomain\ExAdmins –ComputerName WebSvr1.TestDomain.Com –ConfigurationName *

This command is allowing the ExAdmin group members to authenticate with PowerShell Web Access to the server WebSvr1.TestDomain.com. Now you can authenticate on the PSWA webpage.  Alternatively, you can use these switches with the Add-PSWAAuthorizationRule to add to your rule(s):

-UserName
-UserGroupName
-ComputerName
-ComputerGroupName
-ConfigurationName


4. Now you can successfully navigate to https://WebSvr1.TestDomain.Com/PSWA and run powershell.


Export Mail into a PST between two dates

Scenario:  You want to export mail from a mailbox into a PST with a filter of between two dates.

Run this command:

New-MailboxExportRequest -ContentFilter {(Received -gt '01/01/2014') -and (Received -lt '04/01/2014')} -Mailbox "testuser1" -Name testuser1 -FilePath \\Server\Share\testuser1.pst -baditemlimit 999 -acceptlargedataloss

Thursday, October 9, 2014

OWA message saying “403 Sorry! Access denied” You don’t have permissions to open this page

Issue: User tries to go into the OWA and change the options, but got a message saying “403 Sorry! Access denied” You don’t have permissions to open this page. Wait 15 minutes and try again. Customer already has the correct default role assignment policy assigned.



Cause: Troubleshooting revealed that ecpenabled was set to false for this user under casmailbox
settings.

Resolution: From PowerShell command prompt, type Set-casmailbox -id testuser -ecpenabled $true

Wednesday, October 8, 2014


Issue

Exchange Server unexpectedly reboot after CU6 and databases in service down state.

Cause

Based on the dump it looks to be caused by Replication Services Crashing.

Resolution

Database copy status on the server was showing ServiceDown

After sometime it was showing initializing and few mins later again showing ServiceDown

Checked Event ID

Log Name:      Application
Source:        MSExchange Common
Date:          
Event ID:      4999
Task Category: General
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      
Description:
Watson report about to be sent for process id: 41108, with parameters: E12IIS, c-RTL-AMD64, 15.00.0995.029, msexchangerepl, M.Exchange.Common, M.E.C.H.DatabaseFailureItem.Parse, System.ArgumentOutOfRangeException, fe19, 15.00.0995.012.
ErrorReportingEnabled: True

Log Name:      Application
Source:        Windows Error Reporting
Date:         
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:    
Description:
Fault bucket , type 0
Event Name: E12IIS
Response: Not available
Cab Id: 0


Ran the below command

Wevtutil.exe cl "Microsoft-Exchange-MailboxDatabaseFailureItems/Operational"

Ran it and restarted the Replication Services

All the copy status came to healthy in sometime

Dump Analyzes

==============
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

CRITICAL_PROCESS_DIED (ef)
        A critical system process died
Arguments:
Arg1: fffffa80611bd080, Process object or thread object
Arg2: 0000000000000000, If this is 0, a process died. If this is 1, a thread died.
Arg3: 0000000000000000
Arg4: 0000000000000000

Debugging Details:
------------------


PROCESS_OBJECT: fffffa80611bd080

IMAGE_NAME:  wininit.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  0

MODULE_NAME: wininit

FAULTING_MODULE: 0000000000000000

PROCESS_NAME:  MSExchangeHMWo

BUGCHECK_STR:  0xEF_MSExchangeHMWo

DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT





   

Tuesday, October 7, 2014



Issue: Customer is the owner of a distribution group called Testgroup
When trying to add employees from Outlook he gets the following error message:
Changes to the public group memberships cannot be saved; You do not have permission to perform the operation on the object


Cause: This happens, because the distribution group the user wants to modify was created on Exchange server 2007. Type this command from PowerShell to confirm that distribution group has legacy version attribute:
get-distributionGroup testgroup | Fl *Version


This is legacy version:  ExchangeVersion : 0.1 (8.0.535.0)

Solution: The distribution group needs to be updated to later exchange version. Use  Exchange server 2010 or 2013 PowerShell  to update the Exchange version attribute of the distribution group
From Exchange 2013 or Exchange 2010 powershell, type Set-distributiongroup TestGroup. That command updates the exchange version for the DG.


To Verify, type:  get-distributionGroup testgroup | Fl *Version


Version should now display ExchangeVersion: 0.10 (14.0.100.0)



Monday, October 6, 2014

Rebuild Content Index of Exchange 2013 Database

Scenario:  You need to rebuild the Content Index of Exchange 2013 Database.

**Note: There is no ResetSearchIndex.ps1 script in Exchange 2013. Rebuild needs to be performed manually**

Instructions:  

1. Stop the following 2 services"
     - Microsoft Exchange Search Service (Service Name: MSExchangeFastSearch)
     - Microsoft Exchange Search Host Controller (Service Name: HostControllerService)

2. Delete or Move the existing Content Indexing catalog folder (CI Folder) of the Database you wish to rebuilding Content Indexing for.  The CI folder is located in the Database directory and has a folder name of a GUID.  (C:\DB01\Database\27485485-A8dF-4Ed8f-BED8-8C4753D6BA123.11.Single)

3. Start the 2 services you stopped in step 1:
     - Microsoft Exchange Search Service (Service Name: MSExchangeFastSearch)
     - Microsoft Exchange Search Host Controller (Service Name: HostControllerService)

Thursday, October 2, 2014

Forward emails that comes to a mailbox to an external address and also keep the mail.

Scenario: you want to forward emails that comes to a particular mailbox to an external address and also keep the mail.

Resolution: Create a mail contact using powershell or Exchange 2013 ECP. If you have exchange 2010 users, you can also use the mgmt console


From Powershell, type Set-Mailbox -Identity 'testmailbox' -DeliverToMailboxAndForward:$true -ForwardingAddress 'mailcontactalias'

Sharing Calendars and other Mailbox Folders between Exchange 2010 and Exchange 2013.

Scenario:  You want to to access shared calendars/mailbox folders between a Exchange 2010 and Exchange 2013 mailbox. The clients used are either using Outlook 2013/2010 or OWA.

Resolution: When accessing a shared calendar/mailbox folder across the different Exchange platforms, follow these guidelines.


OWA:  By Microsofts design, a Exchange 2013 mailbox will not be able to open or edit the calendar entries of an Exchange 2010 mailbox. However, a Exchange 2010 mailbox will be able to access and edit a shared calendar of the Exchange 2013 mailbox.


For an Exchange 2013 mailbox accessing a shared calendar/mailbox folder of an Exchange 2010 mailbox

-Outlook 2013 is preferred.
-Make sure your Outlook version is patched to the latest update.  The Outlook version needs to be at least 15.0.4615.1000 or higher. To find the Outlook version number from within Outlook, click on File > Office Account > About Microsoft Outlook.  Its the Microsoft Outlook version and not the MSO version.
-If you are unable to locate the latest updates for Outlook, run the OffCat tool.  Click here for OffCat instructions.


For an Exchange 2010 mailbox accessing a shared calendar/mailbox folder of an Exchange 2013 mailbox

- If using Outlook 2010, make sure its at SP2 or higher.  If using Outlook 2013, make sure its at version 15.0.4615.1000 or higher.
- Your mail profile for Windows/Outlook needs to be forced to use Outlook Anywhere to reflect the architectural differences for Exchange 2013. Outlook Anywhere will allow Outlook to connect to the Exchange 2013 environment and access their mailboxes correctly. If not, you may not be able to connect to the 2013 mailbox OR your explicit permissions to the shared folder may not be honored. As an example, if you have editor permissions to the calendar of the 2013 mailbox, Outlook may tell you that you do not have permission and you need to request it.  Click here for steps to configure your mail profile to use Outlook Anywhere.