Powershell to apply Fullaccess and Send as permission to Exchange 2007 Mailbox

Below powershell can help to apply users full access rights and and SendAs permission to the mailbox for the given input CSV file

Format ofthe CSV something like this

UserMailbox,User
Krishna,Domain/Krishna

———————————————————————————————————————-

$csv = Import-csv -path “C:\Userdetails.csv”
foreach($line in $csv)
{
Add-MailboxPermission $Line.UserMailbox -AccessRights FullAccess -user $Line.User
Add-ADPermission $Line.UserMailbox -Extendedrights “Send As” -User $Line.User

}

———————————————————————————————————————-

Powershell to get the list of user who last logon time is older then 30 days

Below is the powershell command to get the list of mailbox who last log time is older then 30 days. This would be very help ful when you wanted to try to clean up exchagne server from unused account.  You can change from 30 to 6o or 90 days based on the requirement.

Get-MailboxStatistics | where {$_.Lastlogontime -lt (get-date).AddDays(-30)} | Select displayName,LastLoggedOnUserAccount,LastLogonTime

Managing Deleted Items under Default Managed folders in Exchange 2007

Default Manged folders are managing the default folders which is created by default in every mailbox like Inbox, Deleted Items, Send Items etc. Its Important that we managed some of the folders like Deleted items and sent items to keep storage utilization under control. Below is the step by step to configure to configure Mails in Deleted Items folder which are older than 30 Days

1. Open Exchange management console and click on Orgnisation Mailbox and on the right, click on Managed default folder to get the below snap. This is the list of items in Default managed folder. Same we cam get throught power shell

Get-ManagedFolder

Managed Default Folders

2. Right click Delete Items and click on New Managed content settings and enter the details like show below snap and click on next and new to complete the same. Which alsow to input the details like whats the retention period of the deleted items, what action has to be done , when retention priod reaches. Same can be done with the powershell command

new-ManagedContentSettings -Name ‘Delete_DeletedMails_30Daysold’ -FolderName ‘Deleted Items’ -RetentionAction ‘DeleteAndAllowRecovery’ -AddressForJournaling $null -AgeLimitForRetention ‘30.00:00:00’ -JournalingEnabled $false -MessageFormatForJournaling ‘UseTnef’ -RetentionEnabled $true -LabelForJournaling ” -MessageClass ‘*’ -MoveToDestinationFolder $null -TriggerForRetention ‘WhenMoved’

New Managed Content Settings

3. Once we are done this then we have to create Managed mailbox folder policy and added Managed folders(deleted items) and apply the same to the required mailboxes. To do this right click on Mailbox on Microsoft Exchange orginisation  in EMC and in the Result pane click on Managed folder policy and in the Action pane click on “New Managed Folder Default policy” and enter the required details as shown in the below snap and add Deleted Items and click on New to create the same. Same can be done with Powershell command

new-ManagedFolderMailboxPolicy -Name ‘DeletedItems_Retention_Policy’ -ManagedFolderLinks ‘Deleted Items’

New Managed Folder Mailbox Policy

 

4. Now need to apply to the individual user by going to the individual mailbox properties from Exchange management console properties ->  Mailbox settings -> double click on Message Records Management and browse and apply the new managed folder maibox policy created and apply the same.  Below is the snap of the same. Same also can be done with powershell command

Set-Mailbox -Identity <username> -ManagedFolderMailboxPolicy “Managed Folder Mailbox Policy Name”

To apply all the mailbox in the Exchange orginisation

Get-Mailbox  |Set-Mailbox -Identity <username> -ManagedFolderMailboxPolicy “Managed Folder Mailbox Policy Name”

RMS

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

5. Once we apply the policy to the mailboxes we have schedule the policy to run every day.  Right click on the Exchang Mailbox server -> Properties under Server Configuration and click on Messaging Records Management and Customise the required time

RMSSchedule

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

6.  You can force this settings to apply for the individual server or mailbox using below mentioned command

Start-ManagedFolderAssistant –Mailbox <Mailbox>
Start-ManagedFolderAssistant –Identity <ServerName>

Script to check if Active Directory User Account is Active or Disabled throught Powershell

Below powershell helps to get if a give account is active or disabled, We can loop it for the given list of users

$K = “Krishna.k”
$adobjroot = [adsi]”
$objdisabsearcher = New-Object System.DirectoryServices.DirectorySearcher($adobjroot)
$objdisabsearcher.filter = “(&(objectCategory=user)(objectClass=user)(sAMAccountName= $K)(userAccountControl:1.2.840.113556.1.4.803:=2))”
$resultdisabaccn = $objdisabsearcher.findone()

if($resultdisabaccn)
{
 Write-Output “ACcount is Disabled”
}
 Else
{
 Write-Output “ACcount is Active”
}

Configuring Exchange 2007 Client Access Server with LoadBalancer

To configure Multiple Exchange 2007 client access server with load balancer we need to Offload Certificate to the load balancer.

Offloading Certificate is the process where we uploaded certificate into the load balancer and this box will accept the request and decrypt the certificate and it will create a new session from the load balancer to the exchange servers. This is called SSL termination where SSL Session from the client is terminated at the LB and new session is created between the Server and Load Balancer

To configure SSL offloading for Outlook Web Access, you must perform the following procedure on each of your Client Access servers. Below is the link which gives the details description on configuring Client Access Servers

http://technet.microsoft.com/en-us/library/bb885060.aspx

Below link on F5 Load balancer which has details description on how to configure for Exchange 2007 Client Access server for OWA, Active Sync, Pop3, IMAP etc

http://www.f5.com/pdf/deployment-guides/f5-exchange07-dg.pdf

Unable to browse TLS or HTTPS sites from BlackBerry Browser

Select on the MDS connection service which wil have the name like Servername_MDS-CS and on the right pannel click on Edit properties. This will open MDS connection Service windows . Select TLS/HTTPS and make both allow untrusted TLS and HTTPS connections to true

TLSConnection

 

Restart “Blackberry MDS connection Service” from the services. Then access TLS or HTTPS sites from BB device. It should work fine

Exchange 2007 soft recovery of the database

Soft Recovery is the process of remounting the database when the database was shutdown abruptly and when log files and Database files are intact.

 Simple Soft Recovery Process

Mounting of the database is simple soft recovery process which will check the checkpoint file and find the log latest log updated and will update the remaining logs.  If there you no check point it will try to apply oldest log files available. 

 

Advanced Soft Recovery Process (Careful, Make sure that you have the copy of the database and log files before you do this option)

When there is abrupt shutdown and there are chances that Database may go into Dirty shutdown state. When you try to mount the database it may not mount as it is the Dirty Shutdown state. Need to reply the logs manually to bring the database into clean shutdown state.

 

1.  Eseutil /mh “Databasepath” (gets you the details of the clean shutdown or dirty shutdown)

Below snap give the details of the dirty shutdown and it also provide the details of Log Required.

 Dirty_Shutdown

 

2. Eseutil /ml “Path of the log file” (get you the header of the logs and there you will find the value of Base name: E00 to use for the applying the logs. This may vary in the log header. Need to make sure that you get the database before you apply the logs

Basename

 

3. Move the Check point file the other location .This will cause to replay all the logs available

 

4. Open command prompt and browse to the log file location and run the below mentioned command

 Eseutil /r  /a E00 /d “C:\EDB file path” /S “C:\Log file path” /L “C:\Chckpoint file creation path”

 Make sure that you taken the backup of the log file before you use these options and you make sure that you have all the log file required as per the header of the Database and provide the correct paths. For the simple recovery use below mentioned command

 Eseutil /r E00

 5. On completion it should mount automatically or you can mount the database from Exchange management console. We can checked if Datbase is been changed to clean shutdown form the below mentioned command

 Eseutil /mh “Database path.edb”