Mailbox folder permission granted for resource mailbox

29.11.2012

I noticed that it is not easy to grant (Add-MailboxFolderPermission) mailbox folder permission for a resource mailbox (e.g. room, shared, equipment).

Note: The Identity parameter specifies the recipient and folder that you want to change the permissions for. This parameter takes the following format: <SMTP Address or Alias of Recipient>:<Folder path>. The following is an example: john@contoso.com:\Calendar. In my case it is \Kalenteri because of Finnish language. How to determine the right value for the folder path use for example Get-MailboxFolderStatistics “alias” | select Folderpath

[PS] C:\> Add-MailboxFolderPermission FORoom:\Kalenteri -AccessRights reviewer -User JohnK

The user "JohnK" was found in Active Directory but isn't valid to use for permissions. Try an SMTP address instead.
 + CategoryInfo : NotSpecified: (0:Int32) [Add-MailboxFolderPermission], InvalidInternalUserIdException
 + FullyQualifiedErrorId : 158B211F,Microsoft.Exchange.Management.StoreTasks.AddMailboxFolderPermission

[PS] C:\> Add-MailboxFolderPermission  FORoom:\Kalenteri -User "JohnK@contoso.com" -AccessRights reviewer

The user "JohnK@contoso.com" is either not valid SMTP address, or there is no matching information.
 + CategoryInfo : NotSpecified: (0:Int32) [Add-MailboxFolderPermission], InvalidExternalUserIdException
 + FullyQualifiedErrorId : 331E5E8C,Microsoft.Exchange.Management.StoreTasks.AddMailboxFolderPermission

But why? Let me know 😉

Converted resource mailbox to user mailbox Type:Regular works properly. It does not matter if the resource has disabled AD accout (typical character for a resource mailbox) or not.

[PS] C:\ Get-Mailbox "JohnK" | Set-Mailbox -Type:Regular
[PS] C:\> Add-MailboxFolderPermission FORoom:\Kalenteri -User "JohnK@contoso.com" -AccessRights reviewer

RunspaceId : 696651a2-c64d-4d07-8bf2-a7bc32a4473f
FolderName : Kalanteri
User : JohnK
AccessRights : {Reviewer}
Identity : JohnK
IsValid : True
Advertisements

Message expire and must issue a STARTTLS

29.11.2012

I noticed the request from an user with the internet message header which contained error:

ala.poo@contoso.com
#550 4.4.7 QUEUE.Expired; message expired ##

I sent a test message and check message queues on EDGE server (Exchange 2010 SP2) . Related queue issued error:

451 4.4.0 Primary target IP address responed with:"451 5.7.3 Must issue a STARTTLS command first." Attempted failover to alternate host, but that did not succed. Either there are no alternate hosts, or delivery failed to all alternate hosts.

Well I check also related send connector and it has used RequireTLS:$true.

CheckTLS.com gave me answer: TLS is not an option on this server – TLS Adv failed

Destination’s MX servers do not support TLS (STARTTLS extension). And all messages addressed  there through the send connector which required TLS (encrypted transmittion) did not pass.

Solution? Maybe omit forced TLS, but is it secured? 🙂

How to easily track Public Folder replication messages in Exchange 2010

Dedicated PF server

Simple command can help us to track PF replication messages if you have dedicated PF server

get-exchangeserver *pf* | get-messagetrackinglog

PF database as part of mailbox server hosting active database copies

If you don´t have dedicated PF server, you should track SMTP traffic with the following message subjects and source server, which contains PF database

Folder Content
Status
Backfill Request
Hierarchy Backfill Response
Folder Content Backfill Response
Hierarchy
Conflict message: <Message original subject>

for example

get-transportserver HUBTRANSPORT | Get-MessageTrackingLog -MessageSubject "Folder Content" -resultsize 1

How to configure Calendar Repair Assistant in Exchange 2010/2013

What is Calendar Repair Assistant

 

Difference between Exchange 2010 and Exchange 2013

  • CRA in Exchange 2010 is not enabled by default
  • CRA in Exchange 2013 and Exchange 2010 SP3 has new configurable parameter  for CRA repair mode (ValidateOnly, RepairAndValidate)
  • Lower record is default from Exchange 2013, Higher is default from Exchange 2010 SP3 (not yet available)

CRA_Difference

Configuration in Exchange 2010

  • Setting mailbox servers
Get-MailboxServer | Set-MailboxServer -CalendarRepairWorkCycle 7.00:00:00 -CalendarRepairWorkCycleCheckpoint 1.00:00:00 -CalendarRepairLogFileAgeLimit 30.00:00:00 -CalendarRepairLogPath E:LogsCalendarRepairAssistant -CalendarRepairLogDirectorySizeLimit unlimited -CalendarRepairLogSubjectLoggingEnabled $true -CalendarRepairLogEnabled $true -CalendarRepairIntervalEndWindow 60 -CalendarRepairSchedule Mon.20:00-Mon.23:59,Tue.20:00-Tue.23:59,Wed.20:00-Wed.23:59,Thu.20:00-Thu.23:59,Fri.20:00-Fri.23:59,Sat.20:00-Sat.23:59,Sun.20:00-Sun.23:59
  • Setting user mailboxes
Get-Mailbox -ResultSize unlimited -Filter {CalendarRepairDisabled -eq $True} | Set-Mailbox -CalendarRepairDisabled $false
  • Disabling CRA if needed
Get-MailboxServer | Set-MailboxServer -CalendarRepairWorkCycle $null -CalendarRepairWorkCycleCheckpoint $null -CalendarRepairSchedule $null

Configuration in Exchange 2013 RTM

  • Changing configuration

Changing in configuration is done the same way as it was in Exchange 2010.

  • Setting CRA repair mode
Get-MailboxServer | Set-MailboxServer -CalendarRepairMode ValidateOnly
  • Setting user mailboxes
Get-Mailbox -ResultSize unlimited -Filter {CalendarRepairDisabled -eq $True} | Set-Mailbox -CalendarRepairDisabled $false

Important parameters

  • CalendarRepairWorkCycle 7.00:00:00 -Defines time range within what all mailboxes must be checked
  • CalendarRepairWorkCycleCheckpoint 1.00:00:00 – Defines within what time mailbox will be repaired if error is found
  • CalendarRepairLogEnabled $true – Enables / disables logging of CRA
  • CalendarRepairIntervalEndWindow 60 – How many days in the future calendars will be checked
  • CalendarRepairSchedule Mon.20:00-Mon.23:59 – schedules CRA

Log example

CRA_Log_Example

Exchange 2013 – Cmdlets Road map

Created hmtl road map could help you to check all Exchange 2013 cmdlets under one page. The layout is the same like in technet:

  • Permissions Cmdlets
  • Security Cmdlets
  • Messaging Policy and Compliance Cmdlets
  • Anti-Spam and Anti-Malware Cmdlets
  • Mail Flow Cmdlets
  • Mailbox Cmdlets
  • Recipient Cmdlets
  • Email Address and Address Book Cmdlets
  • Move and Migration Cmdlets
  • Sharing and Collaboration Cmdlets
  • Federation and Hybrid Configuration Cmdlets
  • Client Access Cmdlets
  • Unified Messaging Cmdlets
  • High Availability Cmdlets
  • Server Health, Monitoring, and Performance Cmdlets
  • Active Directory Cmdlets
  • Cmdlet Extension Agent Cmdlets
  • Global Cmdlets

Download: Exchange 2013 Cmdlets Road Map

Please use right-click and “Save as” for downloading ps1 file otherwise the link shows source code in the same window.

Mailbox quotas change based on Custom Attribute

  • Exchange 2010 / 2013 can be designed so, that multiple mailbox tiers can be placed within one database. In this case there is not easy way how to control mailbox limits for bigger companies. I wrote the script, which can help managing limits based on single value in Custom attribute 12.

How it works

  • Change custom attribute 12 for maiblox users to value Tier1, Tier2 ….Tier5
  • Plan to run the script on daily basis via task manager
  • Script will change the limits to correct values and check if the limits are still OK for existing mailboxes
  • If limits have changed for some reason. Script will set correct ones
  • For non existing value or deviated one: for example “Tier 1” the default tier will be set

What do you need to customize

  • Where to put report file (line 9)
  • Define tiers (Number for size, Unit for multiplier MB,GB etc)
  • You can specify unlimited value as well, unit value then is empty “”

Work left for service desk

  • Add tier info to CustomAttribute12 or leave it empty for default tier assignment
  • change CustomAttribute12 value once mailbox user requests change of mailbox limits

Script

 # Author: zbynek.salon@salonovi.cz
 # Version 3.0
 # Purpose: 1/ Changing limits based on tier value inside CustomAttribute12
 #
 #######################################################################################################################################################
 # Date and report definitions
 $dat = get-date | select day,month,year
 $date = "$($dat.day)_$($dat.month)_$($dat.year)"
 $file = "d:report_$date.txt"
 $report = "started at $($date) - Task 1/ Changing limits based on tier value inside CustomAttribute12"
 $report | out-file "$($file)" -width 2000000 -Append
 #######################################################################################################################################################
 # Tier definition W-Warning, S-ProhibitSend, R-ProhibitSendReceive, WU-Warning Unit, SU-Send Unit, RU-Receive Unit, TI - TierInfo
 $t = [PSCustomObject]@{
 T1 =[PSCustomObject]@{
 W="950"
 S="1024"
 R="1250"
 WU="MB"
 SU="MB"
 RU="MB"
 TI="Limit 1024MB"
 }
 T2 = [PSCustomObject]@{
 W="450"
 S="500"
 R="650"
 WU="MB"
 SU="MB"
 RU="MB"
 TI="Limit 500MB"
 }
 T3 = [PSCustomObject]@{
 W="130"
 S="150"
 R="200"
 WU="MB"
 SU="MB"
 RU="MB"
 TI="Limit 150MB"
 }
 T4 = [PSCustomObject]@{
 W="8192"
 S="10240"
 R="unlimited"
 WU="MB"
 SU="MB"
 RU=""
 TI="Business demand 8GB"
 }
 T5 = [PSCustomObject]@{
 W="2048"
 S="2548"
 R="3072"
 WU="MB"
 SU="MB"
 RU="MB"
 TI="Temporarily increased - for cleanup 2,5GB"
 }
 }
 #######################################################################################################################################################
 # Function
 function Limit ($mb,$ti,$rep){
 $res=0
 if ($mb.issuewarningquota.isunlimited -eq $true)
 {
 if ("unlimited" -ne $ti.w){$res=1}
 }
 else{
 if ($mb.issuewarningquota.value.toMB() -ne $ti.w){$res=1}
 }
 if ($mb.prohibitsendquota.isunlimited -eq $true)
 {
 if ("unlimited" -ne $ti.s){$res=1}
 }
 else{
 if ($mb.prohibitsendquota.value.toMB() -ne $ti.s){$res=1}
 }
 if ($mb.prohibitsendreceivequota.isunlimited -eq $true)
 {
 if ("unlimited" -ne $ti.r){$res=1}
 }
 else{
 if ($mb.prohibitsendreceivequota.value.toMB() -ne $ti.r){$res=1}
 }
 if ($res -eq 1){
 Write-Host "$($ti.TI)"
 $report = "$($mb.alias);$($mb.ExchangeGuid);$($mb.customattribute12);$($mb.issuewarningquota);$($mb.prohibitsendquota);$($mb.prohibitsendreceivequota);Will be set to correct limits"
 $report | out-file "$($rep)" -width 2000000 -Append
 set-mailbox "$($mb.exchangeguid)" -usedatabasequotadefaults $false -Prohibitsendquota "$($ti.s)$($ti.SU)" -prohibitsendreceivequota "$($ti.r)$($ti.RU)" -issuewarningquota "$($ti.w)$($ti.WU)"
 }
 else{
 Write-Host "$($ti.TI)"
 $report = "$($mb.alias);$($mb.ExchangeGuid);$($mb.customattribute12);$($mb.issuewarningquota);$($mb.prohibitsendquota);$($mb.prohibitsendreceivequota);Mailbox OK"
 $report | out-file "$($rep)" -width 2000000 -Append
 }
 }
########################################################################################################################################
 # Main program
 $a = $null
 $a = @()
 $a += get-mailbox -resultsize unlimited | select *quota*,customattribute12,alias,Exchangeguid
 foreach ($line in $a){
 if ($line.exchangeguid -ne $null){
 $tier=$null
 switch ($line.customattribute12) {
 "Tier1"{
 $tier = $t.t1
 Limit $line $tier $file
 }
 "Tier2"{
 $tier = $t.t2
 Limit $line $tier $file
 }
 "Tier3"{
 $tier = $t.t3
 Limit $line $tier $file
 }
 "Tier4"{
 $tier = $t.t4
 Limit $line $tier $file
 }
 "Tier5"{
 $tier = $t.t5
 Limit $line $tier $file
 }
 "$null"{
 $tier = $t.t3
 Limit $line $tier $file
 }
 default{
 $tier = $t.t3
 Limit $line $tier $file
 }
 }
 }
 }

Exchange 2013 – Unattended installation for prerequisites

I would like to show you how to install Exchange 2013 prerequisites in unattended mode under Windows Server 2012 operation system.

It is not problem to install required windows features in one cmdlet as can here.

But what about other prerequisites such as:

  • Microsoft Unified Communications Managed API 4.0, Core Runtime 64-bit that contains:
    • Microsoft Visual C++ 2012 x64 Minimum Runtime – 11.0.50727
    • Microsoft Server Speech Platform Runtime (x64)
    • Microsoft Speech Platform VXML Runtime (x64)
    • Microsoft Server Speech Recognition Language – TELE (en-US)
    • Microsoft Server Speech Text to Speech Voice (en-US, Helen)
    • Microsoft Lync Server 2013, Bootstrapper Prerequisites Installer Package
    • Microsoft Unified Communications Managed API 4.0, Runtime
  • Microsoft Office 2010 Filter Pack 64 bit
  • Microsoft Office 2010 Filter Pack SP1 64 bit

It is also simple just call installation packages with parameters /passive /norestart:

.\UcmaRuntimeSetup.exe /passive /norestart

.\FilterPack64bit.exe /passive /norestart

.\filterpack2010sp1-kb2460041-x64-fullfile-en-us.exe /passive /norestart

Help for installation package can be seen:

.\FilterPack64bit.exe /help

Well we are also able to extract installation package for Exchange 2013 by similar way:

$targetfolder="C:Temp"
.\Exchange-x64.exe /extract:$targetfolder\Exchange2013-x64 /u