Monday, 21 June 2010 11:46

Create New Management Role - RBAC

The management role contains a list of role entries or cmdlets grouped together. Basically a management role is used to define a specific task like recipient management, Mailbox Import Export etc. If you are a beginner to Role Based Access Control, see RBAC Exchange 2010.

There are number of built-in management roles available in exchange 2010 for our needs. We can club together the required management roles to a group and use it as required. But there are some situations where we may need to remove few of the management role entries from a role. Such case it is recommended to create a new role from an existing role and remove the entries from the new role, you will be denied when you try to remove a management role entry from built-in management role using the Exchange Management Shell.
Tuesday, 22 June 2010 02:22

Exchange 2007 SP3, Now Supports 2008 R2

The Exchange Server 2007 SP3 is now available for download. This third service pack for Exchange 2007 enables Exchange 2007 to be installed on the Windows Server 2008 R2 version of the operating system. It has been quite some time that the people are waiting for a new update so that the exchange can be installed on Windows Server 2008 R2, so MS worked quickly to deliver SP3 in order to meet this requirement 

Download Exchange 2007 SP3 hereClean installations of SP3 on a new server is possible by using this download.

Microsoft has also released the Exchange 2010 SP1 Beta; you can click here to know more.

Wednesday, 23 June 2010 18:18

Exchange 2010 Calendar Repair Assistant

The Calendar Repair Assistant (CRA) is a configurable, time based mailbox assistance that runs within the Microsoft Exchange Mailbox Assistants service on mailbox role running on Exchange Server 2010. CRA actually detects and corrects the inconsistencies in calendar items (this can be single instance or reoccurring instances) of a user mailboxes homed on this mailbox server when it is enabled. This will help us in identifying the correcting the user meeting requests (MR) mismatches.

Microsoft has now introduced a new tracking method for the Shell commands that you run in the EMC called Command Logging . This new feature can be used to track down all the cmdlets that are used against the exchange server through EMC.  In this post, I have explained how to enable, disable the command logging, also will cover the part of exporting the log to files.

DAG (Database Availability Group) is the answer for Exchange 2010 database high availability. The Database Availability Group is a set of up to 16 exchange 2010 mailbox servers which gives automatic database-level recovery from a Database, Server or Network failures. If you are new to DAG concept see Database Availability Group.

In this blog we will see how to configure the Database Availability Group. We will be covering the following aspects,
  • Configure Databases
  • Create New DAG(Database Availability Group)
  • Add Mailbox Servers into DAG (Add members)
  • Managing DAG.

As you all know that Microsoft has introduced the Personal Archiving solution with the release of Exchange 2010, one of the much talked about the features in exchange 2010 feature. But when we create it the personal archive mailbox is also resides in the same database as the mailbox is in till SP1 released. Now with the exchange 2010 SP1 you have the option of pointing the archive mailbox to a different database. See more Exchange 2010 SP1 Improvements.

Now, let us see how we can create/move the archive mailbox to a different database in Exchange 2010 SP1. Before creating or moving the archive mailbox to a different mailbox database we need to ensure that both the mailbox databases are on SP1. There are two scenarios; one is creating an Archive mailbox and moving and existing Archive mailbox.

Database Availability Group is the new cluster concept of Microsoft Exchange 2010. In other words DAG is the answer for Exchange 2010 database high availability. In this post I am trying to give you more insight about the Database Availability Group concept of Exchange 2010 and will try to clarify the queries as much as possible even though I know it is really not possible to cover every features of DAG in a post.

Before get into the feature of Database High Availability, let me tell you few more information about DAG. A Database Availability Group is a set of up to 16 exchange 2010 mailbox servers which gives automatic database-level recovery from a Database, Server or Network failures. DAGs are similar to Exchange 2007's SCR and CCR technologies, but mixed together, along with a few benefits.

  • Incremental Deployment:- You don't require to plan the numbers of server for DAG clustering, as an when you feel you can add more servers into DAG membership. This means if you want to deploy a DR server as a part of your production DAG it is all easy.
Wednesday, 21 July 2010 15:24

Exchange 2010 Active Sync Security Features

By default when you install the Exchange 2010 CAS server, it enables the Microsoft Exchange Active Sync. The active sync feature lets us to synchronize our emails(Exchange 2010 mailbox) into a mobile phone. Exchange ActiveSync can synchronize e-mail messages, calendar items, contacts, tasks, and notes.

Here in this post I have tried to share you more about the security features of Exchange Active Sync.

Exchange Active Sync security:

We can configure Exchange Active Sync to use SSL encryption for the communication between the Exchange server and the mobile device. The certification can be either self-signed or a third party certificate. You can use the certificate along with the other security features such as device password to turn the device into a smartcard. The private key and the certificate for the client authentication are saved in the device memory. Any unauthorized access to the device will purge all the user data along with the private key and certificate information.

Tuesday, 29 June 2010 08:49

RBAC Management Role Assignment Policy

Hope you all aware about the Role Based Access Control (RBAC) permission model introduced with Microsoft Exchange Server 2010. Here we will discuss more about the RBAC Management Role Assignment Policy. If you are not clear about how RBAC works as a permission model, see

As I discussed in my previous post about RBAC, Management role assignment policies associate end-user management roles to users. Role assignment policies consist of roles that control what a user can do with his or her mailbox or distribution groups. When we create an assignment policy we can define all action that a user can do with his or her mailbox. By using an assignment policy you can control what specific mailbox and distribution group settings our end users can modify.

Sunday, 17 November 2013 00:00

Exchange 2010/2013 HelpDesk Pack - Download

Recently I came across a request from our HelpDesk for a tool to view the User Mailbox properties from their desktop with very minimal information. The challenge was all the machines that they use are running 32 bit OS (Windows 7 or Windows 8), which they could not upgrade due to some other application dependancy.

Here is a script which invoke the powershell library from Exchange Server through the ConnectionUri, and can run from any Windows 7 and Windows 8 machines. I hope the pulled information will help the HelpDesk team to do a first level analysis of the end user issues.  Take a look at the sample Exchange 2010/2013 Server Helpdesk Pack script below.


Download the complete Script Here

Now, let us look at the modification that you will have to do to make it work on your infra,

Change the Exchange Server name of  –ConnectionUri in the line starts with $Session

$Session = New-PSSession –ConfigurationName Microsoft.Exchange –ConnectionUri

thats' it, all other part of the script is common for any infrastructure.

Below shows the important part of the script,

#Main Function Gathering Exchange/AD Information

Function DisplayFn($x)
$MailboxProp = Get-Mailbox -Identity $x -ErrorAction SilentlyContinue
if($MailboxProp -eq $null)
    {[System.Windows.Forms.MessageBox]::Show("Verify Your Input" , "Status" , 0)}
#[System.Windows.Forms.MessageBox]::Show($x , "Status" , 4)
$CASFeature = Get-CASMailbox -Identity $x
$MailboxProp = Get-Mailbox -Identity $x
$MBXDBProp = Get-MailboxDatabase -Identity $MailboxProp.Database
$UserProp = Get-User –Identity $MailboxProp.SamAccountName
if ( $MailboxProp.ForwardingAddress -ne $null)
    $FowardAddress = Get-Recipient -Identity $MailboxProp.ForwardingAddress
    $objTextFwd.Text = $FowardAddress.PrimarySmtpAddress
    {$objTextFwd.Text = "N/A"}
if ($MailboxProp.UseDatabaseQuotaDefaults -eq $True)
    #$tempY = ($MBXDBProp.IssueWarningQuota).value.ToMB()
    #$objTextWarnQuota.Text = $MBXDBProp.IssueWarningQuota.value.ToMB()
    $objTextWarnQuota.Text = $MBXDBProp.IssueWarningQuota
    $objTextSendQuota.Text = $MBXDBProp.ProhibitSendQuota
    $objTextHardQuota.Text = $MBXDBProp.ProhibitSendReceiveQuota
    $objTextWarnQuota.Text = $MailboxProp.IssueWarningQuota
    $objTextSendQuota.Text = $MailboxProp.ProhibitSendQuota
    $objTextHardQuota.Text = $MailboxProp.ProhibitSendReceiveQuota
    }#[System.Windows.Forms.MessageBox]::Show($CASFeature , "Status" , 4)
$objTextOWA.Text = $CASFeature.OWAEnabled
$objTextAS.Text = $CASFeature.ActiveSyncEnabled
if ($MailboxProp.MaxSendSize -eq "unlimited")
    {$objTextSndLmt.Text = "10 MB"}
    {$objTextSndLmt.Text = $MailboxProp.MaxSendSize}$objTextRcptLmt.Text = $MailboxProp.RecipientLimits
$ObjTextPwdExpry.Text = (([datetime]::FromFileTime((Get-ADUser –Identity $MailboxProp.SamAccountName -Properties "msDS-UserPasswordExpiryTimeComputed")."msDS-UserPasswordExpiryTimeComputed"))-(Get-Date)).Days
$objTextEmail.Text = $MailboxProp.PrimarySMTPAddress
$objTextUAC.Text = $UserProp.UserAccountControl
$objTextDisName.Text = $UserProp.DisplayName
#$temptotSize = (Get-MailboxStatistics $UserProp.DisplayName).totalitemsize.value
$ObjTextMbxSize.Text = (Get-MailboxStatistics $UserProp.DisplayName).totalitemsize

The above written function gathers all the required information. If you wish to add more information, you can easily modify the script.

Download the complete Script Here


I have missed to mention the pre-requisite to run this script,

  • Any version of Windows 7 or 8 (32 or 64 bit)
  • Powershell 1.0 or above
  • Active Directory Admin Pack

Share your comments!!!

Download the complete Script Here


Page 9 of 15
theme by reviewshub