Laeeq Qazi's Exchange Server Blog

Exchange Server blog

How to remove client permissions from a public folder and all its children?

Hi,

In Exchange 2007/2010 you can remove client permissions from a public folder and all its child public folders for all users in bulk using following script.

Suppose you have a root level public folder ‘\Sales’ on public folder server “Mailbox01″, which in turn has 2 child public folders ‘\Sales\Uk’ and ”\Sales\US’, then this script will remove all client permissions from these 3 public folders for all users.

########### Script Start #####################
$AllPublicFolders = Get-publicFolder ‘\Sales’ -recurse -server Mailbox01

foreach($Pf in $AllPublicFolders ){

Get-PublicFolderClientPermission $Pf | Foreach{ Remove-PublicFolderClientPermission $_.Identity -User $_.User -AccessRights $_.AccessRights }

}
########### Script End #####################

Note: Put above lines of code in a text file and save it as .ps1 (powershell) file and then execute it in Exchange Management Shell (EMS) or Windows Powershell console.

If you save this file in Exchange Scripts folder
“C:\Program Files\Microsoft\Exchange Server\Scripts” [Exchange 2007]
OR
“C:\Program Files\Microsoft\Exchange Server\V14\Scripts” [Exchange 2010]

then, in EMS, you will just need to enter the .ps1 file name and then press enter.

You might also need to set the powershell execution policy as RemoteSigned in EMS:

Set-ExecutionPolicy RemoteSigned

Also, if you decide to run this script in Windows Powershell Console then don’t forget to add powershell exchange snap-in using one of the following commands:

#For Exchange 2007:
Add-PSSnapIn “Microsoft.Exchange.Management.PowerShell.Admin”
#For Exchange 2010:
Add-PSSnapIn “Microsoft.Exchange.Management.PowerShell.E2010”

Note: For exchange 2013\Office 365, first line of script should be:

$AllPublicFolders = Get-publicFolder ‘\Sales’ -recurse

 

Regards,
Laeeq Qazi

Advertisements

June 27, 2010 Posted by | Exchange 2007, Exchange 2010, Exchange 2013, Office 365 | 6 Comments

How to remove all group memberships for one exchange mailbox user

There is often a need to remove a mailbox user membership from all exchange distribution groups.

Here is a powershell script for this purpose.

e.g your user’s primary smtp address is user@domain.com, then this script will remove the membership of this user from each mail enabled exchange distribution groups:

########### Script Start #####################

$DGs= Get-DistributionGroup | where { (Get-DistributionGroupMember $_ | foreach {$_.PrimarySmtpAddress}) -contains “user@domain.com” }

foreach( $dg in $DGs){

Remove-DistributionGroupMember $dg -Member user@domain.com
}

########### Script End #####################

Note: Put above lines of code in a text file and save it as .ps1 file and then execute it in EMS or powershell console.

If you save this file in Exchange Scripts folder “C:\Program Files\Microsoft\Exchange Server\Scripts” OR “C:\Program Files\Microsoft\Exchange Server\V14\Scripts” then, in EMS, you will just need to enter the .ps1 file name and then press enter.
You might also need to set the powershell execution policy as RemoteSigned in EMS:

set-executionPolicy RemoteSigned

Regards,
Laeeq Qazi

June 18, 2010 Posted by | Exchange 2007, Exchange 2010 | | Leave a comment

How to uninstall Exchange Server 2007

I have often seen people searching for the uninstall steps for Exchange 2007, specially for Mailbox Server. Uninstall of Mailbox Server is not difficult at all if steps are performed properly.

Suppose i have following 2 Servers

Exchange01 (HUB+CAS+Mailbox Roles)
Exchange02 (HUB+CAS+Mailbox Roles)

and i want to uninstall any one of them, e.g Exchange02.

So here are the steps to uninstall Exchange02 server (all 3 roles). I run Powershell Commands in EMS for most of the tasks:

First of all uninstall Mailbox Role from Exchange02 Server.

Login to Exchange02 Server using Administrator Account:

Open Exchange Management Shell

1. Move/remove all Offline Address Books for which Exchange02 is OAB Generation Server.

Move of OABs would be good choice and this can easily be done by opening EMC and then browsing to “Organization cofiguration->Offline Address Book” and then selecting any OAB and then clicking Move button on right side in the Action Pane. Perform this step for all OABs on Exchange02 server and move to Exchange01.

You can also remove the OABs on this server using the ps command:

1.1get-OfflineAddressBook -Server Exchange02 | remove-OfflineAddressBook

2. Go to Mailbox server and Remove all Public Folders+System Public Folders

2.1. Get-PublicFolder “\” -Recurse -ResultSize:Unlimited | Remove-PublicFolder -Recurse -ErrorAction:SilentlyContinue
2.2 Get-PublicFolder “\Non_Ipm_Subtree” -Recurse -ResultSize:Unlimited | Remove-PublicFolder -Recurse -ErrorAction:SilentlyContinue

3. Remove PublicFolder Database

3.1 Get-PublicFolderDatabase -server Exchange02| Remove-PublicFolderDatabase

Sometimes if we have more than one exchange Mailbox Servers we get public folder replica error while trying to remove a PublicFolder Database and can not remove the PF DB.

“The public folder database “PublicFolder Database” contains folder replicas. Before deleting the public folder database, remove the folders or move the replicas to another public folder database..”

Solution: Move all replicas to some other server.

There is nice powershell script “MoveAllReplicas.ps1” for this purpose, provided by Microsoft, and placed at
drive:\\Program Files\Microsoft\Exchange Server\Scripts.

Its usage is:
MoveAllReplicas.ps1 –Server currentServer –NewServer NewServerToHoldReplica

So I used:
MoveAllReplicas.ps1 –Server Exchangge02 –NewServer Exchangge01

After running this script I waited for 15 mins and then removed the Public Folders again using both above 2.1 and 2.2 commands for “\” and “\Non_Ipm_Subtree” and then again executed 3.1 command to remove the PF database.

4. Remove all mailboxes (This step will not delete default mailbox for Administrator)

4.1 Get-mailbox -server Exchange02 | remove-mailbox -confirm:$false

5. Now Disable Default Administrator mailbox using the command

5.1 Disable-mailbox Administrator if it exists on Exchange02 server.

6. Now delete all disabled mailboxes on this MBX server

6.1 get-MailboxStatistics -server Exchange02 | Where{$_.DisconnectDate -ne $null}| foreach {remove-mailbox -database $_.database -storemailboxidentity $_.mailboxguid }

7. Now open ‘Add/Remove Programs’ and select Exchange 2007 and then press ‘Remove’ button on the right side.
Exchange 2007 Uninstall window will appear and will ask what server roles you want to uninstall.

Now deselect Mailbox Serve role only.
Uninstall will start now and hopefully without any error.

8. Now uninstall HUB, CAS roles and Exchange management Tools using same method as u unistalled MBX server from ‘Add/Remove Programs’.

I hope that this post help you in uninstalling Exchange Server 2007 and specially Exchange 2007 Mailbox Role.
Please feel free to add comments to this post if you find any thing wrong, or want to convey improvement.

Regards,
Laeeq Qazi

May 28, 2010 Posted by | Exchange 2007 | | 3 Comments

How to set GAL for mailboxes in OWA for Exchange 2007/2010 in bulk

There is often a need that exchange administrators want they only show a specific Global Address List (GAL) to a group of mailbox users in Outlook Web Access. Microsoft has provided an Active Directory user attribute for this purpose “msExchQueryBaseDN” to do this task for an individual mailbox user, which is also mentioned in the Address List Segregation document Address List Segregation Exchange 2007.

Now here we can limit a user to either see all mail recipients (mailbox,mail contacts, mail users, distribution lists) in a specific Organizational Unit (OU) , or to see an entire GAL, in which case users may be scattered all over the Active Directory.

So if we put the distinguished name of an OU in a user’s “msExchQueryBaseDN”  then that user will only see the recipients from that OU (and sub OUs) in the Global Address List, and if we put the distinguished name of a GAL  in a user’s “msExchQueryBaseDN”  then that user will see all recipients in that GAL.

For manually doing it you will have to use some AD editor like ADSIEdit, which comes with win 2008 server by default in AD environment (for win 2003 you can find and download it with Windows support tools).

For manually setting “msExchQueryBaseDN” attribute for a single user:

1. Open ADSIEDit, and go to properties of your OrganizationalUnit and copy the distiguishedName attribute’s value.

OR

Open Exchange Management Shell and type  Get-GlobalAddressList “Your GAL Name” |FL DistinguishedName  and then copy the the distiguishedName.

2. Now locate your user in ADSIEdit and goto user properties and put the distiguishedName of the OU in the user’s property “msExchQueryBaseDN” and press ok.

3. Now goto OWA and see the  Global Address List (GAL).

But often exchange admins want to set this “msExchQueryBaseDN” attribute in bulk for many users and they dont find a script. So I wrote a PowerShell script so that this task could be performed in bulk for the mailbox users in a specific OU.

For setting  “msExchQueryBaseDN” attribute in bulk for multiple users in an OU:

#Start of the script

#This is OU where all users are placed in AD
$ouDN =”OU=YourOU,DC=ADDomain,DC=com”


#Target distinguished name of the OU
#IF u want to set a GAL instead of OU then put the DN of GAL
$targetDN=$ouDN


$objOU = New-Object System.DirectoryServices.DirectoryEntry
$objOU.path =”LDAP://”+$ouDN


#here just confiming that your DirectoryEntry AD object is valid
write-host $objOU.DistinguishedName


$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$strFilter = “(&(objectCategory=User)(homeMDB=*)(mailNickName=*))”
$objSearcher.SearchRoot = $objOU
$objSearcher.PageSize = 1000
$objSearcher.Filter = $strFilter
$objSearcher.SearchScope = “Subtree”


$colResults = $objSearcher.FindAll()
foreach ($objResult in $colResults)
{
$objUser = $objResult.GetDirectoryEntry()


#setting the attribute
$objUser.msExchQueryBaseDN = $targetDN
$objUser.CommitChanges()


write-host (“`n”+$objUser.DisplayName +” updated”)
}


#End of the script


Note: Now first make the changes to the script lines to work for your Active Directory domain, for it you will have to just change the Distinguished Name of the OU.  Then save above lines of powershell in some txt file and save it with .ps1 extention, e.g. SetUsersGAL.ps1 and put in the Script folder in Exchange installation folder, which is normally “C:\Program Files\Microsoft\Exchange Server\Scripts”. Now open Exchange Management Shell and just enter the name of script file e.g. SetUsersGAL.ps1 and press enter and there you go.


For setting  “msExchQueryBaseDN” attribute in bulk for multiple users in an AD possibly scattered all over, and not in a specific OU:


#This script will set DN of  Default GAL on mailbox users scatterd in all over AD and having some
#specific value in Custom Attribute1, so that we can only modify some specific mailbox users


#Start of the script


#This is  distinguished name of AD domain where all users are placed


$ouDN =”DC=ADDomain,DC=com”


#Target distinguished name of the GAL (Default GAL), here u can put DN of any address list


$targetDN =”CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=First  Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=ADDomain,DC=,DC=com”


$objOU = New-Object System.DirectoryServices.DirectoryEntry
$objOU.path =”LDAP://”+$ouDN


#here just confiming that your DirectoryEntry AD object is valid
write-host $objOU.DistinguishedName


$objSearcher = New-Object System.DirectoryServices.DirectorySearcher


#This filter will get all mailbox users who have “myCompany” as their CustomAttribute1 in Exchange/AD
$strFilter = “(&(objectCategory=User)(homeMDB=*)(mailNickName=*)(extentionAttribute1=myCompany))”


$objSearcher.SearchRoot = $objOU
$objSearcher.PageSize = 1000
$objSearcher.Filter = $strFilter
$objSearcher.SearchScope = “Subtree”


$colResults = $objSearcher.FindAll()
foreach ($objResult in $colResults)
{
$objUser = $objResult.GetDirectoryEntry()


#setting the attribute
$objUser.msExchQueryBaseDN = $targetDN
$objUser.CommitChanges()
write-host (“`n”+$objUser.DisplayName +” updated”)
}


#End of the script


Note: Now first make the changes to the script lines to work for your Active Directory domain, for it you will have to just change the Distinguished Name of the $ouDN and put the DN of your AD Domain. Also change the DN of the GAL in $targetDN according to your need. Then save above lines of powershell in some txt file and save it with .ps1 extention, e.g. SetUsersGAL.ps1 and put in the Script folder in Exchange installation folder, which is normally “C:\Program Files\Microsoft\Exchange Server\Scripts”. Now open Exchange Management Shell and just enter the name of script file e.g. SetUsersGAL.ps1 and press enter and there you go.


Hope that it helps you.


Regards,
Laeeq Qazi

April 11, 2010 Posted by | Exchange 2007, Exchange 2010 | , , , , | 10 Comments

Manually Generating Offline Address Book on Exchange 2007/2010

An Exchange offline address book (OAB) is an Address Book that contains one or more address lists. It is availalble to Exchange Client softwares (e.g Outlook 2007) when users are not connected to Exchange Server and are offline.

OABs are not generated frequently in  a day because OAB generation process consumes much system resources if they contain hundreds of email addresses. Instead they are normally generated once or twice in a day depending upon the size of the OAB and need of the organization owning that OAB.

Sometimes its necessary to immediately generate the OAB when a new email address is added to Exchange System, so that the new email address is immediately available to outlook (or) other clients through downloading the latest OAB.

For immediate OAB generation and distribution (both PF, and web based distribution through CAS) I do following steps:

1. Run Update-OfflineAddressbook “offline address book”  in Exchange Management Shell. e.g

Update-OfflineAddressbook “Default offline address book”

2. Restart System Attendant Service on the OAB Generation Server (Mailbox Server). This service is responsible for generating the OAB by communicating with Active Directory infrastructure.

3. Either run following command in EMS

Update-FileDistributionService “CASServerName”

or just restart File Distribution Service on CAS Server.

File distribution service copies the OAB from the Mailbox Server, where System Attendant Service puts OAB in a shared folder “C:\Program Files\Microsoft\Exchange Server\ExchangeOAB”. Outlook clients then download the OAB from CAS published OAB Virtual Directory.

I hope that this post is helpful for you.

Best regards,

February 13, 2010 Posted by | Exchange 2007, Exchange 2010 | 11 Comments

‘Enable Local Continous Replication’ not shown for Storage Group

Hi,

  Sometimes  you want to enable Local Continuous Replication (LCR)  for a Storage Group, but Exchange doesn’t show the option to Enable it. Mainly there are two reasons for it.

1. The Storage Group contains more than 1 Exchange Database (Mailbox or Public Folder)

2. The Storage Group contains only one Database .

Enable-LCR-Not-Shown

Enable-LCR-Not-Shown

First scenario is acceptable because Exchange doesn’t allow to Enbale LCR for a Storage Group that contains more than one Exchange Database. There is a problem with second scenario where a Storage Group contains only one Exchange Database but Exchange doesn’t show the option to Enable LCR. After a long research I found that this happens when the Folder representing Storage Group contains more than one .edb file. When we delete an Exchange Database, corresponding .edb file is not deleted automatically. So it causes the ‘Enable LCR’ option not to be shown. So I deleted the garbage .edb file(s) from the Storage Group folder on the disk, and then refreshed the console, which then showed me ‘Enable LCR’ option.

December 31, 2008 Posted by | Exchange 2007 | 3 Comments