Laeeq Qazi's Exchange Server Blog

Exchange Server blog

How to log ‘Exchange Management Shell’ session in Exchange 2010\2013

Hi,

Exchange admins often want to log each and every command and their result to a text file, to be used\reviewed in future.

This is very easy in Exchange 2010\2013.

Locate ‘RemoteExchange.ps1″ file in Exchange Server bin folder, which has this path with default C: drive installation:

C:\Program Files\Microsoft\Exchange Server\V15\Bin

First take a backup of this file and then Open ‘RemoteExchange.ps1″ and put this commands:

$status = start-transcript;
Write-Host -ForegroundColor Green "`n$status;"
Write-Host -ForegroundColor Green "All of your commands would be logged to above mentioned text file`n";

as the last lines in the script, after “get-tip ” command.

Save this file, and restart “Exchange Management Shell”.

Hope this helps you.

Kind Regards,

December 9, 2013 Posted by | Exchange 2010, Exchange 2013 | | Leave a comment

Cannot invoke pipeline because runspace is not in the Opened state

Hi

I developed a web app to manage exchange server 2010 objects (domains, mailboxes etc) using Remote PoewerShell API. When deployed this web app on an other fresh server with Exchange Server 2010 installed, I got this error:

Cannot invoke pipeline because runspace is not in the Opened state. Current state of runspace is ‘Broken’.

The user, which I was using for Remote PowerShell credentials, was a domain admin, with all  sorts of rights, so I looked into basic RemotePowershell configuration, and found the solution.

I followed these 2 steps to resove this error:

1. Enabled Powershell remoting on server. Open Windows PowerShell console and run

    Enable-PSRemoting

It would prompt you for input, and then just press ‘Enter’, 2 times.

2. Go to IIS manager, and under default website, locate Exchange ‘PowerShell’ virtual directory. On right side pane,  double click “Authentication” and enable “Basic” authentication.

Dont forget to reset IIS by Start->Run-> IisReset.

These 2 steps resolved my error. I would also suggest to look for 3rd step, which is to check whether the user, which you are using for Remote PowerShell credentials, has the “RemotePowerShellEnabled” flag enabled or not, which you can check via Exchange Management Shell on Exchange server by running:

get-user domain\User|fl RemotePowerShellEnabled

If it returns false, then enable it by using

set-user domain\User-RemotePowerShellEnabled:$True

Hope this help someone else too.

Kind Regards,

Laeeq Qazi

January 3, 2013 Posted by | Exchange 2010, Exchange 2013 | Leave a comment

No snap-ins have been registered for Windows PowerShell version 3

Hi,

I was developing an app to manage exchange mailboxes and having the error when running the app in VS 2010.

No snap-ins have been registered for Windows PowerShell version 3

It turned out that I was targeting x86 platform in project properties, and I think due to which app was trying to pick 32 bit powershell. I changed the target cpu to “Any CPU” and then error disappeared.

Also please look at http://blogs.msdn.com/b/pareshj/archive/2010/07/30/error-msg-no-snap-ins-have-been-registered-for-windows-powershell-version-2.aspx

Hope it helps someone else too.

Note: To develop apps for Exchange 2013 preview using Exchange PowerShell sdk, you would have to use VS 2010, becuase Exchange server 2013 have been developed using .net 4.0, and you cannot add .net 4.0 DLL references in VS 2008 or lower versions.

Regards,

Laeeq Qazi

October 2, 2012 Posted by | Exchange 2010, Exchange 2013 | , | 4 Comments

How to remove client permissions from a public folder and all its children?

Hi,

In Exchange 2007/2010 you can remove client permissions from a public folder and all its child public folders for all users in bulk using following script.

Suppose you have a root level public folder ‘\Sales’ on public folder server “Mailbox01″, which in turn has 2 child public folders ‘\Sales\Uk’ and ”\Sales\US’, then this script will remove all client permissions from these 3 public folders for all users.

########### Script Start #####################
$AllPublicFolders = Get-publicFolder ‘\Sales’ -recurse -server Mailbox01

foreach($Pf in $AllPublicFolders ){

Get-PublicFolderClientPermission $Pf | Foreach{ Remove-PublicFolderClientPermission $_.Identity -User $_.User -AccessRights $_.AccessRights }

}
########### Script End #####################

Note: Put above lines of code in a text file and save it as .ps1 (powershell) file and then execute it in Exchange Management Shell (EMS) or Windows Powershell console.

If you save this file in Exchange Scripts folder
“C:\Program Files\Microsoft\Exchange Server\Scripts” [Exchange 2007]
OR
“C:\Program Files\Microsoft\Exchange Server\V14\Scripts” [Exchange 2010]

then, in EMS, you will just need to enter the .ps1 file name and then press enter.

You might also need to set the powershell execution policy as RemoteSigned in EMS:

Set-ExecutionPolicy RemoteSigned

Also, if you decide to run this script in Windows Powershell Console then don’t forget to add powershell exchange snap-in using one of the following commands:

#For Exchange 2007:
Add-PSSnapIn “Microsoft.Exchange.Management.PowerShell.Admin”
#For Exchange 2010:
Add-PSSnapIn “Microsoft.Exchange.Management.PowerShell.E2010”

Note: For exchange 2013\Office 365, first line of script should be:

$AllPublicFolders = Get-publicFolder ‘\Sales’ -recurse

 

Regards,
Laeeq Qazi

June 27, 2010 Posted by | Exchange 2007, Exchange 2010, Exchange 2013, Office 365 | 6 Comments

How to remove all group memberships for one exchange mailbox user

There is often a need to remove a mailbox user membership from all exchange distribution groups.

Here is a powershell script for this purpose.

e.g your user’s primary smtp address is user@domain.com, then this script will remove the membership of this user from each mail enabled exchange distribution groups:

########### Script Start #####################

$DGs= Get-DistributionGroup | where { (Get-DistributionGroupMember $_ | foreach {$_.PrimarySmtpAddress}) -contains “user@domain.com” }

foreach( $dg in $DGs){

Remove-DistributionGroupMember $dg -Member user@domain.com
}

########### Script End #####################

Note: Put above lines of code in a text file and save it as .ps1 file and then execute it in EMS or powershell console.

If you save this file in Exchange Scripts folder “C:\Program Files\Microsoft\Exchange Server\Scripts” OR “C:\Program Files\Microsoft\Exchange Server\V14\Scripts” then, in EMS, you will just need to enter the .ps1 file name and then press enter.
You might also need to set the powershell execution policy as RemoteSigned in EMS:

set-executionPolicy RemoteSigned

Regards,
Laeeq Qazi

June 18, 2010 Posted by | Exchange 2007, Exchange 2010 | | Leave a comment

How to set GAL for mailboxes in OWA for Exchange 2007/2010 in bulk

There is often a need that exchange administrators want they only show a specific Global Address List (GAL) to a group of mailbox users in Outlook Web Access. Microsoft has provided an Active Directory user attribute for this purpose “msExchQueryBaseDN” to do this task for an individual mailbox user, which is also mentioned in the Address List Segregation document Address List Segregation Exchange 2007.

Now here we can limit a user to either see all mail recipients (mailbox,mail contacts, mail users, distribution lists) in a specific Organizational Unit (OU) , or to see an entire GAL, in which case users may be scattered all over the Active Directory.

So if we put the distinguished name of an OU in a user’s “msExchQueryBaseDN”  then that user will only see the recipients from that OU (and sub OUs) in the Global Address List, and if we put the distinguished name of a GAL  in a user’s “msExchQueryBaseDN”  then that user will see all recipients in that GAL.

For manually doing it you will have to use some AD editor like ADSIEdit, which comes with win 2008 server by default in AD environment (for win 2003 you can find and download it with Windows support tools).

For manually setting “msExchQueryBaseDN” attribute for a single user:

1. Open ADSIEDit, and go to properties of your OrganizationalUnit and copy the distiguishedName attribute’s value.

OR

Open Exchange Management Shell and type  Get-GlobalAddressList “Your GAL Name” |FL DistinguishedName  and then copy the the distiguishedName.

2. Now locate your user in ADSIEdit and goto user properties and put the distiguishedName of the OU in the user’s property “msExchQueryBaseDN” and press ok.

3. Now goto OWA and see the  Global Address List (GAL).

But often exchange admins want to set this “msExchQueryBaseDN” attribute in bulk for many users and they dont find a script. So I wrote a PowerShell script so that this task could be performed in bulk for the mailbox users in a specific OU.

For setting  “msExchQueryBaseDN” attribute in bulk for multiple users in an OU:

#Start of the script

#This is OU where all users are placed in AD
$ouDN =”OU=YourOU,DC=ADDomain,DC=com”


#Target distinguished name of the OU
#IF u want to set a GAL instead of OU then put the DN of GAL
$targetDN=$ouDN


$objOU = New-Object System.DirectoryServices.DirectoryEntry
$objOU.path =”LDAP://”+$ouDN


#here just confiming that your DirectoryEntry AD object is valid
write-host $objOU.DistinguishedName


$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$strFilter = “(&(objectCategory=User)(homeMDB=*)(mailNickName=*))”
$objSearcher.SearchRoot = $objOU
$objSearcher.PageSize = 1000
$objSearcher.Filter = $strFilter
$objSearcher.SearchScope = “Subtree”


$colResults = $objSearcher.FindAll()
foreach ($objResult in $colResults)
{
$objUser = $objResult.GetDirectoryEntry()


#setting the attribute
$objUser.msExchQueryBaseDN = $targetDN
$objUser.CommitChanges()


write-host (“`n”+$objUser.DisplayName +” updated”)
}


#End of the script


Note: Now first make the changes to the script lines to work for your Active Directory domain, for it you will have to just change the Distinguished Name of the OU.  Then save above lines of powershell in some txt file and save it with .ps1 extention, e.g. SetUsersGAL.ps1 and put in the Script folder in Exchange installation folder, which is normally “C:\Program Files\Microsoft\Exchange Server\Scripts”. Now open Exchange Management Shell and just enter the name of script file e.g. SetUsersGAL.ps1 and press enter and there you go.


For setting  “msExchQueryBaseDN” attribute in bulk for multiple users in an AD possibly scattered all over, and not in a specific OU:


#This script will set DN of  Default GAL on mailbox users scatterd in all over AD and having some
#specific value in Custom Attribute1, so that we can only modify some specific mailbox users


#Start of the script


#This is  distinguished name of AD domain where all users are placed


$ouDN =”DC=ADDomain,DC=com”


#Target distinguished name of the GAL (Default GAL), here u can put DN of any address list


$targetDN =”CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=First  Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=ADDomain,DC=,DC=com”


$objOU = New-Object System.DirectoryServices.DirectoryEntry
$objOU.path =”LDAP://”+$ouDN


#here just confiming that your DirectoryEntry AD object is valid
write-host $objOU.DistinguishedName


$objSearcher = New-Object System.DirectoryServices.DirectorySearcher


#This filter will get all mailbox users who have “myCompany” as their CustomAttribute1 in Exchange/AD
$strFilter = “(&(objectCategory=User)(homeMDB=*)(mailNickName=*)(extentionAttribute1=myCompany))”


$objSearcher.SearchRoot = $objOU
$objSearcher.PageSize = 1000
$objSearcher.Filter = $strFilter
$objSearcher.SearchScope = “Subtree”


$colResults = $objSearcher.FindAll()
foreach ($objResult in $colResults)
{
$objUser = $objResult.GetDirectoryEntry()


#setting the attribute
$objUser.msExchQueryBaseDN = $targetDN
$objUser.CommitChanges()
write-host (“`n”+$objUser.DisplayName +” updated”)
}


#End of the script


Note: Now first make the changes to the script lines to work for your Active Directory domain, for it you will have to just change the Distinguished Name of the $ouDN and put the DN of your AD Domain. Also change the DN of the GAL in $targetDN according to your need. Then save above lines of powershell in some txt file and save it with .ps1 extention, e.g. SetUsersGAL.ps1 and put in the Script folder in Exchange installation folder, which is normally “C:\Program Files\Microsoft\Exchange Server\Scripts”. Now open Exchange Management Shell and just enter the name of script file e.g. SetUsersGAL.ps1 and press enter and there you go.


Hope that it helps you.


Regards,
Laeeq Qazi

April 11, 2010 Posted by | Exchange 2007, Exchange 2010 | , , , , | 10 Comments

Update Rollup 2 for Exchange Server 2010 (KB979611)

Microsoft has released Update Rollup 2 for Microsoft Exchange Server 2010. The update rollup was released on February 18, 2010 but published date on download page is March 4, 2010.

Details: http://support.microsoft.com/Default.aspx?kbid=979611

Download: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=6d3ae3e0-3982-46d6-9e9c-7d7d63fae565

Regards,

Laeeq Qazi

March 6, 2010 Posted by | Exchange 2010 | Leave a comment

Manually Generating Offline Address Book on Exchange 2007/2010

An Exchange offline address book (OAB) is an Address Book that contains one or more address lists. It is availalble to Exchange Client softwares (e.g Outlook 2007) when users are not connected to Exchange Server and are offline.

OABs are not generated frequently in  a day because OAB generation process consumes much system resources if they contain hundreds of email addresses. Instead they are normally generated once or twice in a day depending upon the size of the OAB and need of the organization owning that OAB.

Sometimes its necessary to immediately generate the OAB when a new email address is added to Exchange System, so that the new email address is immediately available to outlook (or) other clients through downloading the latest OAB.

For immediate OAB generation and distribution (both PF, and web based distribution through CAS) I do following steps:

1. Run Update-OfflineAddressbook “offline address book”  in Exchange Management Shell. e.g

Update-OfflineAddressbook “Default offline address book”

2. Restart System Attendant Service on the OAB Generation Server (Mailbox Server). This service is responsible for generating the OAB by communicating with Active Directory infrastructure.

3. Either run following command in EMS

Update-FileDistributionService “CASServerName”

or just restart File Distribution Service on CAS Server.

File distribution service copies the OAB from the Mailbox Server, where System Attendant Service puts OAB in a shared folder “C:\Program Files\Microsoft\Exchange Server\ExchangeOAB”. Outlook clients then download the OAB from CAS published OAB Virtual Directory.

I hope that this post is helpful for you.

Best regards,

February 13, 2010 Posted by | Exchange 2007, Exchange 2010 | 11 Comments