Create a CSV with following fields and save it in a temp folder
UserMailbox and User
copy the below and save as .ps1 file in the same temp folder e.g C:\temp
$csv = Import-csv -path “C:\temp\fullaccess.csv”
foreach($User in $csv)
{
Add-MailboxPermission -Identity $user.UserMailbox -User $user.User -AccessRights FullAccess -InheritanceType All
}
Run the script to apply permissions
The below has been tested on exchange 2010 to export calendar permissions for mailboxes in a specific OU.
# Get the mailboxes
$Mailboxes = get-mailbox -OrganizationalUnit “OU=Users,DC=Contoso,DC=local” -Filter {RecipientTypeDetails -eq “usermailbox”} -ResultSize Unlimited
# An array for the output
$Output = @()
# Loop through the mailboxes
ForEach ($Mailbox in $Mailboxes) {
# Get the name of the calendar folder
$Calendar = (($Mailbox.PrimarySmtpAddress.ToString())+ “:\” + (Get-MailboxFolderStatistics -Identity $Mailbox.DistinguishedName -FolderScope Calendar | Select-Object -First 1).Name)
# Get the permissions on the folder
$Permissions = Get-MailboxFolderPermission -Identity $Calendar
# Loop through the permissions, populating the output array
ForEach ($Permission in $Permissions) {
$Permission | Add-Member -MemberType NoteProperty -Name “Mailbox” -value $Mailbox.DisplayName
$Output = $Output + $Permission
}
}
# Write the output to a CSV file
$Output | Select-Object Mailbox, User, {$_.AccessRights}, IsValid | Export-Csv -Path C:\temp\Calendarpermissions.csv -NoTypeInformation
Filtering to the specific OU is very useful if you are managing multi-tenant exchange environment. Modify the above script as per your needs and save as .ps1 to run on powershell.
Use the below to export mailbox statistics from exchange PowerShell. There are different commands which help you filter and manipulate the exported data.
The exported information is always useful during Office 365 migration to assess mailbox sizes and item counts, last login time and required bandwidth.
Export Mailbox size and statistics of all users
get-mailbox -resultsize unlimited | get-mailboxstatistics | ft DisplayName,TotalItemSize,Itemcount | export-csv C:\temp\mailboxstatistics.csv
Export Mailbox statistics for a specific OU (organizational unit)
get-mailbox -OrganizationalUnit “OU=Sales,OU=London Staff,DC=contoso,DC=local” -resultsize unlimited | get-mailboxstatistics | ft DisplayName,TotalItemSize,Itemcount | export-csv C:\temp\salesstaffmbstats.csv
Export Mailbox statistics based on domain address
In this example we use the where cmdlet to specify the search filter base. In the below example I am searching for users with specific email address, useful in a multi tenant environment.
Here I am trying to export mailbox statistics for specific set of users who have exchangekb as their email address suffix.
get-mailbox | where {$_.EmailAddresses -like “*exchangekb*”} | get-mailboxstatistics | select-object displayname, totalitemsize, itemcount, lastlogontime, exchangeguid | export-csv C:\temp\exchangekbstats.csv
Scenario: The problematic environment was a fresh install of exchange 2013, no migration and new mailboxes were created, but when emails were sent they got stuck in the drafts folder, OWA or outlook both failed sending emails. This is a 2012 environment, main DC and a member 2012 server, both being virtual and the server hosting exchange was a clone server.
Diagnosis: After enabling verbose logging on the default receive connector, the following error messages were seen in the SMTP recieve located here: C:\Program Files\MicrosoftExchange Server\V15\TransportRoles\Logs\Hub\ProtocolLogSmtpReceive\
Enabled kerberos logging using :http://support.microsoft.com/default.aspx?scid=kb;EN-US;262177
after this checked the eventlogs showed a huge number of Kerberos related errors under System:
Checked to make sure all services are running and checking SPN are set correctly using the setspn commands:
setspn -L hostname
setspn -r AccountName
more details here: http://social.technet.microsoft.com/wiki/contents/articles/717.service-principal-names-spns-setspn-syntax-setspn-exe.aspx
Also checked to make sure correct DNS settings were used in the Exchange server under EAC=>Servers=>edit=>DNS lookups.
In my case both internal and external lookups were set to ” all network adapters ipv4″
The default domain policy was applied to the OU where the Exchange 2013 server was, hence updated default domain policy: so open Group Policy Editor and go to
Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\
Put a tick on Define these policy settings and add the default groups as per : http://technet.microsoft.com/en-us/library/cc740196(v=ws.10).aspx
Please note this is a 2012 server and for some reason there are no power users as per the article.
Did a gpupdate /force on DC and exchange and reboot exchange services and voila all stuck emails were going out one at a time.
At this point in time the kerberos errors are still being generated, I still need to fix this…more soon.
You can do this with the help of the new-mailbox cmdlet.
Below is an example of creating a shared mailbox called Info and then assigning the info security group full access to the shared mailbox.
New-Mailbox -Name:’info’ -OrganizationalUnit:’contoso.loal/OU/users OU’ -Database:’Mailbox Database’ -UserPrincipalName:’info@contoso.com’ -Shared
Exchange 2007 will now create a shared mailbox and also create a disabled active directory account.
Now to assign full access
Add-MailboxPermission Info -User:’info group’ -AccessRights:FullAccess
You can also convert a mailbox to shared one usin the set-mailbox cmdlet.
Set-Mailbox Info -Type:Shared
Once this is done, you are now able to manage the shared mailbox via Exchange Management console if you need to assign permissions for full access or send as permission. The following powershell command is used to assign send-as rights and read/write personal information.
Add-ADPermission info -User:’info Group’ -ExtendedRights:Send-As -AccessRights:ReadProperty, WriteProperty -Properties:’Personal Information’
if user2 needs to access user1’s calendar
Add-MailboxFolderPermission -identity “user1:\calendar” –user “user2” -AccessRights Reviewer
the same can be done to give permission to a security group
Add-MailboxFolderPermission -identity “user1:\calendar” –user “DomainName\securitygroup” -AccessRights Reviewer
Below is the list of access rights and explanation
None FolderVisible
Owner CreateItems, ReadItems, CreateSubfolders, FolderOwner, FolderContact, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems
PublishingEditor CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems
Editor CreateItems, ReadItems, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems
PublishingAuthor CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, DeleteOwnedItems
Author CreateItems, ReadItems, FolderVisible, EditOwnedItems, DeleteOwnedItems
NonEditingAuthor CreateItems, ReadItems, FolderVisible
Reviewer ReadItems, FolderVisible
Contributor CreateItems, FolderVisible
is useful If you have those one or two users who cant seem to remember to add the https or the OWA to the exchange OWA url.
To do this via IIS manger can be time consuming and tricky, below is the script which I came across (Mark Smith) which does it for you, just create a batch file with the script and run it once. The only thing you need to modify is https://mail.domain.com/owa
——-
c:
cd \Windows\System32\inetsrv
appcmd.exe ADD Backup “OWA REDIRECT BACKUP 01”
appcmd set config “default web site” -section:httpRedirect /childonly:true /enabled:true
appcmd set config “default web site” -section:system.webServer/httpRedirect -destination:”https://mail.domain.com/owa”
appcmd set config “default web site/Aspnet_Client” -section:httpRedirect /enabled:false
appcmd set config “default web site/Autodiscover” -section:httpRedirect /enabled:false
appcmd set config “default web site/ECP” -section:httpRedirect /enabled:false
appcmd set config “default web site/EWS” -section:httpRedirect /enabled:false
appcmd set config “default web site/Exchange” -section:httpRedirect -commit:apphost /enabled:false
appcmd set config “default web site/Exchweb” -section:httpRedirect -commit:apphost /enabled:false
appcmd set config “default web site/Microsoft-Server-ActiveSync” -section:httpRedirect -commit:apphost /enabled:false
appcmd set config “default web site/OAB” -section:httpRedirect /enabled:false
appcmd set config “default web site/OWA” -section:httpRedirect -commit:apphost /enabled:false
appcmd set config “default web site/PowerShell” -section:httpRedirect -commit:apphost /enabled:false
appcmd set config “default web site/Public” -section:httpRedirect -commit:apphost /enabled:false
appcmd set config “default web site/Rpc” -section:httpRedirect /enabled:false
appcmd set config “default web site/RpcWithCert” -section:httpRedirect /enabled:false
appcmd set config “default web site” -section:access -sslflags:”” -commit:apphost
appcmd set config “Default Web Site/Aspnet_Client” -section:access -sslFlags:Ssl,Ssl128 -commit:apphost
appcmd set config “Default Web Site/Autodiscover” -section:access -sslFlags:Ssl,Ssl128 -commit:apphost
appcmd set config “Default Web Site/EWS” -section:access -sslFlags:Ssl,Ssl128 -commit:apphost
appcmd set config “Default Web Site/ECP” -section:access -sslFlags:Ssl,Ssl128 -commit:apphost
appcmd set config “Default Web Site/Exchange” -section:access -sslFlags:Ssl,Ssl128 -commit:apphost
appcmd set config “Default Web Site/Exchweb” -section:access -sslFlags:Ssl,Ssl128 -commit:apphost
appcmd set config “Default Web Site/Microsoft-Server-ActiveSync” -section:access -sslFlags:Ssl,Ssl128 -commit:apphost
appcmd set config “Default Web Site/OWA” -section:access -sslFlags:Ssl,Ssl128 -commit:apphost
appcmd set config “default web site/PowerShell” -section:access -sslflags:”” -commit:apphost
appcmd set config “default web site/OAB” -section:access -sslflags:”” -commit:apphost
appcmd set config “Default Web Site/Public” -section:access -sslFlags:Ssl,Ssl128 -commit:apphost
appcmd set config “Default Web Site/Rpc” -section:access -sslFlags:Ssl -commit:apphost
appcmd set config “Default Web Site/RpcWithCert” -section:access -sslFlags:Ssl,Ssl128 -commit:apphost
cacls “C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\OAB\web.config” /E /P “NT Authority\authenticated Users”:R
iisreset
——
Starting from Exchange 2007, the edge transport service uses the system resource monitoring feauture to determine vital resources such as hard drive space and memory and take action in an attempt to prevent service outages. This can be a pain as the whole thing is calculated on a formula,
100 * (hard disk size – fixed constant) / hard disk size
this feature is called Backup pressure, more info on http://technet.microsoft.com/en-us/library/bb201658.aspx and how this formula works http://www.msexchange.org/articles_tutorials/exchange-server-2010/management-administration/back-pressure-exchange-2010-part1.html
Now simply put, you have this error from other smtp servers trying to contact yours : Insufficient System resources, to get around this you will need to increase the hard drive space or memory, until then you could temporarly disable this monitoring feature so that you can start recieving important emails. WARNING: this is not a recommended permanent solution, do this until youve figured what resource needs looking at i.e hard drive space, RAM etc.
Make a backup copy of the edgetransport.exe.config file before you start.
Other options are to
configure the edgetransport.exe config file to reflect your server configuration and resources (not recommended by MS)
OR
move the queue database to another volume which has lots of space, add the following key to change the path of the queudb.
<appSettings> section.
<add key="QueueDatabasePath" value="<LocalPath>" />
This example creates a queue database at the location C:\Queue\QueueDB.
<add key="QueueDatabasePath" value="C:\Queue\QueueDB" />
ref: http://technet.microsoft.com/en-us/library/f170cb0c-04a9-4fa7-b594-206e3a787e14.aspx
The following event logs will be logged:
Have look out for the Event id which will help you in diagnose what resource needs to be looked at.
ref:http://exchangeserverpro.com/exchange-transport-server-back-pressure
This is because the clean up agent hasnt run yet, to run it use PS:
Clean-MailboxDatabase databasename
Scenario: Restore user account where the account was accidentally/ purposely deleted and the mailbox resides on an Exchange 2010 in a mixed 2003, 2008 environment. The deleted mailbox is now showing in disconnected mailboxes.
The first step is to recover the deleted user account in AD. Hoping that you have left the tombstones on the server to either 60 days or 180 days which is the default for windows 2003 and up.
There are several ways too restore the account, the most painstaking one using system state restore after booting into directory services restore mode which means downtime.
The easiest and simplest way is using adrestore CLI available from Microsoft, if you need GUI adrestore.net is the best.
Download it from the link and install on the DC.
Adrestore.net
The how to is available from the developers site http://blogs.microsoft.co.il/blogs/guyt/archive/2007/12/15/adrestore-net-rewrite.aspx and http://www.petri.co.il/recovering-deleted-items-active-directory.htm
Now that you have restored the user account the next problem is to connect the disconnected mailbox which is rather easy, just open EMC 2010 right-click on a disconnected mailbox, select Connect and choose a matching user in this case.
If the online maintainence hasn’t run then the deleted mailbox will not show in disconnected mailbox, you will need to run this command in PS
Clean-MailboxDatabase databasename
And now you can connect the mailbox to the user you just restored
Exchange KB 