Monday, February 10, 2014

Exchange 2010 , X.400 addresses missing, do I really need them?

if you are seeing X400 addresses on the mailbox properties you probably went through migration from legacy version of Exchange Server.

X.400 addresses required with Exchange 2003 and down, it is present with in the Default Recipient Policy.Exchange 2007 and 2010  environments with no 2000/2003 servers do not  require the X.400 address to function.

If you decide to clean all up here is simple PS can do the work.

foreach ($mbx in (get-mailbox -resultsize unlimited  )){

$addrs = $mbx.emailaddresses |? {$_.prefixstring -ne "x400"}

set-mailbox $mbx -emailaddresses $addrs

}

As good practice test the script in your test environment before using it in production

Stay Tuned….

Best regards,
Oz Casey , Dedeal
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
Http://smtp25.blogspot.com (Blog)
Http://telnet25.wordpress.com (Blog)

Mailbox move failed at 95% with Exception Unable to modify Table (Exchange 2003 to Exchange 2010)

You are moving mailbox from legacy systems onto Exchange 2010 environment and some of your mailboxes are failing when they get to 95 percent. You need to troubleshoot the issue.

Steps for troubleshooting:

Before we deep dive into fixing this issue, I need to remind you this could be tedious work and if you are luck you only have handful users  to deal with (-:

Most obvious reason is corrupted item or items source  mailbox might have

Possible causes:

  • OFF turned on
  • User mailbox contains corrupted outlook rules ( folders moved etc. they no longer work)

How to deal with this:

You have couple options to remediate the issue and let the move request complete moving offensive mailbox. Shortest way is to assign yourself full mailbox permissions for the problem user ( You might be very careful if your company policies requires you to go to change control and obtain permissions to perform the work, don’t forget so)

Problem User Account name: Aki.Armstrong

Administrator needs full permissions: Casey.Dedeal

Add-MailboxPermission Aki.Armstrong -AccessRights FullAccess -User Casey.Dedeal

image

Let’s take a look to see if we can verify the full access rights Casey.Dedeal has been granted with previous one liner PowerShell.

Get-MailboxPermission aki.armstrong | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false -and $_.Deny -eq $false} | Select User

Or we could simply do this

$Permission = Get-MailboxPermission aki.armstrong

image

Pipe this into same command,

$Permission |  where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false -and $_.Deny -eq $false} | Select User

image

Great now , from Casey.Dedeal outlook we will need to configure Aki.Armstrong outlook profile

Click Start

Control locate mail icon and double click

image

Show Profiles, switch outlook to “prompt for profile to be used”

image

Add

image

Aki.Armstrong ( you need to adjust this to fit into your scenario)

image

As you can see Autodiscovery knows Casey.Dedeal logged in , I need to change the e0mail address here to user I am configuring outlook profile too.

image

When I hit next , Exchange settings confirmed the user account Casey.Dedeal has already Full Mailbox permissions, therefore it allow me to get to last page.

image

I click finish here Now I can open outlook , pickup Aki.Armstrong outlook profile

image

Now we logged into Aki.Armstrong Mailbox E-mail which is corrupted in this case is here

image

*** Now it is a good time to backup user data, you can simply use outlook***

 

We will attempt to delete this e-mail by using MFCMAPI

Download MFCMAPI if you have not done it yet, there is 32bit and 64 bit versions, pick the  one which is proper to your environment.

  • Open MFCMAPI,
  • click Session
  • Logon

image

image

After selecting the profile , click okay and Open Store

image

Now Click on Root Container to expand

Now go down to Top of Information store

locate Mailbox, Locate the folder the e-mail was under

image

we will make right click and delete this folder

image

*** Be careful as good practice always make sure you have backup before you start deleting*** you never know if you need to go back that being said it would be good ideal to have PST export for this user at the least before we deleting data from outlook.

Now Click delete and select the option you like

image

If you wont select hard deletion you can still recovery deleted items

Exit twice to close MFCMAPI

image

Now opening outlook you can verify the corrupted folder and its content is gone

image

you will use same technique for each corrupted item, which is the pain part of it. The Mailbox move request will give you idea what is corrupted, you will need to get the information and locate within MFCMAPI to get rid of it.

IF you think all these too much work, wait there is another trick you can do, simply

Click File

Open Export

image

Export Import

Export to file

image

Choose PST and next

image

image

Note the location of PST backup file and name it if you like

This is default location

C:\Users\UserName\Documents\Outlook Files\backup.pst

image

Once you are done Delete everything !!!!!!

  1. E-mails
  2. All contact
  3. All Rules
  4. All deleted items
  5. All Sent items
  6. All draft E-mails

image

Once you are done , Resume MB move, you will see it will complete

Now time to  put all back

File , Open Export, Import/Export

image

image

image

image

image

all good everything is back , you have successfully migrated your mailbox or took care of the corruption. Thanks to MFCMAPI (-:

 image

Don’t forget to remove your full mailbox permissions

Remove-MailboxPermission Aki.Armstrong -AccessRights FullAccess -User Casey.Dedeal

and verify (-: so that you have no worries Security is knocking your door

Stay Tuned….

Best regards,
Oz Casey , Dedeal
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
Http://smtp25.blogspot.com (Blog)
Http://telnet25.wordpress.com (Blog)

Sunday, February 9, 2014

Configure Outlook OOF External Option For Outlook Users Exchange 2010

The Exchange 2010 OOF option to external audience is “enabled out the box” .In many organizations allowing OOF for external usage is up to company security policies. In large environments disabling OOF requires bulk changes and coming up with process to make sure newly created accounts OOF External is set to “internal” meaning these account wont have OOF External option. You may also consider allowing this option or disallowing it per your needs. In this article we will touch in each scenario and give you tips and show you how to deal with OOF settings for mail enabled users.

image

You will see the options under “Automatic Replies”

image

Lets take a look  same settings from PowerShell.

ExternalOofOptions : InternalOnly  (  External OOF option is set to “InternalONLY” )

ExternalOofOptions : External ( External OOF option is set to “External” )

image

Now lets start disabling OOF.Following procedures outline how to enable and disable OOF External option for single mailbox.

Procedure:

  1. Log in to Exchange 2010 server or use your management computer with proper privileges
  2. Click Start
  3. All Programs
  4. Microsoft Exchange Server 2010
  5. Exchange Management Shell

Enabling OOF External Option for single user

set-mailbox casey.dedeal -ExternalOofOptions "External"

Disabling OOF Option for single user

set-mailbox casey.dedeal -ExternalOofOptions "InternalOnly"

image

Disable OOF External for Everyone

get-mailbox -ResultSize Unlimited | set-mailbox -ExternalOofOptions "InternalOnly" -Confirm:$False

How to turn the OOF External option in large environments and only allow certain people ?

If this is the scenario one of the good way to handle such request coming up with process

Procedure:

1. Come up with User Creation SOP ( Standard Operation Procedure) and include disabling OOF External for each user creation.

2. Create Active group called “OOF-Allowed-External-Recipients” Universal Security for instance.

3. Add the exception members in the group

image

In the Second Article I will post OOF Script which will Disable OOF External option for everyone, Enable only for member of Allowed group in AD.

Stay Tuned

Best regards,
Oz Casey , Dedeal
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
Http://smtp25.blogspot.com (Blog)
Http://telnet25.wordpress.com (Blog)