Managing Mailboxes
In some organizations a single Exchange administrator is responsible for all management tasks, while in others the tasks are broken up across different levels of administrators. In medium-sized and large organizations, recipient management such as mailbox management is separated from other day-to-day Exchange administrative tasks. This is partially because mailbox management often falls into the category of user account administration and partially because mailbox administration in larger organizations is fairly time consuming. Managing mailboxes involves the following tasks:
-
Assigning mailboxes to users
-
Updating Exchange-related properties of a user account
-
Deleting mailboxes
-
Creating and managing shared resources
-
Moving mailboxes across different mailbox databases
In the following sections, we will cover how to accomplish these tasks. Although we will mostly focus on using the EMC, we will show you how to accomplish the same tasks using the EMS. There are certain tasks that you will only be able to accomplish using the EMS.
Managing User Mailboxes
In this first section on mailbox management, we will tackle the most common tasks: creating, managing, and deleting mailboxes associated with a real user account. Don't confuse user mailboxes with mailboxes that are associated with a resource such as a conference room or an overhead projector; user and resource mailboxes are almost identical, but we will cover resource mailboxes later in this chapter.
The Exchange Management Console (EMC) allows you to associate a mailbox with an existing user in Active Directory, or you can actually create the user account (if you have the necessary permissions).
The rules for mailbox ownership and associating an account with a mailbox have not changed since Exchange 2000. There are a couple of important things to keep in mind with respect to user account and mailbox management:
-
A user account can own only a single mailbox.
-
A user account can be given permissions to other mailboxes.
-
Each mailbox must be associated with a user account that is in the same Active Directory forest as the Exchange server.
-
A single user account from another Active Directory forest can own a mailbox, but a user account in the Exchange server's home forest must still exist and be associated with the mailbox.
Assigning a Mailbox to an Existing User Using the EMC
Let's start with a very common task, assigning a mailbox to an existing user. You may also hear this process referred to as "mailbox-enabling" a user or simply creating a mailbox. In this example, we have a user in Active Directory whose account is Bharat.Suneja and his unique location is fourthcoffee.com/Corporate/Bharat Suneja. To assign this user a mailbox, we must use either the EMS or the EMC; remember that extensions for Active Directory Users and Computers from Exchange 2000/2003 do not work for Exchange 2007.
Launch the EMC and navigate to the Mailboxes subcontainer of the Recipient Configuration work center. From here, click the New Mailbox task on the Actions pane. This will launch the New Mailbox Wizard. The very first screen in this wizard (shown in Figure 10.12) introduces some entirely new concepts for administrators of previous versions of Exchange. This first screen asks you to define what type of mailbox you are creating.
Figure 10.12: Defining the type of mailbox to be created
We have four possible choices for mailbox types; for all of them, there must be a user account in the same Active Directory as the Exchange servers are located.
| User Mailbox | This is the most common type of mailbox that most administrators will create. Assigns a mailbox to an existing user account in the same Active Directory forest in which the Exchange server is located. |
| Room Mailbox | Creates a disabled user account and assigns a mailbox to that user. The ResourceType property of the mailbox is set to Room, the RecipientTypeDetails property is set to ConferenceRoomMailbox, and the IsResource property is set to True. |
| Equipment Mailbox | Creates a disabled user account and assigns a mailbox to that user. The ResourceType property of that mailbox is set to Equipment, the RecipientTypeDetails property is set to EquipmentMailbox, and the IsResource property is set to True. |
| Linked Mailbox | Creates a disabled user account, assigns it a mailbox, and prompts the administrator to provide a user account in a separate, trusted forest. The account in the other forest is considered the owner of this mailbox and has the Associated External Account permissions to the mailbox. This is used in organizations that install Exchange in a resource forest. |
In this first example, we are creating a simple mailbox-enabled user account, so you would choose the User Mailbox radio button and then click the Next button. On the next screen, you are asked whether you are creating a new user account or using an existing user account.
When you select the Browse button, you are presented with the Select User dialog box. From here, you can narrow down the scope of your search using the Search option. Note that only enabled user accounts that do not have a mailbox show up in this list.
After you select from the Active Directory a user that does not already have a mailbox assigned to it, the Mailbox Settings page allows you to define the mailbox database on which the mailbox will be hosted. Most of the information requested on the Mailbox Settings page (shown in Figure 10.13) will look familiar to Exchange 2000/2003 administrators.
Figure 10.13: Assigning a mailbox to a server, storage group, and mailbox database
From the Mailbox Settings page, you specify the following information:
| Alias | The alias is used to generate the default SMTP addresses as well as other internal Exchange functions such as the legacy Exchange distinguished name. The alias defaults to be the same as the user account name, but it can be changed if you need it to conform to another standard. |
| Server | The server drop-down list specifies the mailbox server on which the mailbox will be located. Only servers that have the mailbox server role assigned to them will appear in the drop-down list. |
| Storage Group | This drop-down list shows a list of storage groups that are located on the mailbox server selected in the Server drop-down list. |
| Mailbox Database | This drop-down list will consist of mailbox databases found in the storage group that was selected in the Storage Group drop-down list. |
| Managed Folder Mailbox policy | The Managed Folder Mailbox Policy selection allows you to define which managed folder policy affects this particular mailbox. Once this has been assigned, the next time the Messaging Records Management process is run, the managed folders specified by this policy will be created. |
| Exchange ActiveSync Mailbox Policy | The Exchange ActiveSync mailbox policy defines the ActiveSync parameters for the user. |
The next screen provides the configuration summary. Here you can review the configuration of the mailbox you are creating/assigning.
When you are convinced that the parameters for the mailbox you are creating are correct, you can click the New button. The EMC console then launches an EMS cmdlet that actually enables the mailbox in the Active Directory. The last page of the wizard is the Completion page, which tells you if the operation was successful or not and shows you the cmdlet and options that were used to perform the operation. Figure 10.14 shows the Completion screen for the mailbox we just created.
Figure 10.14: Successfully completing the assignment of a mailbox to an existing user
Notice that the Completion screen also allows you to copy the output of the screen to the paste buffer so that you could then paste that output in to a text editor. If you are just learning the PowerShell and the EMS, this makes it simple to learn what cmdlets do and how to use them. That is helpful if you want to mail-enable user accounts using the EMS.
Assigning a Mailbox to a User from the EMS
In a larger organization, you will probably want to streamline or script the creation of new mailboxes and/or user accounts. The EMS allows you to do this easily. For now, though, let's look at the example we just completed from the EMC graphical user interface. We enabled a mailbox for an existing user, assigned that user a mailbox on the Executives mailbox database, assigned that user the Executives Mailbox Policy, and the Standard user ActiveSync Policy. The exact cmdlet that was executed is as follows:
Enable-Mailbox -Identity 'volcanosurfboards.com/VolcanoSurfboards/Bharat Suneja' -Alias 'Bharat.Suneja' -Database 'CN=Executives,CN=Executives SG,CN=InformationStore,CN=HNLEX03,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Volcano Surfboards,CN=Microsoft Exchange,CN=Services, CN=Configuration,DC=volcanosurfboards,DC=com' -ManagedFolderMailboxPolicy 'Executives Managed Folder Mailbox Policy' -ActiveSyncMailboxPolicy 'Strict ActiveSync policy'
The Exchange Management Console created this command and used object names to identify the user and the home mailbox database in very explicit terms. However, we want to show you another example and simplify it just a bit. In this case, we have another existing user whose account is Kevin.Miller and he is in the FourthCoffee Active Directory domain. We will simplify this command as much as possible and here is the result:
Enable-Mailbox fourthcoffee\Kevin.Miller -Alias:Kevin.Miller -Database:Executives Name Alias Server ProhibitSendQuota ---- ----- ------ ----------------- Kevin Miller Kevin.Miller HNLEX03 unlimited
This command works because there is only a single mailbox database in the entire organization called Executives.
Assigning Permissions to a Mailbox Using the EMS
On some occasions, you may need to assign a user the permission necessary to access another user's mailbox. This was easy enough to do in Exchange 2000/2003 using Active Directory Users and Computers. However, in Exchange 2007, this must be done using the EMS cmdlet Add-MailboxPermission. In this example, we are assigning user Derek.Ueki permissions to access the Paul.Moriguchi mailbox:
Add-MailboxPermission Paul.Moriguchi -User Derek.Ueki -AccessRights FullAccess
Creating a New User and Assigning a Mailbox using the EMC
Previously, you saw that the EMC's New Mailbox Wizard would allow you to create a new user account at the same time you enable the mailbox. It is true that the new EMC has some rudimentary user creating and management tasks. On the User Type page of the New Mailbox Wizard, if you select the New User radio button and click Next, you are prompted for the user account information on a screen called the User Information screen (shown in Figure 10.15).
Figure 10.15: Creating a user account from the Exchange Management Console
On the User Information screen, you provide some basic account information such as the first name, middle initial, last name, UPN name, pre-Windows 2000 account name, and the password. You must also specify the organizational unit (OU) in which the user account will be created, and, of course, you must have the Active Directory permissions necessary to create user accounts in that OU.
The rest of the wizard is exactly the same as if you were enabling a mailbox for an existing user. On the Completion property page, though, you will notice some small differences in the cmdlet and the cmdlet's parameters. To create a user named Andy.Webb in the VolcanoSurfboards OU and assign his mailbox to the Engineering Mailboxes mailbox database, here is the command that the EMC performed.
New-Mailbox -Name 'Andy Webb' -Alias 'Andy.Webb' -OrganizationalUnit 'volcanosurfboards.com/VolcanoSurfboards' -UserPrincipalName 'Andy.Webb@volcanosurfboards.com' -SamAccountName 'Andy.Webb' -FirstName 'Andy' -Initials " -LastName 'Webb' -Password 'System.Security.SecureString' -ResetPasswordOnNextLogon $True -Database 'CN=Engineering Mailboxes,CN=Engineering Mailboxes SG,CN=InformationStore, CN=HNLEX03,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Volcano Surfboards,CN=Microsoft Exchange,CN=Services, CN=Configuration,DC=volcanosurfboards,DC=com' -ManagedFolderMailboxPolicy 'Executives Managed Folder Mailbox Policy' -ActiveSyncMailboxPolicy 'Strict ActiveSync policy'
Since the Executives mailbox store is unique for the Exchange organization, we could have shortened this command as follows if we were running it from the EMS:
New-Mailbox -Name:'Andy Webb' -Alias:'Andy.Webb' -OrganizationalUnit:'volcanosurfboards.com/VolcanoSurfboards' -Database:CN=Engineering Mailboxes -UserPrincipalName:'Andy.Webb@volcanosurfboards.com' -SamAccountName:'Andy.Webb' -FirstName:'Andy' -Initials:" -LastName:'Webb' -Password:'System.Security.SecureString' -ResetPasswordOnNextLogon:$True
Notice that the cmdlet is not Enable-Mailbox as it was in the previous example; the Enable-Mailbox cmdlet is used to assign a mailbox to an existing user account. The cmdlet used is the New-Mailbox; this cmdlet has options for creating the user account as well as enabling the mailbox. Notice there is an -OrganizationalUnit parameter that allows you to specify the domain and the OU name in canonical name format such as volcanosurfboards.com/VolcanoSurfboards.
The New-Mailbox cmdlet also has parameters for setting the password, pre-Windows 2000 account name, and UPN name.
Managing User and Mailbox Properties
Many of the user account properties that can be managed through the Active Directory Users and Computers console can now also be managed through the EMC or the EMS. Naturally, using the EMC is a little easier than using the command line, but the EMS is much more flexible and powerful once you learn how to use it.
Using the Exchange Management Console
Let's start with managing user and mailbox properties using the EMC. We want to take a look at a few of the things that you can do and some of the user's property pages. Let's start by taking a look at the mailbox's general information property page shown in Figure 10.16. The General property page has some interesting information on it, including the user ID of the last person to access the mailbox, the mailbox size, the home Exchange server, and the mailbox store name.
Figure 10.16: General information property page for a mailbox
On the General property page is also the Hide From Exchange Address Lists check box that allows you to hide the mailbox from address lists such as the global address list and the Custom Attributes button that allows you to access all 15 custom attributes (aka extension attributes).
The field that is not clearly labeled (so we labeled in Figure 10.16) is the Display Name field. The display name is what users see in the global address list.
The next property page of interest is the E-mail Addresses property page (shown in Figure 10.17). From the E-mail Addresses property page, you can manage the SMTP addresses (and other address types) that are assigned to this particular mailbox. Notice in Figure 10.17 that this user has multiple SMTP addresses that can be used to send messages to this mailbox.
Figure 10.17: E-mail address properties of a mailbox
Regardless of how many e-mail addresses are assigned to this mailbox, when an Exchange user clicks the reply button to reply to a message sent to any of these addresses, the Set as Reply address is the one that is always used as the Reply To address. In Figure 10.17, this is the address shown in bold. This can be changed by selecting another address and clicking the Set as Reply button.
E-mail addresses are generated by an e-mail address policy, as we discussed earlier in the chapter. If a policy that affects this mailbox is updated and reapplied, additional e-mail addresses will be created. If a policy that affects the default SMTP address is changed, the e-mail address policy can change a user's primary e-mail address. However, the user will retain the previous SMTP addresses. However, if you clear the Automatically Update E-mail Addresses Based on Recipient Policy check box, then any changes to the e-mail address policy that affects this mailbox will not be made.
On the Mailbox Settings property page, there are two configuration items that are of interest. These are the Messaging Records Management and Storage Quotas options. These two sets of options are shown side-by-side in Figure 10.18. Storage Quotas allow the administrator to override mailbox database limits.
Figure 10.18: Storage Quotas and Messaging Records Management options are found on the Mailbox Settings property page.
The Messaging Records Management options allow you to specify the managed folder mailbox policy that affects this particular mailbox. In addition to defining which policy you use, you can specify an exception time during which no action will be taken on items in this mailbox that might ordinarily be deleted, archived, expired, or moved.
The Mail Flow Settings property page of the mailbox shows mailbox settings that most experienced Exchange administrators will already be familiar with. They are now just located in slightly different places. The properties found under the Mail Flow Settings property page are grouped into Delivery Options, Message Size Restrictions, and Message Delivery Restrictions sections. You merely need to highlight one of them and then click the Properties button to see them.
The Delivery Options properties (shown in Figure 10.19) include a couple of important options. The first is the Send on Behalf permission; this allows anyone that has been assigned this permission to send a message on behalf of this user. For example, in Figure 10.19, user William Lefkovics can now send a message on behalf of this mailbox. When the message arrives, it will say it is from William Lefkovics on behalf of Rich Matheisen. This implies, at least, a tacit authorization on the part of Rich Matheisen that the message should have been sent by William Lefkovics.
Figure 10.19: A mailbox's delivery options
Also on the Delivery Options page is the option to deliver messages to an alternate recipient. The recipient that you specify must be a mailbox in your organization or a mail-enabled contact that you find within your global address list. If you select a mail-enabled contact that you have created in your global address list, this would let you forward all of this user's mail to an external mail system. That can be useful if someone has left the organization and wants to keep getting their mail. It could also be a disaster if that person has left your organization and went to work for a competitor, so use this feature with caution.
If the Deliver Message to Both Forwarding Address and Mailbox check box is enabled, then the message is delivered both places. This is useful when "the boss" wants their assistant to receive all of their mail but they wants to see the mail as well.
Finally, the bottom part of the Delivery Options box allows you to specify the maximum number of recipients to which this person can send a message. The global default is 5,000, but some organizations want to reduce this and then allow only the VIPs to send messages to large numbers of users.
The Message Size Restrictions options allow you to specify the maximum size of messages the user can send or receive. If these are not specified, the user is limited by the global defaults or the connector defaults.
The final selection of settings that are found on the Mail Flow Settings property page is Message Delivery Restrictions. From the Message Delivery Restrictions options, you can restrict who is allowed to send mail to this particular mailbox. For example, if this is a VIP, you might want to restrict who can send to this mailbox to only a subset of users within the organization. Conversely, you could configure a mailbox to reject mail from a specific set of users. Figure 10.20 shows the Message Delivery Restrictions settings for a VIP mailbox; the VIP wants to receive mail only from the other members of the Executives group, the Finance and Accounting group, and their assistants.
Figure 10.20: Restricting who can send mail to a mailbox
If you select the Require That All Senders Are Authenticated check box, this will cut down on the spam that mailbox receives, but it also means that no anonymous Internet mail will be received. By default, all mail received from the Internet is received anonymously.
If you have spent a lot of time troubleshooting non-delivery reports and error messages that your users have received in the past, you will be happy to hear that the Exchange team has worked hard to make the error messages more descriptive and helpful. In the case in which a user sends a message to someone they are not allowed to send to, they receive a non-delivery report message in return. Figure 10.21 shows an example.
Figure 10.21: Non-delivery report message sent when sender is not authorized to send to the intended recipient
The final property page of interest to e-mail administrators is the Mailbox Features property page (shown in Figure 10.22). On this property page, you can enable or disable additional features of the mailbox such as Outlook Web Access, Exchange ActiveSync, Unified Messaging, and MAPI access.
Figure 10.22: Mailbox features property page
The Exchange ActiveSync selection has a Properties option that allows you to configure the Exchange ActiveSync policy for this user. You can now disable MAPI clients as well. The Unified Messaging option allows you to specify the user's Unified Messaging properties if you have Unified Messaging server roles installed.
Using the Exchange Management Shell to Manage User Properties
You can also manage mailbox and user properties from the EMS. There are two cmdlets that you will need to know about in order to manage most of the properties. These are the Set-User and Set-Mailbox cmdlets. Let's start with the Set-User cmdlet and an example. Let's say that we want to update user Stan.Reimer's mobile phone number. We would type this:
Set-User Stan.Reimer -MobilePhone"(808) 555-1234"
The Set-User cmdlet has quite a few useful parameters. Table 10.2 lists many of these options. You can retrieve these from within the EMS by typing Set-User -? or Help Set-User.
 |
| Parameter | Function |
|---|---|
| PostalCode | Sets the zip or postal code. |
| Manager | Sets the name of the user's manager; input value must be a distinguished name canonical name format such as fourthcoffee.com/Corporate/Ben Craig. |
| DisplayName | Updates the user's display name, which appears in the global address list. |
| MobilePhone | Sets the mobile/cell phone number. |
| City | Sets the city or locality name. |
| FirstName | Specifies the given or first name. |
| LastName | Specifies the surname or last name. |
| Company | Sets the company name. |
| Department | Sets the department name. |
| Fax | Specifies the facsimile telephone number. |
| HomePhone | Sets the home phone number. |
| Phone | Sets the business phone number. |
| StateOrProvince | Sets the state or province. |
| StreetAddress | Sets the street address. |
| Title | Sets the title or job function. |
Open table as spreadsheet |
You can retrieve the list of properties for Set-User by using the Get-User cmdlet, specifying a username, and then piping the output to the Format-List cmdlet. Here is an example:
Get-User vlad.mazek | Format-List Id : fourthcoffee.com/Users/Vlad Mazek IsValid : True Item : DistinguishedName : CN=Vlad Mazek,CN=Users,DC=fourthcoffee,DC=com Guid : Identity : fourthcoffee.com/Users/Vlad Mazek Name : Vlad Mazek ObjectCategory : fourthcoffee.com/Configuration/Schema/Person ObjectCategoryName : user ObjectClass : {top, person, organizationalPerson, user} ObjectState : Unchanged OriginatingServer : E2K7-Base.fourthcoffee.com Schema : Microsoft.Exchange.Data.Directory.Management.UserSchema WhenChanged : 11/5/2006 6:34:21 AM WhenCreated : 11/5/2006 6:31:18 AM SamAccountName : Vlad.Mazek Sid : S-1-5-21-313647035-3844660503-1830646060-1170 SidHistory : {} IsSecurityPrincipal : True UserPrincipalName : Vlad.Mazek@fourthcoffee.com Assistant : Company : Own Web Now Corporation Department : Information Security DirectReports : {} Fax : (808) 555-4300 HomePhone : (808) 555-1022 Initials : FirstName : Vlad LastName : Mazek City : Honolulu Manager : fourthcoffee.com/Corporate/Andy Webb MobilePhone : (808) 555-4100 Office : Honolulu OtherFax : {} OtherHomePhone : {} Pager : (808) 555-4321 Phone : (808) 555-1234 PostalCode : 96816 PostOfficeBox : {} StateOrProvince : Hawaii StreetAddress : 7019 Kalakaua Avenue Suite 2001 Title : Operations Manager DisplayName : Vlad Mazek Notes : Created on Nov 5, 2006 per Mark Watts - Work Order BR-549 RecipientType : MailboxUser RecipientTypeDetails : MailboxUser SimpleDisplayName : Vlad M WebPage : http://ownwebnow.com | Tip | If you pipe the properties of an object to the Format-List (FL) cmdlet, this gives you a very handy way to see all of the property names as well as their current values. |
Not only does the Get-User cmdlet allow you to view this information about a user account, it also allows you to see all of the property names. For example, if you did not know what the property name was for the State, you can look in the output listing and see that it is StateOrProvince. You could then change the user's state by typing the following EMS command:
Set-User vlad.mazek -StateOrProvince "Florida"
Using the Exchange Management Shell to Manage Mailbox Properties
The Set-User and the Get-User cmdlets helped us with non-Exchange-specific properties of a user account, but the Set-Mailbox and the Get-Mailbox cmdlets will help us to set the properties of mail-enabled user account. In fact, you have already seen these cmdlets earlier in this book when we talked about setting mailbox storage limits. Let's take a quick look at some ways you can use these cmdlets. For example, if you want to change the user Cheyne.Manalo's rules quota, you would type this:
Set-Mailbox cheyne.manalo -RulesQuota:128KB
There are a lot of properties that you can set through the EMS and the Set-Mailbox cmdlet. A few of the more useful ones are found in Table 10.3.
|
| Parameter | Function |
|---|---|
| RulesQuota | Specifies the maximum amount of rules a user can have in a folder. Note that having more than 32KB of rules per folder requires the Outlook 2007 client. |
| SCLDeleteThreshold | Specifies the SCL (spam confidence level) value at and above which messages flagged as spam should be deleted. |
| SCLDeleteEnabled | Specifies if messages above the value of SCLDeleteThreshold property should be deleted. There are additional SCL threshold options that are not listed in this table. |
| RecipientLimits | Specifies the maximum number of recipients per message that a user can send to. |
| EmailAddressPolicy Enabled | Specifies whether or not this mailbox should have its e-mail addresses updated by e-mail address policies. |
| MaxSendSize | Specifies the maximum size for messages that can be sent by this mailbox. |
| MaxReceiveSize | Specifies the maximum size for messages that can be received in to this mailbox. |
| ForwardingAddress | Specifies an address to which mail sent to this mailbox will be forwarded. The value must be in canonical name format such as volcanosurfboards.com/Corporate/Mike Brown. |
| HiddenFromAddress ListsEnabled | If set to True, this mailbox will not appear in any of the Exchange address lists. The default is False. |
| CustomAttribute1 | Specifies the value for Custom Attribute 1 (aka Extension Attribute 1). There are 15 custom attributes that can be set through the EMS; simply change 1 to 2, 3, and so on. |
| ProhibitSendQuota | Specifies the mailbox size above which the user will not be able to send any new messages. |
| ProhibitSendReceive Quota | Specifies the mailbox size above which the mailbox will reject new mail and the user will not be able to send any messages. |
| IssueWarningQuota | Specifies the mailbox size above which the user will receive a warning message indicating they are over their mailbox quota. |
| AntispamBypassEnabled | If set to True, this specifies that this mailbox should not have its mail filtered by the Exchange 2007 content filtering component on the Edge Transport or Hub Transport server. The default is False. |
| UseDatabaseQuota Defaults | If set to False, then the mailbox uses the storage quotas set on the mailbox. If set to True (the default), then the mailbox uses the mailbox storage quotas that are defined for the mailbox database on which the mailbox is located. |
|
Table 10.3 shows you just a few of the parameters that can be used by the Set-Mailbox cmdlet or that can be viewed using the Get-Mailbox cmdlet. If you want to look up these parameters, from the EMS you can type Set-Mailbox -?, or you can type Help Set-Mailbox. As we showed you previously with Get-User, you can pipe the output for a mailbox to the Format-List (or fl) cmdlet and see all of the properties for that mailbox. Here is an example:
Get-Mailbox "Cheyne Manalo" | FL Database : HNLEX03\First Storage Group\Mailbox Database DeletedItemFlags : RetainUntilBackupOrCustomPeriod UseDatabaseRetentionDefaults : False RetainDeletedItemsUntilBackup : True DeliverToMailboxAndForward : True RetentionHoldEnabled : True EndDateForRetentionHold : 1/31/2007 2:01:32 PM StartDateForRetentionHold : 1/11/2007 2:01:32 PM ManagedFolderMailboxPolicy : Executives Managed Folder Mailbox Policy ExchangeGuid : ExchangeSecurityDescriptor : System.Security.AccessControl. RawSecurityDescriptor ExchangeUserAccountControl : None ExternalOofOptions : External ForwardingAddress : volcanosurfboards.com/VolcanoSurfboards/To dd Hawkins RetainDeletedItemsFor : 30.00:00:00 IsMailboxEnabled : True Languages : {} OfflineAddressBook : ProhibitSendQuota : 150000KB ProhibitSendReceiveQuota : 200000KB ProtocolSettings : {HTTP§0§1§§§§§§, POP3§1§0§1§ISO- 8859-1§1§§§, IMAP4§0§1§4§ISO-8859-1§0§1§0§0} RecipientLimits : 150 UserAccountControl : NormalAccount IsResource : False IsLinked : False IsShared : False LinkedMasterAccount : ResourceCapacity : ResourceCustom : {} ResourceType : SamAccountName : CManalo SCLDeleteThreshold : SCLDeleteEnabled : SCLRejectThreshold : SCLRejectEnabled : SCLQuarantineThreshold : SCLQuarantineEnabled : SCLJunkThreshold : 4 SCLJunkEnabled : True AntispamBypassEnabled : False ServerLegacyDN : /o=Volcano Surfboards/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=HNLEX03 ServerName : hnlex03 UseDatabaseQuotaDefaults : False IssueWarningQuota : 125000KB RulesQuota : 64KB Office : UserPrincipalName : CManalo@volcanosurfboards.com UMEnabled : False MaxSafeSenders : MaxBlockedSenders : Extensions : {} AcceptMessagesOnlyFrom : {} AcceptMessagesOnlyFromDLMembers : {} AddressListMembership : {Engineering, Default Global Address List, All Users} Alias : CManolo OrganizationalUnit : volcanosurfboards.com/VolcanoSurfboards CustomAttribute1 : Angelina CustomAttribute10 : CustomAttribute11 : CustomAttribute12 : CustomAttribute13 : CustomAttribute14 : CustomAttribute15 : CustomAttribute2 : Delta SkyMiles Member CustomAttribute3 : 987654321 CustomAttribute4 : D.O.B. March 9, 1982 CustomAttribute5 : CustomAttribute6 : CustomAttribute7 : CustomAttribute8 : CustomAttribute9 : DisplayName : Cheyne Manalo EmailAddresses : {smtp:Cheyne@volcanosurfboards.com, X400:C=US;A=;P=Volcano Surfboar;O=Exchange;S=Manolo;G=Cheyne;, smtp:CManolo@directory-update.com, X500:/o=Volcano Surfboards/ou=First Administrative Group/cn=Recipients/cn=CManolo, smtp:CManolo@research.somorita.com, SMTP:CManolo@somorita.com, smtp:CManolo@volcanosurfboards.com} GrantSendOnBehalfTo : {Andy Webb, Bharat Suneja, Bthaworn Thaweeaphiradeemaitree, Paul Moriguchi, Don Nguyen, Nathan Nakanishi} HiddenFromAddressListsEnabled : False LegacyExchangeDN : /o=Volcano Surfboards/ou=First Administrative Group/cn=Recipients/cn=CManolo MaxSendSize : 20MB MaxReceiveSize : 10MB PoliciesIncluded : {} PoliciesExcluded : {{}} EmailAddressPolicyEnabled : False PrimarySmtpAddress : CManolo@somorita.com RecipientType : UserMailbox RecipientTypeDetails : UserMailbox RejectMessagesFrom : {Roberry Carter, Pavel Nagaev, Townley Matt} RejectMessagesFromDLMembers : {} RequireSenderAuthenticationEnabled : False SimpleDisplayName : UMDtmfMap : {} WindowsEmailAddress : CManolo@somorita.com IsValid : True OriginatingServer : HNLDC01.volcanosurfboards.com ExchangeVersion : 0.1 (8.0.535.0) Name : Cheyne Manalo DistinguishedName : CN=Cheyne Manalo, OU=VolcanoSurfboards,DC=volcanosurfboards,DC=com Identity : volcanosurfboards.com/VolcanoSurfboards/ Cheyne Manalo Guid : ObjectCategory : volcanosurfboards.com/Configuration/ Schema/Person ObjectClass : {top, person, organizationalPerson, user} WhenChanged : 1/11/2007 2:06:16 PM WhenCreated : 12/12/2005 9:10:28 AM When you look at these properties, please keep in mind that not all properties can be modified, even using the EMS. Many of these properties are system properties and are either created or managed by the system.
Managing Resource Mailboxes
Finally with Exchange 2007 and Outlook 2007, the client and the server know the different between a regular user mailbox and a resource mailbox. Exchange 2007 allows us to define two different types of resource mailboxes: room and equipment mailboxes. We will first look at some of the basic features that allow you to define a resource mailbox and then we will show you some of the more advanced features of Exchange 2007 and Outlook 2007, such as advanced calendaring.
To assign an administrator the permissions necessary to create, manage, and delete resource mailboxes, make that administrator a member of the Exchange Recipient Administrators group. This administrator will also require permissions to whichever Active Directory organizational unit will hold the disabled user accounts.
Creating and Defining Resource Mailbox Properties
Let's start with a simple example of defining a room resource mailbox. Let's say we want to create a conference room resource that will be called Conference Room 1103. Just as with creating a user account, you launch the New Mailbox Wizard, but on the Introduction page you choose the Room Mailbox radio button.
Everything else about creating a room mailbox resource is exactly the same as creating a user mailbox. If the user account does not yet exist in Active Directory, specify that you are creating a new user, and then on the Mailbox Information page, provide the user account information (shown in Figure 10.23). Notice that the user is being created in an OU called Resources; that is an OU we created to hold resource user accounts.
Figure 10.23: Defining user information for a conference room mailbox
Notice also in Figure 10.23 that we specified a first name and a last name. This is not really necessary, but we consider it a good practice. When you have completed the New Mailbox Wizard, a disabled user account is created. Right now, the resource user and the resource user's mailbox look almost identical to a regular user mailbox. The icons are slightly different for the room and equipment mailboxes. The room mailbox icon includes a small door and the equipment mailbox includes a small projector screen.
But what really defines these as resources instead of just mailboxes? With Exchange 2007, there are some additional Active Directory attributes that can be assigned to a user account that defines a resource account as opposed to a regular mailbox. These attributes include the RecipientType, RecipientTypeDetails, ResourceType, ResourceCapacity, and ResourceCustom properties. Let's look at the resource-specific properties of the room resource we just created using the Get-Mailbox cmdlet. Here is the command and the output:
Get-Mailbox "conference room 1103" | FL Name,RecipientType,RecipientTypeDetails, ResourceType, ResourceCapacity, ResourceCustom Name : Conference Room 1103 RecipientType : MailboxUser RecipientTypeDetails : ConferenceRoomMailbox ResourceType : Room ResourceCapacity : ResourceCustom : {Room} The following are the details of what you can expect to see for these properties when creating resource mailboxes:
-
The RecipientType property for mailboxes (resource or regular) is always set to MailboxUser.
-
The RecipientTypeDetails property will be set to either ConferenceRoomMailbox or EquipmentMailbox.
-
The ResourceType property will be set to either Room or Equipment.
-
The ResourceCapacity property is used to define room capacity (for example, the number of people that can sit in the room).
-
The ResourceCustom property is used to define additional properties for this resource mailbox.
What these properties of the user account (and mailbox) do is set some features that define this mailbox as a resource mailbox. These special features enable Outlook 2007 and Outlook Web Access 2007 to recognize resource mailboxes and to differentiate a regular mailbox from an end user mailbox. Figure 10.24 shows the All Rooms view of the Outlook Web Access 2007 Address Book; this allows you to view just the conference room resources.
Figure 10.24: Viewing just the room resources in the Address Book
Enabling the client to separately view room resources makes choosing room resources simpler because it eliminates the necessity to browse the entire global address list.
Defining Advanced Resource Mailbox Features
What you have seen so far with respect to resource mailboxes is not all that different from earlier versions of Exchange and Outlook. It's just that now have the ability to better sort the address list. However, Exchange 2007 actually enables a few additional features on the mailbox that make it even easier to find the room resource you need. You probably noticed the properties ResourceCapacity and ResourceCustom. What good is scheduling a conference room if you don't schedule one that will hold all of the attendees? The ResourceCapacity property allows you to define in Active Directory the capacity of a specific room resource.
Resource capacity is defined from the EMS using the Set-Mailbox cmdlet. Let's say we want to define the room capacity of Conference Room 1103 to 15. We would type this:
Set-Mailbox "Conference Room 1103" -ResourceCapacity 15
Before we look at how you would utilize this information, let's also look at the ResourceCustom property. What good is finding a conference room with a certain capacity if we can't find one with all of the tools or resources we need for a particular meeting? In many organizations, conference rooms are equipped with televisions, DVD players, and more. These things can be defined in the ResourceCustom property.
If we want to take advantage of this, the first thing we need to do is to define the types of properties in the property schema. Resource property schema properties are defined using the Set-ResourceConfig cmdlet, and you can view the current properties using the Get-ResourceConfig cmdlet. The property in which we are interested is the ResourcePropertySchema. Here is an example of retrieving the current value:
Get-ResourceConfig | Format-List Name,ResourcePropertySchema Name : Resource Schema ResourcePropertySchema : {Room/TV, Room/AV} Each time you run the Set-ResourceConfig cmdlet, it replaces the existing value with the new value, so if you want to keep the existing properties, make sure you include the existing properties in the Set-ResourceConfig command line. Let's say, for example, that we want to define an additional type of resource property that some of the conference rooms have available. In this example, some of the conference rooms have massage chairs; to add an additional resource property of massage chair, we would type this command:
Set-ResourceConfig -ResourcePropertySchema ( "Room/TV","Room/AV", "Room/Minibar")
Once the resource property schema includes a TV, A/V resources, and a Minibar, we can assign them as resources of a particular conference room. For room resource objects, this can be done on the Resource Information property page of the mailbox object.
We can also set the custom resource properties via the EMS. For example, if Conference Room 1103 has TV and massage chair resources and a capacity of eight people, we would type this:
Set-Mailbox -Identity "Conference Room 1103" -ResourceCustom ("TV","Minibar") -ResourceCapacity 8 This sets both the custom resource properties and the resource capacity at the same time. If you want to verify this for this particular resource, you could type this:
Get-Mailbox "conference room 1103" | FL Name,*resource* Name : Conference Room 1103 IsResource : True ResourceCapacity : 8 ResourceCustom : {MassageChairs, TV, Room} ResourceType : Room Note in the preceding example that we did not include the -Identity parameter in the Get-Mailbox options. This was intentional so that we could show you that you that it is optional; also note that the resource's display name, Conference Room 1103, is in lowercase. The cmdlets and the parameters are not usually case sensitive, either.
Once you have defined a resource with specific properties, such as the custom properties and the capacity, the properties will show up in Outlook and Outlook Web Access when you browse for room resources. Figure 10.25 shows the Select Rooms list box in Outlook 2007. Notice that the room capacity and the room's custom resources show up in this list.
Figure 10.25: Browsing for room resources. Note the Capacity and Description columns.
Defining Resource Scheduling Policies
One of the more annoying things about creating resources in earlier versions of Exchange was that you had to be creative in figuring out a way to get a resource to automatically accept scheduled appointments. There were scripts, special procedures, and third-party tools that you could use to handle automatic booking, but often even a combination of tools and software did not meet your needs.
Exchange 2007 introduces a new way to define the features of a resource mailbox, including how a resource is automatically booked and who can book a particular resource. Options such as who can book a room or equipment resource as well as time limits for booking the resource are part of the resource's calendar scheduling policy. These settings can be defined in one of two ways; the simplest way to define a resource's calendar scheduling policy is to use Outlook Web Access. You must first enable the room resource mailbox account since it will be created as a disabled user account, make sure you have the password, and then open the mailbox using Outlook Web Access. Once you have opened the mailbox in Outlook Web Access, click the Options button in the OWA interface, scroll down the options on the left pane, and choose the Resource Settings option. This option does not appear for a regular mailbox. The entire list of options is a little too big for one screen capture, so we are breaking it up into smaller screens so that we can describe each of the options; we will summarize them for you in Table 10.4. Figure 10.26 shows the Resource Scheduling Options section.
|
| Function | OWA Setting | EMS Cmdlet Parameters |
|---|---|---|
| Process meeting requests automatically. | Automatically Process Meeting Requests and Cancellations | -AutomateBooking (default is $False). |
| Specify automatic processing options. | -AutomateProcessing | |
| Options: | ||
| None-Disables all automatic processing | ||
| AutoUpdate-Requests automatically processed by the Calendar Attendant on the server | ||
| AutoAccept-Requests automatically processed by the mailbox. | ||
| Do not show reminders for meetings in the resource mailbox. | Disable Reminders | -DisableReminders (Set to $True or $False) |
| Specify a default reminder time for meeting requests. | -DefaultReminderTime | |
| Specify from the present day the maximum booking window in which the resource can be booked. Default is 180 days. | Maximum Number of Days | -BookingWindowInDays |
| Specify if recurring meetings that continue to recur after maximum number of days will be rejected. | -EnforceSchedulingHorizon (Set to $True or $False) | |
| Specify the maximum length of a meeting request. The default is 180 minutes. | Maximum Allowed Minutes | -MaximumDurationInMinutes |
| Specify that a resource can only be scheduled during working hours. These days and times are defined for each resource mailbox in the Calendar Options Calendar Work Week section of the OWA options. | Allow Scheduling Only During Working Hours | -ScheduleOnlyDuringWork Hours (Set to $True or $False) |
| Specifies if conflicts should be allowed. | Allow Conflicts | -AllowConflicts (Set to $True or $False) |
| Specify if recurring meetings will be allowed. | Allow Recurring Meetings | -AllowRecurringMeetings |
| If conflicts are allowed, specify the maximum number of conflicts that can be scheduled before a meeting request will be declined. | Allow Up to This Number of Individual Conflicts | -MaximumConflictInstances |
| If the number of meeting requests (for recurring meetings) conflicting with already scheduled meetings exceeds this percentage, decline the meeting requests. | Allow Up to This Percentage of Individual Conflicts | -ConflictPercentageAllowed |
| Display pending meeting requests as free in the Free and Busy times. | -TentativePendingApproval (Set to $True or $False) | |
| Specify that the resource mailbox send organizer information when a meeting request is declined due to a conflict. | -OrganizerInfo (Set to $True or $False) | |
| Define a list of users and mail-enabled groups that can book this resource automatically if it is available. This booking is done by sending a meeting request message. | These Users Can Schedule Automatically If the Resource Is Available | -BookInPolicy (Specifies list of users or groups allowed to automatically book. The AllBookInPolicy option must be set to False.) |
| -AllBookInPolicy (If true, allows Everyone to automatically schedule meeting requests via a meeting request message. | ||
| Define a list of users or mail-enabled groups that can manually submit a request to schedule the room resource if it is available. This booking is done by sending a meeting request message. | These Users Can Submit a Request for Manual Approval If the Resource Is Available | -RequestInPolicy (Specifies a list of users or groups that are allowed to send meeting requests for the resource delegate to approve or decline.) |
| -AllRequestInPolicy (If set to True, meeting requests can be sent to this mailbox by anyone. If set to False, the list of users or groups specified by the -RequestInPolicy list determines who can send meeting requests to this resource.) | ||
| Define a list of users or mail-enabled groups that can automatically schedule a room resource if the resource is available and submit a request for manual approval if the resource is already booked. This booking is done by sending a meeting request message. | These Users Can Schedule Automatically If the Resource Is Available and Submit a Request for Manual Approval If the Resource Is Unavailable | -RequestOutOfPolicy (Specifies users or groups that can have their schedule requests automatically approved if the resource is available and have the request approved manually if there is a conflict. The -AllRequestOutOfPolicy option must be set to False for this option to work.) |
| -AllRequestOutOfPolicy (If set to True, meeting requests from everyone will be approved if the resource is available and sent to the resource mailbox delegate for approval if a conflict is occurs.) | ||
| Send approval requests to resource mailbox delegates if they require approval. | Always Forward to Delegates | -ForwardRequestsToDelegates |
| Accept schedule requests tentatively even if they require approval by the resource mailbox delegate. | Always Tentatively Accept These Requests | -AddNewRequestsTentatively |
| Accept schedule requests from senders outside of the Exchange organization. | -ProcessExternalMeeting Messages | |
| Specify delegates of this resource. | -ResourceDelegates | |
| Specify if organizer's name should be included on the meeting subject in the room resource mailbox. | Always Add Organizer Name to Meeting Subject | -AddOrganizerToSubject (Set to $True or $False) |
| Specify that the private flag is removed, if included, on accepted meetings. | Always Remove the Private Flag on Accepted Meeting | -RemovePrivateProperty (Set to $True or $False) |
| Specify if meeting request information should be included in message when a declined message is returned to the user. | Include Detailed Information about Conflicting Messages in Response | -EnableResponseDetails(Set to $True or $False) |
| Specify if the organizer's name should be included in a message when a meeting request is declined. | Include Organizer's Name in Conflict Information | -AddOrganizerToSubject (Set to $True or $False) |
| Automatically delete e-mail messages that are sent to the resource mailbox. | Always Delete the Following When Sent to This Resource: E-mail Messages | -DeleteNonCalendarItems (Set to $True or $False) |
| Automatically delete attachments from e-mail messages sent to the resource mailbox. | Always Delete the Following When Sent to This Resource: Attachments from Meeting Requests | -DeleteAttachments (Set to $True or $False) |
| Automatically delete comments from meeting request messages. | Always Delete the Following When Sent to This Resource: Comments from Meeting Requests | -DeleteComments (Set to $True or $False) |
| Automatically delete subject of meeting requests. | Always Delete the Following When Sent to This Resource: Subject of Meeting Requests | -DeleteSubject (Set to $True or $False) |
|
Figure 10.26: A resource mailbox's Resource Scheduling Options section
The Resource Scheduling Options section allows you to define some of the basics of how the resource will automatically accept schedule requests, whether or not it will accept recurring requests, whether or not it will even automatically process requests, and how to handle conflicting requests.
The next section in Resource Settings is Resource Scheduling Permissions; these are shown in Figure 10.27. By default, Everyone is allowed to submit schedule requests to a resource and these request will be automatically processed based on the rules defined in the Resource Scheduling Options section.
Figure 10.27: Defining room resource scheduling permissions
Notice that in Figure 10.27, we have changed the auto-accept permissions for this room resource just a bit (after all, it does have massage chairs). This room can only be scheduled automatically by members of the Executives group; VIPs and user Mark Arnold can automatically schedule meetings for the resource and submit manual requests if the resource is unavailable. Note that permissions include whether or not manual requests are automatically sent to delegates of this resource; delegates cannot be defined through this interface. Resource delegates must be defined using the EMS cmdlet Set-MailboxCalendarSettings. For example, if we want to assign user Simon. Butler as a delegate of this mailbox, we would type the following command:
Set-MailboxCalendarSettings "Conference Room 1103" -ResourceDelegates Simon.Bulter
The final two sections of Resource Scheduling are the Resource Privacy Options and Response Message sections; these are shown in Figure 10.28. Resource Privacy Options settings define how the automatic responses will format responses to meeting requests and if the original resource schedule request meeting will be deleted or not.
Figure 10.28: Resource Privacy Options and Response Message options
The Response Message section allows you to define a customized response that will be returned to users that request this resource. This can be useful in telling users who owns a particular resource or for sending back a reply as to the rules of usage for a resource.
We mentioned that you could define the resource properties in two ways; the second way is using the Set-MailboxCalendarSettings cmdlet. We have created Table 10.4 to describe the Outlook Web Access Resource Scheduling options and the corresponding parameters for the Set-MailboxCalendarSettings cmdlet. There will be EMS cmdlet parameters that are not available via the graphical user interface.
Now that you have seen the settings and how you can implement them using Outlook Web Access, let's take a look at them from the EMS using the Get-MailboxCalendarSettings cmdlet:
Get-MailboxCalendarSettings "Conference Room 1103" | FL TestFields : {BookInPolicyRecipients, BookInPolicy, RequestInPolicy, RequestOutOfPolicy, RequestInPolicyRecipients, RequestOutOfPolicyRecipients} AutomateProcessing : AutoUpdate AllowConflicts : False BookingWindowInDays : 180 MaximumDurationInMinutes : 1440 AllowRecurringMeetings : True EnforceSchedulingHorizon : True ScheduleOnlyDuringWorkHours : False ConflictPercentageAllowed : 0 MaximumConflictInstances : 0 ForwardRequestsToDelegates : True DeleteAttachments : True DeleteComments : True RemovePrivateProperty : True DeleteSubject : True DisableReminders : True AddOrganizerToSubject : True DeleteNonCalendarItems : True TentativePendingApproval : True EnableResponseDetails : True OrganizerInfo : True ResourceDelegates : {Simon Butler} RequestOutOfPolicy : AllRequestOutOfPolicy : False BookInPolicy : AllBookInPolicy : True RequestInPolicy : AllRequestInPolicy : False AddAdditionalResponse : False AdditionalResponse : RemoveOldMeetingMessages : True AddNewRequestsTentatively : True ProcessExternalMeetingMessages : False DefaultReminderTime : 15 RemoveForwardedMeetingNotifications : False Identity : volcanosurfboards.com/Users/ Conference Room 1103
Moving Mailboxes
Moving mailboxes from one mailbox database to another is a pretty common task for most Exchange administrators. Often mailbox databases need to be "smoothed" out because too many large mailboxes are created on a single mailbox database. You may also need to decommission a server and thus move all of the mailboxes off of that server.
Mailboxes should usually be moved after a user's work hours. The mailbox can be moved while the user is working in it, but at the end of the move the user will be informed that they must close and reopen Outlook.
Consequently, we recommend that you move mailboxes during off-hours to minimize disruption to users; a user can leave Outlook open while the mailbox is being moved, though.
Mailbox move operations are certainly not instantaneous and can be quite lengthy depending on a number of factors, including bandwidth between servers, server speed, available RAM, and disk I/O. For typical servers on LAN-speed network segments, we estimate you can move from 500 MB per hour to 1.5GB per hour. Your results may vary. Depending on your Active Directory infrastructure and replication times, an Outlook Web Access user might not be able to reconnect to their mailbox for up to 15 minutes since the home mailbox attribute must replicate to all domain controllers.
As with all Exchange management tasks, you can perform move mailbox operations using the Exchange Management Console or the Exchange Management Shell.
Moving Mailboxes Using the Exchange Management Console
Mailboxes can be moved via the GUI using the Exchange Management Console (EMC). To move mailboxes using the EMC, open up the Recipient Configuration work center of the EMC and select the Mailboxes subcontainer. From within here, you can select one or more mailboxes and then select the Move Mailbox task from the Actions pane.
This launches the Move Mailbox Wizard. An experienced Exchange 2000/2003 administrator will recognize most all of the options in the wizard. The most important is found on the Introduction page (see Figure 10.29). From the Introduction page you define the destination for the mailboxes you are about to move. This includes the server, storage group, and mailbox database; you must select them in this order so that the drop-down lists display the appropriate destination storage groups and databases.
Figure 10.29: Defining the server, storage group, and mailbox database
Once you have selected the destination mailbox database and clicked Next, the Move Options wizard page is displayed. On this screen you can specify whether or not to ignore corrupted messages and continue with the move mailbox operation.
Normally mailboxes don't have corrupted messages (otherwise your telephone will be ringing), but occasionally the properties of a message gets corrupted. If a mailbox has more than the maximum number of corrupted messages specified, then that particular mailbox will be skipped.
On the next page of the wizard is the Move Schedule options. From the Move Schedule page you can define whether the move operation starts immediately or at some point in the future. The Cancel Tasks That Are Still Running After (Hours) option allows you to specify that mailboxes that have not yet been moved after the number of hours specified will not be processed. In the options shown in the following screen shot, we have selected that mailbox moves will not start until 8:00 in the evening and will run for a maximum of 10 hours (if not completed prior to this).
The next page is a confirmation page that allows you to review the mailboxes you are above to move as well as the destination server, storage group, and mailbox database. When you are confident you are moving all of the mailboxes you are supposed to move, you can click the Next button.
Once you click the Next button, the move mailbox operation will begin. The move mailbox task will move up to four mailboxes simultaneously. When moving mailboxes using the GUI, you see animated status bars indicating that the operation is still in progress as well as the elapsed time. An example of this is shown in Figure 10.30, where you can see completed mailbox moves as well as mailbox moves that are still in progress.
Figure 10.30: Mailbox move operations
After all of the mailboxes have been moved, the final screen shows you a summary of which mailboxes were moved, the total elapsed time, and any other relevant statistics. As with many other wizards in the EMC, the actual Exchange Management Shell (EMS) command that was necessary to move the mailbox is included in the report. In the following screen capture we have collapsed a few of the trident controls so that you can see more of the summary page. Notice for mailbox David Elfassy the EMS cmdlet move-mailbox and the parameters that were used to move the mailbox.
If you want to keep a copy of the move mailbox report, you can use the Ctrl + C keyboard combination to copy the information on the Completion page to the Clipboard. Once you are finished with the Completion page, just click Finish to close it.
Moving Mailboxes Using the Exchange Management Shell
We have just showed you how easy it is to move mailboxes using the EMC; you just select the mailbox you want to move and click Next through the wizard to specify any other options, and then the EMC generates the necessary cmdlet to move the mailbox or mailboxes selected. In the previous example, one of the mailboxes moved was a mailbox for user David Elfassy. We selected that his mailbox should be moved to a mailbox database called MBDB-LAXMB01-15 in a storage group called SG-LAXMB01-15 and on a server called E2K7-BASE. The EMS generated the following command parameters for the Move-Mailbox cmdlet:
move-mailbox -BadItemLimit:'2' -TargetDatabase:'CN=MBDB-LAXMB01-15, CN=SG-LAXMB01-15,CN=InformationStore,CN=E2K7-BASE, CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT), CN=Administrative Groups,CN=Volcano Surfboards,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=fourthcoffee,DC=com'
Notice that the actual object that was to be moved was not included in the cmdlet; the way that the object information was passed to the Move-Mailbox cmdlet made this unnecessary. From the EMS, we could have shortened this command quite a bit if the target database name (MBDB-LAXMB01-15) was unique across the organization. We could have typed the following and seen the following output:
[MSH] C:\>Move-Mailbox david.elfassy -targetdatabase "mbdb-laxmb01-15" Confirm Are you sure you want to perform this action? Moving mailbox: David Elfassy (David.Elfassy@volcanosurfboards.com) to Database: E2K7-BASE\SG-LAXMB01-15\MBDB-LAXMB01-15. The operation can take a long time and the mailbox will be inaccessible until the move is complete [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): y Identity : fourthcoffee.com/Corporate/David Elfassy DistinguishedName : CN=David Elfassy,OU=Corporate, DC=fourthcoffee,DC=com DisplayName : David Elfassy Alias : David.Elfassy LegacyExchangeDN : /o=Volcano Surfboards/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=David.Elfassy PrimarySmtpAddress : David.Elfassy@volcanosurfboards.com SourceServer : E2K7-Base.fourthcoffee.com SourceDatabase : E2K7-BASE\First Storage Group\Executives SourceGlobalCatalog : E2K7-Base.fourthcoffee.com TargetGlobalCatalog : E2K7-Base.fourthcoffee.com TargetDomainController : E2K7-Base.fourthcoffee.com TargetMailbox : TargetServer : E2K7-Base.fourthcoffee.com TargetDatabase : E2K7-BASE\SG-LAXMB01-15\MBDB-LAXMB01-15 MailboxSize : 11KB IsResourceMailbox : False SIDUsedInMatch : SMTPProxies : SourceManager : SourceDirectReports : SourcePublicDelegates : SourcePublicDelegatesBL : MatchedTargetNTAccountDN : IsMatchedNTAccountMailboxEnabled : MatchedContactsDNList : TargetNTAccountDNToCreate : TargetManager : TargetDirectReports : TargetPublicDelegates : TargetPublicDelegatesBL : Options : Default SourceForestCredential : TargetForestCredential : TargetFolder : RsgMailboxGuid : RsgMailboxLegacyExchangeDN : RsgMailboxDisplayName : RsgDatabaseGuid : MoveType : IntraOrg MoveStage : Completed StartTime : 11/12/2006 4:02:41 PM EndTime : 11/12/2006 4:03:03 PM StatusCode : 0 StatusMessage : This mailbox has been moved to the target database.
If we had wanted to include the bad item count, we could have included the parameter -BadItemLimit: '2' in the command. Notice that when we typed in the command, we had to confirm that we wanted the mailbox to be moved. To avoid the confirmation prompt, we could have included in the command line -Confirm:$False and the cmdlet would not have prompted us. So that command line would look like this:
Move-Mailbox david.elfassy -TargetDatabase "mbdb-laxmb01-15" -Confirm:$False -BadItemLimit:"2"
There are a few other tricks that may prove useful for you when you are using the Move-Mailbox cmdlet. Let's look at a couple of quick examples. In this first example, we want to move everyone that is a member of the Executives group to the mailbox database called Executives on the server E2K7MB01. We would type this command, which uses the Get-DistributionGroupMember cmdlet to enumerate the membership of the Executives group, and we pipe that output to the Move-Mailbox cmdlet:
Get-DistributionGroupMember "Executives" | Move-Mailbox -TargetDatabase "E2K7MB01\Executives" -Confirm:$False
Another useful use of cmdlets would be to enumerate everyone whose mailbox is located on one mailbox database and then move them to another database. We need to use the Get-Mailbox cmdlet and narrow down the scope of the search using the Where cmdlet so that we only output the objects for mailboxes located on a specific database.
Get-Mailbox | Where {$_.database -like "E2K7-Base\VIP\VIP Mailboxes"} | Move-Mailbox -TargetDatabase "Executives" -Confirm:$False With a little creativity, you can probably figure out a number of other ways to accomplish this task or tasks similar to this.
Retrieving Mailbox Statistics
Frequently Exchange mailbox administrators need to run a report and list the amount of storage that each mailbox is consuming. With previous versions of Exchange, this information was available via the GUI, but now it is available via the EMS cmdlet Get-MailboxStatistics. Hereisan example of using this cmdlet without any parameters:
[MSH] C:\>Get-MailboxStatistics DisplayName ItemCount StorageLimitStatus LastLogonTime ----------- --------- ------------------ ------------- Microsoft System Attendant 0 BelowLimit 11/11/2006 2:10:23 PM Kevin Miller 6 10/24/2006 2:40:31 AM Suriya Supatanasakul 3 10/24/2006 2:40:31 AM Micah Hoffmann 2 BelowLimit 10/24/2006 2:42:06 AM Andy David 2 BelowLimit 10/24/2006 2:40:30 AM Jenn Long 10 BelowLimit 10/24/2006 2:40:31 AM SystemMailbox{F4A7C474-FE 402 BelowLimit E5-46EA-A886-C1D8393E27F} Not a real attractive report, is it? And this report includes all mailboxes, including the system mailbox and system attendant mailboxes. We will show you how to exclude these from the report as well as provide more useful information. There a few useful properties that are part of the objects that output when you use the Get-MailboxStatistcs cmdlet. These can be used to constrain the output that is sent to the screen (or a file) as well as the output if you redirect this information to a file. Table 10.5 shows some of the properties of the objects that are output when you use the Get-MailboxStatistcs cmdlet.
|
| Property | Description |
|---|---|
| DisplayName | Name of the mailbox. |
| ItemCount | Total number of items stored in the entire mailbox. |
| TotalItemSize | Total size of all of the items in the mailbox except for items in the deleted item cache. |
| TotalDeletedItemsSize | Total size of items that are in the deleted item cache. |
| StorageLimitStatus | Status of the mailbox storage limits; the limits you may see are as follows:
|
| Database | Name of the database on which the mailbox is located in the format of ServerName\StorageGroupName\DatabaseName, such as E2K7MB01\VIP SG\VIP Mailboxes. |
| ServerName | Name of the mailbox server. |
| LastLogoffTime | Date and time of the last time someone logged off of the mailbox. |
| LastLogonTime | Date and time of the last time someone logged on to the mailbox. |
| LastLoggedOnUserAccount | Domain name and username of the last person to access the mailbox. |
| DisconnectDate | Date and time when the mailbox was deleted or disconnected. |
|
So, perhaps we only want to look a mailbox report that includes the display name, total size of the mailbox, the total number of items, and the storage limit status. Further, we are going to include the where clause and filter out any mailboxes whose name contains the word system. The following example shows what this would look like:
Get-MailboxStatistics | where {$_.displayname -notlike "*System*"} | ft displayname, @{expression={$_.totalitemsize.value.ToKB()}; width=20;label= "Mailbox Size(kb)"},ItemCount,StorageLimitStatus DisplayName Mailbox Size(kb) ItemCount StorageLimitStatus ----------- ---------------- --------- ------------------ Lee Desmond 331221 1410 IssueWarning EQUIP - Panas... 10 3 BelowLimit Finance Journ... 3 1 BelowLimit Elizabeth Owusu 958376 84325 MailboxDisabled Damion Jones 10 3 BelowLimit Andy Schan 21468 3112 BelowLimit Paul Robichaux 5 2 BelowLimit David Elfassy 183714 8713 ProhibitSend Conference Ro... 375 72 BelowLimit Andy Webb 539985 47444 IssueWarning Manfred Estrada 83837 163 BelowLimit Devin Ganger 7548 94 BelowLimit Did you notice that we threw in some new features of the PowerShell? This includes taking the output and reformatting it using the Expression feature. We can redirect the output to a text file using the > character and a filename:
C:\>Get-MailboxStatistics | where {$_.displayname -notlike "*Sys tem*"} | ft displayname, @{expression={$_.totalitemsize.value.ToKB()}; width=20;label= "Mailbox Size(kb)"},ItemCount,StorageLimitStatus > c:\MailboxReport.txt We could also pipe the output to either the Export-Csv or Export-Clixml cmdlet and send the data to a comma-separated value or XML file.
Deleting Mailboxes
Deleting mailboxes might not seem like such a complicated task until you look at the Actions pane once you have selected a mailbox in the Recipient Configuration work center. There are a couple of options with respect to deleting a mailbox, including simply disconnecting the mailbox from a user account, deleting both the account and the mailbox, and purging a previously deleted mailbox.
In the section of the Actions pane that reflects the mailbox that is currently selected in the results pane, you will see both a Disable and a Remove option.
Both the Remove and the Disable option will delete the mailbox; it's just how they go about doing it that is the difference.
Deleting the Mailbox but Not the User
If you choose the Disable option, the mailbox is disconnected from the user account but the user account remains in Active Directory. This is the equivalent of using the EMS cmdlet Disable-Mailbox. For example, to remove a mailbox from an existing user, you could type this:
Disable-Mailbox damion.jones -Confirm:$False
All this does is to disconnect the mailbox from the user account; the user account remains in Active Directory. After the deleted mailbox recovery time expires, the mailbox will be permanently removed from the mailbox database.
Deleting Both the User and the Mailbox
If you choose the Remove option, the mailbox is disconnected from the user account and the user account is deleted from the Active Directory. You can also accomplish this from the EMS using the Remove-Mailbox cmdlet. Here is an example:
Remove-Mailbox cheyne.manalo
This command will prompt you to ensure that you really want to remove the mailbox; you can avoid the confirmation prompt by including the -Confirm:$False parameter. If you want to delete the mailbox and the account and prevent the mailbox from being recovered, you can include the -Permanent:$True parameter. Here is another example that automatically confirms the deletion and permanently removes the mailbox:
Remove-Mailbox jonathan.long -Permanent:$True -Confirm:$False
Permanently Purging a Mailbox
By default, after the deleted mailbox recovery time has expired, the mailbox will be permanently purged from the mailbox database. If you have already deleted the mailbox and want to permanently purge the mailbox from the mailbox database, you can also do that, but it requires two lines. The first line is going to set a variable that retrieves the mailbox object for a mailbox whose display name is Martha Lanoza. The second line uses that variable along with the MailboxGuid property of that mailbox to remove that mailbox from the VIP Mailboxes database. Here are the two commands that would need to be executed:
$Temp = Get-MailboxStatistics | Where {$_.DisplayName -eq 'Martha Lanoza'} Remove-Mailbox -Database "VIP Mailboxes" -StoreMailboxIdentity $Temp.MailboxGuid This example assumes there would only be a single mailbox whose display name is Martha Lanoza and that there is only a single mailbox database named VIP Mailboxes. With a little creativity, you can permanently purge mailboxes in other ways, but this is a very basic EMS method of doing this.
Reconnecting a Deleted Mailbox
Exchange Server allows you to "undelete" a mailbox that you may have accidentally disconnected from a user account. The simplest way to do this is to use the EMC. In the Recipient Configuration work center you will find the Disconnected Mailbox subcontainer (shown in Figure 10.31). Click the Connect to Server task in the Actions pane to see a mailbox listing; otherwise, deleted mailboxes may not show up in the results pane.
Figure 10.31: Reconnecting mailboxes that have been deleted
| Tip | When you first view disconnected mailboxes, make sure you click the Connect to Server task on the Actions menu. |
The disconnected mailbox listing you see in Figure 10.31 is a list of the mailboxes on the mailbox server to which we are currently connected. You can view other mailbox servers by choosing the Connect to Server option in the Actions pane.
You could generate the same list using the Get-MailboxStastics command and filter based on viewing only objects whose DisconnectDate property contains data:
Get-MailboxStatistics | Where {$_.DisconnectDate -ne $null} | FT DisplayName,DisconnectDate DisplayName DisconnectDate ----------- -------------- Micah Hoffmann 12/10/2006 3:13:37 AM David Elfassy 12/02/2006 3:13:23 AM Paul Agamata 11/25/2006 3:13:55 AM Brian Tirch 11/20/2006 3:13:47 AM Clayton Kamiya 11/16/2006 3:13:01 AM If you have removed one of these mailboxes from its user account accidentally, you can still reconnect it back to a user account. In the EMC's Disconnected Mailbox subcontainer, highlight the mailbox that you want to reconnect and choose the Connect task on the Actions pane. This will launch the Connect Mailbox Wizard (shown in Figure 10.32); the main page of the Connect Mailbox Wizard looks a lot like the main page of the New Mailbox Wizard.
Figure 10.32: Starting the Connect Mailbox Wizard
From the Connect Mailbox screen you are asked what type of mailbox you are connecting. Choices include a user mailbox, room resource mailbox, equipment resource mailbox, and a linked mailbox.
| Tip | Deleted mailboxes can only be connected to a user account that does not have a mailbox already associated with it. |
On the Mailbox Settings page of the Connect Mailbox Wizard (shown in Figure 10.33), you must select the user account to which you want to connect this mailbox. The user account must not already have a mailbox associated with it. There are two different ways that you can locate the user account. If you choose the Matching User radio button and then click the Browse button, the EMC will make its "best guess" at finding the right user account in the Active Directory.
Figure 10.33: Assigning a deleted mailbox to a user account that does not currently have a mailbox
If you choose the Existing User radio button and then click the Browse button, you will be presented with a browse list of all users in the Active Directory. This list will include users that have been mailbox-enabled and those that do not have mailboxes. If you select a user that already has a mailbox, you will see an error indicating that.
Regardless of whether you use the Matching User or the Existing User selection, the Exchange Alias value will be displayed and you can override it if necessary.
Note that you may also specify a managed folder mailbox policy and an ActiveSync policy for this mailbox. These can always be assigned later, but you have the option of re-assigning them at the time when you are reconnecting the mailbox to the account.
To do the same task using the EMS, you use the Connect-Mailbox cmdlet. This cmdlet takes as an identifier for the mailbox you are trying to connect the unique mailbox GUID, the display name, or the legacy Exchange distinguished name. The display name of the mailbox is by far the easiest to use. You also must provide the name of the database on which the mailbox is located and the user account to which you are connecting the account.
Before we do this, let's take a quick look at another iteration of the Get-MailboxStatistics cmdlet and how we can enumerate the information we need to reconnect a mailbox. In this output, we are displaying just the database name and the display name:
Get-MailboxStatistics | Where {$_.DisconnectDate -ne $null } | FT DisplayName,Database DisplayName Database ----------- -------- Aran Hoffmann E2K7-BASE\VIPs SG\VIPs Paul Agamata E2K7-BASE\Execs SG\Executives Donny Shimamoto E2K7-BASE\Execs SG\Executives Clayton Kamiya E2K7-BASE\Execs SG\Executives We have accidentally deleted user Clayton Kamiya's mailbox from the Executives mailbox database; this user also had a managed folder policy and an ActiveSync policy. To reconnect this user's mailbox to user account volcanosurf\Clayton.Kamiya, here is the command we would execute:
Connect-Mailbox "Clayton Kamiya" -Database:"Executives" -User:"volcanosurf\Clayton.Kamiya" -Alias:"Clayton.Kamiya" -MobileMailboxPolicy:"Standard User ActiveSync Policy" -ManagedFolderMailboxPolicy:"All Employees"
EAN: 2147483647
Pages: 198