Category: Exchange 2007

Moving exchange mailboxes with powershell EMS

To move a single exchange 2007 mailbox within powershell from one database to another you would use the following command.

Move-mailbox –identity “%username%” –targetdatabase “%DB%”
This would be the equivalent of right clicking on a user object with the exchange console and choosing move mailbox. However the real power of powershell comes into play when you want to move multiple mailboxes from one database to another. In order to do that you would combine the move-mailbox cmdlet with get-mailbox. A simple usage would be something like.

Get-mailbox | move-mailbox –targetdatabase “%DB%”
This would move all mailboxes on the exchange server to the target database, however you may find that you already have a few mailboxes on the target database or you want to move users from a specific database to another database (if you had 3 databases for example). For this you could use:

Get-mailbox –database “%sourceDB%” | move-mailbox –targetdatabase “%DB%”
This would ensure that all mailbox from the source database are moved to the target. This process is not quick however as it opens each mailbox and creates another at the target then moves messages and folders across to the target. If you specify more than one user (or like above feed the move-mailbox mailboxes as multiple variables) then exchange will move 4 mailboxes at a time. During the move the mailboxes being copied will not be available whilst they are transferred.

You can also check what mailboxes reside on the database by typing get-mailbox –database “%DB%” you can use this before you move the mailboxes to get a good idea of how many you are moving, and you can also use it after the move-mailbox action has completed to ensure that non have been missed.
If the move-mailbox action errors on any particular mailbox (usually it will be because of corrupted mail items in the mailbox) then the mailbox move will not complete for that mailbox. This will leave a complete mailbox for the user on the source database and a partial mailbox on the destination. However after a few minutes exchange will delete the partial copy and you can try the move again. If the move fails because of corrupted items in the mailbox then you can force the move to occur by using the –baditemlimit variable if you simply must copy the mailbox, setting the limit at 1000 should cater for all really.
Move-mailbox –identity “username” –targetdabase “%DB%” –baditemlimit 1000

How to virtualize Exchange 2007

Well, I’m going through my p2v exercise with my current employer and whilst I have p2v’d many servers I had not converted an exchange server before. Our exchange server is a single windows 2003 R2 x64 box with all the exchange roles installed on it, its not a complicated setup but for us it doesn’t need to be. So googling around I found quite a few horror stories of failed p2v attempts. So with a degree of uncertainty I planned for the exchange conversion.

I started off my stopping and disabling these services on my exchange server (because of this obviously you need to carry this out within a maintenance window as exchange will be down for a couple of hours at least.)

MS Exchange Active Directory Topology
MS Exchange File Distribution
MS Exchange Information Store
MS Exchange Mail Submission
MS Exchange mailbox Assistants
MS Exchange replication service
MS Exchange search indexer
MS Exchange service host
MS Exchange system attendant
MS Exchange transport
MS Exchange transport log sear
microsoft search (exchange)
sql server (blackberry)
sql server browser
sql server vss writer
Backup exec

Now there are a couple of services there that are specific to my set up but you get the idea, anything exchange or sql based I stopped and disabled. I then carried out the conversion as per any other p2v using the standalone vmware convertor program. I also wanted to shrink the servers D drive as it was way too big for the mailstore so I configured that as well at this point.
When the conversion had completed I powered down the old physical server and powered on the vm. Then I removed the brand specific drivers and applications (such as HP and dell drivers and array helpers). The I installed the vm guest tools and configured the networking.

I then reset all the disabled services to automatic and restarted the vm. a few nervous minutes later I was able to view emails in owa, use active sync and send/receive emails through outlook, so it all in all seems to have gone well. At least much better than my googling was suggesting it might.

So in my experience of converting exchange server 2007 all you need to do is stop the exchange and sql services (plus any backup agents you may have) and disable them.
Run the conversion using the current vmware standalone converter
Power off the physical
Power on the VM
Remove all of the hardware specific drivers and applications
Install the vm guest tools
Configure the networking
Re-enable the disabled services and reboot the server.
Then check the event logs etc just to make sure windows isn’t complaining about anything.
Then you just need to let your users know that it is safe to use outlook etc again.

The trouble I guess with p2ving exchange is that once you have brought the services back online and it starts servicing mail requests its pretty much impossible to turn the old physical server back on as you will lose any recent transactions that the exchange vm made. So if there is something thats not quite right with it then you really have to power on through and find a fix for it rather than revert to reconverting or powering on the old physical.

Migrating Outlook autocorrect to a new profile

When you’ve done all that you can to diagnose a problem and you are left with the last bastian of hope that is migrating the user to a new profile (I do this by renaming the current one to something.old) along with PST’s and desktop, document and favourite folders you can also migrate Outlooks autocomplete data.

The file extention for the autocomplete data is *.NK2 which is normally located (in Outlook 2007) in %userprofile%\application data\microsoft\Outlook . Copy the NK2 file into the newly created profile and ensure that the NK2 file is renamed to match whatever you have chosen to call the Outlook profile in the users new profile. Et voila, years’ worth of autocorrect data back.

Remotely Wiping Iphone Exchange accounts

With the proliferation of the jesusphone and related pad, more and more people want to connect they devices to their work email accounts this can be done very simply through the apple devices. However it can be a little hard to track the spread of such devices in small companies.  There is a handy little Exchange shell command you can use in order to discover what devices are connected to your exchange server.

The shell command is “Export-ActiveSyncLog” which creates a series of csv files one of which users.csv holds the data on connected devices. By default the command would look like this:

Export-ActiveSynclog –filename c:\windows\system32\logfiles\w3svc*\exYYMMDD.log –outputpath  “output path req”

The above command assumes that your IIS log files are in the default location and you will need to substitute the w3svc* with whatever is relevant within your setup.

This will create 6 csv files and if you open the users.csv it will list the connected activesync devices and what they are.

Now the one problem I have with iphones etc is that there appears to be no way of totally trashing the device remotely like you can with blackberries, however you can remotely wipe the corporate email account from the device by performing the below:

1: Open the Exchange Management Console

2: Expand the Recipient Configuration node and click on the Mailbox subheading.

3: Single click the user in question and in the pane on the right hand side of the console select Manage Mobile Devices (this option is not available if the user does not have a device registered).

4: You will have two options in this screen firstly select the correct lost device (if there is more than one associated with the user) and check the “Perform a remote wipe to clear mobile device data”

5: The information in the same screen will tell you when the wipe was requested (i.e. when you pressed the button) and also when the device received the remote wipe request (Acknowledge).

6: Once the remote wipe has been performed you will need to go through the above again and select “Remove mobile device partnership” when you get to step 4 otherwise the device will be continually wiped when the user goes through setting up the account again should they find the device down the back of the sofa etc.

Setting global calendar permissions in exchange 2007

I’m finding exchange 2007 a strange beast to work with, coming from a groupwise environment some seemingly simple tasks need a good deal of fiddling to get just so. Why NTFS permissions are not all throughout exchange 2007 I’ll never know but hey ho onwards to my point.

I was asked to set up exchange so that everyone had read only access to everyone else’s calendar. so after a bit of searching around the exchange console I discovered that it was not possible to do this from the native exchange tools (go figure)!

I cam across this tool PFDAVADMIN, which will allow among other things the global setting of calendar permissions.

Now because its christmas and I’m feeling lazy I shall not bother writing how to use it to set the permissions only point you to THIS blog which lays out the instructions rather nicely I feel.

TTFN

Changing public folder permissions in exchange 2007

So like it or not, alot of the power of exchange is now harnessed within powershell. I had a instance recently where I wanted to allow someone almost complete control over a public folder calendar, so they could edit and delete other peoples entries. This can be done quite easily in powershell using 2 or 3 basic commands. Firstly I wanted to check what permissions were currently set on the public folder:

Get-publicfolderclientpermission -identity “\name of public folder”

This gave me a list of currently assigned permissions, now to help out you could append the basic command with a couple of extras which could list the permissions in a more friendly way and also write the output to a file for a point of reference. So the full command would look like:
Get-publicfolderclientpermission -identity | fl > c:\perms.txt

Once I have the current permissions I was happy to tinker away safe in the knowledge that I have a good idea of what I should be reverted too should something bad happen.

So the next command is Add-publicfolderclientpermission which actually amends the permissions, you can give individual permissions to to users or a role which is a collection of permissions. You can find out more by typing “get-help add-publicfolderclientpermission -detailed”.

Anyhow the basic command I used to grant read/write access to the public folder was “add-publicfolderclientpermission -identity “\public folder name” -user “mrs goggins” -accessrights publishingeditor” .

Once that has completed you could view the permissions again by typing Get-publicfolderclientpermission -identity “\public folder name” to ensure that the permission has set correctly.