MVP - Most Valuable Professional
rss

Just can't get enough of IT

This blog is about mostly anything in IT. But the primary focuses are Microsoft Technologies like Exchange, Office 365, Azure and Cloud Security.

Problem

You are not able to list public folders in a co-existence scenario with Exchange Server 2007 and Exchange Server 2010/2013 using the Exchange 2007 EMS or EMC.

When you try to execute Get-PublicFolder you receive the following error:

Get-PublicFolder " There is no existing PublicFolder that matches the following Identity: '\'. Please make sure that you specified the correct PublicFolder Identity and that you have the necessary permissions to view PublicFolder.

This might happen after you have removed the first Exchange 2007 mailbox server, but not the last Exchange 2007 mailbox server.

Exchange Server 2007 uses the Exchange System Attendant to access the public folder store and fails, if the System Attendant discovery in Active Directory does not provide a proper configuration.

KB 2621350 describes the discovery process:

  1. Exchange Server 2007 selects a mailbox database.
  2. Exchange Server 2007 obtains the LegacyExchangeDN attribute of the selected mailbox database. For example, Exchange Server 2007 obtains the following LegacyExchangeDN attribute value:
    /o=First Organization/ou=Exchange Administrative Group (group_name)/cn=Configuration/cn=Servers/cn=E14HUBCAS/cn=Microsoft Private MDB
  3. Exchange Server 2007 removes the "CN=Mailbox Database" part of the address. The address then resembles the following:
    /o=First Organization/ou=Exchange Administrative Group (group_name)/cn=Configuration/cn=Servers/cn=E14HUBCAS
  4. Exchange Server 2007 adds "CN=Microsoft System Attendant" to the LegacyExchangeDN value. After the value is appended, the LegacyExchangeDN attribute value resembles the following:
    /o=First Organization/ou=Exchange Administrative Group (group_name)/cn=Configuration/cn=Servers/cn=E14HUBCAS/CN=Microsoft System Attendant
  5. Exchange Server 2007 tries to log on to the public store by using the value in step 4.
  6. The store then tries to locate the System Attendant object.

There two annoying things about these steps

  1. Step 1:  Exchange Server 2007 selects a mailbox database

    There is no description available on how the database is being selected. But the co-existence scenario results in a mailbox database being selected that might be located on Exchange Server 2010 or Exchange Server 2013. Even thought that there still are Exchange Server 2007 mailbox database available. You still require to have a mailbox database hosted on an Exchange 2007 public folder server, due to the legacy public folder requirements with Exchange Server 2013.
     
  2. Steps 2-4: The LegacyExchangeDN example shows a E14HUBCAS name as a placeholder. In a situation where you have deployed dedicated mailbox servers this should read E14MBX.
     

Solution

The magic System Attendant mailbox has been removed from Exchange 2010. But the System Attendent configuration node does still exist in the Active Directory Configuration Partition for compatibility reasons. The configured attributes of the System Attendent entry vary depending on the version of the installed Exchange Server.

In regards of public folder issue, we need to focus on the following:

  • Exchange Server 2010 System Attendant
    • homeMDB: <not set>
    • homeMTA: <not set>
  • Exchange Server 2013 System Attendant
    • homeMDB: <not set>
    • homeMTA: CN=Microsoft MTA,CN=E15MBX,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=[ORG],CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=[DOMAIN],DC=[TLD]

To fix the public folder access issue for Exchange Server 2007, set the homeMDB and homeMTA attributes. Set the Exchange System Attendant attributes to appropriate values for your Exchange servers.

Exchange Server 2013

  1. Open ADSIEdit and connect to the Configuration context
  2. Open Databases node
    CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=[ORG],CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=[DOMAIN],DC=[TLD]
  3. Open the Properties of an Exchange 2013 database
  4. View the distinguishedName property and copy the value to clipboard
    Example: CN=E15MBXDB01,CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=[ORG],CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=[DOMAIN],DC=[TLD]
  5. Close the Properties window and open the Servers node
    CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=[ORG],CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=[DOMAIN],DC=[TLD]
  6. Expand the first Exchange 2013 server and open the Properties of the Microsoft System Attendant node
    Ensure that the view is not filtered to Show only attributes that have values
  7. Edit the homeMDB attribute and paste the distinguished name of the mailbox database copied in step 4
  8. Apply the changes and close the properties window

Repeat steps 4 to 8 for each Exchange 2013 server in your environment.

Exchange Server 2010

  1. Open ADSIEdit and connect to the Configuration context
  2. Open Databases node
    CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=[ORG],CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=[DOMAIN],DC=[TLD]
  3. Open the Properties of an Exchange 2010 database
  4. View the distinguishedName property and copy the value to clipboard
    Example: CN=E14MBXDB01,CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=[ORG],CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=[DOMAIN],DC=[TLD]
  5. Close the Properties window and open the Servers node
    CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=[ORG],CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=[DOMAIN],DC=[TLD]
  6. Expand the first Exchange 2010 server and open the Properties of the Microsoft System Attendant node
    Ensure that the view is not filtered to Show only attributes that have values
  7. Edit the homeMDB attribute and paste the distinguished name of the mailbox database copied in step 4
  8. Apply the changes and close the properties window
  9. Open the Properties windows of the Microsoft MTA of the same Exchange
  10. View the distinguishedName property and copy the value to clipboard
    Example: CN=Microsoft MTA,CN=E14MBXSRV01,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=[ORG],CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=[DOMAIN],DC=[TLD]
  11. Open the properties of the Microsoft System Attendant node for a second modification
    Ensure that the view is not filtered to Show only attributes that have values
  12. Edit the homeMTA attribute and paste the distinguished name of the mailbox database copied in step 10
  13. Apply the changes and close the properties window

Repeat steps 4 to 13 for each Exchange 2010 server in your environment.

Wait for Active Directory replication and retry to access the public folders using Get-PublicFolder in an Exchange Server 2007 Management Shell.

It might be required to restart the Exchange 2007 Information Store and System Attendant service of the Exchange 2007 server in question

Use an administrative PowerShell

Restart-Service MSExchangeIS 
Restart-Service MSExchangeSA 

I haven’t noticed any issues in production environments so far. If you encounter any issues in your environment, feel free to leave a comment.

Links


You need assistance with your Exchange Server setup? You have questions about your Exchange Server infrastructure and going hybrid? You are interested in what Exchange Server 2016 has to offer for your environment?

Contact me at thomas@mcsmemail.de
Follow at https://twitter.com/stensitzki

Read More »

Changes to AutoDiscover settings in Exchange are cached by each AutoD IIS application for approximately 2 hours. If you want to have configuration changes available quickly, it required to restart the AutoD application pool on each Client Access Server serving AutoD request. Additionally you have top restart the MSExchangeServiceHost process as well.

You can use the following PowerShell code to restart the application pool and the MSExchangeServerHost process across all Exchange 2013 servers.

Restart Application Pool

Get-ExchangeServer | ? { $_.AdminDisplayVersion -like '*15.*'} | % { Invoke-Command -ComputerName $_.Name -ScriptBlock {Restart-WebAppPool MSExchangeAutodiscoverAppPool } }

 

Restart MSExchangeServiceHost

Get-ExchangeServer | ? { $_.AdminDisplayVersion -like '*15.*'} | % { Invoke-Command -ComputerName $_.Name -ScriptBlock {Restart-Service MSExchangeServiceHost } }

 

Enjoy.

 


You need assistance with your Exchange Server setup? You have questions about your Exchange Server infrastructure and going hybrid? You are interested in what Exchange Server 2016 has to offer for your environment?

Contact me at thomas@mcsmemail.de
Follow at https://twitter.com/stensitzki

Read More »

When you run your Exchange Organization in hybrid mode with Office 365 and you migrate your on-premise Public Folders to Office 365, you are required to configure a remote Public Folder Mailbox in the Exchange Organization settings.

Organization Configs with Exchange 2013 Public Folders On-Premise

With Public Folders on-premise your Exchange Online Org looks like this:

Get-OrganizationConfig | fl *public*

DefaultPublicFolderAgeLimit             :
DefaultPublicFolderIssueWarningQuota    : 1.7 GB (1,825,361,920 bytes)
DefaultPublicFolderProhibitPostQuota    : 2 GB (2,147,483,648 bytes)
DefaultPublicFolderMaxItemSize          : Unlimited
DefaultPublicFolderDeletedItemRetention : 30.00:00:00
DefaultPublicFolderMovedItemRetention   : 7.00:00:00
PublicFoldersLockedForMigration         : False
PublicFolderMigrationComplete           : False
PublicFoldersEnabled                    : Remote
PublicComputersDetectionEnabled         : False
RootPublicFolderMailbox                 : 00000000-0000-0000-0000-000000000000
RemotePublicFolderMailboxes             : {PublicFolder-Mailbox001}

With Public Folders on-premise your On-Premise Exchange Org looks like this:

Get-OrganizationConfig | fl *public*

DefaultPublicFolderAgeLimit             :
DefaultPublicFolderIssueWarningQuota    : Unlimited
DefaultPublicFolderProhibitPostQuota    : Unlimited
DefaultPublicFolderMaxItemSize          : Unlimited
DefaultPublicFolderDeletedItemRetention : 30.00:00:00
DefaultPublicFolderMovedItemRetention   : 7.00:00:00
PublicFoldersLockedForMigration         : True
PublicFolderMigrationComplete           : True
PublicFoldersEnabled                    : Local
PublicComputersDetectionEnabled         : False
RootPublicFolderMailbox                 : ae0ef819-90d2-45d0-92b6-8b2062cf71a3
RemotePublicFolderMailboxes             : {}

Organization Configs with Exchange 2013 Public Folders in Exchange Online

With Public Folders in Exchange Online your Exchange Online Org looks like this:

Get-OrganizationConfig | fl *public*

DefaultPublicFolderAgeLimit             :
DefaultPublicFolderIssueWarningQuota    : 1.7 GB (1,825,361,920 bytes)
DefaultPublicFolderProhibitPostQuota    : 2 GB (2,147,483,648 bytes)
DefaultPublicFolderMaxItemSize          : Unlimited
DefaultPublicFolderDeletedItemRetention : 30.00:00:00
DefaultPublicFolderMovedItemRetention   : 7.00:00:00
PublicFoldersLockedForMigration         : False
PublicFolderMigrationComplete           : False
PublicFoldersEnabled                    : Local
PublicComputersDetectionEnabled         : False
RootPublicFolderMailbox                 : 5810bb30-cdda-4287-85a4-8a2547bb9b01
RemotePublicFolderMailboxes             : {}

With Public Folders in Exchange Online your Exchange On-Premise Org looks like this:

Get-OrganizationConfig | fl *public*

DefaultPublicFolderAgeLimit             :
DefaultPublicFolderIssueWarningQuota    : Unlimited
DefaultPublicFolderProhibitPostQuota    : Unlimited
DefaultPublicFolderMaxItemSize          : Unlimited
DefaultPublicFolderDeletedItemRetention : 30.00:00:00
DefaultPublicFolderMovedItemRetention   : 7.00:00:00
PublicFoldersLockedForMigration         : True
PublicFolderMigrationComplete           : True
PublicFoldersEnabled                    : Remote
PublicComputersDetectionEnabled         : False
RootPublicFolderMailbox                 : 00000000-0000-0000-0000-000000000000
RemotePublicFolderMailboxes             : {mcsmemail.de/Users/PF365-Mailbox-01-55e3d544-ed5a-4557-9008-d8c1b6f06d86}

The remote public folder mailbox has been added to the on-premise Exchange confguration by using:

Set-OrganizationConfig -RemotePublicFolderMailboxes PF365-Mailbox-001 -PublicFoldersEnabled Remote

To be able to add the remote public folder mailbox in a hybrid configuration you are required to add the public folder mailbox (or mailboxes, if you have more than one serving the hierarchy) as a mail user.

Microsoft provides a PowerShell script as part of a script collection here.

The issue with Import-PublicFolderMailboxes.ps1

When you run the Import-PublicFolderMailboxes.ps1 script you might run into the following error:

Cannot bind parameter 'Name' to the target. Exception setting "Name": "The length of the property is too long. The
maximum length is 64 and the length of the value provided is 65."
    + CategoryInfo          : WriteError: (:) [New-MailUser], ParameterBindingException
    + FullyQualifiedErrorId : ParameterBindingFailed,Microsoft.Exchange.Management.RecipientTasks.NewMailUser
    + PSComputerName        : ex2013.mcsmemail.de

The name attribute for a mail user is limited to 64 characters. But why are you exceeding the length when the mailbox name is only 17 characters long?

It turns out that the PowerSheel script adds a prefix name "" and ther mailbox GUID as a suffix. And voilá, the name exceeds the allowed length for the mail user name attribute.

Recommendation

Don't use more than 16 characters when naming the Public Folder mailboxes in Office 365.

Or modify the Import-PublicFolderMailboxes.ps1 script to fit your needs.

$hasPublicFolderServingHierarchy = $true;
$displayName = $publicFolderMailbox.Name.ToString().Trim();
# ORIG: $name = "RemotePfMbx-" + $displayName + "-" + [guid]::NewGuid();
$name = $displayName + "-" + [guid]::NewGuid();
$externalEmailAddress = $publicFolderMailbox.PrimarySmtpAddress.ToString();

 

 

Links

 


You need assistance with your Exchange Server setup? You have questions about your Exchange Server infrastructure and going hybrid? You are interested in what Exchange Server 2016 has to offer for your environment?
Contact me at thomas@mcsmemail.de
Follow at https://twitter.com/stensitzki

Read More »

Description

This script removes orphaned ActiveSync device partnerships from Exchange Server 2010 user mailboxes. Run the script as a scheduled job to maintain your Exchange Server environment properly.

Modifiy the script path variables to fit your requirements. The variables are configured in the ### BEGIN Variables section.

Steps being executed by the script:

  1. Fetch all user mailboxes
  2. Iterate through each user mailbox and determine the number of ActiveSync devices and the number of devices which have not synchronized since 150 days
  3. Delete ActiveSync device registration, if a user has more than 4 devices in total and a minimum of 1 device that has not synced within 150 days

Examples

Remove-ActiveSyncDevicePartnership

Version History

  • 1.0, Initial community release

Links

Additional Credits

Additional credits go to Sebastian Rubertus

Follow

 

 

Read More »

Description

The script published by the Exchange Team requires an update when run on a system that does not use the en-US locale as Culture.

When the script analyses the saved log file information, a DateTime error is beeing thrown:

Cannot convert value "21/05/2010" to type "System.DateTime"

Note
Version 2.1 of the script published by the Exchange Team works without the fix.

Examples

See: http://blogs.technet.com/b/exchange/archive/2013/10/07/analyzing-exchange-transaction-log-generation-statistics.aspx

Version History

  • 1.0, Initial community update

Links

Additional Credits

Additional credits go to Microsoft Exchange Team.

Follow

Read More »