MVP - Most Valuable Professional
rss

Just can't get enough of IT

This blog is about mostly anything in IT. But the primary focuses are Microsoft Technologies like Exchange, Office 365, Azure and Cloud Security.
Thomas Stensitzki | MVP
Thomas Stensitzki | MVP

MVP LogoThomas Stensitzki is a principal technology consultant focusing on the Microsoft messaging and collaboration technologies and the owner of Granikos GmbH & Co. KG.

He was awarded as MVP for Office Apps & Services in 2018.

He holds Master certifications as Microsoft Certified Solutions Master Messaging and as Microsoft Certified Master for Exchange Server 2010. This makes him a subject matter expert for any messaging topic related to Microsoft Exchange, Exchange Online, Microsoft 365, and Hybrid configurations.

Follow Thomas on: Google+, LinkedIn, Twitter

My sessions: https://sessionize.com/thomas-stensitzki

Personal blog: http://justcantgetenough.granikos.eu
Personal blog (legacy): http://www.sf-tools.net
Personal website: http://www.stensitzki.de
Contact Thomas at thomas@mcsmemail.de

 

Last updated: 2018-01-24

 

Exchange Server 2007 Exchange Server 2010 Description

This script will generate a report for Exchange 2007/2010 Public Folder Replication. It returns general information, such as total number of public folders, total items in all public folders, total size of all items, the top 20 largest folders, and more. Additionally, it lists each Public Folder and the replication status on each server.

By default, this script will scan the entire Exchange environment in the current domain and all public folders. This can be limited by using the -ComputerName and -FolderPath parameters.

NOTE:
This is an updated version of the Mike Walker (blog.mikewalker.me) to support non-ASCII environments.

Examples

Generate a public folder generation report for public folder \MYPUBLICFOLDER having replicas on servers MXSRV01, MXSRV02, MXSRV03

Get-PublicFolderReplicationReport.ps1 -ComputerName MXSRV01,MXSRV02,MXSRV03 -FolderPath "\MYPUBLICFOLDER" -Recurse -Subject "Public Folder Environment Report" -AsHTML -To postmaster@varunagroup.de -From postmaster@varunagroup.de -SmtpServer relay.mcsmemail.de -SendEmail

Example report

Example report

If you want to simplufy the report generation, create an addtional script: Run-PublicFolderReplicationReport.ps1

param(
    [string]$publicFolderPath = ''
)

# Variables

# Custom label for email subject
$label = 'Exchange 2007'
$recipients = 'pfreports@mcsmemail.de'
$sender = 'postmaster@mcsmemail.de'

# array of public folder servers to query
$publicFolderServers = @('EX2007-01','EX2010-01')

# SMTP server to relay mail
$smtpServer = 'relay.mcsmemail.de'

# Used to trigger a dedicated report for \GrFolder1\Folder1, \GrFolder1\Folder2
$granularRootFolder = @()  # @("\Folder01")
$subPath = ''

# Check for granular folders, Added 2016-01-19
if($granularRootFolder -contains $publicFolderPath) {
    $subPath = $publicFolderPath
    $publicFolderPath = ''
}

#
if($publicFolderPath -ne '') {
    Write-Host "Generating Public Folder reports for $($publicFolderPath)"
    # Generate report for a single public folder | Change COMPUTERNAME attribute for servers to analyse
    .\Get-PublicFolderReplicationReport.ps1 -ComputerName $publicFolderServers -FolderPath $publicFolderPath -Recurse -Subject "Public Folder Environment Report [$($publicFolderPath)] [$($label)]" -AsHTML -To $recipients -From $sender -SmtpServer $smtpServer -SendEmail
}
else {
    if($subPath -ne '') {
        $publicFolderPath = $subPath
    }
    else {
        $publicFolderPath = '\'
    }
    
    if($granularRootFolder.Count -ne 0) {
        Write-Host 'Following root folders will be excluded when using "\":'
        $($granularRootFolder)
    }
    
    Write-Host "Generating Public Folder reports for all folders in $($publicFolderPath)"
    
    $folders = Get-PublicFolder $publicFolderPath -GetChildren 

    # Generate a single report for each folder in root
    $folderCount = ($folders | Measure-Object).Count
    $pfCount = 1
    foreach($pf in $folders) {
        # Check, if folder is in list of granular folders
        if($granularRootFolder -notcontains $pf) {
            if($pf.ParentPath -eq '\') {
                $name = "$($pf.ParentPath)$($pf.Name)"
            }
            else {
                $name = "$($pf.ParentPath)\$($pf.Name)"
            }

            $activity = 'Generating Stats'
            $status = "Fetching $($name)"
            
            Write-Progress -Activity $activity -Status $status -PercentComplete (($pfCount/$folderCount)*100)
          
            .\Get-PublicFolderReplicationReport.ps1 -ComputerName $publicFolderServers -FolderPath $name -Recurse -Subject "Public Folder Environment Report [$($name)] [$($label)]" -AsHTML -To $recipients -From $sender -SmtpServer $smtpServer -SendEmail
            $pfCount++
        }
    }
}

Use the $granularRootFolder array to add root public folders which require a dedicated report for each sub-folder.

Version History

  • 1.0, Initial community release
  • 1.1, Replica status (green/red) depending on item count, not percentage
  • 1.2, Fixed: If 1st server has a lower item count a folder is not being added to the list of folders with incomplete replication
  • 1.3, Changes to number and size formatting, Exchange 2007 now returns MB or GB, as configured
  • 1.4, Handling of KB values with Exchange 2007 added
  • 1.5, Some PowerShelll hygiene and fixes
  • 1.6, Count of incomplete replicated public folders stated in table header (issue #1)

Links

Additional Credits

Additional credits go to Mike Walker (blog.mikewalker.me)

Follow

 

Additional Note

This Powershell script has been optimized using the ISESteroids™ add-on. Learn more about ISESteroids™ here.

 

 

Read More »

The community script to gather legacy public folder replication reports for Exchange Server 2010 and Exchange Server 2007 has been updated.

The replica status of a public folder is indicated by a green or red backgroud color for each folder and replica. The previous version of the script used the replica percentage to set the backgroud color. Escpecially folders holding a large number of items had an issue when Math::Round provided a 100% value.

The current version of the script compares the item count itself. This approach provides a more accurate result.

Enjoy.

Links

Read More »

Problem

You are not able to list public folders in a co-existence scenario with Exchange Server 2007 and Exchange Server 2010/2013 using the Exchange 2007 EMS or EMC.

When you try to execute Get-PublicFolder you receive the following error:

Get-PublicFolder " There is no existing PublicFolder that matches the following Identity: '\'. Please make sure that you specified the correct PublicFolder Identity and that you have the necessary permissions to view PublicFolder.

This might happen after you have removed the first Exchange 2007 mailbox server, but not the last Exchange 2007 mailbox server.

Exchange Server 2007 uses the Exchange System Attendant to access the public folder store and fails, if the System Attendant discovery in Active Directory does not provide a proper configuration.

KB 2621350 describes the discovery process:

  1. Exchange Server 2007 selects a mailbox database.
  2. Exchange Server 2007 obtains the LegacyExchangeDN attribute of the selected mailbox database. For example, Exchange Server 2007 obtains the following LegacyExchangeDN attribute value:
    /o=First Organization/ou=Exchange Administrative Group (group_name)/cn=Configuration/cn=Servers/cn=E14HUBCAS/cn=Microsoft Private MDB
  3. Exchange Server 2007 removes the "CN=Mailbox Database" part of the address. The address then resembles the following:
    /o=First Organization/ou=Exchange Administrative Group (group_name)/cn=Configuration/cn=Servers/cn=E14HUBCAS
  4. Exchange Server 2007 adds "CN=Microsoft System Attendant" to the LegacyExchangeDN value. After the value is appended, the LegacyExchangeDN attribute value resembles the following:
    /o=First Organization/ou=Exchange Administrative Group (group_name)/cn=Configuration/cn=Servers/cn=E14HUBCAS/CN=Microsoft System Attendant
  5. Exchange Server 2007 tries to log on to the public store by using the value in step 4.
  6. The store then tries to locate the System Attendant object.

There two annoying things about these steps

  1. Step 1:  Exchange Server 2007 selects a mailbox database

    There is no description available on how the database is being selected. But the co-existence scenario results in a mailbox database being selected that might be located on Exchange Server 2010 or Exchange Server 2013. Even thought that there still are Exchange Server 2007 mailbox database available. You still require to have a mailbox database hosted on an Exchange 2007 public folder server, due to the legacy public folder requirements with Exchange Server 2013.
     
  2. Steps 2-4: The LegacyExchangeDN example shows a E14HUBCAS name as a placeholder. In a situation where you have deployed dedicated mailbox servers this should read E14MBX.
     

Solution

The magic System Attendant mailbox has been removed from Exchange 2010. But the System Attendent configuration node does still exist in the Active Directory Configuration Partition for compatibility reasons. The configured attributes of the System Attendent entry vary depending on the version of the installed Exchange Server.

In regards of public folder issue, we need to focus on the following:

  • Exchange Server 2010 System Attendant
    • homeMDB: <not set>
    • homeMTA: <not set>
  • Exchange Server 2013 System Attendant
    • homeMDB: <not set>
    • homeMTA: CN=Microsoft MTA,CN=E15MBX,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=[ORG],CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=[DOMAIN],DC=[TLD]

To fix the public folder access issue for Exchange Server 2007, set the homeMDB and homeMTA attributes. Set the Exchange System Attendant attributes to appropriate values for your Exchange servers.

Exchange Server 2013

  1. Open ADSIEdit and connect to the Configuration context
  2. Open Databases node
    CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=[ORG],CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=[DOMAIN],DC=[TLD]
  3. Open the Properties of an Exchange 2013 database
  4. View the distinguishedName property and copy the value to clipboard
    Example: CN=E15MBXDB01,CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=[ORG],CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=[DOMAIN],DC=[TLD]
  5. Close the Properties window and open the Servers node
    CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=[ORG],CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=[DOMAIN],DC=[TLD]
  6. Expand the first Exchange 2013 server and open the Properties of the Microsoft System Attendant node
    Ensure that the view is not filtered to Show only attributes that have values
  7. Edit the homeMDB attribute and paste the distinguished name of the mailbox database copied in step 4
  8. Apply the changes and close the properties window

Repeat steps 4 to 8 for each Exchange 2013 server in your environment.

Exchange Server 2010

  1. Open ADSIEdit and connect to the Configuration context
  2. Open Databases node
    CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=[ORG],CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=[DOMAIN],DC=[TLD]
  3. Open the Properties of an Exchange 2010 database
  4. View the distinguishedName property and copy the value to clipboard
    Example: CN=E14MBXDB01,CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=[ORG],CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=[DOMAIN],DC=[TLD]
  5. Close the Properties window and open the Servers node
    CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=[ORG],CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=[DOMAIN],DC=[TLD]
  6. Expand the first Exchange 2010 server and open the Properties of the Microsoft System Attendant node
    Ensure that the view is not filtered to Show only attributes that have values
  7. Edit the homeMDB attribute and paste the distinguished name of the mailbox database copied in step 4
  8. Apply the changes and close the properties window
  9. Open the Properties windows of the Microsoft MTA of the same Exchange
  10. View the distinguishedName property and copy the value to clipboard
    Example: CN=Microsoft MTA,CN=E14MBXSRV01,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=[ORG],CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=[DOMAIN],DC=[TLD]
  11. Open the properties of the Microsoft System Attendant node for a second modification
    Ensure that the view is not filtered to Show only attributes that have values
  12. Edit the homeMTA attribute and paste the distinguished name of the mailbox database copied in step 10
  13. Apply the changes and close the properties window

Repeat steps 4 to 13 for each Exchange 2010 server in your environment.

Wait for Active Directory replication and retry to access the public folders using Get-PublicFolder in an Exchange Server 2007 Management Shell.

It might be required to restart the Exchange 2007 Information Store and System Attendant service of the Exchange 2007 server in question

Use an administrative PowerShell

Restart-Service MSExchangeIS 
Restart-Service MSExchangeSA 

I haven’t noticed any issues in production environments so far. If you encounter any issues in your environment, feel free to leave a comment.

Links


You need assistance with your Exchange Server setup? You have questions about your Exchange Server infrastructure and going hybrid? You are interested in what Exchange Server 2016 has to offer for your environment?

Contact me at thomas@mcsmemail.de
Follow at https://twitter.com/stensitzki

Read More »

You might encounter a situation when the MSExchangeSA service is stopped and you are not able to start the service.

When you try to start the service the follow event log error is logged:

MSExchangeSA-Error-1005

Log Name:      Application
Source:        MSExchangeSA
Date:          08.01.2016 09:40:33
Event ID:      1005
Task Category: General
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SERVER01.MCSMEMAIL.DE
Description:
Unexpected error Access is denied. Facility: Win32 ID no: c0070005 Microsoft Exchange System Attendant  occurred.

This issue happens most likely due to an endpoint protection solution (aka AV Scanner) blocking access to the MSExchangeSA executable.

The simple apporach to get the service running is to restart the server.

If you need to run local endpoint protection on your Exchange servers, keep in mind to configure the appropriate scan exclusions:

Read More »

An Exchange Receive Connector requires a configuration for who can submit messages to the connector. The original TechNet description of the Set-ReceiveConnector cmdlet and the PermissionGroups attribute is as follows:

"The PermissionGroups parameter specifies the groups or roles that can submit messages to the Receive connector and the permissions assigned to those groups. A permission group is a predefined set of permissions granted to well-known security principals. The valid values for this parameter are as follows: None, AnonymousUsers, Custom, ExchangeUsers, ExchangeServers, ExchangeLegacyServers, and Partners. The default permission groups assigned to a Receive connector depend on the connector usage type specified by the Usage parameter when the Receive connector was created. "

The description implies that it is possible to set the PermissionGroups attribute to Custom.

When you try to set the permission group to Custom, you will notice that this results in an error. You will encounter this error especially when you try to copy a receive connector from one Exchange Server to another Exchange Server.

The attribute itself is being set to Custom by Exchange itself when add AD permission explicitly.

Example

The example shows the configuration of a FerrariFax receive connector that needs to be configured across all Exchange 2013 DAG member servers.

Receice connector set to None

Receive Connector with PermissionGroups set to None

Add a dedicated Permission

Get-ReceiveConnector "SERVER\Connector for UMS (SERVER-FAX)" | Add-ADPermission -User DOMAIN\FaxUser -ExtendedRights ms-Exch-SMTP-Submit,ms-Exch-Bypass-Anti-Spam,ms-Exch-SMTP-Accept-Any-Recipient

Receive connector set to Custom by Exchange

Receive Connector with PermissionGroups set to Custom

 

Note

You can copy a receive connector across a number of Exchange servers using the PowerShell script Copy-ReceiveConnector.ps1 hat has been published at TechNet Gallery.

The script has not been modified to handle this situation, yet. The source code repository is available at Github

Read More »