MVP - Most Valuable Professional
rss

Just can't get enough of IT

This blog is about mostly anything in IT. But the primary focuses are Microsoft technologies like Exchange Server, Microsoft 365, Microsoft Teams, and Cloud Security.

Exchange Server LogoExchange Server uses Receive Connectors for providing SMTP endpoints for incoming connections. A modern Exchange Server provides a default connector on TCP port 25. 

Sometimes you might have a requirement to create a new receive connector for selected incoming SMTP connections. A standard requirement is a receive connector for relaying messages to external recipients. This cannot (should not) be achieved using the default connector.

Each connector uses the RemoteIPRanges attribute to store the list of IP addresses of remote systems that can connect to that connector. The default connector utilizes the full IPv4 and IPv6 addresses ranges.

Your new receive connector requires at least a single IP address for a selected remote system that is supposed to connect to that receive connector. You can add a single IP address, address ranges, or IP addresses using CIDR notation.

The attribute RemoteIPRanges is a multi-value attribute and has a limit of IP address entries that can be added. 

The maximum number of address entries that you can add to that attribute varies. You can store approximately 1,300 entries.

When you exceed the number of values you receive the following error message:

The administrative limit for this request was exceeded.
    + CategoryInfo          : NotSpecified: (:) [Set-ReceiveConnector], AdminLimitExceededException
    + FullyQualifiedErrorId : [Server=EX01,RequestId=ee9d45ad-418b-4172-9235-963eca1a7830,TimeStamp=18.08.2020
    20:07:54] [FailureCategory=Cmdlet-AdminLimitExceededException] AC1E336E,Microsoft.Exchange.Management.SystemConfi
  gurationTasks.SetReceiveConnector
    + PSComputerName        : ex01.varunagroup.de

 

I have tested the number of values that can be stored in that multi-value attribute. Depending on the IP address format I was able to add 1,238 (172.80.x.y) or 1,244 (10.1.x.y) single IP addresses to the RemoteIPRanges attribute.

Plan your IP address configuration requirements carefully and avoid using single IP addresses. Preferably, you should use IP address ranges or IP address CIDR notation for networks.

 

Links

 

Enjoy Exchange Server!

 

Are you located in Germany, Austria, or Switzerland? Join the Exchange User Group DACH to collaborate with other Exchange enthusiasts.
Follow us on Twitter @exusg, join on Meetup, or visit our website

 

Read More »
Last updated: 2021-02-02


Logo Exchange ServerThis is a post summarizing the configuration values for important Exchange-related Active Directory object attributes.

Whenever you need to look up these values for troubleshooting, or editing the values manually.

Note: You should not edit any of the values manually, just because you can. Edit any Exchange-related attributes, if you are familiar with the result of your changes.

 

RemoteRecipientType

Attribute

  • msExchRemoteRecipientType 

 

1
ProvisionMailbox
2
ProvisionArchive (On-Premises Mailbox)
3
ProvisionMailbox, ProvisionArchive
4
Migrated (UserMailbox)
6
ProvisionArchive, Migrated
8
DeprovisionMailbox
10
ProvisionArchive, DeprovisionMailbox
16
DeprovisionArchive (On-Premises Mailbox)
17
ProvisionMailbox, DeprovisionArchive
20
Migrated, DeprovisionArchive
24
DeprovisionMailbox, DeprovisionArchive
33
ProvisionMailbox, RoomMailbox
35
ProvisionMailbox, ProvisionArchive, RoomMailbox
36
Migrated, RoomMailbox
38
ProvisionArchive, Migrated, RoomMailbox
49
ProvisionMailbox, DeprovisionArchive, RoomMailbox
52
Migrated, DeprovisionArchive, RoomMailbox
65
ProvisionMailbox, EquipmentMailbox
67
ProvisionMailbox, ProvisionArchive, EquipmentMailbox
68
Migrated, EquipmentMailbox
70
ProvisionArchive, Migrated, EquipmentMailbox
81
ProvisionMailbox, DeprovisionArchive, EquipmentMailbox
84
Migrated, DeprovisionArchive, EquipmentMailbox
100
Migrated, SharedMailbox
102
ProvisionArchive, Migrated, SharedMailbox
116
Migrated, DeprovisionArchive, SharedMailbox

 

Recipient Type 

Attribute

  • msExchRecipientDisplayType

 

Display Type
msExchRecipientDisplayType
(Decimal Value)
RecipientType
Mailbox User
0
MailboxUser
Distribution Group
1
DistrbutionGroup
Public Folder
2
PublicFolder
Dynamic Distribution Group
3
DynamicDistributionGroup
Organization
4
Organization
Private Distribution List
5
PrivateDistributionList
Remote Mail User
6
RemoteMailUser
Conference Room Mailbox
7
ConferenceRoomMailbox
Equipment Mailbox
8
EquipmentMailbox
ACL able Mailbox User
1073741824
ACLableMailboxUser
Security Distribution Group
1043741833
SecurityDistributionGroup
Synced Mailbox User
-2147483642
SyncedMailboxUser
Synced UDG as UDG
-2147483391
SyncedUDGasUDG
Synced UDG as Contact
-2147483386
SyncedUDGasContact
Synced Public Folder
-2147483130
SyncedPublicFolder
Synced Dynamic Distribution Group
-2147482874
SyncedDynamicDistributionGroup
Synced Remote Mail User
-2147482106
SyncedRemoteMailUser
Synced Conference Room Mailbox
-2147481850
SyncedConferenceRoomMailbox
Synced Equipment Mailbox
-2147481594
SyncedEquipmentMailbox
Synced USG as UDG
-2147481343
SyncedUSGasUDG
Synced USG as Contact
-2147481338
SyncedUSGasContact
ACL able Synced Mailbox User
-1073741818
ACLableSyncedMailboxUser
ACL able Synced Remote Mail User
-1073740282
ACLableSyncedRemoteMailUser
ACL able Synced USG as Contact
-1073739514
ACLableSyncedUSGasContact
Synced USG as USG
-1073739511
SyncedUSGasUSG

 

 

  • Exchange Server: msExchRecipientTypeDetails
  • Exchange Online: RecipientTypeDetails

 

Object Type
msExchRecipientTypeDetails
(Decimal Value)
RecipientTypeDetails
User Mailbox
1
UserMailbox
Linked Mailbox
2
LinkedMailbox
Shared Mailbox
4
SharedMailbox
Legacy Mailbox
8
LegacyMailbox
Room Mailbox
16
RoomMailbox
Equipment Mailbox
32
EquipmentMailbox
Mail Contact
64
MailContact
Mail User
128
MailUser
Mail-Enabled Universal Distribution Group
256
MailUniversalDistributionGroup
Mail-Enabled Non-Universal Distribution Group
512
MailNonUniversalGroup
Mail-Enabled Universal Security Group
1024
MailUniversalSecurityGroup
Dynamic Distribution Group
2048
DynamicDistributionGroup
Public Folder
4096
Public Folder
System Attendant Mailbox
8192
SystemAttendantMailbox
System Mailbox
16384
SystemMailbox
Cross-Forest Mail Contact
32768
MailForestContact
User
65536
User
Contact
131072
Contact
Universal Distribution Group
262144
UniversalDistributionGroup
Universal Security Group
524288
UniversalSecurityGroup
Non-Universal Group
1048576
NonUniversalGroup
Disabled User
2097152
DisabledUser
Microsoft Exchange
4194304
MicrosoftExchange
Arbitration Mailbox
8388608
ArbitrationMailbox
Mailbox Plan
16777216
MailboxPlan
Linked User
33554432
LinkedUser
Room List
268435456
RoomList
Discovery Mailbox
536870912
DiscoveryMailbox
Role Group
1073741824
RoleGroup
Remote Mailbox
2147483648
RemoteMailbox
Team Mailbox
137438953472
TeamMailbox
Remote Team Mailbox
274877906944
RemoteTeamMailbox
Monitoring Mailbox
549755813888
Monitoring Mailbox
Group Mailbox
1099511627776
GroupMailbox
Linked Room Mailbox
2199023255552
LinkedRoomMailbox
AuditLogMailbox
4398046511104
AuditLogMailbox
Remote Group Mailbox
8796093022208
RemoteGroupMailbox
Scheduling Mailbox
17592186044416
SchedulingMailbox
Guest MailBox
35184372088832
GuestMailBox
Aux AuditLog Mailbox
70368744177664
AuxAuditLogMailbox
Supervisory Review
140737488355328
SupervisoryReview

 

 

Read More »

Icon Exchange Server 2019When you plan to implement an Exchange Hybrid Configuration between your on-premises Exchange Organization and Exchange online you have to choose between two variants and five operating modes. It is not as complicated as it sounds.

I have written a blog post about the different options available. 

The post is published in ENow's ESE blog.

Enjoy.

 

 

Read More »

Exchange Server 2016Exchange Server 2019

Exchange Server 2016 introduced the PowerShell cmdlet Get-MailboxServerRedundancy. This cmdlet helps you plan and prepare for Exchange Server maintenance by querying the current maintenance readiness of the database availability group (DAG). 

Interestingly, there is no PowerShell help available for this vital cmdlet. Microsoft Docs or Exchange Management Shell's Get-Help provide any valuable information.

When querying a DAG about the server redundancy status, the cmdlet's default output provides you with the essential information.

The default output contains information about:

  • Identity
    Name of the DAG member server
     
  • IsServerFoundInAD
    Indicates if the corresponding server computer object exists Active Directory
     
  • IsInMaintenance
    Indicates if the server is currently in maintenance mode
     
  • RepairUrgency
    Indicates an aggregated state of the mailbox database and search index repair modes 
     
  • SafeForMaintenance
    Indicates if you can safely activate the maintenance mode for this server
     
  • HealthInfoLastUpdateTime
    Timestamp when the server's health state was last updated
     

 

Example - Prior Maintenance

This example shows the Get-MailboxServerRedundancy output of a six server DAG, before activating maintenance mode for server LOCEXS06.

Get-MailboxServerRedundancy -DatabaseAvailabilityGroup EXDAG01

Identity        IsServerFound IsInMainten RepairUrgency SafeForMaintenance HealthInfoLastUpdateTime
                InAD          ance
--------        ------------- ----------- ------------- ------------------ ------------------------
LOCEXS01        True          False       Prohibited    False              17.02.2020 09:10:11
LOCEXS02        True          False       Normal        True               17.02.2020 09:10:11
LOCEXS03        True          False       Normal        True               17.02.2020 09:10:11
LOCEXS06        True          False       Normal        True               17.02.2020 09:10:11
LOCEXS05        True          False       Normal        True               17.02.2020 09:10:11
LOCEXS04        True          False       Prohibited    False              17.02.2020 09:10:11

 

As Exchange Administrator, you are most interested in the information displayed in columns RepairUrgency and SafeForMaintenance.

Screenshot Get-MailboxServerRedundancy

 

As you can see in this screenshot, no server is in maintenance mode. Servers S01 and S04 have a RepairUrgency state of Prohibited, and a SafeForMaintenance state of False. The latter tells us that we cannot activate maintenance mode for servers safely without risking mailbox database redundancy. 

What is the reason for this? Let's have a look.

 

Server Information

You can use the same cmdlet to query detailed information for each member server of the DAG. The default output for a single server does not provide any additional information on the server status. 

Get-MailboxServerRedundancy -DatabaseAvailabilityGroup EXDAG01 -Identity LOCEXS01

Identity        IsServerFound IsInMainten RepairUrgency SafeForMaintenance HealthInfoLastUpdateTime
                InAD          ance
--------        ------------- ----------- ------------- ------------------ ------------------------
LOCEXS01        True          False       Prohibited    False              17.02.2020 09:11:11

 

Because we cannot activate maintenance mode for server LOCEXS01 safely, we are interested in identifying which redundancy state is responsible.

You can find this information by displaying the detailed server information.

 

Detailed Server Information

Use the Format-List, or short FL, cmdlet to display the Get-MailboxServerRedundancy cmdlet output as a formatted list.

Get-MailboxServerRedundancy -DatabaseAvailabilityGroup EXDAG01 -Identity LOCEXS01 | FL

RunspaceId                                  : 70d82f8d-e6ca-4bfc-863f-11300a9784ff
Identity                                    : LOCEXS01
IsServerFoundInAD                           : True
IsInMaintenance                             : False
RepairUrgency                               : Prohibited
SafeForMaintenance                          : False
ServerContactedFqdn                         : LOCEXS04.VARUNAGROUP.DE
HealthInfoCreateTime                        : 15.06.2018 15:16:19
HealthInfoLastUpdateTime                    : 17.02.2020 09:11:11
ServerFoundInAD                             : CurrentState: Active; LastActiveTransition: 15.06.2018 15:22:16;
                                              LastInactiveTransition:
InMaintenance                               : CurrentState: Inactive; LastActiveTransition: 17.01.2020 09:07:02;
                                              LastInactiveTransition: 17.01.2020 10:42:02
AutoActivationPolicyBlocked                 : CurrentState: Inactive; LastActiveTransition: 09.01.2020 10:14:50;
                                              LastInactiveTransition: 09.01.2020 11:00:51
ActivationDisabledAndMoveNow                : CurrentState: Inactive; LastActiveTransition: ; LastInactiveTransition:
                                              15.06.2018 15:22:16
HighAvailabilityComponentStateOffline       : CurrentState: Inactive; LastActiveTransition: 17.01.2020 09:07:02;
                                              LastInactiveTransition: 17.01.2020 10:42:02
CriticalForMaintainingAvailability          : CurrentState: Inactive; LastActiveTransition: 31.01.2020 16:52:49;
                                              LastInactiveTransition: 31.01.2020 16:56:49
CriticalForMaintainingRedundancy            : CurrentState: Active; LastActiveTransition: 29.01.2020 11:43:06;
                                              LastInactiveTransition: 29.01.2020 11:42:06
PotentiallyCriticalForMaintainingRedundancy : CurrentState: Active; LastActiveTransition: 01.02.2020 05:49:37;
                                              LastInactiveTransition:
CriticalForRestoringAvailability            : CurrentState: Inactive; LastActiveTransition: 06.05.2019 09:16:36;
                                              LastInactiveTransition: 06.05.2019 09:20:36
CriticalForRestoringRedundancy              : CurrentState: Inactive; LastActiveTransition: 29.01.2020 11:42:06;
                                              LastInactiveTransition: 29.01.2020 11:43:06
HighForRestoringAvailability                : CurrentState: Inactive; LastActiveTransition: 29.01.2020 11:42:06;
                                              LastInactiveTransition: 29.01.2020 11:43:06
HighForRestoringRedundancy                  : CurrentState: Inactive; LastActiveTransition: 10.02.2020 09:05:02;
                                              LastInactiveTransition: 10.02.2020 09:06:02
IsSafeForMaintenance                        : CurrentState: Inactive; LastActiveTransition: 03.11.2019 09:42:35;
                                              LastInactiveTransition: 12.11.2019 06:29:58
IsValid                                     : True
ObjectState                                 : Unchanged

 

The lines 24-27 show the information we want to know. Both, the CriticalForMaintainingRedundancy and PotentiallyCriticalForMaintainingRedundancy parameters have a CurrentState value of Active. The Primary Activation Manager (PAM) considers the server availability critical to provide redundant availability of the database copies hosted by this server. 

Each of state-parameter shows three pieces of information:

  • CurrentState
    The current state, either Active  or Inactive
     
  • LastActiveTransition
    The timestamp of the last state change to Active
     
  • LastInactiveTransition
    The timestamp of the last state change to Inactive

 

I cover the different state-parameters in a future blog post. 


But there is still the bothering question of why are two of the six servers not safe for activating maintenance?

The reason is simple. The mailbox databases mounted by the member servers of the DAG have a different number of database copies. This configuration is due to data storage capacity constraints.

The mailbox databases storing primary user mailboxes use four database copies per database. Those copies are evenly distributed across all six mailbox servers. Mailbox database storing online archive mailboxes use three copies per database. This database copy layout allows for safely activating server maintenance for one server at a time without risk to database redundancy.

The servers LOCEXS01 and LOCEXS04 hold mailbox databases with just two copies per configured database. Placing one of those two servers into maintenance mode reduces the database availability for these mailbox databases to one. Therefore, PAM informs us that database redundancy is at risk when activating maintenance for those two servers. 

 

Example - During Maintenance

This example shows the member server redundancy state while LOCEXS06 is in maintenance. The reason for monthly maintenance for installing Windows updates.

Maintenance was activated using the StartDagServerMaintenance.ps1 PowerShell script.

 

Get-MailboxServerRedundancy -DatabaseAvailabilityGroup indag01

Identity        IsServerFound IsInMainten RepairUrgency SafeForMaintenance HealthInfoLastUpdateTime
                InAD          ance
--------        ------------- ----------- ------------- ------------------ ------------------------
LOCEXS01        True          False       Prohibited    False              17.02.2020 11:04:12
LOCEXS02        True          False       Normal        True               17.02.2020 11:04:12
LOCEXS03        True          False       Prohibited    False              17.02.2020 11:04:12
LOCEXS06        True          True        High          True               17.02.2020 11:04:12
LOCEXS05        True          False       Prohibited    False              17.02.2020 11:04:12
LOCEXS04        True          False       Prohibited    False              17.02.2020 11:04:12

Having a single server in maintenance has a significant impact on all other servers in the DAG. The servers LOCEXS03 and LOCEXS05 are not safe for maintenance as well. Activating maintenance for those two servers would affect the database redundancy for the databases hosted by those two servers.

 

Example - After Maintenance

After completing all maintenance tasks, e.g., installing Windows Updates or a new Exchange Server Cumulative Update, you end server maintenance using the PowerShell script StopDagServerMaintenance.ps1.

We query the server redundancy state again. 

Get-MailboxServerRedundancy -DatabaseAvailabilityGroup indag01

Identity        IsServerFound IsInMainten RepairUrgency SafeForMaintenance HealthInfoLastUpdateTime
                InAD          ance
--------        ------------- ----------- ------------- ------------------ ------------------------
LOCEXS01        True          False       Prohibited    False              17.02.2020 11:23:12
LOCEXS02        True          False       Normal        True               17.02.2020 11:23:12
LOCEXS03        True          False       Normal        True               17.02.2020 11:23:12
LOCEXS06        True          False       High          True               17.02.2020 11:23:12
LOCEXS05        True          False       Normal        True               17.02.2020 11:23:12
LOCEXS04        True          False       Prohibited    False              17.02.2020 11:23:12

 

Server LOCEXS06 is not in maintenance, but the RepairUrgency state is High. The local Exchange Server replication engine is still busy replicating and processing log files, and updating the search indices. When CopyQueueLength and ReplayQueueLength are back to 0, and ContentIndexStates are back to Healthy, the RepairUrgency switches to Normal.

 

Tip

  • You receive an error message when activating maintenance for an Exchange Server not safe for maintenance using
    StartDagServerMaintenance.ps1 -serverName [SERVER]

    In this case, you must use:

.\StartDagServerMaintenance.ps1 -serverName SERVERNAME -overrideMinimumTwoCopies:$true

 

Enjoy Exchange Server!

 

 

Read More »

Exchange Server 2010Exchange Server 2013Exchange Server 2016Exchange Server 2019Description

This script reads Exchange Organization data and creates a single Microsoft Word document. A later version will support exporting to an Html file.

The script requires an Exchange Management Shell for Exchange Server 2016 or newer. Older EMS versions are not tested.

A locally installed version of Word is required, as plain Html export is not available, yet.

The default file name is 'Exchange-Org-Report [TIMESTAMP].docx'. 

Most of the script requires only Exchange admin read-only access for the Exchange organization. Querying address list information requires a membership in the RBAC role "Address Lists".

The script queries hardware information from the Exchange server systems and requires local administrator access to the computer systems.

 

NOTE
The script is currently under development in version 0.91 and available as a pre-release.
You are welcome to contribute to the PowerShell script development.

 

Examples

# Example 1
# Create a Word report for the local Exchange Organization using 
# the default values defined on the parameters section of the PowerShell script.

.\Get-ExchangeOrganizationReport.ps1 -ViewEntireForest:$true

# Example 2
# Create a Microsoft Word report for the local Exchange Organization with 
# a verbose output to the current PowerShell session.

.\Get-ExchangeOrganizationReport.ps1 -Verbose

 

Version History

  • 0.9. Initial community release
  • 0.91, Information about processor cores, memory, and page file size added

Links

 

Additional Credits

The script is based on the ADDS_Inventory.ps1 PowerScript by Carl Webster: https://github.com/CarlWebster/ActiveDirectory

Follow

Read More »