Last Updated: 2018-01-24
This scripts creates a new room mailbox and security two groups for full mailbox access and and for send-as delegation. The security groups are created using a configurable naming convention. If required by your Active Directory team, you can add group prefixes or department abbreviations as well.
The script uses a Xml configuration file to simplify changes for variables unique for your environment.
High level steps executes by the script:
<?xml version="1.0"?> <Settings> <GroupSettings> <Prefix>pre_</Prefix> <SendAsSuffix>_SA</SendAsSuffix> <FullAccessSuffix>_FA</FullAccessSuffix> <CalendarBookingSuffix>_CB</CalendarBookingSuffix> <TargetOU>mcsmemail.de/IT/Groups/Mail/Rooms</TargetOU> <Domain>mcsmemail.de</Domain> <Seperator>-</Seperator> </GroupSettings> <AccountSettings> <TargetOU>mcsmemail.de/IT/Mail/RoomMailboxes</TargetOU> </AccountSettings> <GeneralSettings> <Sleep>10</Sleep> </GeneralSettings> </Settings>
The calendar booking security group feature is currently not available. But will be available in an upcoming release.
The following example creates a room mailbox for an Conference Room with empty security groups.
.\New-RoomMailbox.ps1 -RoomMailboxName "MB - Conference Room" -RoomMailboxDisplayName "Board Conference Room" -RoomMailboxAlias "MB-ConferenceRoom" -RoomMailboxSmtpAddress "ConferenceRoom@mcsmemail.de" -DepartmentPrefix "C"
You can simplify the use of the script by using a paramterized helper script named Run-NewRoomMailbox.ps1.
The following Run-NewRoomMailbox.ps1 script simplifies the process of creating a team mailbox even more.
$roomMailboxName = 'MB-Conference Room' $roomMailboxDisplayName = 'Board Conference Room' $roomMailboxAlias = 'MB-ConferenceRoom' $roomMailboxSmtpAddress = 'ConferenceRoom@mcsmemail.de' $departmentPrefix = 'C' $groupFullAccessMembers = @('JohnDoe','JaneDoe') # Empty = @() $groupSendAsMember = @() $groupCalendarBooking = @() $RoomCapacity = 0 $RoomList = 'AllRoomsHQ' .\New-RoomMailbox.ps1 -RoomMailboxName $roomMailboxName -RoomMailboxDisplayName $roomMailboxDisplayName -RoomMailboxAlias $roomMailboxAlias -RoomMailboxSmtpAddress $roomMailboxSmtpAddress -DepartmentPrefix $departmentPrefix -GroupFullAccessMembers $groupFullAccessMembers -GroupSendAsMember $groupSendAsMember -RoomCapacity $RoomCapacity -AutoAccept -RoomList $RoomList
This scripts creates a new shared mailbox (aka team mailbox) and security groups for full access and and send-as delegation. The security groups are created using a naming convention. If required by your Active Directory team, you can add group prefixes or department abbreviations as well.
<?xml version="1.0"?> <Settings> <GroupSettings> <Prefix>pre_</Prefix> <SendAsSuffix>_SA</SendAsSuffix> <FullAccessSuffix>_FA</FullAccessSuffix> <CalendarBookingSuffix>_CB</CalendarBookingSuffix> <TargetOU>mcsmemail.de/IT/Groups/Mail</TargetOU> <Domain>mcsmemail.de</Domain> <Seperator>-</Seperator> </GroupSettings> <AccountSettings> <TargetOU>mcsmemail.de/IT/SharedMailboxes</TargetOU> </AccountSettings> <GeneralSettings> <Sleep>10</Sleep> </GeneralSettings> </Settings>
The following example creates an empty shared mailbox for an internal Exchange Admin team with empty security groups.
.\New-TeamMailbox.ps1 -TeamMailboxName "TM-Exchange Admins" ` -TeamMailboxDisplayName "Exchange Admins" ` -TeamMailboxAlias "TM-ExchangeAdmins" ` -TeamMailboxSmtpAddress "ExchangeAdmins@mcsmemail.de" ` -DepartmentPrefix "IT"
The following Create-TeamMailbox.ps1 script simplifies the process of creating a team mailbox even more.
$teamMailboxName = 'TM-Exchange Admin' $teamMailboxDisplayName = 'Exchange Admins' $teamMailboxAlias = 'TM-ExchangeAdmin' $teamMailboxSmtpAddress = 'ExchangeAdmins@mcsmemails.de' $departmentPrefix = 'IT' $groupFullAccessMembers = @('exAdmin1','exAdmin2') $groupSendAsMember = @('exAdmin1','exAdmin2') .\New-TeamMailbox.ps1 -TeamMailboxName $teamMailboxName ` -TeamMailboxDisplayName $teamMailboxDisplayName ` -TeamMailboxAlias $teamMailboxAlias ` -TeamMailboxSmtpAddress $teamMailboxSmtpAddress ` -DepartmentPrefix $departmentPrefix ` -GroupFullAccessMembers $groupFullAccessMembers ` -GroupSendAsMember $groupSendAsMember -Verbose
The following PowerShell snippet helps to create room lists for the Room Finder functionality in Outlook or Outllok on the Web.
This snippet creates a new room list named All Video Conference Rooms. The display name is shown in the Room Finder combo box. The room list members are a mixture of physical rooms (where you actually go to) and virtual rooms which you just dial into.
# General Properties $DisplayName = 'All Video Conference Rooms' $Name = 'DEP_IT_AllVideoConfRooms' $Alias = 'IT_AllVideoConfRooms' $Notes = 'Room List for Outlook Roomfinder | All Video Conference Rooms' $OU = 'MCSMLABS.de/Exchange/Groups/RoomLists' $EmailAddress = 'ITAllVideoConfRooms@mcsmemail.de' # Romm List Members $Members = @('Conference Room 1','Conference Rooms 2','Virtual Dial-In Room 4711') # Create Distribution Group as Room List New-DistributionGroup -DisplayName $DisplayName -Name $Name -Alias $Alias -Notes $Notes -Type Distribution -OrganizationalUnit $OU -PrimarySmtpAddress $EmailAddress -Members $Members -RoomList
Use this snippet to start developing your own Exchange PowerShall code for creating and managing rooms and room lists.
If you want to create new rooms and security groups for managing full-access and send-as permissions, use my PowerShell script Create a new Room Mailbox with Security Groups.
Enjoy Exchange!
This script removes Active Directory objects for HealthMailboxes or SystemMailboxes in the Microsoft Exchange System Objects (MESO) container that do not have a homeMDB attribute set.
It is highly recommended to run the script with -WhatIf parameter to check objects first.
Information about accounts deleted or supposed to be deleted are written to a log file.
# EXAMPLE # Perform a WhatIf run in preparation to removing SystemMailboxes having an empty database attribute .\Remove-OrphanedMailboxAccounts.ps1 -SystemMailbox -WhatIf # EXAMPLE # Remove HealthMailbox(es) having an empty database attribute .\Remove-OrphanedMailboxAccounts.ps1 -HealthMailbox
2017-02-10 10:18: 11488 - Info - Script started 2017-02-10 10:18: 11488 - Info - WhatIf Preference: True 2017-02-10 10:18: 11488 - Info - Cleaning HealthMailboxes | 10 objects found 2017-02-10 10:18: 11488 - Info - Cleaning HealthMailboxes | Delete CN=HealthMailboxd32b165a6adf45518c8498fba3c7c93a,CN=Monitoring Mailboxes,CN=Microsoft Exchange System Objects,DC=granikoslabs,DC=de 2017-02-10 10:18: 11488 - Info - Cleaning HealthMailboxes | Delete CN=HealthMailbox6b66930902d8430e831df7b086bfd49b,CN=Monitoring Mailboxes,CN=Microsoft Exchange System Objects,DC=granikoslabs,DC=de 2017-02-10 10:18: 11488 - Info - Cleaning HealthMailboxes | Delete CN=HealthMailbox6bf99bdc31474217a6fdc4cd83260e88,CN=Monitoring Mailboxes,CN=Microsoft Exchange System Objects,DC=granikoslabs,DC=de 2017-02-10 10:18: 11488 - Info - Cleaning HealthMailboxes | Delete CN=HealthMailboxd4410bf131b34907b6a96a7e65263db1,CN=Monitoring Mailboxes,CN=Microsoft Exchange System Objects,DC=granikoslabs,DC=de 2017-02-10 10:18: 11488 - Info - Cleaning HealthMailboxes | Delete CN=HealthMailbox98f334580dbf457ca2a6d1a19fdf49d1,CN=Monitoring Mailboxes,CN=Microsoft Exchange System Objects,DC=granikoslabs,DC=de 2017-02-10 10:18: 11488 - Info - Cleaning HealthMailboxes | Delete CN=HealthMailboxc16704bf98c94f5e8453c7955d7897b5,CN=Monitoring Mailboxes,CN=Microsoft Exchange System Objects,DC=granikoslabs,DC=de 2017-02-10 10:18: 11488 - Info - Cleaning HealthMailboxes | Delete CN=HealthMailboxa64fe085bdff46a786d68782c5070bf1,CN=Monitoring Mailboxes,CN=Microsoft Exchange System Objects,DC=granikoslabs,DC=de 2017-02-10 10:18: 11488 - Info - Cleaning HealthMailboxes | Delete CN=HealthMailbox6c56f94506974a1183c6b71eebb63406,CN=Monitoring Mailboxes,CN=Microsoft Exchange System Objects,DC=granikoslabs,DC=de 2017-02-10 10:18: 11488 - Info - Cleaning HealthMailboxes | Delete CN=HealthMailbox9b6666d46aa746e3848f3240e418d731,CN=Monitoring Mailboxes,CN=Microsoft Exchange System Objects,DC=granikoslabs,DC=de 2017-02-10 10:18: 11488 - Info - Cleaning HealthMailboxes | Delete CN=HealthMailboxb2bd3d4725b249bab81eeed35666de0f,CN=Monitoring Mailboxes,CN=Microsoft Exchange System Objects,DC=granikoslabs,DC=de 2017-02-10 10:18: 11488 - Info - Script finished
Migrating legacy public folders (Exchange Server 2010 or older) to modern public folders (Exchange 2013 or newer / Office 365) requires a cleanup of public folders.
There are quite a lot of blog posts and tutorials available describing the general process of migrating legacy public folders to modern public folders.
First you have to identify all public folders having a backslash "\" as part of the public folder name.
Get-PublicFolderDatabase | ForEach {Get-PublicFolderStatistics -Server $_.Server | Where {$_.Name -like "*\*"}}
Just rename those public folders to a name without a backslash.
Another issue might prevent a successful public folder migration: Access Controll Lists (ACL)
This will be the case in public folder hierarchies that go back to the early days of Exchange and have never cleaned up properly during past Exchange migrations.
The cleanup any orphaned Active Directory accounts, run the following PowerShell script.
Get-PublicFolder "\" -Recurse -ResultSize Unlimited | Get-PublicFolderClientPermission | ?{$_.User -like "NT User:S-1-*"} | %{Remove-PublicFolderClientPermission -Identity $_.Identity -User $_.User -Access $_.AccessRights -Confirm:$false}
To cleanup just a single public folder, run the following PowerShell script.
Get-PublicFolder "\My Folder" -Recurse -ResultSize Unlimited | Get-PublicFolderClientPermission | ?{$_.User -like "NT User:S-1-*"} | %{Remove-PublicFolderClientPermission -Identity $_.Identity -User $_.User -Access $_.AccessRights -Confirm:$false}
It should be noted that most of the tutorials have been written using an Exchange Server lab environment with just a few legacy public folders. Therefore, some readers tend to beleive that you only need one modern public folder mailbox. That is not true. In a large legacy public folder infrastructure you will end up with a multiple public folder mailboxes. And the number of mailboxes required to serve the public folder hierarchy.
A larger public folder migration batch using 66 public folder mailboxes looks like this:
Get-MigrationUser -BatchID PFMigration | Get-MigrationUserStatistics | ft -AutoSize Identity Batch Status Items Synced Items Skipped -------- ----- ------ ------------ ------------- PFMailbox1 PFMigration Synced 91993 16 PFMailbox2 PFMigration Synced 103239 0 PFMailbox46 PFMigration Synced 35034 0 PFMailbox56 PFMigration Synced 22554 0 PFMailbox57 PFMigration Synced 20740 0 PFMailbox58 PFMigration Synced 20122 0 PFMailbox59 PFMigration Synced 7209 0 PFMailbox60 PFMigration Synced 104727 0 PFMailbox61 PFMigration Synced 23278 0 PFMailbox62 PFMigration Synced 9760 0 PFMailbox63 PFMigration Synced 9277 0 PFMailbox65 PFMigration Synced 5870 0 PFMailbox64 PFMigration Synced 5639 0 PFMailbox66 PFMigration Synced 21261 0 PFMailbox50 PFMigration Synced 27889 0 PFMailbox52 PFMigration Synced 14063 0 PFMailbox47 PFMigration Synced 29476 0 PFMailbox54 PFMigration Synced 24283 0 PFMailbox55 PFMigration Synced 4646 0 PFMailbox51 PFMigration Synced 59943 0 PFMailbox53 PFMigration Synced 30052 0 PFMailbox49 PFMigration Synced 22746 0 PFMailbox48 PFMigration Synced 16941 0 PFMailbox18 PFMigration Synced 34307 0 PFMailbox19 PFMigration Synced 4523 0 PFMailbox11 PFMigration Synced 100409 0 PFMailbox6 PFMigration Synced 116655 0 PFMailbox4 PFMigration Synced 55240 5 PFMailbox12 PFMigration Synced 37790 0 PFMailbox3 PFMigration Synced 113842 2 PFMailbox22 PFMigration Synced 46416 0 PFMailbox23 PFMigration Synced 37387 0 PFMailbox13 PFMigration Synced 231845 1 PFMailbox7 PFMigration Synced 82859 0 PFMailbox20 PFMigration Synced 65818 0 PFMailbox21 PFMigration Synced 32270 0 PFMailbox9 PFMigration Synced 46609 0 PFMailbox14 PFMigration Synced 30637 0 PFMailbox38 PFMigration Synced 246428 1 PFMailbox43 PFMigration Synced 101837 0 PFMailbox45 PFMigration Synced 157571 0 PFMailbox44 PFMigration Synced 61763 0 PFMailbox40 PFMigration Synced 70637 1 PFMailbox41 PFMigration Synced 143042 0 PFMailbox42 PFMigration Synced 81254 0 PFMailbox39 PFMigration Synced 68876 2 PFMailbox15 PFMigration Synced 58221 0 PFMailbox27 PFMigration Synced 28065 0 PFMailbox24 PFMigration Synced 31869 1 PFMailbox5 PFMigration Synced 64125 0 PFMailbox30 PFMigration Synced 72938 1 PFMailbox33 PFMigration Synced 32545 1 PFMailbox31 PFMigration Synced 93782 0 PFMailbox32 PFMigration Synced 28743 0 PFMailbox25 PFMigration Synced 100794 0 PFMailbox26 PFMigration Synced 35412 0 PFMailbox28 PFMigration Synced 27003 0 PFMailbox29 PFMigration Synced 80510 0 PFMailbox17 PFMigration Synced 97952 1 PFMailbox8 PFMigration Synced 18601 0 PFMailbox34 PFMigration Synced 87150 0 PFMailbox35 PFMigration Synced 31531 0 PFMailbox36 PFMigration Synced 37979 0 PFMailbox37 PFMigration Synced 95770 0 PFMailbox10 PFMigration Synced 14193 0 PFMailbox16 PFMigration Synced 64323 1
Enjoy (modern) public folders.
You need assistance with your Exchange Server setup? You have questions about your Exchange Server infrastructure and going hybrid with Office 365? Contact us at office365@granikos.eu or visit our website https://www.granikos.eu.
The PowerShell script to create a new room mailbox has been updated to Version 1.1.
The new release supports adding of a phone number to the room details. Issue #2 is now closed.
Creating a separate security group for calendar booking is still open as issue #1.
You can read the original and up-to-date blog post here: Create a new room mailbox with security groups
When you delete a mailbox or an Active Directory account, the soft-deleted or disconnected mailbox won't show up in the list of disconnected mailboxes immediately. The mailbox status is updated as part of a mailbox store maintenance task.
When you query a mailbox database for disconnected mailboxes you will find a mailbox having the DisconnectReason and DisconnectDate attribute empty.
# Query the mailbox using the original user display name Get-MailboxDatabase | Get-MailboxStatistics | Where { $_.DisplayName -eq "LASTNAME, FIRSTNAME" } | fl DisconnectReason,DisconnectDate,MailboxGuid,Database # Use wildcards if the correct display name is unknown Get-MailboxDatabase | Get-MailboxStatistics | Where { $_.DisplayName -like "*LASTNAME*" } | fl DisconnectReason,DisconnectDate,MailboxGuid,Database DisconnectReason : DisconnectDate : MailboxGuid : a04a8aab-c360-406b-a194-8c290d56668b Database : MBXDB34
You can find disonnected mailboxes by
The following PowerShell cmdlet updates the mailbox state of a single mailbox using the MailboxGuid as an identifier.
Update-StoreMailboxState -Database MBXDB34 -Identity a04a8aab-c360-406b-a194-8c290d56668b
After updating the mailbox state the DisconnectReason and DisconnectDate attributes are properly set.
Get-MailboxDatabase | Get-MailboxStatistics | Where { $_.DisplayName -eq "LASTNAME, FIRSTNAME" } | fl DisconnectReason,DisconnectDate,MailboxGuid,Database DisconnectReason : Disabled DisconnectDate : 01.01.2017 15:02:59 MailboxGuid : a04a8aab-c360-406b-a194-8c290d56668b Database : MBXDB34
The disconnected mailbox is now visible in Exchange Administrative Center (EAC) and can be reconnected using EAC or Exchange Management Shell.
By default a disconnected mailbox is supposed to be connected it's original account having a matching LegacyExchangeDN attribute. Connecting the mailbox to a different Active Directory account requires the use of the AllowLegacyDNMismatch parameter.
# Connect a mailbox to the original AD account having a matching LegacyExchangeDN Connect-Mailbox -Database MBXDB34 -Identity "Doe, John" # Connect a mailbox to a different AD account Connect-Mailbox -Database MBXDB34 -Identity "Doe, John" -User "Jane Doe" -AllowLegacyDNMismatch
Examples for room and shared mailboxes are described in the Connect-Mailbox documentation.