Just can't get enough of IT

Description

This scripts creates a new shared mailbox (aka team mailbox) and security groups for full access and and send-as delegation. The security groups are created using a naming convention. If required by your Active Directory team, you can add group prefixes or department abbreviations as well.

The script uses a Xml configuration file to simplify changes for variables unique for your environment.

High level steps executes by the script:

1. Create a new shared mailbox
2. Create a new mail enabled security group for full access delegation
3. Assign full access security group for full access to the shared mailbox
4. Create a new mail enabled security group for send-as delegation
5. Assign send-as permissions to send-as security group

Examples

Xml settings file

<?xml version="1.0"?>
<Settings>
	<GroupSettings>
		<Prefix>pre_</Prefix>
		<SendAsSuffix>_SA</SendAsSuffix>
		<FullAccessSuffix>_FA</FullAccessSuffix>
		<CalendarBookingSuffix>_CB</CalendarBookingSuffix>
		<TargetOU>mcsmemail.de/IT/Groups/Mail</TargetOU>
		<Domain>mcsmemail.de</Domain>
		<Seperator>-</Seperator>
	</GroupSettings>
	<AccountSettings>
		<TargetOU>mcsmemail.de/IT/SharedMailboxes</TargetOU>
	</AccountSettings>
	<GeneralSettings>
		<Sleep>10</Sleep>
	</GeneralSettings>
</Settings>

The following example creates an empty shared mailbox for an internal Exchange Admin team with empty security groups.

.\New-TeamMailbox.ps1 -TeamMailboxName "TM-Exchange Admins" ` 
  -TeamMailboxDisplayName "Exchange Admins" `
  -TeamMailboxAlias "TM-ExchangeAdmins" `
  -TeamMailboxSmtpAddress "ExchangeAdmins@mcsmemail.de" `
  -DepartmentPrefix "IT"

The following Create-TeamMailbox.ps1 script simplifies the process of creating a team mailbox even more.

$teamMailboxName = 'TM-Exchange Admin'
$teamMailboxDisplayName = 'Exchange Admins'
$teamMailboxAlias = 'TM-ExchangeAdmin'
$teamMailboxSmtpAddress = 'ExchangeAdmins@mcsmemails.de'
$departmentPrefix = 'IT'
$groupFullAccessMembers = @('exAdmin1','exAdmin2')
$groupSendAsMember = @('exAdmin1','exAdmin2')

.\New-TeamMailbox.ps1 -TeamMailboxName $teamMailboxName ` 
  -TeamMailboxDisplayName $teamMailboxDisplayName `
  -TeamMailboxAlias $teamMailboxAlias `
  -TeamMailboxSmtpAddress $teamMailboxSmtpAddress `
  -DepartmentPrefix $departmentPrefix `
  -GroupFullAccessMembers $groupFullAccessMembers `
  -GroupSendAsMember $groupSendAsMember -Verbose

Version History

• 1.0, Initial community release
• 1.1, Prefix seperator added, PowerShell hygiene

Links

• Download and follow at Github: https://github.com/Apoc70/New-TeamMailbox
• Download and like at TechNet Gallery: https://gallery.technet.microsoft.com/Create-a-new-Mailbox-with-1b02f6e7

Follow

• Twitter @stensitzki
• LinkedIn
• Xing

This is a post summarizing the configuration values for important Exchange-related Active Directory object attributes.

Whenever you need to look up these values for troubleshooting, or editing the values manually.

Note: You should not edit any of the values manually, just because you can. Edit any Exchange-related attributes, if you are familiar with the result of your changes.

RemoteRecipientType

Attribute

• msExchRemoteRecipientType 

Recipient Type 

Attribute

• msExchRecipientDisplayType

• Exchange Server: msExchRecipientTypeDetails
• Exchange Online: RecipientTypeDetails

The following PowerShell snippet helps to create room lists for the Room Finder functionality in Outlook or Outllok on the Web.

This snippet creates a new room list named All Video Conference Rooms. The display name is shown in the Room Finder combo box. The room list members are a mixture of physical rooms (where you actually go to) and virtual rooms which you just dial into.

# General Properties
$DisplayName = 'All Video Conference Rooms'
$Name = 'DEP_IT_AllVideoConfRooms'
$Alias = 'IT_AllVideoConfRooms'
$Notes = 'Room List for Outlook Roomfinder | All Video Conference Rooms'
$OU = 'MCSMLABS.de/Exchange/Groups/RoomLists'
$EmailAddress = 'ITAllVideoConfRooms@mcsmemail.de'

# Romm List Members 
$Members = @('Conference Room 1','Conference Rooms 2','Virtual Dial-In Room 4711')
 
# Create Distribution Group as Room List 
New-DistributionGroup -DisplayName $DisplayName -Name $Name -Alias $Alias -Notes $Notes -Type Distribution -OrganizationalUnit $OU -PrimarySmtpAddress $EmailAddress -Members $Members -RoomList

Use this snippet to start developing your own Exchange PowerShall code for creating and managing rooms and room lists.

If you want to create new rooms and security groups for managing full-access and send-as permissions, use my PowerShell script Create a new Room Mailbox with Security Groups.

Enjoy Exchange!

Description

This script removes Active Directory objects for HealthMailboxes or SystemMailboxes in the Microsoft Exchange System Objects (MESO) container that do not have a homeMDB attribute set.

It is highly recommended to run the script with -WhatIf parameter to check objects first.

Information about accounts deleted or supposed to be deleted are written to a log file.

Requirements

• This script utilizes the GlobalFunctions PowerShell module. This module needs to be installed first.
  Read more here: https://www.granikos.eu/en/justcantgetenough/PostId/210/globalfunctions-shared-powershell-library
• Delete permission to MESO container objects in Active Directory

Examples

# EXAMPLE 
# Perform a WhatIf run in preparation to removing SystemMailboxes having an empty database attribute
.\Remove-OrphanedMailboxAccounts.ps1 -SystemMailbox -WhatIf
    
# EXAMPLE 
# Remove HealthMailbox(es) having an empty database attribute
.\Remove-OrphanedMailboxAccounts.ps1 -HealthMailbox

Example log file

2017-02-10 10:18: 11488      - Info     - Script started
2017-02-10 10:18: 11488      - Info     - WhatIf Preference: True
2017-02-10 10:18: 11488      - Info     - Cleaning HealthMailboxes | 10 objects found
2017-02-10 10:18: 11488      - Info     - Cleaning HealthMailboxes | Delete CN=HealthMailboxd32b165a6adf45518c8498fba3c7c93a,CN=Monitoring Mailboxes,CN=Microsoft Exchange System Objects,DC=granikoslabs,DC=de
2017-02-10 10:18: 11488      - Info     - Cleaning HealthMailboxes | Delete CN=HealthMailbox6b66930902d8430e831df7b086bfd49b,CN=Monitoring Mailboxes,CN=Microsoft Exchange System Objects,DC=granikoslabs,DC=de
2017-02-10 10:18: 11488      - Info     - Cleaning HealthMailboxes | Delete CN=HealthMailbox6bf99bdc31474217a6fdc4cd83260e88,CN=Monitoring Mailboxes,CN=Microsoft Exchange System Objects,DC=granikoslabs,DC=de
2017-02-10 10:18: 11488      - Info     - Cleaning HealthMailboxes | Delete CN=HealthMailboxd4410bf131b34907b6a96a7e65263db1,CN=Monitoring Mailboxes,CN=Microsoft Exchange System Objects,DC=granikoslabs,DC=de
2017-02-10 10:18: 11488      - Info     - Cleaning HealthMailboxes | Delete CN=HealthMailbox98f334580dbf457ca2a6d1a19fdf49d1,CN=Monitoring Mailboxes,CN=Microsoft Exchange System Objects,DC=granikoslabs,DC=de
2017-02-10 10:18: 11488      - Info     - Cleaning HealthMailboxes | Delete CN=HealthMailboxc16704bf98c94f5e8453c7955d7897b5,CN=Monitoring Mailboxes,CN=Microsoft Exchange System Objects,DC=granikoslabs,DC=de
2017-02-10 10:18: 11488      - Info     - Cleaning HealthMailboxes | Delete CN=HealthMailboxa64fe085bdff46a786d68782c5070bf1,CN=Monitoring Mailboxes,CN=Microsoft Exchange System Objects,DC=granikoslabs,DC=de
2017-02-10 10:18: 11488      - Info     - Cleaning HealthMailboxes | Delete CN=HealthMailbox6c56f94506974a1183c6b71eebb63406,CN=Monitoring Mailboxes,CN=Microsoft Exchange System Objects,DC=granikoslabs,DC=de
2017-02-10 10:18: 11488      - Info     - Cleaning HealthMailboxes | Delete CN=HealthMailbox9b6666d46aa746e3848f3240e418d731,CN=Monitoring Mailboxes,CN=Microsoft Exchange System Objects,DC=granikoslabs,DC=de
2017-02-10 10:18: 11488      - Info     - Cleaning HealthMailboxes | Delete CN=HealthMailboxb2bd3d4725b249bab81eeed35666de0f,CN=Monitoring Mailboxes,CN=Microsoft Exchange System Objects,DC=granikoslabs,DC=de
2017-02-10 10:18: 11488      - Info     - Script finished

Version History

• 1.0, Initial community release

Links

• Download and follow at Github: https://github.com/Apoc70/Remove-OrphanedMailboxAccounts
• Download and like at TechNet Gallery: https://gallery.technet.microsoft.com/Remove-orphaned-HealthMailb-9f33ccbe

Follow

• Twitter @stensitzki
• LinkedIn
• Xing

Migrating legacy public folders (Exchange Server 2010 or older) to modern public folders (Exchange 2013 or newer / Office 365) requires a cleanup of public folders.

There are quite a lot of blog posts and tutorials available describing the general process of migrating legacy public folders to modern public folders.

First you have to identify all public folders having a backslash "\" as part of the public folder name.

Get-PublicFolderDatabase | ForEach {Get-PublicFolderStatistics -Server $_.Server | Where {$_.Name -like "*\*"}}

Just rename those public folders to a name without a backslash.

Another issue might prevent a successful public folder migration: Access Controll Lists (ACL)

This will be the case in public folder hierarchies that go back to the early days of Exchange and have never cleaned up properly during past Exchange migrations.

The cleanup any orphaned Active Directory accounts, run the following PowerShell script.

Get-PublicFolder "\" -Recurse -ResultSize Unlimited | Get-PublicFolderClientPermission | ?{$_.User -like "NT User:S-1-*"} | %{Remove-PublicFolderClientPermission -Identity $_.Identity -User $_.User -Access $_.AccessRights -Confirm:$false}

To cleanup just a single public folder, run the following PowerShell script.

Get-PublicFolder "\My Folder" -Recurse -ResultSize Unlimited | Get-PublicFolderClientPermission | ?{$_.User -like "NT User:S-1-*"} | %{Remove-PublicFolderClientPermission -Identity $_.Identity -User $_.User -Access $_.AccessRights -Confirm:$false}

It should be noted that most of the tutorials have been written using an Exchange Server lab environment with just a few legacy public folders. Therefore, some readers tend to beleive that you only need one modern public folder mailbox. That is not true. In a large legacy public folder infrastructure you will end up with a multiple public folder mailboxes. And the number of mailboxes required to serve the public folder hierarchy.

A larger public folder migration batch using 66 public folder mailboxes looks like this:

Get-MigrationUser -BatchID PFMigration | Get-MigrationUserStatistics | ft -AutoSize

Identity    Batch       Status Items Synced Items Skipped
--------    -----       ------ ------------ -------------
PFMailbox1  PFMigration Synced 91993        16
PFMailbox2  PFMigration Synced 103239       0
PFMailbox46 PFMigration Synced 35034        0
PFMailbox56 PFMigration Synced 22554        0
PFMailbox57 PFMigration Synced 20740        0
PFMailbox58 PFMigration Synced 20122        0
PFMailbox59 PFMigration Synced 7209         0
PFMailbox60 PFMigration Synced 104727       0
PFMailbox61 PFMigration Synced 23278        0
PFMailbox62 PFMigration Synced 9760         0
PFMailbox63 PFMigration Synced 9277         0
PFMailbox65 PFMigration Synced 5870         0
PFMailbox64 PFMigration Synced 5639         0
PFMailbox66 PFMigration Synced 21261        0
PFMailbox50 PFMigration Synced 27889        0
PFMailbox52 PFMigration Synced 14063        0
PFMailbox47 PFMigration Synced 29476        0
PFMailbox54 PFMigration Synced 24283        0
PFMailbox55 PFMigration Synced 4646         0
PFMailbox51 PFMigration Synced 59943        0
PFMailbox53 PFMigration Synced 30052        0
PFMailbox49 PFMigration Synced 22746        0
PFMailbox48 PFMigration Synced 16941        0
PFMailbox18 PFMigration Synced 34307        0
PFMailbox19 PFMigration Synced 4523         0
PFMailbox11 PFMigration Synced 100409       0
PFMailbox6  PFMigration Synced 116655       0
PFMailbox4  PFMigration Synced 55240        5
PFMailbox12 PFMigration Synced 37790        0
PFMailbox3  PFMigration Synced 113842       2
PFMailbox22 PFMigration Synced 46416        0
PFMailbox23 PFMigration Synced 37387        0
PFMailbox13 PFMigration Synced 231845       1
PFMailbox7  PFMigration Synced 82859        0
PFMailbox20 PFMigration Synced 65818        0
PFMailbox21 PFMigration Synced 32270        0
PFMailbox9  PFMigration Synced 46609        0
PFMailbox14 PFMigration Synced 30637        0
PFMailbox38 PFMigration Synced 246428       1
PFMailbox43 PFMigration Synced 101837       0
PFMailbox45 PFMigration Synced 157571       0
PFMailbox44 PFMigration Synced 61763        0
PFMailbox40 PFMigration Synced 70637        1
PFMailbox41 PFMigration Synced 143042       0
PFMailbox42 PFMigration Synced 81254        0
PFMailbox39 PFMigration Synced 68876        2
PFMailbox15 PFMigration Synced 58221        0
PFMailbox27 PFMigration Synced 28065        0
PFMailbox24 PFMigration Synced 31869        1
PFMailbox5  PFMigration Synced 64125        0
PFMailbox30 PFMigration Synced 72938        1
PFMailbox33 PFMigration Synced 32545        1
PFMailbox31 PFMigration Synced 93782        0
PFMailbox32 PFMigration Synced 28743        0
PFMailbox25 PFMigration Synced 100794       0
PFMailbox26 PFMigration Synced 35412        0
PFMailbox28 PFMigration Synced 27003        0
PFMailbox29 PFMigration Synced 80510        0
PFMailbox17 PFMigration Synced 97952        1
PFMailbox8  PFMigration Synced 18601        0
PFMailbox34 PFMigration Synced 87150        0
PFMailbox35 PFMigration Synced 31531        0
PFMailbox36 PFMigration Synced 37979        0
PFMailbox37 PFMigration Synced 95770        0
PFMailbox10 PFMigration Synced 14193        0
PFMailbox16 PFMigration Synced 64323        1

Enjoy (modern) public folders.

Links

• Exchange Server 2010 to 2013 Migration – Moving Public Folders
• Use batch migration to migrate public folders to Exchange 2016 from previous versions
• Use batch migration to migrate legacy public folders to Office 365 and Exchange Online

Updates

• 2016-12-20: Public folder migration batch example added

You need assistance with your Exchange Server setup? You have questions about your Exchange Server infrastructure and going hybrid with Office 365? Contact us at office365@granikos.eu or visit our website https://www.granikos.eu.

The PowerShell script to create a new room mailbox has been updated to Version 1.1.

The new release supports adding of a phone number to the room details. Issue #2 is now closed.

Creating a separate security group for calendar booking is still open as issue #1.

You can read the original and up-to-date blog post here: Create a new room mailbox with security groups

Links

• Download the script at Githuib: https://github.com/Apoc70/New-RoomMailbox
• Download and vote at TechNet: https://gallery.technet.microsoft.com/Create-a-new-Room-Mailbox-99a4e477