June 11, 2012

Export mailbox to PST in exchange 2010

Exporting mailbox content to pst can be a time consuming task. However, in many cases this is necessary when an employee leaves the firm and requests to bring all their content with them.

Here are you steps: 

1: Assign the Role to yourself and whoever needs to perform the task:

New-ManagementRoleAssisgnment -Role "Mailbox Import Export" -User <username>

2: Create the export task and set the location for the .pst file.

New-Mailboxexportrequest -Mailbox <username> -PSTFolderPath c:\public\desktop\<username>.pst

(Alternatively you can use:
 Export-mailbox -Identity <username> -Filepath "c:\<filepath>\<username>.pst")


3:  To check on the status of the export

get-mailboxexportrequest |  get-mailboxexportstatistics

To remove export requests:
 

get-mailboxexportrequest |  remove-mailboxexportrequest

get-mailboxexportrequest -status completed |  remove-mailboxexportrequest

get-mailboxexportrequest -status completed |  ?{$_.account.status -ne "disabled"} | remove-mailboxexportrequest

get-mailboxexportrequest -status completed |  ?{$_.user -eq "mail-enabled"} | remove-mailboxexportrequest


This is handy when completing mass exports:

Get-moverequest | ?{$_.status -ne "completed" -and $_.status -ne "completedwithwarning" } |  group targetdatabase | sort count -descending

June 10, 2012

Find disconnected mailboxes

To find disconnected mailboxes and which server the disconnected mailbox is located, in powershell you can easily search for that mailbox. However, if you have a recently disconnected mailbox, there is a step you might need to run first in order to see it.

If you have recently disconnected a mailbox, it can take some time to for it to register in Exchange. You can force a clean up of the database:

Get-mailboxdatabase | Clean-mailboxdatabase

To find disconnected mailboxes:

Get-mailboxserver | get-mailboxstatistics | where {$_.disconnectdate -ne $null} | select displayname,database,disconnectdate

If you have a multiple domains in your forest you may need to run this first to see all disconnected mailboxes in the forest:

set-ADserversettings -viewentireforest: $true

June 9, 2012

Manually update the Offline Address Book in Exchange 2010

In Exchange 2010, when using cached exchange mode, it is possible to send out the Offline Address Book regularly to your exchange servers


1: Log into Exchange Management console start>all programs> Microsoft exchange server 2010>exchange management console


2: Drill down to Microsoft exchange on-premises>organization configuration> mailbox. Click on offline address book tab


3: Note down the generation server.


4: On the right hand pane, click update, when prompted for confirmation, click Yes. This should take less than a minute to update.








5: Open services (start> all programs> administrative tools> services), right click on services on the left hand pane, select “connect to another computer” browse to your generation server


6: restart the Microsoft exchange system attendant service. Safe to do during prod hours as there are no dependencies on this service. This process should take less than 30 seconds






7: To push the updated changes to each CAS server, open exchange management shell and type the following cmdlet for each of your CAS servers:


Update-filedistributionservice <CAS server>








8:Open event viewer on each server, note Event ID: 9826, check this to verify that there are no errors.


9: Check address book in outlook in an hour.


June 7, 2012

Quarantined mailboxes in Exchange 2010

There is a new feature in Exchange 2010 that will quarantine any mailbox that can potentially crash the Information store.

This is identified by a SCOM (monitoring) alert for event ID: 10018
When the offending mailbox has been reset and is no longer in quarantine, event ID 10019 will be present.

This means that Exchange has detected a problematic mailbox (possibly corrupt) and has quarantined it before it crashes the information store.

The cause can be either:
·         A thread that is doing work for a mailbox has crashed.
·         More than 5 threads allocated to process a mailbox, have not progressed for long time.

The following two conditions define a poison mailbox:
A registry entry of CrashCount that has a value of 3 must exist.
A registry entry of LastCrashTime that has a value of FILETIME < (current FILETIME + 6 hours) must exist.
What will happen:
·         Event ID 10018 will be logged in the application logs

Log Name: Application
Source: MSExchangeIS
Event ID: 10018
Task Category: General
Level: Error
Description: The mailbox for user /o=AMERICAS/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=test1 has been quarantined. Access to this mailbox will be restricted to administrative logons for the next 6 hours.


·         A regkey will be present on the residing server
HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeIS\<Server Name>\Private-{db guid}\QuarantinedMailboxes\{mailbox guid}

What will happen?
Exchange will quarantine that mailbox for 6 hours from the last crash time reported for that mailbox.
User will get errors when trying to open outlook or OWA, stating that it can not open the folders. You also won’t be able to perform a mailbox move request on that mailbox.

User/s will state that they are unable to access email via Outlook, OWA and blackberry or iphone/pad. Errors will include:
"Unable to open your default e-mail folders. The attempt to log onto Microsoft Exchange has failed"
"A problem occurred while you were trying to use your mailbox"


Troubleshooting:
1: Receive SCOM alert about Event ID 10018 

2: To identify of any quarantined mailboxes. In Powershell type,
Test-MAPIConnectivity | ? {$_.result -eq"fail"} | ft

3: To identify from the event log if the GUID/mailbox is still in a quarantined state. In Powershell type:
Get-MailboxStatistics –identity <GUID or username> | FL Isquarantined
Isquarantined : True (a quarantined mailbox will give this result)

(NB: to convert the Mailbox GUID to username, refer to: http://exchangegloves.blogspot.com/2012/06/convert-guid-to-user-name.html )

4: Open Perfmon and look for this counter (this value should always be at 0):
MSExchangeIS Mailbox
Quarantined Mailbox Count


 Solution:
1: The cause of the poison mailbox must be identified and corrected. Once this is accomplished, to gain access to the mailbox immediatly, the registry key for the quarantined mailbox should be reset manually by deleting it. 

HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeIS\<Server Name>\Private-{db guid}\QuarantinedMailboxes\{mailbox guid}

 
NB: The database hosting the mailbox needs to be remounted, or the Exchange store restarted, for the reset of the quarantined mailbox to take effect.
2: Run New-MailboxRepairRequest in Exchange Powershell on the corrupt mailbox.

references:
http://support.microsoft.com/kb/2603736
http://technet.microsoft.com/library/bb331958.aspx#SH 
http://technet.microsoft.com/en-us/library/gg490642(v=exchg.80).aspx

 



Convert GUID to User Name

In Exchange 2010 event logs referring to user mailboxes tend to be in the format of GUID, this makes it a little difficult in troubleshooting and identifying a problematic mailbox. In exchange it is very simple to translate the GUID to display name in powershell.

Copy the GUID in the event ID and  copy into powershell:

get-mailboxstatistics -Identity <GUID> | fl


You can just as easily use:
get-mailbox -Identity <GUID> | fl

However the output list is very extensive and it will take some time to locate displayname.

There are a number of articles on how to convert the GUID via script to retrieve the display name, but the line above does the job extremely quickly especially if you use copy and paste with the GUID.


References:
http://support.microsoft.com/kb/899663



June 5, 2012

Outlook 2010 does not save sent items in shared mailbox

In outlook 2010, if you have added a shared mailbox (with full rights) to your profiles navigation pane and found that the sent items are not in the shared mailbox where it should be, but residing in your own personal mailbox's sent items. 
We found that the following registry key is the fix for this, we applied this to our desktops and found that it resolves this issue until we update to the latest outlook 2010 version.


•         HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Preferences
•         On the Edit menu, point to New, then click DWORD Value .
•         Type DelegateSentItemsStyle , then press ENTER.
•         Right-click DelegateSentItemsStyle , and then click Modify .
•         In the Value data box, type 1 , and then click OK .
•         Exit Registry Editor.



NB: There is a known Microsoft KB on this, it refers to Outlook 2007 in the article but the above steps are for Outlook 2010 
http://support.microsoft.com/kb/972148

The 2007 steps are:

•         HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Preferences
•         On the Edit menu, point to New,  then click DWORD Value .
•         Type DelegateSentItemsStyle , then press ENTER.
•         Right-click DelegateSentItemsStyle , and then click Modify .
•         In the Value data box, type 1 , and then click OK .
•         Exit Registry Editor.

Find existing SMTP address in Exchange

In complex environments consisting of several AD structures, SMTP duplicates can occur.
Perhaps a firm was acquired by another and agreed to keep both infrastructures in place only to find over time that duplicates have not been identified in another forest domain.

Have you ever tried adding an SMTP address in exchange only to find that another account already has it listed as an SMTP address?

Well you can find which accounts have duplicate smtp addresses by the following LDAP query in ADUC and this method has saved me time and time again:

1: Open Active Directory Users and Computers
2: In the Find list, select Custom Search.
3: In the Domain list drop-down, select entire directory
4: Click on the Advanced tab and enter: 

ProxyAddresses=SMTP:john.smith@domain.com 

Find a duplicate e-mail address in Active Directory | Exchange Times


5: Click on Find now button and it will bring the object that contains that particular SMTP address.


NB: This works for all versions of Exchange (even Exchange 2010)