Message Tracking

Use EMS commands to retrieve message tracking data across several hub transport and mailbox server hosts as follows –

Get-ExchangeServer | where {$_.isHubTransportServer -eq $true -or $_.isMailboxServer -eq $true} |`
Get-MessageTrackingLog -sender "j.blogs@qub.ac.uk" -Start "7/28/2012 8:00AM" -End "7/28/2012 5:00PM"

 

This is a split one-line command so watch out for the trailing back-tick!

Check help on the Get-MessageTrackingLog commandlet for other switch options e.g. trawl for recipients, message ID etc.

Adding Public Folder Permissions

The powershell command to add client permissions is –

Add-PublicFolderClientPermissions -Identity <PublicFolder> -User “Username” -AccessRights <Right>

You need to include a leading ‘\’ character in front of the public folder name. The following is a list of client user access rights:

  • ReadItems   The user has the right to read items within the specified public folder.
  • CreateItems   The user has the right to create items within the specified public folder and send e-mail messages to the public folder if it is mail-enabled.
  • EditOwnedItems   The user has the right to edit the items that the user owns in the specified public folder.
  • DeleteOwnedItems   The user has the right to delete items that the user owns in the specified public folder.
  • EditAllItems   The user has the right to edit all items in the specified public folder.
  • DeleteAllItems   The user has the right to delete all items in the specified public folder.
  • CreateSubfolders   The user has the right to create subfolders in the specified public folder.
  • FolderOwner   The user is the owner of the specified public folder. The user has the right to view and move the public folder, create subfolders, and set permissions for the folder. The user cannot read items, edit items, delete items, or create items.
  • FolderContact   The user is the contact for the specified public folder.
  • FolderVisible   The user can view the specified public folder, but cannot read or edit items within the specified public folder.

The only problem with this is that the command is not recursive i.e. if you set the permission for a top level folder for a user they will not be able to access any of the sub-folders. You have to resort to a script to set permissions recursively. The script is located in C:\Program Files\Microsoft\Exchange\Scripts and it is called AddUsersToPFRecursive.ps1. You can use it as in the following example –

.\AddUsersToPFRecursive.ps1 -TopPublicFolder “\MyFolder” -User “7654321” -Permission “PublishingEditor”

Strictly speaking you only need to include the double quotes if there is a space in any of the names.

Render Disconnected Mailboxes Visible in EMC

When you initially disable an Exchange 2007 mailbox it normally does not become visible in the EMC until after the administrative tasks have run overnight. You can speed this process up using the Clean-MailboxDatabase commandlet e.g.

C:>Clean-MailboxDatabase -Identity ex2k7-virt-1\v1sg1\v1sg1db

It may take a minute or two to appear in the disconnected mailbox list.

 

Exchange 2007 Log Filesystem Full

The exchange log filesystems sometimes become full, usually as a result of a failure of the backup job to clear old log files. This will result in dependent databases being taken offline. There are two solutions to this –

  1. Ask someone from the SAN team to extend the LUN that hosts the log files and then grow the volume on the Windows system. You should only do this if you want a permanent increase in the log filesystem size.
  2. Remove some of the log files to clear some space. Follow the advice at http://support.microsoft.com/kb/240145

Rendering Student Entries Invisible in the GAL

You would think that the AD entry Exchange attribute msExchHideFromAddressLists should hide an entry from the GAL if set to TRUE. However, if there are entries for the non-Exchange attribute ShowInAddressBook that will override the other setting. You need to use the Quest AD utilities to seek out and update the rogue entries where this is the case. The command string below did the job –

Get-QADUser -sizelimit 0 -searchroot ‘ads.qub.ac.uk/QUB/Student’ -Includedproperties showinaddressbook |where-object {$_.showinaddressbook -ne $null} |Set-QADUser -ObjectAttributes @{msExchHideFromAddressLists=”TRUE”;ShowInAddressBook=””}

Microsoft Entourage Setup on Mac OSX

If you have not yet created any accounts the ‘Accounts’ dialog box (shown below) will open automatically when you lauch Entourage. If not choose it from Tools > Accounts.


Click the ‘New’ button and select ‘Exchange’. (below)


In the ‘Account Setup Assistant’ dialog box (shown below) type your email address and tick the ‘My account is on an Exchange server’ option then click the right arrow at the bottom to proceed to the next step.

In the ‘Account Setup Assistant’ dialog box (shown below) click the right arrow button to proceed to the next step.


In step 4 of the ‘Account Setup Assistant’ dialog box (shown below) type your full name, your email address and Exchange server address:
https://owa.qub.ac.uk/exchange/123456@ads.qub.ac.uk
Substitute 123456 for your own staff number.
For the LDAP server address you can type: qub-snd.ads.qub.ac.uk
Click the right-arrow button at the bottom right to proceed to the next step.

In step 5 of the ‘Account Setup Assistant’ dialog box (shown below) skip the verification and just click the right-arrow button at the bottom to proceed to the next step.

In the ‘Do you want to verify your account settings?’ dialog box click ‘Skip’

In step 6 of the ‘Account Setup Assistant’ dialog box (shown below) type a name to refer to this account e.g. your name. Then click ‘Finish’.

When asked for your QOL password enter it as follows (where the Account ID is your staff number) and click OK. The Domain is ADS.
You should now be able to use ‘Send and Receive’ and view email in your Inbox.

Exchange Offline Address Book Not Updating

Some users where complaining about the Offline Address Book being out-of-date. Checking the Event Viewer on the cluster node which creates the OAB showed the following error:

OALGen detected that the file ‘…..lzx’ is corrupted
or missing. This indicates data tampering or disk problems. Restore
files in this folder from the recent backup or clean up folder content
and force a full OAB generation. – Default Offline Address Book

So I ran:

Get-OfflineAddressBook | fl Name,Server,AddressLists,IsDefault,Guid

This gets the Guid for the Address Book which we use in:

Update-OfflineAddressBook <paste GUID here>

The Event Log showed another error and advised increasing the verbosity of error logs so I ran:

Set-EventLogLevel -id “MSExchangeSA\OAL Generator” -Level expert -verbose

I then ran the Update-OfflineAddressBook command again and this time there were extra information logs in the event log but the updated OAB was created.

Update-OfflineAddressBook <paste GUID here>

I checked that the OAB was being replicated out to the CAS servers.
A great post about Exchange OAB can be found here including a script to check for the staleness of the OAB.

Fighting Spam in QUB Exchange

If you are suffering problems with Junk Email please check or do the following:

Cached Exchange Mode

Check that you are using Cached Exchange Mode:

  • In Outlook 2007 choose Tools > Account Settings …
  • In the Account Settings dialog select the ‘Microsoft Exchange’ account then click the ‘Change…’ button
  • In the ‘Change E-mail Account’ dialog ensure the option for ‘Use Cached Exchange Mode’ is ticked

Exchange Junk Email
Ensure that your mailbox account on Exchange is set to filter Junk Email:

  • Log in to OWA using MS Internet Explorer (not Firefox)
  • Click on ‘Options’ at the top right of the page
  • Click on ‘Junk E-mail’ on the left menu
  • Ensure that ‘Automatically filter junk e-mail’ is selected

iPhone IMAP Settings for Students

Students can not use the MAPI/Exchange mode supplied with the iPhone due to our QUB settings.  However, IMAP connections should work as follows:

  • Setup
  • Other account, Fill in :- Name, Address       
  • Choose IMAP
  • Incoming mail server is: student-xchange.ads.qub.ac.uk,Username,Password
    Advanced incoming settings:-Use SSL = on,Authentication = password, Server Port = 993
  • Outgoing mail server is: smtp.qub.ac.uk,Username,Password,Use SSL on,Authentication = password,Server port is 465

How to Align Exchange I/O with Storage Track Boundaries

Apparently disk performance is much improved if you do this. Make sure you do this for each new physical disk. Procede as follows –

  1. If the disk you are aligning is already blank (raw), proceed to Step 3. If the disk contains data, back up the disk before proceeding.
  2. Delete all partitions on the disk.
  3. Open a Command Prompt window, and run Diskpart.exe.
  4. At the Diskpart command prompt, type List Disk and press ENTER. If the disk you want to align does not appear in the list, make sure that it exists and is accessible using the Disk Management snap-in.
  5. At the Diskpart command prompt, type Select Disk X, where X is the number of the disk as shown in the output of the List Disk command. Diskpart should return a message that indicates that Disk X is the selected disk.
  6. At the Diskpart command prompt, type Create Partition Primary Align=X, where X is the value recommended by your storage vendor. If your storage vendor does not have any specific recommendations, we recommend that you use 64.
  7. At the Diskpart command prompt, type Assign Letter=<DriveLetter>.
  8. After the drive letter is assigned, type exit to exit the Diskpart tool.
  9. Use the Disk Management snap-in or the Format command to format the partition as an NTFS-formatted partition.

The link to the MS technet article is –

http://technet.microsoft.com/en-us/library/aa998219.aspx