Archive for the ‘Exchange’ Category

Exchange 2010 Granting Full Mailbox Access

February 9, 2011 1 comment

This command grants Frank Brown Full Access to Fred Smith’s mailbox:

Add-MailboxPermission -Identity “Fred Smith” -User “Frank Brown” -AccessRights FullAccess -InheritanceType All

This command grants Frank Brown send as and receive as to Fred Smith’s mailbox:

Add-ADPermission -Identity “Fred Smith” -User “Frank Brown” -ExtendedRights Receive-As, Send-As

To apply the rights send-as and receive-as to all mailboxes within one database:

Get-MailboxDatabase –identity “Database01” | Add-ADPermission -User “Frank Brown” -ExtendedRights Receive-As, Send-As

To grant Full Access for Frank Brown to all Mailboxes within an Exchange Organisation use this command:

Get-Mailbox | Add-MailboxPermission -User “Frank Brown” -AccessRights FullAccess -InheritanceType All

I have found that sometimes the Add-MailboxPermission -FullAccess doesn’t grant the user Full Access, in those cases try all using the add-adpermission -AccessRights GenericAll:

Get-MailboxDatabase –identity “Database01” | Add-ADPermission -User “Frank Brown” -AccessRights GenericAll

Categories: Exchange

Exchange 2010 SP RU2 enchancements

January 26, 2011 Leave a comment

The Exchange team again deliver more goodness with rollup 2 for SP1, if you use a CAS array and move a mailbox from one Database to another Outlook clients will no longer get the message

“The Exchange administrator has made a change that requires you quit and restart Outlook.”

more info on the Exchange Team blog.

Categories: Exchange, Microsoft

Granting support staff access to modify send as in Exchange 2010

January 17, 2011 Leave a comment

The Role Recipient Management is often given to Helpdesk and Support staff who need to be able to create, modify and disable recipients in Exchange 2010. One permission which this role does not grant and may be needed is the ability to modify the “Send as” attribute on recipients.
The Active Directory Permission Role allows this access and by default is part of the Role Group Organisation Management. This Role Group grants the member complete access to Exchange and it’s likely you don’t want to grant complete access to allow them to modify the “Send as” attribute.
Instead you can create a custom Role Group that includes the Roles from Recipient Management and the Active Directory Permission group (you can also define the OU to restrict the access to only recipients within that OU).

Categories: Exchange, Microsoft Tags:

Exchange 2010 Mailbox Database low disk space

January 7, 2011 6 comments

This afternoon a customer contacted me, they were not receiving inbound emails but Outlook and outbound emails were working. I happened to be across the road so I went over to have a look. The Mailbox Databases were still mounted, the Hub Transport Server queues had errors and the inbound emails were waiting delivery.
It seems that once disk space for logs and/or databases gets below 1Gb Exchange cuts off all transport delivery to that database using logs on that volmues, this is to try to prevent running out of space.

In previous versions of Exchange administrators could tell when Exchange ran out of space as the Database would go offline and the logs or database drive would be full. Now with Exchange 2010 if you stop receiving email and the free space is below 1GB, Exchange willl have stopped transport delivery, this allows users to continue to access their mailbox and send outbound email by leaving the Databases mounted.

Once the free space is increased to over 1.5GB email transport will resume.

Categories: Exchange, Microsoft

Exchange 2010 how to allow unauthenticated email connections

January 6, 2011 Leave a comment

To allow application servers, printers or other systems to send emails internal and external through Exchange 2010, use the following commands. These commands setup a receive connector and allow anonymous connections through that receive connector.

Change Receiveconnector to a name that makes sense for your environment.
Bindings dictate the specific IP address on which the receiveconnector will listen.
RemoteIPranges define the sending IP address for the printers or application servers.
Server is the name of the HUB transport server that the recevie connector will be created on.

New-ReceiveConnector -Name “Receiveconnector” -usage Custom -Bindings ’′ -RemoteIPRanges -server Exchange -permissiongroups AnonymousUsers

Get-ReceiveConnector “Receiveconnector” | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “ms-Exch-SMTP-Accept-Any-Recipient”

Categories: Exchange, Microsoft, Scripting

Outlook 2003 connectivity issues with Exchange 2010

December 22, 2010 1 comment

Although this error message has multiple causes one I have seen recently is due to Exchange 2010’s Default Throttling Policy with Outlook 2003. You may notice this error occur when opening additional shared mailboxes or calendars from Outlook.

The connection to the Microsoft Exchange is unavailable. Outlook must be online or connected to complete this action.

Using this command you can see the number of current RPC connections for a user. By default Exchange 2010 Throttling Policy allows 20 RPC connections per user so if you start receving this error once you hit 20 connections you know the Throttling Policy is causing your problems.

Get-LogonStatistics -Identity “username” | fl applicationid

The current resolution options include creating a less restrictive throttling policy and applying it to the effected users. There are reports that Outlook 2003 establishes more RPC connections than Outlook 2007/2010 as they are more efficient with their connections.

New-ThrottlingPolicy –name NewPolicy

Set-ThrottlingPolicy –identity NewPolicy -RCAMaxConcurrency 100

(I have used 100 here but any figure above 20, the default, may assist you depending on how many connections the client is establishing)

Set-Mailbox –Identity “user” –ThrottlingPolicy NewPolicy

It’s important to restart the throttling and rpcclientaccess services once you have applied to new policy as without this the changes won’t apply.

Thanks to the follow blogs for helping to point the way on making throttling policy changes apply.



In relation to working with Exchange 2010 and Outlook 2003 clients this is the article to read.

Categories: Exchange, Microsoft, Powershell

Exchange 2010 SP1 Mailbox move, corrupted items, search folders

December 14, 2010 2 comments

A friend of mine @sssstew raised this issue with Microsoft PSS, it seems that Exchange 2010 SP1 is being more critical on the search folder during mailbox moves.

You may receive the following error:
A corrupted item was encountered during the move operation. The item wasn’t copied to the destination mailbox. MapiExceptionInvalidEntryId: Unable to SetSearchCriteria. (hr=0x80040107, ec=-2147221241)

The following steps are currently recommended:

1. Increase the bad item limit (not the best option as it’s likely to cause data loss in the mailbox).

2. Use MFCMAPI tool to delete the search folder in question.

3. Depending on where the search folders are in the mailbox, you could try the following:

–start outlook by using the following switch:
outlook /cleanfinders
–restart the “Microsoft Exchange Mailbox Replication” service on exchange 2010 server.
–Retry the movement

For more information about the cleanfinders switch, we can refer to the following KB article.

4. Also you can try getting the users to remove the search folders prior to the move and create them post move.

5. If only a few mailboxes are affected, export and import them to PST files using the Outlook client.

Also refer to this discussion where several people have encountered this similar issue:

Categories: Exchange, Microsoft