Adding permissions in a cross-forest migration

This week I was working on a cross-forest migration, and instead of using linked mailboxes to set things up and moving mailboxes, I ended up using the CodeTwo migration tool. In that scenario I had live accounts in both forests, and I wanted to allow the users to continue to use their accounts in the original forest to access their mailboxes in the new forest.

To do this, I needed to use the Add-MailboxPermission command on each mailbox, giving their account in the other forest full access. Here’s what I ended up doing:

foreach ($Mailbox in (Get-Mailbox -ResultSize Unlimited)) { Add-MailboxPermission -identity "$($Mailbox.Name)" -AccessRights FullAccess -User "olddomain\$($Mailbox.Alias)" }

Handy way to manage Distro List maintenance

Some organizations end up having cluttered distribution lists still populated with mailboxes belonging to employees who have left the company. One strategy I’ve employed is when an employee leaves, to add their mailbox to a Distribution List I call “Sunset”. That list contains all non-active employees whose mailboxes have not been deleted yet.

Once the mailbox is listed there, I can simply run the following script.

$allgroups=get-distributiongroup -filter {DisplayName -ne "Sunset"}
Get-DistributionGroupMember Sunset | remove-distributiongroupmember $allgroups

This checks every distribution group’s membership against the Sunset DL’s membership and removes any members of the Sunset list from the other lists.

Finding messages stuck in outboxes

Sometimes you encounter problems with the transport queues or with mailflow that are difficult to track down. Maybe your mail.queue file is ballooning in size even though you’ve replaced it with a fresh one. Maybe outbound mail isn’t going out as quickly as it used to.

One diagnostic in this situation is to determine whether any of the mailboxes have messages sitting in the Outbox. Sometimes large messages in the outbox can create loops if they are too large but you’ve removed all max-send-size limits. Sometimes the message in the Outbox is corrupted and is continually resubmitted to queuing.

The following script will look at all the mailboxes for messages in the Outbox and will compile a report of the mailboxes with items in their outboxes. Once you have the report, you can look at certain mailboxes with OWA and delete any problem items you find.

Get-Mailbox -ResultSize Unlimited | Get-MailboxFolderStatistics | Where-Object {$_.Name -eq "Outbox" -and $_.ItemsInFolder -gt '0' } | Select-Object Identity, FolderType, ItemsinFolder, FolderSize | Export-CSV "C:\Outbox.csv"

Setting Anti-Spam and Junk Settings

If you are using the native Exchange 2013 anti-spam settings, you may also want to configure how the users are handling their junk mail and what the thresholds are for sending messages to their Junk folders. Since none of this is found in the GUI anymore, it’s helpful to know the PowerShell commands.

What I typically do when setting up a new Exchange 2013 server that is going to handle its own anti-spam settings is to first enable the anti-spam components. I do that by running the install-antispamagents.ps1 script in the Scripts directory from an escalated Exchange PowerShell prompt.

Once that’s done, I run the following to set the basic SpamConfidenceLevel to 8 and to reject messages for the ContentFiltering agent: Read more

Exchange 2007 Hosted Exchange Project

This script was part of a test project I was involved with back in 2009 setting up a hosted exchange environment.  The project was scrapped by the people paying the bills before it ever went live, partly because 2010 was about to come out, partly because they finally started to believe me about how much it was going to cost to do it right.  Either way these are the hosted client setup scripts that I built for creating new hosting clients as well as creating new users for those clients. Read more

Mail Disable Public Folders by Script

A customers sever turned out to have about 200 mail enabled public folders, where only a small handful needed to be mail enabled. The folders that needed to remain mail enabled were listed in the Switch statement, and all other folders were disabled by the script.

$PFList = Get-PublicFolder -Recurse

foreach($PF in $PFList) {

	$Folder = $

	$Process = Switch ($Folder)
	 #"IPM_SUBTREE" { $False }
	 "* Admin Inbox" { $False }
	 "* Sales Inbox" { $False }
	 "* Info Inbox" { $False }
	 "* Returns Inbox" { $False }
	 Default { $True }

    If ($Process -eq $True) {
        #write-host "Mail Disableing " $PF.Identity
        Disable-MailPublicFolder -Identity $PF.Identity -Confirm:$False


Bulk Public Folder Rename and Cleanup Script

While doing a migration to Exchange 2010 a few years ago I ran into a situation where lots of the public folders would not replicate from 2007 due to the inclusion of characters in the name that exchange doesn’t like, but outlook allows, including (and most difficult to troubleshoot) a trailing space in the name.

unfortunately this client had over 15,000 individual public folders they had created over years of time with data they couldn’t loose, with folder names including shipment dates (and the “/” that went along with it) and many other things. Read more